US elections have never been more secure, says CISA chief
- Reference: 1723121769
- News link: https://www.theregister.co.uk/2024/08/08/election_tech_is_fine_says/
- Source link:
Easterly, EU Agency for Cybersecurity (ENISA) COO Hans de Vries and National Cyber Security Centre (NCSC) CEO Felicity Oswald took the stage for Black Hat's opening keynote, and all agreed that their countries (or international blocs, in De Vries' case) have managed to make their voting systems pretty resilient to outside threats.
"I can say with confidence that election infrastructure has never been more secure," Easterly claimed, and she had a ready explanation as to why: "the election stakeholder community has never been stronger."
[1]
Election security keynote at Black Hat 2024. From left, Christina Cassidy, Associated Press; Felicity Oswald, NCSC; Hans de Vries, COO ENISA; Jen Easterly, CISA directore
2024 is set to be the [2]biggest election year in the history of the modern world, with citizens in more than 60 countries heading to ballot boxes this year. That equates to more than half the world's population voting, and it makes 2024 a pivotal year for proving that elections in the digital age can be done securely.
Easterly's comments on American election security echoed much of what she said about [3]the subject at Black Hat last year, right down to saying that there weren't any material impacts on US election systems since Russia's interference in 2016.
[4]
China has been the primary threat in the UK, where elections have already taken place this year, Oswald said. Beijing's attempts to undermine UK election infrastructure in early 2024 were [5]ultimately unsuccessful , and also gave the NCSC more ammunition to further fortify its positions.
[6]
[7]
"We were laser focused on risks not just from Chinese, but from other state actors and malicious actors as well," Oswald said. "We absolutely saw attempts to engage or disrupt our election, but … it was a very clearly a smooth process, people were able to vote securely on the day, which is a fantastic outcome."
De Vries, likewise, said elections in the EU also went off smoothly. "We did find attacks, even during the voting process," he said. "I think the impact was little because we were prepared."
[8]
Of course, just because things have been good so far doesn't mean elections are entirely in the clear.
"We can't be complacent, because the threat environment has never been so complex," Easterly added, citing "Cyber threats, physical threats … foreign adversaries attempting to influence our elections, disinformation [and] malign influence operations" as continuing dangers to election security.
Russia is the predominant threat for much of the [9]influence and disinformation efforts targeting US elections, Easterly said, and she argued Vladimir Putin's administration is getting savvier with those sorts of campaigns, too.
[10]
Moscow, according to the CISA chief, has taken to "using commercial companies like PR firms or marketing firms, or unwitting Americans, to hide their hand as they try and get out influence messaging."
That said, the world's democracies have had several years to think about election security. Close collaboration between agencies like CISA, the NCSC and ENISA have been key to taking democratic nations from being surprised by Russian meddling to minimizing the impact, the trio agreed.
[11]FBI, CISA remind US voters that DDoS attacks can't touch election systems
[12]Ahead of Super Tuesday, US elections face existential and homegrown threats
[13]Election security threats in 2024 range from AI to … anthrax?
[14]Ex-White House election threat hunter weighs in on what to expect in November
To keep that momentum, the believe that additional data sharing is essential, constant exercises need to be run to test the physical and cyber resiliency of election systems and clear, auditable paper trails have to be maintained.
Beyond that, it's just hoping local election officials are able to keep control of their systems, which can vary greatly from locality to locality - especially in the United States.
"Things will go wrong - I can guarantee that," Easterly said. But "while these types of events are disruptive, they will not affect the security or the integrity of the votes passed or as they're counted as cast."
With governments aware of election threats and allegedly prepared to face them, it all comes down to convincing people not to buy into the propaganda that's being spread by foreign governments. That's a lot harder to do, and Easterly took the opportunity to toss the ball back onto the citizens' side of the court.
"Foreign adversaries will try to sow discord, and try to undermine American confidence in democracy," Easterly said. "We should be prepared for it, we should expect it and we … should not allow that. It's up to all of us to preserve democracy." ®
Get our [15]Tech Resources
[1] https://regmedia.co.uk/2024/08/08/bh-easterly-keynote-2024.jpg
[2] https://www.npr.org/2024/07/03/1198912778/its-the-biggest-election-year-in-modern-history-will-democracy-prevail
[3] https://www.theregister.com/2023/08/10/cisa_ukraine_black_hat/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZrTrpOd2hNwme6BLhQR8FQAAAMA&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[5] https://www.theregister.com/2024/03/26/uk_elections_are_unaffected_by/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZrTrpOd2hNwme6BLhQR8FQAAAMA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZrTrpOd2hNwme6BLhQR8FQAAAMA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZrTrpOd2hNwme6BLhQR8FQAAAMA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2024/07/09/russian_ai_bot_farm/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZrTrpOd2hNwme6BLhQR8FQAAAMA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://www.theregister.com/2024/08/01/fbi_cisa_election_ddos/
[12] https://www.theregister.com/2024/03/04/super_tuesday_election_security/
[13] https://www.theregister.com/2024/02/18/election_security_threats_2024/
[14] https://www.theregister.com/2024/05/09/exwhite_house_election_threat_hunter/
[15] https://whitepapers.theregister.com/
Poor Mike. €5Million. Ouch.
"convincing people not to buy into the propaganda"
That might be easier if US politicians didn't treat elections like their own personal propaganda platform . . .
You set yourselves up for this. You deal with the consequences.
Re: "convincing people not to buy into the propaganda"
Hmmm...maybe I'm misunderstanding what it is you're trying to say but isn't the whole point of an election campaign to convince people that one particular set of problems is more important than another and that you are the best person to solve those problems? Which, at least in my head, falls into the fairly broad definition of what could be called propaganda.
Not that I'm defending the self-promoting, fantasy definitions of "problem" and "solution" that are getting thrown around far too much at the moment.
Rosie
Re: "convincing people not to buy into the propaganda"
South Park, season 8, episode 8 - watch it for full insight.
But the "big lie" continues
Several years ago then republican Governor Rick Perry and then republican Attorney General now Governor Greg Abbott spent three years and 10 million taxpayer dollars looking for the "massive" voter fraud they said was occurring in Texas. After investigating 5 years of voting they found 11 cases, only two of which were considered prosecutable. Most of them (6) were for mailing the voter registration form from an address that was not the home address, although technically this is not voter fraud since it does not indicate that illegal votes were actually cast. So while there was voter fraud it was microscopic not massive, and not even close to relevant to the results of any election. When asked by the Dallas Morning News if this was a proper use of state resources and money their reply was that they did find voter fraud! To this day, Greg "heeeey" Abbot talks about massive voter fraud in Texas.
The estimated amount of voter fraud in the United States is between 0.00006% and 0.0009%. Judging by the results of the previously mentioned investigation and other investigations in other states this appears to be accurate. So if you want to claim massive voter fraud I need to see proof, real proof. All the evidence to date indicates that it does not exist except in the minds of some very gullible and some very dangerous people .
Re: But the "big lie" continues
I was looking for more info on this case and this was the first result I found. It's a different scenario, but 1400 invalid votes found in a single congressional district with a margin of victory of 450 votes.
https://thehill.com/homenews/state-watch/4725069-abbott-calls-out-voter-fraud-in-houston-judicial-race/
I don't think your claims are worth pursuing any further unless you're willing to drop receipts.
Claiming that virtually no voter fraud exists in a nation that doesn't even require an ID to vote is facially absurd.
Elections must be provably secure
It's not like the world doesn't have a very, very long and inglorious history of election fraud.
It's not the job of conspiracy theorists and random malcontents to bring evidence that an election was stolen. It's the job of the government to reasonably prove that it can't be. In the US, this is accomplished by the government and the corporate press saying "go fuck yourselves" to every question about election integrity, from the most absurd to the quite reasonable.
What, there's no auditable chain of custody for the ballots? "Go fuck yourselves."
What, there's no eligibility or identity requirement besides "trust me, here's my signature" when getting a ballot? "Go fuck yourselves."
What, you aggressively push voter registration on anyone and everyone with a pulse that interacts with certain government agencies? "Go fuck yourselves."
What, there's no physical or electronic constraints on a person voting more than once? "Go fuck yourselves."
What, you allow the people running the elections to self-audit their own processes, procedures, compliance, and results? "Go fuck yourselves."
What, you outsourced vote tabulation to a highly-partisan NGO (in my state)? "Go fuck yourselves."
What, there were more ballots counted than there were eligible voters in a district? "Go fuck yourselves."
What, you just arbitrarily expanded the rules for ballot eligibility during the vote counting process? "Go fuck yourselves."
And on, and on, and on. Elections in the US make Venezuela look flawlessly legit by comparison. Does this prove there's cheating? No. But it does breed conspiracy theories. Some of these conspiracy theories are unreasonable. Some of them are quite reasonable. If your election is designed to breed conspiracy theories and then conspiracy theories are bred, that is not the fault of the conspiracy theorists. It's the fault of the people running these clown circus elections.
Can the cheat? Absolutely. Process security is an absolute farce. They can claim electronic security. But this is in a nation whose top "intelligence" agencies have all suffered massive electronic security breaches, and the effort going into preventing those was infinitely higher than what has gone into electronic security for elections. Everyone here works in IT. Go look into the technology being used in these voting machines. Go look into every public security audit that's been done on these voting machines. The skill level demonstrated so far is that of the corporate intern who thinks their 15-line Excel formulas are safe and reliable, managed by the pointy-haired boss who thinks that security is having a checklist that the corporate executives all agreed upon. Forgive me for not having faith.
Solving the wrong problem?
So the ballot boxes and processes for counting are 100% cyber-secure - great
But certain single letter messaging sites sending you to voter registration pages that aren't actually registering you, just collecting your info for marketing - doesn't count because it's not 'election technology'
'. . . or unwitting Americans . . ' Dear, dear Mike Pillow (nee Lindell). He absolutely believes that the 2020 election was stolen but doesn't (can't) show his proof. It's far more likely that the 2016 election was the one with actual interference. Trump the arch projectionist pretty much confirms it by his projection.