Today on behalf of everyone at Atlantic Council, on behalf of people who pulled this altogether so its to you for everything you are doing in our Cyber Statecraft Initiative for the launch of this crucially important report. People standing at podium say things like crucially important here it really is. Hacking the election, lessons from the defcon voting village. Here the Atlantic Council we operate under the entry nation of working together to secure the future. This has meant Service Later because of theco fount of the Atlantic Council were there at the creation. One of the people who helped found this was dean acheson wrote the book. We see that order as being under threat and we see one of the things thats most under threat in the order we created is the advance in the protection and the security of democracies. We believe and stable, prosperous world depends on building and sustaining a democracy. Depends on the sanctity of the vote. In recent years this fundamental court to our system of government has come under threat. Unprecedented assault in the United States and europe are bringing scrutiny and uncertainty to once in viable electoral processes. We Atlantic Council have been doing quite a bit of work encountering this information both within our Eurasia Center and in our Digital Forensic research lab, some real cutting edge work. We havent done yet work in this area so its a particular pleasure and honor to be associated with r this event and work behind it. In the current geoPolitical Climate, preserving or in some cases reinstating, public faith in the integrity and security of our elections is more crucial than ever before. This can only be achieved if were able to protect the technologies, to protect the technologies underpinning our p democracy. While much of the discussion over the past 12 months has focused on the russian link Information Operations with carefully timed leaks, fake news, facebook has most recently, recent revelations have made clear how vulnerable the very technologies we usese o manage our records, cast votes in tally results really are, and thats new. We now have alarming evidence f russian connected hackers, successfully breaching electron pull books and state and local voter databases in a lease 21 stitch across the United States this recently released by the department of Homeland Security. You have to understand how careful dhs is before puts out this kind of information. The Technical Community including many Atlantic Council experts have attempted to raise alarm about these threats for some years. This summer the experts on todays panel and others concerned about the safety of the vote teamed up with the Worlds Largest hacker conference, defcon, to host the first ever, and i underlined this, first ever voting machine hacking village. This determined group invited security researchers to probe two dozen electronic Voting Machines, many of which are still in use today. The hackers were able to break into and gain Remote Control of the machines in a matter of minutes. These findings from the voting village are incredibly disconcerting. We the Atlantic Council applaud the groundbreaking and tireless work of the organizers to shed light on these threats in this unsettling b reality. We believe that transparency is about 80 of what is needed here because you do actually understand to know the threat in order to get the targets and others to take care of defending itself. Thistt is simply a cyprus could issue but the most pressing National Security concerns eating at the bedrock of our democracy. The councils own cyber team is proud to support at this critical effort by taking representative james link event and will hurd to las vegas this july, the first sitting congressman to ever attended the conference and witness firsthand its voting village. Ty we are honored to continue this partnership by convening todays discussion and we look forward to assisting in the next steps this crucially important effort. You may have read in usa today that a group is coming together to try to continue to work and continued to work around this, and we are proud to be part of that. Before i i turn it over to jeff moss for his remarks let me take a moment to introduce our panelists. Jeff is the founder of two of the most influential Information Security conferences in the world, defcon and black hat. And hes a senior fellow with Atlantic CouncilCyber Statecraft Initiative and our Brent Scowcroft center on interNational Security. Ambassador doug lute is a former u. S. Permanent representative of tornado and serving under president obama from 20132017. Prior to this and after retiring from active duty as Lieutenant General after 35 years of service he served as the assistant to the president and deputy National Security adviser under president bush, as well as president obama. We have a bipartisan ethos. You work in a real hands on my person manager John Gilligan is a chairman of the board for the center for Internet Security picky servedhe as president of e schafer corporation, Senior Vice President and chief information u. S. Air force and department of energy. Sherri ramsay a Senior Advisor to the ceo at cyber. International, engaged in Strategy Development and planning. Pixies of the former director of the nsa css threat operations center, thats a pretty big job and pretty significant position where she led discovering characterization of threats to National Security systems. Harri hursti is the Founding Partner of nordic Innovation Labs and one of the organizers of the defcon voting village. He hasnt fascinating insights. I just a little bit outside this room on this problem that were talking about today. Is oneza of the worlds leading authorities in the area of election voting security and Critical Infrastructure security, and as an ethical hacker famously demonstrated a certain Voting Machines could be hacked ultimately altering voting results. Our moderators today is jake jake is a lecturer at the university of chicago and ceo of Cambridge Global Advisors and coorganizer of the defcon voting village here jake also serves as Strategic Advisor on cybersecurity for the department of Homeland Security and the pentagon. So this is ake heavyweight group and were all looking forward to your reflections. Huge thanks for all of you joining us today and join us online, thank you for everything you contributed to the work. Lassa, i encourage everyone iner the audience s or watching onlie to take part in the conversation by following acscowcroft, and at voting village of d. C. By using the hashtag accyber. So accyber. Now without further delay let me turn the podium over to jeff. Thank you. Good afternoon, everyone. Im going to just up with a little bit of a story to give you some context on how we got here. And then just a couple of thoughts on where i think we are going. For those of you curious, we had electronic Voting Machines for a long time, and hackers have been talking about them for a long time. I think harri has been poking at them for 14 years. At defcon with one of our first speakers talk about this concept of blackbox Voting Machines more than ten, 12 years ago. So in the hacking work its not new. Whats new though is the attention on them and the importance that they are now playing in our democracies. So how did we get here . I want p to blame this guy, jak, blame him. Jake was this National Security coordinator between the white house and dhs back when i first started at Homeland Security advisory council. So i got to know jake, and he was really passionate about Voter Protection when he was involved in the obama campaign. And so maybe last year we were talking and jake, still with his Voter Protection hat on a saying i bet these machines are just, theres got to be problems with these machines, right . Yeah, definitely problems with these machines. I just dont know what they are but i can tell you theres to be problems. I start looking online and a look for reports and i look for studies and to look for security analysts caring these machines apart, and you cant find any. You can find an everest report from 2008. You can findns some very controlled reports where the manufacturers at the researchers to do very limited testing over a couplere of days, but for a hacker, like that doesnt count. I want to see the pictures. I want to see like the trials entry relations of the people attacking these machines. And so i told him i couldnt really find anything, but im sure they are just a disaster. And then made a couple more weeks went by and then he said you know what, you should just get a bunch of hackers enter these things apart. Idea but we are not going to be able to get any of these from the manufacturers. They are so tightly controlled. You are not going to get the machines or the software. But i started looking on ebay and sure enough, thank you ebay, there were some to be found. We have two of them here that harry will hack into later. So it turned out we can get our hands on them. These things never get updated. They have been around for like a decade so you can get them fairly inexpensively. So i allocated some space. We got some people together and we started ordering machines and i realized im not a voting machine expert. I can tell you about generallylized security problems, i can tell you historically what kind of systems had issues. But i cant tell you the ins and outs specifically so my friend harry, matt blaze, sandy clark and others who spent more than a decade looking at these said, okay, you get the machines and get us the space and well run the village and it was fascinating because if youre not familiar with def con, we have about 25,000 people that show up, and thats divided into topic areas, as soon as we announced the voting village, i got state, local, county, Election Officials contacting me desperate for information. I have these machines and i have no idea what they do. I have the machines and i dont know if i can trust any of the documentation. Tell me, you know, tell me what you find. So we would try to get them to come out and theyre like, i have no budget, i cant travel. Can you live stream people attacking the machines. I dont know how much this will help you, but well write the report and hopefully it will help you. This report, one, its the first step in trying to change the narrative. As you will read, these machines were pretty easy to hack. And this flies in the face of the narrative spun by manufacturers, which is, you have to be an insider, you have to have a specific knowledge of the technology, random people arent going to be able to just approach these machines and hack them theyre going to need to spend time to study them and understand the context. And i think, we opened the doors in 35 minutes later one of the machines fell. And it turns out that Hacking Technology is pretty much Hacking Technology, and if you look at the history of def con, weve had automobiles, implantable medical devices, airplanes, physical locks, Access Control systems, internet of things devices, adult toys, atm machines, chances are, yes, were going to be able to hack your tenyearold election machine. The difference now is that it counts. Now, people are paying attention. They werent paying attention ten years ago. And so, the other thing is now its not a conversation between us and the state and local officials, i think this really needs to be more of a discussion at a higher more National Security level, and i was struck by something ambassador lute said, which was, essentially theres two ways to change a government, the bullet box or the ballot box. And i thought about that for a while, and we spend a lot of money on the bullet box. We have nuclear triads, we have oversight, we have testing ranges, we have a large amount of money in technology and main invested in the bullet box. How much in the ballot box . Almost nothing. Only recently classified as Critical Infrastructure. So, theyre both, i believe, equally important, but all of our energy is in the more exciting bullet box. And i think part of what were going to say here, it really needs to also be the ballot box because this problem is not going away, its only going to accelerate. So, three things made this possible. The first, we have a threeyear d. M. C. A exception. Normally, you wouldnt be able to reverse engineer these things for copy right violations and the manufacturers aggressively use takedown notices from publishing the results and the machines. There was a pre year exception the lat year was year two and next year is year three. If we can get that renewed or in permanent position, researchers will just be able to take apart this technology and provide an independent view of whats going on here. That was not ever possible before. And so, once we removed sort of the fear of litigation and we lined up an impressive array of lawyers waiting to defend us, if anything happened, we felt pretty confident going into the conversation if anybody was going to sue us, we would have enough resources to defend ourselves and this time, with the dmza out of the way, we would be able to defend ourselv ourselves. The second storm, a storm that collapsed the roof of where they were storing the Voting Machines. And they totalled out everything, and the Voting Machines. Theres no purchase and sale agreement. The Insurance Company owned the voting machine. The insurance didnt want it, they gave it away to an electronic recycler, and they have the equipment with no Purchase Agreement and now weve got our hand on the machines and not violating any rules or civil law. Well, the manufacturer contacted them and said, hey, can you please disassemble the machines, basically, take them out of commission . And he said, sure. How much do you want to pay me per machine. We want to pay you zero. Well, would you like to buy the machines back . No. Okay. Well, this is my number call me back anytime youre willing to change your mind and he just started selling them on ebay. And ladies and gentlemen, the tsa voting machine and we have publishing results. Three upcoming things, the def con, and the storm made this possible for the first time and thats totally unacceptable. Weve been using these machines more than a decade and this is the first time we get to actually look under the hood . That doesnt make any sense as a country. Something is wrong there from a policy standpoint and we need to really understand whats going on and how do we fix that . We cant run our country like this. When is the next storm going to happen, right . So, i really want to think about that that said id like to hand it over to jake, a moderated q a session and then answers any questions that you have, all right, thank you very much. [applaus [applause] im just going to skip to the q a. First off, ari, you and professor blaze were the kind of technical needs running the hacking village vote hacking village so tell us, what did you find . Well, first of all, it was well in place that every machine was hackable. That was already down. Instead, this was a learning experience where people can first time sink their teeth into the machine, find the truth themselves. One thing that delighted me how many elected officials they came in and hacked the machines they used to the election. Yeah, go ahead. The other thing was the speed. A lot of time when we have been doing, and one of the people who have been doing these secretary of state commission studies, one has been, of course, if you have a few weeks, you can hack it. And they dont wake up in a hangover, they have election, lets do that now. Yeah, they have time. But as mentioned emta, and ndas, rules and those are the things, why it took a long time. Right now we had less a half hour when the first machine hacked. Opened the door at 10 and at 11 one team came to me, 11 was supposed to be the introductory speech. At the time first machine already fell and at the time the guy who did that, carson he said, well, can you show us . Can you make a no, i want to listen to the speech, but i will come back. And he listened to the speech came back 45 minutes and at the same time, then at the same time during the speech, another team who was from northern california, at the time when the introductory speech was over, already two machines had fell. This technology is very old and for a lot of people who were there, they were not born when a lot of these were a concept. One things immediately, people were calling on twitter asking for a tool in order to do because they were unprepared. And a lot of the current tools actually are not backwards compatible that much behind. This tool became to be one of the saving of the day. Cost 15, maybe in new york, but this is enabling you to be compatible with very old technology. There are so many things we want to highlight. We found vulnerabilities which have not been studied before because of the rules of the previous studies and those vulnerabilities put a stress on. It could happen anytime during the flight, its persist tennant and you cannot clean and this comes to the supply chain and we found it made all around the world and actually all around the world, mainland china, philippines, israel, and there are elements and we dont know the extension of the host country in the building of this. So its the chain of custody when its already in u. S. And put in use, but its a chain, how that came to be, where it came from how you make sure the machine you get is clean to start. And those are my opening remarks. Thank you, so, sherry, after spending a long time at nsa, what are your thoughts on the relevance, especially of the supply chain side of this, but also, any of the other findings that they have. To follow on with harris comments and jeff and you have made. The first thing you want to do, look at the problem. Whats the target. Is it something that people to be interested in and then how can what is the concept how that target can legitimately be hacked or accessed. You know, would it take a year, would it take, you know, 5,000 people to do this . Is this something that we really should worry about or is this kind of something that, yeah, it could be done, but not likely to be done. And then the last thing we need to talk about is, would anybody be interested in doing it. You know, there can be all kinds of vulnerabilities out there, but if no one is interested maybe we dont spend money and dont spend time and effort worrying about this. Let kind of quickly answer those three questions when were talking about this. So, obviously, the specific target, well, the target might be the u. S. Democracy. If you look at the focus target it would be the Voting Machines themselves. If you look the a the companies, not that many years ago, there were 19, 20, more Companies Worldwide who made who were recognized making Voting Machines and big in that space and people would buy Voting Machines from them. In the last few years, by a natural progression of economy and things that happened on the global scales, companies have merged, gone out of business and today theres really only three or four, big wellknown, recognized companies that build these voting conditions that we would be interested in in purchasing and using for our elections. So, just by that virtue, we have really focused the target set. Its no longer hundreds or even tens, its three or four, and so, that was a very specific limited target set that an adversary would need to go after. The second thing is, you know, lets kind of look at how could this be done . Is there a realistic way to do that . Well, if you look at Voting Machines, as well as, in fact, look at our laptops and our cell phones that many of you are using now, watches on our arms, childrens toys, our refrigerator, what are all missiles, airplanes we go on and a lot of them have already been at def con. What do they have in common . They are built hardware and chips, and they run with software. And you know what . And i think as we both mentioned, in a lot of ways, its not even specific to the voting machine, its hardware and software. And theres chips that are manufactured globally because of the global economy, and we dont know where all the chips come from. And in fact, not many of them come from the u. S. , they come most of them come from outside of the u. S. Primarily for cost purposes. So, there is kind of this natural approach, as to hack the software which has been done for years, but even more so, hackers are starting to look at hardware for a number of reasons. A couple of them are hardware hacks can be more persistent, if you do a software upgrade, the malware the firmware will speak through that and often teams, we think that things are not connected to the internet, often times when we think theyre not, they really are, by the way. But on the off chance theyre really not and somebody wanted to get into this device and perhaps take data away from it, exfiltrate data, they have to find a way to get it out. So if they do a hardware hack, implant, change the firmware, change the chip, now theyve just created a path for them to put the data out and ill say more about that in a moment. Because of the global marketplace, because the Voting Machines, as well as many, many other things, maybe everything, is made of just hardware and software, the concept for how to do this is actually pretty wellknown and relatively easy as weve seen. So this kind of weve created this opportunity. So now who would want to do this . And who has the capability to do this . Well, you know, we can look at a number of nation states who have been actually trying to influence the u. S. Elections for years. Theyve just been doing it in other ways. Now weve given them this way to techly do that, but perhaps theres other elements as well. Criminals, terrorist groups, many of them out there are generally accepted, i believe, by the community in the know, of having the wherewithal, that is the sophistication, the money, the wherewithal to actually pull this off. So you say, okay, well, still, its hard. How would they do that . Hacking one voting machine at a time. Theyre spread all over the country . You know, not really. If you go back to the limited target set theyre coming from four different manufacturers and really shall the supply chain is a great kind of infection vector for them to do that, even within the supply change, so many opportunities, it could be done with an insider for money. They could care less about the u. S. , we pay them off, change the firmware, change the chip process, change that software, so an insider could actually affect huge, huge numbers of chips and things with i would go into the Voting Machines as well as other appliances as well. Also, if you think about it, its just a software hack, could go in and actually hack the infrastructure of the companies that are developing software for the machine and actually, at the very beginning, put the malware in so that when that software is downloaded on the machine. It already has the malware inside it and these are things, read the newspaper today. Were seeing this done every single day. So, as kind of the bottom line is, are the Voting Machines spectral . No, theyre not. Theyre hardware and software and weve demonstrated that this can happen. So, i think that this, if you follow logically this scenario, it should give each one of us causes to pause and really be concerned about the elections and our processes and these Voting Machines of the future. Thank you. So, mr. Gilligan, as the entitle, or the head of the entity that helps with the Cyber Security and ones that administer our elections, what are we going to do about this . [inaudible] first thought would be intractable problem. I was chief Information Officer of the air force some time ago and ill tell story to me to put into context what we with the security used to do. They would do a penetration analysis of each of the services, air force being one and then wed get a debriefing. Im sure theyre a lot better today. But back then my biggest fear was if anyone was sitting in that room from the outside i would be fired because nsa was successful in penetrating the system and i said this is not helpful. I need to know where to start. And so, nsa came back after a month and a half and they said, you know, nobody ever asked this question, but it was helpful because we got our offensive teams and our defensive teams together and they put together what they thought were these are the areas that we see that are exploited or that we exploit. Now, i only paid attention to the first part of the briefing because they said 80 of the attacks happens in origin, misconfigured software, software thats not configured originally properly or hasnt been hacked and thats where we start and thats what i did. I give that story as a way of giving some context for the center of Internet Security is focused on what we call best practices, and con figuring software and patching, knowing whats on your network, controlling administrative privilege, auditing, et cetera, are all sort of what we call basic hygiene, good practices and they truly are effective. Those types of practices, against the majority of the attacks. And i mean, the philosophy being, why do something sophisticated, some examples were given here, if you can get on the net and go after the misconfigured software . Equifax is a good example. Equifax is a good example because the apache strut software that was exploited is an open source software, it does not have a supply chain issue, and its often embedded in other products, as sherri mentioned. So this gets to be sort after complex problem. Anyway the center for Internet Security focuses on best practices, we provide we take commercial versions of products and we, through a collaborative process, we define what should be the secure configuration. We disable those things that have high security risk. We enable, control that are going to ensure that we have better security. And then we promulgate those. In addition, we have developed what we call the set of controls, its the basic hygiene activities, that happens to be 20 of them, and 0 your view is, if an organization focuses on these, they are addressing the most Common Threat patterns and theyre going to be significantly more secure. So, our effort internally is going to be to take the elections eco system and to develop a set of best practices, a handbook for best practices for election systems. And were going to do this following our normal process and sort of a collaborative manner. We have, you know, about 4 or 500 people currently who collaborate with us, were going to expand that horizon a bit because there are a number of those who have specific expertise on election systems and were going to invite them and obviously dhs in this. And were going to invite the elections System Committee which has responsibility for working on the Voting Machines themselves and secretaries of state and other elected officials. Lets get together and quickly by the end of this calendar year produce a set of best practices that will be given to the state and local government. Our effort will compliment what the elections System Commission is developing presently, with the National Institute of standards and technology, called the voluntary Voting Systems guidelines, version 2. 0, which is an updated version trying to address a number of issues, including security. So, that effort, were going to undertake immediately. Obviously, based on the background of the organization, focusing on best pragctices, weve got a foundational effort for this. Were going to move forward. The other hat as jake mentioned weware under Internet Security, under dhs oversight and funding we provide security to states, local, tribal and territory, tribal or territorial organizations. We have about 1500 members. We provide education, we provide security monitoring, vulnerability assessment, we provide Incident Response capabilities, alerts and warnings. In addition, as part of our education campaign, were going to increase our emphasis using this handbook on election systems in conjunction with other our best practices to see if we cant use election systems and improve across state, local, tribal and territorial organizations. Fantastic. Jeff, can you tell us, what are you guys planning for next year at def con . So version 2. So, next year is our last year under the when do we find out if it gets renew renewed . The first application period is over, im not last year we had, that was in may when we had the last push. In may, so we might know if its going to be extended or not so well be able to adjust what we do next year. The idea is, we want to get our hand on this part thats really hard to get our hands on is the Backend Software that ties Voting Machines together to tabulate and accumulate votes and to provision of voting ballots and to run the election, to figure out a winner. Boy, we really want to have a complete Voting System to attack. So, people can attack the network, they can attack the physical machines, they can go after the data bases. This is a mindboggling part just like its the first time this has been done with no ndas, theres never before a test of a complete system. Its mindboggling. Harri can tell you ten inside baseball stores why that is. And special, i would love to create any kind of a complete system. It doesnt have to be the most uptodate complete system, but thats what were aiming for, we want a complete end to end system so its one less thing to argue about, we can say, look, we did it here, too. And everything from the voter walking in, register the vote. Maybe the def con attendees who want to play they register online and keep the data base online just like a county would and maybe people attack that before the show and then wed have the poll books and the voting and tabulation and everything. And so were going to definitely, with the success this year, were going to try to invite some of the manufacturers to see, do they want to help us out, do they want to provide any best practices, but really, theres just been crickets in that area. I think probably because its the first scrutiny the manufacturers ever had and theyre really not quite sure what to do and thats a pretty routine response. We saw that from the medical device world. Car world, Access Control, atm. When the Industries First come into contact with hackers, as people giving an honest opinion of their technology, they pull back and hide for a while. Once they figure out youre not going away. Were not going away and tell you if you do a good job were going to tell you its awesome and a poor job, hey, please fix that. The best part is, its free. Youre getting some of the worlds best hackers doing pro bono work, giving away reports for free. Normally, these people are thousands and thousands of dollars a day and theyre just doing it because they want to see whats possible. So, i tell them, take advantage of this free resource, learn what you can. Okay. So before and jeff, i think this is a little bit in the studies which have been made by ohio, california, none of those really have had everything, not the infrastructure. Theyve been concentrating on Voting Machines. Even if you look at the Voting Machines in def con village, we look at the certain part that we hadnt looked in these studies. These kind of comprehensive, this is the election office, lets take a look from the at how to, that has not been done ever. In 15 years. Well, longer than that. And the other thing that i want today point out, and what is in the u. S. We checked it back from electric knockout. Its the def con of latin america, buenos aires. The same problems we are talking here are right now in argentina, and this is a international problem. We have a different flavors of democracy, but we have similar problems. So this is really an international move. Thats a great segue to our next speaker, general douglas. Thank you very much. First thanks to fred at Atlantic Council. Youve done an extraordinary thing. Two communities that reside in washington that dont usually meet for lunch. These are the technical experts, the hacker community, sometimes you can tell by our dress, and the diplomatic National Security community. Ap weve got you all in the same room. Which is really important because that merger of these two communities really highlights my main point today and that is that the technical vulnerabilities that were just described are really, i think, given the 2016 experience, raise this to a National Security issue. In fact, in my over 40 years of working on National Security issues, i dont believe ive seen a more Severe Threat to american National Security than the Election Hacking experience of 2016. Now, that may sound extreme, but when you consider the fundamental connection which could have been compromised, and may have been compromised last year, and this is the fundamental democratic connection between the individual voter and the results of the election, if you can compromise that, you dont need to attack america with planes and ships and you can undermine democracy from the inside. And i think thats really the nature of this threat. Todays session is not about the forensics of the 2016 elections. I have confidence, i think we as americans should have confidence that the multiple investigations that are underway will reveal to us the full impact of what happened in 2016. The forensics here will come out. But we do know this much, we know that russia tried to influence the election outcome last year in the favor of one candidate, and we know at a minimum they tried to discredit the outcome by casting doubt on its legitimacy. Thats enough to get started, okay . Why is it so serious . One of the questions here that sherri asked, so, who cares . Who would want to do this to us . Well, we have at least one answer based on the 2016 experience and that is Vladimir Putins russia. Let me make five quick points about why the 2016 experience is worth paying attention to. First of all, this is a National Security issue because putins already demonstrated successfully that he can do this. In military terms, a threat is the combination of a capability and the intent to use it. All right . Well, thats the end of that statement. He has the capability and he did use it. So we have both capability and intent here. He influenced our political process, he cast doubts on our democracy and frankly, look at workout today. He added to the gridlock, the political gridlock in washington today, all at very low cost to him. In military terms, this is a classic definition of a threat. We would never accept, we would never accept this level of vulnerability in any of our traditional National Security systems. Think about the military command and control system. We would never accept this, all right . The targeting system, our intelligence systems, the weapons control systems, systems that control our nuclear weapons, right, we would never accept the kind of vulnerability that was exposed at def con this year. So, weve got work to do. The second reason that this is a National Security issue is that russia is not going away. This wasnt a oneshot deal where they maybe tried something and theyre onto the next target. Vladimir putin can be in office at least until 2029, and even when hes replaced some day, any successor russian leader would likely be attracted to similar track particulars to inflame russian nationalism and to weaken his international opponent at low cost. So theyre onto a tactic that i think will stick. Russia learned a lot from what i think were a series of probing attacks in 2016. My guess is they were somewhat surprised at what they learned. Much like some of the participants at def con. They were surprised at how out of date it is and vulnerable it is. I think we should the next attacks would be more targeted and even more sophisticated. So the russian threat is real. Its here to stay even beyond putin. Third, this is a National Security issue because others watched. Others were observing what happened in 2016. If russia can attack our elections so can others, think about iran, north korea, the socalled Islamic State and others. Fourth, this is a National Security issue because time is short. The 2018 and 2020 National Elections are really just around the corner. I mean, 2018 elections are 13 months out. And were disclosing today by way of the findings of the def con report just how vulnerable these symptoms are and weve got essentially 13 months to harden our democracy, harden the process. And finally, this is a National Security issue because other democracies are vulnerable, too. The panel mentioned democracies elsewhere, but democracy in europe and south america are also vulnerable, as these same democracies make up our community, of our closest allies and our closest international partners, so isnt an america only vulnerability. We know for sure that russia has tested to penetrate and corrupt other electoral systems, think about the french elections in the spring, but long before that, the elections in ukraine, processes in georgia. Major attacks on the Baltic States and so forth. So for these reasons, all of these reasons, the security of the u. S. Election process should be a top National Security issue. Now, look, im not the expert here on the process and voting and the machine and the hardware, the software, thats not we have those experts here, thats not me. The good news though is with these experts assembled we pretty much know what we have to do. And weve got to get that set of bad practices that John Gilligan mentioned out to where the rubber meets the road. Thats literally not only to the 50 states in the union, but thousands of voting jurisdictions across those states. So, weve got a lot to do in a short period of time. We agree, and we commit to you today that this group, this Informal Coalition will convene and within two months, come back to this community, this joined community, with best practices. This has to be a nonpartisan, bipartisan effort. This is not about party politics, this is about our fundamental rights as mrn citizens, and about the health of our american democracy. Look, for over 40 years, as the military officer or as a diplomate, i didnt question the sanctity, the validity of my vote. Like many in the military and state Department Communities and the intelligence communities, we often vote by paper ballot because we voted by absentee ballot and i see a lot of head shaking in the room here, you complete your ballot. You sign the back of the envelope and mail that in. Frankly for 40 some years that was enough for me. I did my civic duty and had confidence that that vote was going to count. Over the last 12 months, given the experience of 2016, i dont feel that way anymore. And i just challenge all of us to think seriously about the challenges that we now know took place, that were attempts to compromise and corrupt our fundamental rights as voting citizens. So, look, its time to get this fixed and weve got to secure our Voting System as a National Security priority and this report, this report is a first start. So let me turn it back to jake. [applaus [applause] thank you, general. So, were going to open up for questions and i want to highlight three points that the panelists and speaker made here and make sure that everybody takes home with them as doug wifes like to say, whenever i go to an event i want to either learn, know or do something coming out of it. So, here are the three things you can learn, know or do coming out of this. Number one is, there were dozens of successful attacks into the machines, theyre all outlined in the report or most are outlined in the report. And the one that we really want to highlight that came out after a lot of Research Done on the machines after def con was that with parts made all over the world and software made all over the world and as sherri said there are only three or four manufacturers, the one core point that kind of Election Security experts and others have been making why those are safe, the decentralized nature of our Voting System, the thousands and thousands of voting offices around the country that administer the elections, is what kept us safe because russians would have to have tens of thousands of operatives have physical access to the machines, we now know thats false. A handful of attacks manufacturers not in the United States, the russians could plant malware into thousands of machines all at once and hack the United States election without leaving the kremlin. Thats pretty important finding number one. Number two, is, i think what jeff said, which is that especially if youre an election official, the thing to do coming out of this, contact the folks at def con and offer to give out your machines, your data bases, give them access to whatever you want tested and jeff said this is essentially free testing and training for your staff and that would normally cost you millions of dollars to purchase on your own. And finally, maybe most importantly, the center for Internet Security is convening a coalition, Informal Coalition of pretty impressive folks, like the Atlantic Council, to arrive at best practices, and then to help educate congress as to why they need to pay for these best practices to be implemented and then ensure that state and local governments implement them. So with that, i want to open it up to oh, when is harris hack Op Technology . Oh, at the end. [laughter] well have a live demonstration. Yes . Hi, im sorry. Oh. [inaudible] i didnt know if you were pointing to somebody else. Sei this is so important and critical. And i was at the def con conference and lectures and harri has been amazing on this. I want to raise awareness how important this information was as a translated to states actually going to secure their Voting System. And some people may know, the state of virginia recently transitioned all of their voting equipment to paper ballots and they did so because of some of the vulnerabilities that were disclosed in the def con conference. They reached out to us, and we helped get them some information and i know harri was in contact with them giving them information and letting them know what was found and they were able to go and provide that information to the state board of elections, this is the department of state. And the state board of elections was able to take that information and understand the security vulnerabilities, moving to paper ballots, a transparent system that can help protect us. I want to thank you for seeing this into real world change. Fantastic. Professor, do you have a question . Okay. Introduce yourself. Sure, im alex halderman, a professor of Computer Science and engineering at university of michigan and ive been working on the problem of securing election infrastructure for about ten years. And i just wanted to offer a couple of reflections on this absolutely fantastic achievements out of def con. First, as the ambassador lute says, this is absolutely a National Security problem and i think thats the biggest thing thats changed between when i started working in this field and today. We started in about 2007 thinking, well, its possible that some people might tamper with a few localized election systems, but, state level attacks, nation state attackers, changing a national result, that sounds like Science Fiction. It doesnt sound like Science Fiction anymore. The Voting System as weve seen in many, many different studies over the past ten years that have come out of different academic groups, is vulnerable throughout the technical infrastructure. The infrastructure is adecade or decades out of date, and there are all kinds of ways that attackers might be able to compromise voting equipment. What the def con results do in my mind more than anything else, this is an amazing confirmation and extension of all of the different work that has shown machines to be vulnerable. And now, even in machines like the acu vote tsx here that harri and others have studied in the past, theyre yet more vulnerabilities being found by studying it at def con 2. These machines are broken to the core. But in terms of the solution and i think the best practices that will be developed by this new initiative are going to be a fantastic step towards helping states secure the infrastructure, but the one other component that is just so critical in this and part of the center of the solution is really low tech. And thats to make sure that were voting using paper, as about 70 of the country already does. And that were looking at enough of that paper to know whether the computer results are actually right, through postelection audits. These are two simple and low tech steps, but as President Trump himself said on election day, theres Something Really Nice about paper, you dont have to worry about hacking and by taking these simple and low cost steps i think we can go a long way to protecting against so many different threats in this sphere. Yes. I actually have two questions about the technical aspects of the report. The supply chain problems, which you brought up. Beyond creating chaos in the election, can those be used in any way to target a specific election . Well, first of all, the short answer is yes, because if you have a persistent attack, then, that is your universal door and your only question, what is the comment and control structure. One of the easiest things is actually name of candidate on a ballot because you cannot change it. You can use multiple ways of communicating with the persistent attack. Sherri. Yeah, my comment would be, just assume all you can do is create chaos, we know theres more than that. But just to have, you know, even a little chaos would cause a loss of confidence in the system and cause people to walk around and say, is this legitimate, was the election legitimate and even if it was, the fact that people are questioning that i think is hugely damaging to the system and democracy in general. I dont think you have to go past creating the chaos for this to be a significant problem for us to Pay Attention to. Im sorry i go ahead. Assuming that assuming that there that voting, that either the companys charged with maintaining the systems or states who are maintaining the systems follow best practices, the back doors would still only be accessible to the usb attack, am i just trying to get the sense of the extent of the so, let me answer two things. First thing, i think we have to rethink our trade model. In dealing with our thinking, the model is a candidate wants to win. They have not been people are not asking what are the possible reasons. For example, if i would be a professional criminal and would i know that there is no results on wednesday, there will be a stock Market Reaction and if i can bet on that, i can make a huge amount of money. So, theres a humongous opportunity, by not causing chaos. And the other machines have a usb port, the other thing the false statement theres no wireless. And whatever is the opinion you have about jill stein forced a recount, one of the information that came out in a while is that theres a new generation of machine which uses wireless modem connecting to verizon. What could possibly go wrong . So, the answer here is that we really found as a community that this information is it has been in public documents, and stuff never disseminated and wireless, but now its already back in use. So, you dont need to have a physical usb. You can just use wireless. That was my second question, is the report only mentions the one machine that or the one brand of machine that had the wifi remote. Were hoping for another sto storm. But you mentioned the machines that connect to verizon and and. The information flow, you probably want to maybe try the 200, but theres a paper ballot scanner machine where one of the the features is wireless capability. And do you want to comment on that . Okay. And alex has more involved than i was. We were both involved in. Right, so, what we know from studies of different machines as well as the back end infrastructure is that there are several ways that they might be remotely attacked. One is through the supply chain as panel lists have emphasized that could be through machines when theyre sold or through Software Updates to the machines delivered to the manufacturers. Another route is through a style attack before the election, every single voting machine has to be programed with the design of the ballot. Races and candidates and that programming is copied into the machine through a memory cord or usb stick. What weve demonstrated in past studies, if you can modify that programming you can take control of the voting condition and to miscount the votes and to shift votes to candidates that you want. Thats a danger because the files that define the ballot are often created on machines that are connected to the internet. Let me chime in. The other thing here is that what has been discovered, also, is that its commonly in the United States, this is really u. S. Specific issue, is that the smaller jurisdictions use the Service Companies to do the programming for them and that means that the actual programming of the machine happens outside of the legal jurisdiction, who is responsible for running the election, which, in my opinion, means that they have no control of their own election. Yes, go ahead. Let me just try to raise the conversation a little bit above the machines themselves because thats this is a known vulnerability. But when you take jeffs approach, its a whole life cycle or eco system of the election process, there are other equally disturbing visibilities. So think about the Voter Registration data bases, for example. All the voters here in the awed once. Youre on tomorrow data base used to validate your entry to the ballot. So if you can corrupt the data bases all stored on the internet. By transposing two digits of your street address or changing your middle initial, right . The voter, doing his civic duty shows up at arlington fire station and across the river to video that day. The i. D. Does not meet the data base, he never gets to the ballot. You look at the life cycle of the process, this gets to jeffs point, this is one known vulnerability, but there are likely other vulnerabilities equally problematic. Go ahead. I hope the panel can comment. Alex has worked on this issue for a long time and the solution on the voting machine front is the low tech solution, vote on paper. Look at the paper. But the problem seems to be political in getting to the solutions and you know, our nato allies have moved to paper. The french election, they used to do internet voting for overseas and military voters and they stopped in in face of the threat. The dutch moved to paper and then hand counted the paper in the last election, and we are struggling at the National Level to get voluntary grants available to states so they can maybe switch to paper, so they can do post election audits. If you can talk about the how to create a Political Climate of urgency, which just doesnt seem to be there. Well, so, i think thats like a i think thats exactly why were trying to do this and exactly why were partnering with the Atlantic Council, which is, you know, one of the preeminent National Security organizations in the country. We think that without firmly positioning that this is National Security, as the National Security problem that it is, well never get the urgency that we need and thats exactly why were here today and exactly why were so excited that the center for secure mass convened these for best practices and to help with that. And this is sort of im going to ask doug that, is this sort of lack of imagination, like going from the abstract to the concrete and you have so many things to worry about and this is one more. Now that its arrived, you have to take steps and thats scary because now you have to face a new problem. Theres no four years of this is a new issue which brings with it some risks. You know, you have entrenched lobbying interests in that. And im sure the manufacturers dont like being called out. I mean, who would . Nobody would. And so, and im sure some people stake their reputations and careers on buying this and the budgets and theres a lot of interests involved and youll have to pull a uturn and i bet thats going to be a problem. Thats right, its fundamentally a mental shift from the presumption that your vote is secure or our votes are secure, to now, i think, a presumption that, you know, maybe theyre not so secure. And that doesnt come overnight, but thats why events like today, why the def con experience, events like today. These reports are so important. The first steps in addressing any problem is that theres a problem and what were trying to do is amplify that nationally so there is a broad recognition that this is a problem. Thats its a National Security problem that its a bipartisan or nonpartisan problem and cuts across the structures and that we in america have to wake up to. At one time we thought we were invulnerable. It turns out were vulnerable. Harri. I think he had comment. Just go ahead. Dustin with reuters. Related on the last question and broader more systemic vulnerabilities, just recently notified 21 states believe they were targeted on some levels by Russian Hackers and a couple of states said thats not true. What you told us is not our election systems, but our department of labor or something was scanned or targeted, wisconsin, california, i think there were one or two others. So im wondering if the issue of how we run elections in the United States on sort of the state, federal, relationship, if thats a specific vulnerability in your view that makes the United States more makes it more difficult to address these problems . Because our other tensions and two of those tensions specifically, dhs says theyre trying to work more with the states and in the past couple of weeks shown theres a lot of tension in the room when they try to discuss these ideas and try to figure out what really happened last year and move forward to 18 and 2020. Im wondering if you have specific recommendations how to address the federal government and the states can be improved Going Forward. John, do you want to comment on that . Youve got to thread this needle every day. Yeah, so Going Forward, dhs working with the states has agreed that there will be a much more invigorating process for notification and information sharing, so theyre agreed that theyre going to create whats called elections information sharing and analysis capability. And so, i think thats and so, the early results on that collaboration and coordination are going a long way to resolving some of what i saw were the problems in the past. He think a lot of problems in the past were, if i could descri describe there were technical activities that were recognized and the Technical Community within different organizations were notified. Now, that happens every day. And so, it was the tie to the elections and as ambassador lute pointed out, sort of, weve sort of weaken to significance for potential threat patterns and i think that thats what caused some confusion is that at the time it was recognized there was an activity, but it was viewed as sort of the run of the mill, everyday event. It was only in retrospect when it was linked to a pattern of activity, and then it became to rise to the level of saying, wait a minute, this is really a campaign that has a particular objective and then i think all of the Early Communications sort of got sort of lost and so i think Going Forward theres been a commitment to say, all right, we just need to make sure that were engaging with key stake holders and those who have responsibility and not with the Technical Community and hope that helps a little bit. In the back with the black book. Thank you very much. Paul from nsi. Thank you very much def con for the work youve done and those who collaborated with this. I have a historical question related to the supply chain. I dont know the exact year, but roughly about eight years ago when a security colleague of mine came to me after what he when he came from china, election equipment manufactured in china and i told him to report that to the authorities and linked him on that. Im wondering if anyone knows anything about that situation . I think debolt is out of the business now, but the idea that equipment is being manufactured at a country like china and if any analysis, do we have any analysis of any equipment that was, lets say doctored, specifically doctored for the in your opinion of exercising an option if they chose to affect an election. Two things to. That one is when you look at holes, its full of hard to understand are the holes or is it just because its just sloppy, its quality. Dumb are not adversaries are not done, theyll make sure that if there number of problems, one is their back door in and if theyre caught, theyll say of problems here, its hard to tell if that problem was intentionally put there to be used or not. Secure systems where the wait a minute thats a sophisticated back door you can have this conversation but at you know, probably dont have to install anything specific because it isba already so oe of exemptions prevents us from sharing so research percent got their hands on the machines they the software on afl these machines. But theres a prohibition for copyright where you cant just publish the software dump. You can look at them. You can analyze them but cant post for y anyone to download so were a little bit hampered because you pretty much have to get your own machine, dump your own software analyses your own software and tell world what you found without releasing the software. Butel some people are doing that looking through by their and functions that dont make sense. But it isrd not as as as we woud like because you cant share to a Larger Community to get a widespread analysis. So perry had had a really interesting find on one of the taiwan taiwan machine. So yeah first of all the machine which is is from it saves manufactures from taiwan when you find a company to find their main well the only is in china. So thats probably there. But more to point a second many thist area for working this is almost impossible tool make any kind i of reasonable educated guess whether youre looking. You want to think it is. But theres so many things where you really in the finding you stop and say what would be the legal use for these . What would be the reason you would do this . The answer always a test. So also i would like to point out by the way puerto rico i wasnt planning to do a live demo here because of the time we have. So one more thing i want to point out is that hardware is software, rightt now think that soflt software is cheap and hardware is millions of dollars. We are going leave the last few minutes of this forum on voting machine has hacking and Election Security all available on our website go to cspan. Org. Live now to capitol hill for hearing on transportation Infrastructure Investment builders and transportation specialists will be offering proposals to keep up with population increases and demand for freight transportation. Live coverage here on cspan2 should start . Just a moments. [silence] [silence] [silence]