Including Building Infrastructure security and foreign attempts to shape public debate through disinformation and online commentary. This is an hour in 10 minutes. Like many other think tanks we are doing more and more work in this space, information particular and just this month we published a giving some policy recommendations on how they can counter russian Information Operations so if you havent seen that please take a look, it is available on our website. Last month we rolled out a cyber , the websiteacker you might have seen when you walked in. It is a list of publicly reviewed cyber operations, it goes, dock thing back to 2005. We have approximately 200 known to addts in the plan is more as they happen and as they become more known to us. Please check that out, it is updated every quarter. If you have an incident we dont know about please let us know. Find me today if you have ideas and suggestions about how we can be helpful in this space, what we should be doing, if we are doing things we shouldnt be doing. Thanks for spending the day with us today. Good morning, everybody. Im sam price from cnn and we are going to have a conversation this morning on hacking into our election systems. The next panel, the 10 00 a. M. Panel, will focus on attackers and how other mischief makers are trying to influence Public Opinion and influencing the public and how that might change votes, but this panel will focus on how mischief makers might try to change votes. We will talk about the security of our election system, Voter Registration, tabulation, and if you think back, hacking here or hacking there but can they really impact an election, just look at the election that happened last night in atlanta. If you are not familiar with what happened, it is yet undecided. The democrat is ahead at this moment by 729 votes in one of americas largest cities. Any mischief could affect any election. Who happensanelists to be the secretary of state of indiana told me about your race this morning in her state that was decided by just one vote. Id like to start by introducing our panel, Connie Lawson is the secretary of state in indiana right currently to her is an associate professor of computer and Information Science that recently helped organize the desk on machine hacking experience to test the vulnerability of election Voting Systems. To my right is the director of the Cyber Security project at the harvard belford center. Michael previously worked at the director of plans and operations for cyber policy in the office of secretary of defense. Thank you for joining us. We will spend about a halfhour having a conversation, and at about 9 15 we will open it up and have you all ask questions for our panel and will continue the conversation until nine clues 45. Until about 9 45. Connie is responsible for the Voting System at the state of indiana, and works across the country. So would you describe our Voting System, in your opinion, as currently safe from hackers and mischief makers, or are you particularly concerned . Where do you fall . I know, first of all, people in the audience have heard this before, there is no evidence that any votes were tampered with in the 2016 election. Security hasion always been priority of secretaries of state, and i that everythe emails chief election official received in august or september changed the way we do business. We are making Cyber Security a priority and we have done a number of things working with the department of Homeland Security and the fbi to make sure that we get the information we need. The number one activity since for the election secretaries of state have been to improve the communication between the intelligence agencies of the United States and we as chief Election Officials can get the information we need in order to prevent and or react quickly if there should be a cyber attack. Im going to put you on the spot. Are you comfortable at this point knowing that no system is perfect, but are you comfortable knowing that we have done as much as we can do . Are you comfortable that if there were an election tomorrow in indiana, it would be safe . If you say you are comfortable, you should be worried. I will never say i am comfortable, but i am always going to say i will be vigilant. I do to leave we are doing everything we possibly can in indiana to make sure elections are safe. I am very fortunate, not every state has the support of the General Assembly. My assembly appropriated 1. 4 million to make sure our system is secure. We migrated our data, we have done a number of things to secure outward facing websites, we certify our Voting Machines for use, we have what we call the Voting System technical oversight program. We know where every machine, every type of machine, every serial number, every tabulating machine, we know where it is. I feel good about what we are doing. We have been told by dhs and analyses centers that we have been doing the right thing. Matt, do you feel good . Isi feel good that connie doing the best that can be done,. What i worry is that the best that can be done is almost certainly not good enough today, or the honeymoon is going to end very very quickly,. A little bit of background from my perspective. I am a computer scientist, a technologist. Teams i lead teams contracted by the states of california and ohio to do a top to bottom review of their system technology, including the Voting Systems and backend systems from the vendors used in those states, which turned out to be the same vendors used in the other 49 states. 2007we discovered int is that these systems were riddled from top to bottom with exploitable security vulnerabilities in virtually every component of the system. Some of those vulnerabilities were coding errors, bugs in programs that can be fixed, some were more architectural, particularly in the socalled e touchscreenth Voting Machines that record voter selections electronically in their internal memory and the systems that process those. That thisgly, we know can be exploited and in many cases they can be exploited with no more physical assets that you would need as a voter or poll worker at a precinct, but there has been no evidence that they have actually been exploited in any election. We have to walk a fine line between saying, look, this technology very desperately falsely be improved and telling people that our elections are illegitimate. I dont want to say that our elections are illegitimate, but i dont want to prove that they arent, because in some of the cases the technology we are using doesnt really tell us, and that concerns me greatly. Michael, what do you think is the biggest vulnerability of the Current System . First, thanks to the council for putting this on and for having us here. I was at dod, so i never feel good about anything. I never feel comfortable. The challenge that strikes me is risk reduction, not elimination. You have to set your standard in some way that is reasonable. You are always going to have some level of uncertainty here. The challenge and the opportunity is to reduce that risk as much as possible. It is nice to hear the General Assembly wants to help you do that with some appropriation. The challenge that i see is that it doesnt take much to have an effect on the vote count. We dont need to have National Wide intrusions. Reducing the risk of gaining unauthorized access, that is the risk return, gaining unauthorized access. You do that in a couple key jurisdictions and get the timing right, you can change accounts. You can make things more difficult for the folks who are trying to make sure that our elections are conducted in a way that is High Integrity as possible. You can really complicate that effort in just a couple key ways. That is my perspective on it from my experience, it doesnt take much but we have to reduce the risk. Make sure thatto everybody understands that the last election we questioned was when we were virtually using paper and punch cards. If you think about the way we do elections today, i have been a county clerk, and i have been on the ground and run elections, and i will tell you that there are security measures that are local Election Administrators taking that make it very impractical for someone to get to our voting shoes. These machines are kept under lock and key, and most of them of. Theisual scanning facility we know who comes and goes they use logins, so we know who comes and goes. We do public tests, and once the public tests are run before an election, and we know votes are recording properly, and that there are no votes that will be present on election day before someone comes to vote, those machines are sealed. When a Bipartisan Team arrives on election morning, they cut the seal from the machine and a record the number. One of the first things the Election Administrators do at night when they get the results from the precinct level is they look to make sure that the serial number on the law that was cut off the machine is the serial number that was placed on the machine after the public test. Team a bipartisan delivering these results is it possible . Yes. Is it practical . I would say no. Aspectse many physical of these Voting Machines in tabulation machines that have ween place for years dont put them out in the middle of the courthouse and say have added. Election,ed the 2000 35 days i will never get back. As a result of the florida recount, the federal and State Government spent billions of dollars to help replace many of our election machines. The florida system used punch cards and paper ballots, which are not always easy to read. Largelacing them to a extent these electronic touchscreen ballots that didnt have paper records at all, they were completely electronic. In indiana, what percentage are those machines . We have 92 counties, and there are 50 plus that use the dres, but the ones we used to have a paper audit trail inside the machine, a mere image of the ballot. It is not voter verifiable paper trail, but there is a paper trail. Debacle makeorida things worse . It made them different. Us from aally shifted system in which you could have very vulnerable to smallscale which mishaps to one in smallscale retail mishaps probably have become less critical since help america vote paid for that by exposing ourselves to catastrophic failure in ways that we previously werent. Our elections are far more dependent on the integrity of software, and that is something that we simply dont know how to do. So if we had all the money in the world to design our system today, what sort of equipment, machines, system if you were in charge of voting in the United States of america, how when you have americans vote to get us the safest possible outcome so that at the end of the day, the day after or week after election, the losing candidate or anybody else cant come in and question it . I would hire matt. [laughter] thats a fine idea. [laughter] things, you have got to have paper to have an audit trail on every machine, and you have to have a way to turn off the wifi. Im with you one physical access. Aboutt have concerns anybody rolling into the courthouse and having adequate, but wireless it, networks are a problem. Some of the machines we looked at we found couldnt even turn off the wireless, it was not possible. That is a security problem. Connie, if the legislature gave you 20 million, 200 million, what would you buy . I have no idea. I need the experts. But i would certainly be doing a lot of research. I would say the most important thing is education. A number of states, our governors have set up Cyber Security councils, and we have one indiana. We are working with local elected officials, running fishing email campaigns to educate them on what to notice, what not to notice, what to click on. We are working on multifactor access so passwords are stronger. Those are the things that we are doing in the state of indiana, and i think most secretaries are doing that as well. Id say that the very first election i ran as an election ministered or was in 1989 in hendricks county, indiana, and we use lever machines, which there might be one in the state museum now in indiana, but i itl tell you that wanted to make you feel very well if you saw the way those results were taken in. Wed get a written total from the precinct, and you have a tally sheet. I remember sitting on the floor with this huge tally sheet, and numbers get transposed, you are adding all this up it was a disaster. It really was. I think we finally ended up with a result that was fair and correct, but 2 00, 3 00 in the morning you are still working on these paper tallies. People are not that patient today. The worst thing we could do would go back to all paper. What we need to do is think about how we can make our Technology Work the way we needed to work. If you had billions of dollars what would you do, . In the oneny, im branch of Computer Science that has most of my time spent posting out how terrible Computer Science is at building reliable things, and we really are truly terrible at building Reliable Software systems. It is literally the first problem of Computer Science, we dont know how to build programs that dont have bugs in them. That may at some point in the future have a breakthrough that makes that less of a problem, but it has not yet happened. This problem is getting worse rather than better as we build larger and more complex systems. So what is the solution . That anyoneution has come up with for elections is a concept invented by a professor of m. I. T. Called Software Independence. That is to say, we are going to use software, it has all sorts of benefits to add computerized election systems, but we dont want the integrity of the election to depend on the integrity of the software, because that is simply a herculean task. So the technology that exists today, that has this property of Software Independence, is a combination of two existing things that we can do today. One is whats called precinct counted optical scan ballots, ballots where the voter marks a ballot, or maybe uses a ballot marking device, to create a paper optical scan ballot set into a reader at the polling place that records the selections and keep the tally and then captures the physical ballot and stores it in a locked box. That technology has the advantage that it maintains an artifact of the voters choice, that the voter actually marked. The second thing you need to do is make sure the software doing the tallying has not been tampered with or doesnt have bugs in it. That can be an issued with risk limiting audit, where you do a statistical sample of the polling places, do a menu will count of the paper ballot, and ensure that matches the electronically recorded results. If it matches, great, if it doesnt, you have a problem and you have to do more of the recounts. The issue of doing those things properly, this Software Independence property, it eliminates a wide swath of potential vulnerabilities that are really hard to counter and any other way. Britishched the election this summer, reasonably well developed nation, the united kingdom, held an election for parliament the summer. They used paper ballots, they are tabulated at each constituency, the people who voted for candidate x, a pile there, kouachi who were checking, they count and recount and write them all down, then someone stands at a microphone and reads off the results, never touching a computer. The only one who seems to add them up, they literally do the arithmetic but that is it. What is wrong with that . Isnt that foolproof . Why do we have to get fancy . Theres nothing wrong with that, but the United States are we just impatient . We are impatient, we are americans, we are an impatient people. But the more serious problem is mostu. S. Elections are the just a quick complex in the world. We vote on more contests on a single ballot, we have more different ballots, we have School Board Elections and the dogcatcher election and referenda, bond issues, and so one. In england, they are voting for a parliamentary democracy, a single representative in general, or may be one or two issues. Here, i vote on about 20 Different Things in philadelphia. Michael, you work for the department of defense. The word we have not said, russia. But that is the backdrop for this, at least right now. Do you believe that russians or any other bad actors, but we will use the russians, tried to hack our election, want to hack our elections, or are actively trying to break through all of matts fancy systems, or is this really something a problem we are overstating . Do i believe that a Foreign Intelligence Service would love to gain unauthorized access into systems that would reveal information . Absolutely. Would Foreign Intelligence Services love to be able to gain access to systems to try to change tallies . In their dreams, they would love that ability. Its hard for me to see a proposal being discussed in the kremlin and the Security Services and they say, no, lets let it go. We are not trying to hack their elections, are we . Who knows. [laughter] they may wants, to be able to achieve these outcomes, predictable and understandable. Being able to see the causation from intent to actually being able to realize an objective, that is the tricky pa