Election Security and Protecting the Vote
The coronavirus pandemic has caused a number of disruptions in the world of tech industry events – and next week’s now virtual Black Hat is no exception. In response, businesses are getting creative and rethinking their approaches to the usual networking, presentations and panels we see at in-person conferences. This week, Highwire’s Security Practice is hosting a series of virtual panels titled “On The Record: Cyber Edition” featuring a lineup of executives from top clients to highlight some of the key topics we’ll see at this year’s virtual Black Hat.
Might I just say, if you missed Tuesday’s expert panel on “Election Security and Protecting the Vote!” – you missed out. If you caught the last post on the Highwire blog, you’ll know that this week, Highwire’s Security Practice hosted a series of virtual panels titled “On The Record: Cyber Event Series” – featuring a stellar lineup of industry thought leaders and executives from our cyber practice clients. We wanted to gather the best in the business together to share their thoughts on top industry news and trends as we gear up for one of the top cyber (virtual) events of the year, Black Hat. In other words, with Black Hat coming up, presidential elections this fall, and COVID-19 continuing, cyber season is in full swing – and Tuesday’s blockbuster panel did not disappoint.
Joined by cybersecurity experts Betsy Cooper, Policy Director at the Aspen Institute; Maggie MacAlpine, election security specialist and Co-founder of the DEF CON Voting Machine Hacking Village; Mick Baccio, Splunk Security Advisor and former CISO at Pete for America; Michael Daniel, Cyber Threat Alliance President; and Bill Harrod, MobileIron Federal CTO, the conversation explored everything from doomsday election day scenarios, to the spread of disinformation via social media channels, to the readiness of mobile voting as a secure voting channel (spoiler: it’s not).
The panelists were also joined by journalists like Joe Marks (@Joseph_Marks_) from The Washington Post, Frank Bajak (@fbajak) from Associated Press, Maggie Miller (@magmill95) from The Hill, Kevin Collier (@kevincollier) from NBC, Jeff Elder (@JeffElder) from Business Insider, Betsy Neus (@e_neus) from FedTech, and Mark Albert (@malbertnews) from Hearst TV.
The conversation kicked off with a deep dive into the largest security threats we’ll face leading up to and on Election Day. “The greatest threat that we face is that Americans will not end up trusting the results,” CTA’s Michael Daniel shared. “That is, undermining the confidence and integrity of the election, and however that occurs, that’s the threat we’re trying to mitigate.”
Election security expert Maggie MacAlpine shared that her biggest fear is that, “The electorate may not be prepared for how long it’ll actually take to count the results. We’re shifting to a massive increase in mail-in voting — and I think quite rightfully so — but it is a chronically underfunded problem. We’ve already had a primary in California and a primary in New York that took weeks to get all of the ballots in and to put out an official result. I’m not sure how many Americans are plugged in enough to understand yet that there might not be results on election night – and there may be states that don’t have results for weeks.”
The Aspen Institute’s Betsy Cooper, shared a similar concern of a different stripe, “We’ve talked a lot about the electorate’s perception of uncertainty. I’m worried about actual ballot count uncertainty. I’m worried about the case, where states leveraging electronic voting records and the actual ballot counts don’t add up.”
So what can the federal government do to prevent or prepare for an election day doomsday scenario? “You have to have a contingency plan for all the things. And you have a contingency plan for that contingency plan. And come November, there’s going to be a gap of time where we don’t really know who won the election,” shared Splunk’s Mick Baccio. “Politics are partisan – and they should be – but security is apolitical. It’s hard to secure elections without introducing politics to it. And I think all of us have found that roadblock more often than not.”
“The education piece is where the government needs to be in front right now,” explained MobileIron’s Bill Harrod. “To say this is what we’re doing, this is how we’re going to make sure that we have strong audit trails and that your vote can count.”
From there, the panelists explored the recent Twitter hack and the role social media will play in disseminating disinformation and misinformation come Election Day — or election week. They discussed the ongoing challenges of determining whether a tweet or a post is misleading but opinionated in nature, therefore making it a violation of an individual’s first amendment right to take it down — an ongoing conversation surrounding the president’s Twitter habits in particular.
The panelists also articulated the need for widespread understanding and patience from the electorate and the media as ballots take longer than normal to tally this year — as they should, if state and local governments work together to ensure that mail-in voting counts are as accurate as possible.
The main takeaways? Election security as a mainstream conversation is a positive shift. Universally mobile voting is a terrible idea (at least at this point in time). Mail-in voting will be the most secure channel for voting come November, and that Americans will need to be patient as vote tallying takes longer than normal this year.
The bottom line: “The likelihood is the highest it’s ever been that we will not know the results election night or the morning after,” said Betsy Cooper. “As a result of that, if we want to prepare people, the biggest thing we can do is say this election night will not… feel the same as election nights have before.”
In case you’re looking for a full recap of the conversation, you can check out the full panel on YouTube here, or watch the video above.