Today on behalf of everyone at Atlantic Council, on behalf of people who pulled this altogether so its to you for everything you are doing in our Cyber Statecraft Initiative for the launch of this crucially important report. People standing at podium say things like crucially important here it really is. Hacking the election, lessons from the defcon voting village. Here the Atlantic Council we operate under the entry nation of working together to secure the future. This has meant Service Later because of theco fount of the Atlantic Council were there at the creation. One of the people who helped found this was dean acheson wrote the book. We see that order as being under threat and we see one of the things thats most under threat in the order we created is the advance in the protection and the security of democracies. We believe and stable, prosperous world depends on building and sustaining a democracy. Depends on the sanctity of the vote. In recent years this fundamental court to our system of government has come under threat. Unprecedented assault in the United States and europe are bringing scrutiny and uncertainty to once in viable electoral processes. We Atlantic Council have been doing quite a bit of work encountering this information both within our Eurasia Center and in our Digital Forensic research lab, some real cutting edge work. We havent done yet work in this area so its a particular pleasure and honor to be associated with r this event and work behind it. In the current geoPolitical Climate, preserving or in some cases reinstating, public faith in the integrity and security of our elections is more crucial than ever before. This can only be achieved if were able to protect the technologies, to protect the technologies underpinning our p democracy. While much of the discussion over the past 12 months has focused on the russian link Information Operations with carefully timed leaks, fake news, facebook has most recently, recent revelations have made clear how vulnerable the very technologies we usese o manage our records, cast votes in tally results really are, and thats new. We now have alarming evidence f russian connected hackers, successfully breaching electron pull books and state and local voter databases in a lease 21 stitch across the United States this recently released by the department of Homeland Security. You have to understand how careful dhs is before puts out this kind of information. The Technical Community including many Atlantic Council experts have attempted to raise alarm about these threats for some years. This summer the experts on todays panel and others concerned about the safety of the vote teamed up with the Worlds Largest hacker conference, defcon, to host the first ever, and i underlined this, first ever voting machine hacking village. This determined group invited security researchers to probe two dozen electronic Voting Machines, many of which are still in use today. The hackers were able to break into and gain Remote Control of the machines in a matter of minutes. These findings from the voting village are incredibly disconcerting. We the Atlantic Council applaud the groundbreaking and tireless work of the organizers to shed light on these threats in this unsettling b reality. We believe that transparency is about 80 of what is needed here because you do actually understand to know the threat in order to get the targets and others to take care of defending itself. Thistt is simply a cyprus could issue but the most pressing National Security concerns eating at the bedrock of our democracy. The councils own cyber team is proud to support at this critical effort by taking representative james link event and will hurd to las vegas this july, the first sitting congressman to ever attended the conference and witness firsthand its voting village. Ty we are honored to continue this partnership by convening todays discussion and we look forward to assisting in the next steps this crucially important effort. You may have read in usa today that a group is coming together to try to continue to work and continued to work around this, and we are proud to be part of that. Before i i turn it over to jeff moss for his remarks let me take a moment to introduce our panelists. Jeff is the founder of two of the most influential Information Security conferences in the world, defcon and black hat. And hes a senior fellow with Atlantic CouncilCyber Statecraft Initiative and our Brent Scowcroft center on interNational Security. Ambassador doug lute is a former u. S. Permanent representative of tornado and serving under president obama from 20132017. Prior to this and after retiring from active duty as Lieutenant General after 35 years of service he served as the assistant to the president and deputy National Security adviser under president bush, as well as president obama. We have a bipartisan ethos. You work in a real hands on my person manager John Gilligan is a chairman of the board for the center for Internet Security picky servedhe as president of e schafer corporation, Senior Vice President and chief information u. S. Air force and department of energy. Sherri ramsay a Senior Advisor to the ceo at cyber. International, engaged in Strategy Development and planning. Pixies of the former director of the nsa css threat operations center, thats a pretty big job and pretty significant position where she led discovering characterization of threats to National Security systems. Harri hursti is the Founding Partner of nordic Innovation Labs and one of the organizers of the defcon voting village. He hasnt fascinating insights. I just a little bit outside this room on this problem that were talking about today. Is oneza of the worlds leading authorities in the area of election voting security and Critical Infrastructure security, and as an ethical hacker famously demonstrated a certain Voting Machines could be hacked ultimately altering voting results. Our moderators today is jake jake is a lecturer at the university of chicago and ceo of Cambridge Global Advisors and coorganizer of the defcon voting village here jake also serves as Strategic Advisor on cybersecurity for the department of Homeland Security and the pentagon. So this is ake heavyweight group and were all looking forward to your reflections. Huge thanks for all of you joining us today and join us online, thank you for everything you contributed to the work. Lassa, i encourage everyone iner the audience s or watching onlie to take part in the conversation by following acscowcroft, and at voting village of d. C. By using the hashtag accyber. So accyber. Now without further delay let me turn the podium over to jeff. Thank you. Good afternoon, everyone. Im going to just up with a little bit of a story to give you some context on how we got here. And then just a couple of thoughts on where i think we are going. For those of you curious, we had electronic Voting Machines for a long time, and hackers have been talking about them for a long time. I think harri has been poking at them for 14 years. At defcon with one of our first speakers talk about this concept of blackbox Voting Machines more than ten, 12 years ago. So in the hacking work its not new. Whats new though is the attention on them and the importance that they are now playing in our democracies. So how did we get here . I want p to blame this guy, jak, blame him. Jake was this National Security coordinator between the white house and dhs back when i first started at Homeland Security advisory council. So i got to know jake, and he was really passionate about Voter Protection when he was involved in the obama campaign. And so maybe last year we were talking and jake, still with his Voter Protection hat on a saying i bet these machines are just, theres got to be problems with these machines, right . Yeah, definitely problems with these machines. I just dont know what they are but i can tell you theres to be problems. I start looking online and a look for reports and i look for studies and to look for security analysts caring these machines apart, and you cant find any. You can find an everest report from 2008. You can findns some very controlled reports where the manufacturers at the researchers to do very limited testing over a couplere of days, but for a hacker, like that doesnt count. I want to see the pictures. I want to see like the trials entry relations of the people attacking these machines. And so i told him i couldnt really find anything, but im sure they are just a disaster. And then made a couple more weeks went by and then he said you know what, you should just get a bunch of hackers enter these things apart. Idea but we are not going to be able to get any of these from the manufacturers. They are so tightly controlled. You are not going to get the machines or the software. But i started looking on ebay and sure enough, thank you ebay, there were some to be found. We have two of them here that harry will hack into later. So it turned out we can get our hands on them. These things never get updated. They have been around for like a decade so you can get them fairly inexpensively. So i allocated some space. We got some people together and we started ordering machines and i realized im not a voting machine expert. I can tell you about generallylized security problems, i can tell you historically what kind of systems had issues. But i cant tell you the ins and outs specifically so my friend harry, matt blaze, sandy clark and others who spent more than a decade looking at these said, okay, you get the machines and get us the space and well run the village and it was fascinating because if youre not familiar with def con, we have about 25,000 people that show up, and thats divided into topic areas, as soon as we announced the voting village, i got state, local, county, Election Officials contacting me desperate for information. I have these machines and i have no idea what they do. I have the machines and i dont know if i can trust any of the documentation. Tell me, you know, tell me what you find. So we would try to get them to come out and theyre like, i have no budget, i cant travel. Can you live stream people attacking the machines. I dont know how much this will help you, but well write the report and hopefully it will help you. This report, one, its the first step in trying to change the narrative. As you will read, these machines were pretty easy to hack. And this flies in the face of the narrative spun by manufacturers, which is, you have to be an insider, you have to have a specific knowledge of the technology, random people arent going to be able to just approach these machines and hack them theyre going to need to spend time to study them and understand the context. And i think, we opened the doors in 35 minutes later one of the machines fell. And it turns out that Hacking Technology is pretty much Hacking Technology, and if you look at the history of def con, weve had automobiles, implantable medical devices, airplanes, physical locks, Access Control systems, internet of things devices, adult toys, atm machines, chances are, yes, were going to be able to hack your tenyearold election machine. The difference now is that it counts. Now, people are paying attention. They werent paying attention ten years ago. And so, the other thing is now its not a conversation between us and the state and local officials, i think this really needs to be more of a discussion at a higher more National Security level, and i was struck by something ambassador lute said, which was, essentially theres two ways to change a government, the bullet box or the ballot box. And i thought about that for a while, and we spend a lot of money on the bullet box. We have nuclear triads, we have oversight, we have testing ranges, we have a large amount of money in technology and main invested in the bullet box. How much in the ballot box . Almost nothing. Only recently classified as Critical Infrastructure. So, theyre both, i believe, equally important, but all of our energy is in the more exciting bullet box. And i think part of what were going to say here, it really needs to also be the ballot box because this problem is not going away, its only going to accelerate. So, three things made this possible. The first, we have a threeyear d. M. C. A exception. Normally, you wouldnt be able to reverse engineer these things for copy right violations and the manufacturers aggressively use takedown notices from publishing the results and the machines. There was a pre year exception the lat year was year two and next year is year three. If we can get that renewed or in permanent position, researchers will just be able to take apart this technology and provide an independent view of whats going on here. That was not ever possible before. And so, once we removed sort of the fear of litigation and we lined up an impressive array of lawyers waiting to defend us, if anything happened, we felt pretty confident going into the conversation if anybody was going to sue us, we would have enough resources to defend ourselves and this time, with the dmza out of the way, we would be able to defend ourselv ourselves. The second storm, a storm that collapsed the roof of where they were storing the Voting Machines. And they totalled out everything, and the Voting Machines. Theres no purchase and sale agreement. The Insurance Company owned the voting machine. The insurance didnt want it, they gave it away to an electronic recycler, and they have the equipment with no Purchase Agreement and now weve got our hand on the machines and not violating any rules or civil law. Well, the manufacturer contacted them and said, hey, can you please disassemble the machines, basically, take them out of commission . And he said, sure. How much do you want to pay me per machine. We want to pay you zero. Well, would you like to buy the machines back . No. Okay. Well, this is my number call me back anytime youre willing to change your mind and he just started selling them on ebay. And ladies and gentlemen, the tsa voting machine and we have publishing results. Three upcoming things, the def con, and the storm made this possible for the first time and thats totally unacceptable. Weve been using these machines more than a decade and this is the first time we get to actually look under the hood . That doesnt make any sense as a country. Something is wrong there from a policy standpoint and we need to really understand whats going on and how do we fix that . We cant run our country like this. When is the next storm going to happen, right . So, i really want to think about that that said id like to hand it over to jake, a moderated q a session and then answers any questions that you have, all right, thank you very much. [applaus [applause] im just going to skip to the q a. First off, ari, you and professor blaze were the kind of technical needs running the hacking village vote hacking village so tell us, what did you find . Well, first of all, it was well in place that every machine was hackable. That was already down. Instead, this was a learning experience where people can first time sink their teeth into the machine, find the truth themselves. One thing that delighted me how many elected officials they came in and hacked the machines they used to the election. Yeah, go ahead. The other thing was the speed. A lot of time when we have been doing, and one of the people who have been doing these secretary of state commission studies, one has been, of course, if you have a few weeks, you can hack it. And they dont wake up in a hangover, they have election, lets do that now. Yeah, they have time. But as mentioned emta, and ndas, rules and those are the things, why it took a long time. Right now we had less a half hour when the first machine hacked. Opened the door at 10 and at 11 one team came to me, 11 was supposed to be the introductory speech. At the time first machine already fell and at the time the guy who did that, carson he said, well, can you show us . Can you make a no, i want to listen to the speech, but i will come back. And he listened to the speech came back 45 minutes and at the same time, then at the same time during the speech, another team who was from northern california, at the time when the introductory speech was over, already two machines had fell. This technology is very old and for a lot of people who were there, they were not born when a lot of these were a concept. One things immediately, people were calling on twitter asking for a tool in order to do because they were unprepared. A