daily. in 1979 c-span was created as a public service i america's cable-television companies and is brought to you today by your cable or satellite provider. the computer hacker conference defcon released a a report on e vulnerabilities of u.s. voting machines and other election equipment. defcon and atlantic council hosted a panel of computer security analysts that discussed the report and allegations of russian interference in the 2016 election. this is an hour and a half [inaudible conversations] >> good afternoon. i'm fred kempe, , president and ceo of the atlantic council. i'm delighted to welcome you all here at the atlantic council

today on behalf of everyone at atlantic council, on behalf of people who pulled this altogether so it's to you for everything you are doing in our cyber statecraft initiative for the launch of this crucially important report. people standing at podium say things like crucially important here it really is. hacking the election, , lessons from the defcon voting village. here the atlantic council we operate under the entry nation of working together to secure the future. this has meant service later because of theco fount of the atlantic council were there at the creation. one of the people who helped found this was dean acheson wrote the book. we see that order as being under threat and we see one of the things that's most under threat in the order we created is the advance in the protection and the security of democracies. we believe and stable, prosperous world depends on building and sustaining a

democracy. depends on the sanctity of the vote. in recent years this fundamental court to our system of government has come under threat. unprecedented assault in the united states and europe are bringing scrutiny and uncertainty to once in viable electoral processes. we atlantic council have been doing quite a bit of work encountering this information both within our eurasia center and in our digital forensic research lab, some real cutting edge work. we haven't done yet work in this area so it's a particular pleasure and honor to be associated with r this event and work behind it. in the current geopolitical climate, preserving or in some cases reinstating, public faith in the integrity and security of our elections is more crucial than ever before. this can only be achieved if we're able to protect the technologies, to protect the technologies underpinning our p

democracy. while much of the discussion over the past 12 months has focused on the russian link information operations with carefully timed leaks, fake news, facebook has most recently, recent revelations have made clear how vulnerable the very technologies we usese o manage our records, cast votes in tally results really are, and that's new. we now' have alarming evidence f russian connected hackers, successfully breaching electron pull books and state and local voter databases in a lease 21 stitch across the united states this recently released by the department of homeland security. you have to understand how careful dhs is before puts out this kind of information. the technical community including many atlantic council experts have attempted to raise alarm about these threats for some years. this summer the experts on today's panel and others concerned about the safety of the vote teamed up with the world's largest hacker

conference, defcon, to host the first ever, and i underlined this, first ever voting machine hacking village. this determined group invited security researchers to probe two dozen electronic voting machines, many of which are still in use today. the hackers were able to break into and gain remote control of the machines in a matter of minutes. these findings from the voting village are incredibly disconcerting. we the atlantic council applaud the groundbreaking and tireless work of the organizers to shed light on these threats in this unsettling b reality. we believe that transparency is about 80% of what is needed here because you do actually understand to know the threat in order to get the targets and others to take care of defending itself. thistt is simply a cyprus could issue but the most pressing national security concerns

eating at the bedrock of our democracy. the council's own cyber team is proud to support at this critical effort by taking representative james link event and will hurd to las vegas this july, the first sitting congressman to ever attended the conference and witness firsthand its voting village.ty we are honored to continue this partnership by convening today's discussion and we look forward to assisting in the next steps this crucially important effort. you may have read in "usa today" that a group is coming together to try to continue to work and continued to work around this, and we are proud to be part of that. before i i turn it over to jeff moss for his remarks let me take a moment to introduce our panelists. jeff is the founder of two of the most influential information security conferences in the world, defcon and black hat. and he's a senior fellow with

atlantic council cyber statecraft initiative and our brent scowcroft center on international security. ambassador doug lute is a former u.s. permanent representative of tornado and serving under president obama from 2013-2017. prior to this and after retiring from active duty as lieutenant general after 35 years of service he served as the assistant to the president and deputy national security adviser under president bush, as well as president obama. we have a bipartisan ethos. you work in a real hands on my person manager john gilligan is a chairman of the board for the center for internet security picky servedhe as president of e schafer corporation, senior vice president and chief information u.s. air force and department of energy. sherri ramsay a senior advisor to the ceo at cyber .

international, engaged in strategy development and planning. pixies of the former director of the nsa css threat operations center, that's a pretty big job and pretty significant position where she led discovering characterization of threats to national security systems. harri hursti is the founding partner of nordic innovation labs and one of the organizers of the defcon voting village. he hasnt fascinating insights. i just a little bit outside this room on this problem that we're talking about today. is oneza of the world's leading authorities in the area of election voting security and critical infrastructure security, and as an ethical hacker famously demonstrated a certain voting machines could be hacked ultimately altering voting results. our moderators today is jake jake is a lecturer at the university of chicago and

ceo of cambridge global advisors and co-organizer of the defcon voting village here jake also serves as strategic advisor on cybersecurity for the department of homeland security and the pentagon. so this is ake heavyweight group and we're all looking forward to your reflections. huge thanks for all of you joining us today and join us online, thank you for everything you contributed to the work. lassa, i encourage everyone iner the audience s or watching onlie to take part in the conversation by following @acscowcroft, and at voting village of d.c. by using the hashtag #accyber. so #accyber. now without further delay let me turn the podium over to jeff. >> thank you.

good afternoon, everyone. i'm going to just up with a little bit of a story to give you some context on how we got here. and then just a couple of thoughts on where i think we are going. for those of you curious, we had electronic voting machines for a long time, and hackers have been talking about them for a long time. i think harri has been poking at them for 14 years. at defcon with one of our first speakers talk about this concept of blackbox voting machines more than ten, 12 years ago. so in the hacking work it's not new. what's new though is the attention on them and the importance that they are now playing in our democracies. so how did we get here? i want p to blame this guy, jak, blame him. jake was this national security

coordinator between the white house and dhs back when i first started at homeland security advisory council. so i got to know jake, and he was really passionate about voter protection when he was involved in the obama campaign. and so maybe last year we were talking and jake, still with his voter protection hat on a saying i bet these machines are just, there's got to be problems with these machines, right? yeah, , definitely problems with these machines. i just don't know what they are but i can tell you there's to be problems. i start looking online and a look for reports and i look for studies and to look for security analysts caring these machines apart, and you can't find any. you can find an everest report from 2008. you can findns some very controlled reports where the manufacturers at the researchers to do very limited testing over a couplere of days, but for a

hacker, like that doesn't count. i want to see the pictures. i want to see like the trials entry relations of the people attacking these machines. and so i told him i couldn't really find anything, but i'm sure they are just a disaster. and then made a couple more weeks went by and then he said you know what, you should just get a bunch of hackers enter these things apart. .. idea but we are not going to be able to get any of these from the manufacturers. they are so tightly controlled. you are not going to get the machines or the software. but i started looking on ebay and sure enough, thank you ebay, there were some to be found. we have two of them here that harry will hack into later. so it turned out we can get our hands on them. these things never get updated. they have been around for like a

decade so you can get them fairly inexpensively. so i allocated some space. we got some people together and we started ordering machines and i realized i'm not a voting machine expert. i can tell you about generallylized security problems, i can tell you historically what kind of systems had issues. but i can't tell you the in's and outs specifically so my friend harry, matt blaze, sandy clark and others who spent more than a decade looking at these said, okay, you get the machines and get us the space and we'll run the village and it was fascinating because if you're not familiar with def con, we have about 25,000 people that show up, and that's divided into topic areas, as soon as we announced the voting village, i got state, local, county, election officials contacting me desperate for information. i have these machines and i have no idea what they do. i have the machines and i don't know if i can trust any of the documentation. tell me, you know, tell me what

you find. so we would try to get them to come out and they're like, i have no budget, i can't travel. can you live stream people attacking the machines. i don't know how much this will help you, but we'll write the report and hopefully it will help you. this report, one, it's the first step in trying to change the narrative. as you will read, these machines were pretty easy to hack. and this flies in the face of the narrative spun by manufacturers, which is, you have to be an insider, you have to have a specific knowledge of the technology, random people aren't going to be able to just approach these machines and hack them they're going to need to spend time to study them and understand the context. and i think, we opened the doors in 35 minutes later one of the machines fell. and it turns out that hacking technology is pretty much hacking technology, and if you look at the history of def con,

we've had automobiles, implantable medical devices, airplanes, physical locks, access control systems, internet of things devices, adult toys, atm machines, chances are, yes, we're going to be able to hack your ten-year-old election machine. the difference now is that it counts. now, people are paying attention. they weren't paying attention ten years ago. and so, the other thing is now it's not a conversation between us and the state and local officials, i think this really needs to be more of a discussion at a higher more national security level, and i was struck by something ambassador lute said, which was, essentially there's two ways to change a government, the bullet box or the ballot box. and i thought about that for a while, and we spend a lot of money on the bullet box. we have nuclear triads, we have

oversight, we have testing ranges, we have a large amount of money in technology and main invested in the bullet box. how much in the ballot box? almost nothing. only recently classified as critical infrastructure. so, they're both, i believe, equally important, but all of our energy is in the more exciting bullet box. and i think part of what we're going to say here, it really needs to also be the ballot box because this problem is not going away, it's only going to accelerate. so, three things made this possible. the first, we have a three-year d.m.c. a exception. normally, you wouldn't be able to reverse engineer these things for copy right violations and the manufacturers aggressively use takedown notices from publishing the results and the machines. there was a pre year exception the lat year was year two and next year is year three.

if we can get that renewed or in permanent position, researchers will just be able to take apart this technology and provide an independent view of what's going on here. that was not ever possible before. and so, once we removed sort of the fear of litigation and we lined up an impressive array of lawyers waiting to defend us, if anything happened, we felt pretty confident going into the conversation if anybody was going to sue us, we would have enough resources to defend ourselves and this time, with the dmza out of the way, we would be able to defend ourselv ourselves. the second storm, a storm that collapsed the roof of where they were storing the voting machines. and they totalled out everything, and the voting machines. there's no purchase and sale agreement. the insurance company owned the

voting machine. the insurance didn't want it, they gave it away to an electronic recycler, and they have the equipment with no purchase agreement and now we've got our hand on the machines and not violating any rules or civil law. well, the manufacturer contacted them and said, hey, can you please disassemble the machines, basically, take them out of commission? and he said, sure. how much do you want to pay me per machine. >> we want to pay you zero. >> well, would you like to buy the machines back? >> no. >> okay. well, this is my number call me back anytime you're willing to change your mind and he just started selling them on ebay. and ladies and gentlemen, the tsa voting machine and we have publishing results. three upcoming things, the def

con, and the storm made this possible for the first time and that's totally unacceptable. we've been using these machines more than a decade and this is the first time we get to actually look under the hood? that doesn't make any sense as a country. something is wrong there from a policy standpoint and we need to really understand what's going on and how do we fix that? we can't run our country like this. when is the next storm going to happen, right? so, i really want to think about that that said i'd like to hand it over to jake, a moderated q & a session and then answers any questions that you have, all right, thank you very much. [applaus [applause] >> i'm just going to skip to the q & a. first off, ari, you and professor blaze were the kind of technical needs running the

hacking village-- vote hacking village so tell us, what did you find? >> well, first of all, it was well in place that every machine was hackable. that was already down. instead, this was a learning experience where people can first time sink their teeth into the machine, find the truth themselves. one thing that delighted me how many elected officials they came in and hacked the machines they used to the election. yeah, go ahead. the other thing was the speed. a lot of time when we have been doing, and one of the people who have been doing these secretary of state commission studies, one has been, of course, if you have a few weeks, you can hack it. and they don't wake up in a hangover, they have election, let's do that now.

yeah, they have time. but as mentioned emta, and nda's, rules and those are the things, why it took a long time. right now we had less a half hour when the first machine hacked. opened the door at 10 and at 11 one team came to me, 11 was supposed to be the introductory speech. at the time first machine already fell and at the time the guy who did that, carson he said, well, can you show us? can you make a-- >> no, i want to listen to the speech, but i will come back. >> and he listened to the speech came back 45 minutes and at the same time, then at the same time during the speech, another team who was from northern california, at the time when the introductory speech was over, already two

machines had fell. this technology is very old and for a lot of people who were there, they were not born when a lot of these were a concept. one things immediately, people were calling on twitter asking for a tool in order to do because they were unprepared. and a lot of the current tools actually are not backwards compatible that much behind. this tool became to be one of the saving of the day. cost $15, maybe in new york, but this is enabling you to be compatible with very old technology. there are so many things we want to highlight. we found vulnerabilities which have not been studied before because of the rules of the previous studies and those vulnerabilities put a stress

on. it could happen anytime during the flight, it's persist tennant and you cannot clean and this comes to the supply chain and we found it made all around the world and actually all around the world, mainland china, philippines, israel, and there are elements and we don't know the extension of the host country in the building of this. so it's the chain of custody when it's already in u.s. and put in use, but it's a chain, how that came to be, where it came from how you make sure the machine you get is clean to start. and those are my opening remarks. >> thank you, so, sherry, after spending a long time at nsa, what are your thoughts on the relevance, especially of the supply chain side of this, but

also, any of the other findings that they have. >> to follow on with harri's comments and jeff and you have made. the first thing you want to do, look at the problem. what's the target. is it something that people to be interested in and then how can-- what is the concept how that target can legitimately be hacked or accessed. you know, would it take a year, would it take, you know, 5,000 people to do this? is this something that we really should worry about or is this kind of something that, yeah, it could be done, but not likely to be done. and then the last thing we need to talk about is, would anybody be interested in doing it. you know, there can be all kinds of vulnerabilities out there, but if no one is interested maybe we don't spend money and don't spend time and effort worrying about this. let' kind of quickly answer those three questions when we're talking about this. so, obviously, the specific target, well, the target might be the u.s. democracy. if you look at the focus target it would be the voting machines

themselves. if you look the a the companies, not that many years ago, there were 19, 20, more companies worldwide who made-- who were recognized making voting machines and big in that space and people would buy voting machines from them. in the last few years, by a natural progression of economy and things that happened on the global scales, companies have merged, gone out of business and today there's really only three or four, big well-known, recognized companies that build these voting conditions that we would be interested in in purchasing and using for our elections. so, just by that virtue, we have really focused the target set. it's no longer hundreds or even tens, it's three or four, and so, that was a very specific limited target set that an adversary would need to go after. the second thing is, you know, let's kind of look at how could this be done? is there a realistic way to do that? well, if you look at voting

machines, as well as, in fact, look at our laptops and our cell phones that many of you are using now, watches on our arms, children's toys, our refrigerator, what are all-- missiles, airplanes we go on and a lot of them have already been at def con. what do they have in common? they are built hardware and chips, and they run with software. and you know what? and i think as we both mentioned, in a lot of ways, it's not even specific to the voting machine, it's hardware and software. and there's chips that are manufactured globally because of the global economy, and we don't know where all the chips come from. and in fact, not many of them come from the u.s., they come most of them come from outside of the u.s. primarily for cost purposes. so, there is kind of this natural approach, as to hack the software which has been done for years, but even more so, hackers are starting to look at hardware for a number

of reasons. a couple of them are hardware hacks can be more persistent, if you do a software upgrade, the malware-- the firmware will speak through that and often teams, we think that things are not connected to the internet, often times when we think they're not, they really are, by the way. but on the off chance they're really not and somebody wanted to get into this device and perhaps take data away from it, exfiltrate data, they have to find a way to get it out. so if they do a hardware hack, implant, change the firmware, change the chip, now they've just created a path for them to put the data out and i'll say more about that in a moment. because of the global marketplace, because the voting machines, as well as many, many other things, maybe everything, is made of just hardware and software, the concept for how to do this is actually pretty well-known and relatively easy

as we've seen. so this kind of-- we've created this opportunity. so now who would want to do this? and who has the capability to do this? well, you know, we can look at a number of nation states who have been actually trying to influence the u.s. elections for years. they've just been doing it in other ways. now we've given them this way to techly do that, but perhaps there's other elements as well. criminals, terrorist groups, many of them out there are generally accepted, i believe, by the community in the know, of having the wherewithal, that is the sophistication, the money, the wherewithal to actually pull this off. so you say, okay, well, still, it's hard. how would they do that? hacking one voting machine at a time. they're spread all over the country? you know, not really. if you go back to the limited target set they're coming from four different manufacturers and really shall the supply chain is a great kind of infection vector for them to do

that, even within the supply change, so many opportunities, it could be done with an insider for money. they could care less about the u.s., we pay them off, change the firmware, change the chip process, change that software, so an insider could actually affect huge, huge numbers of chips and things with i would go into the voting machines as well as other appliances as well. also, if you think about it, it's just a software hack, could go in and actually hack the infrastructure of the companies that are developing software for the machine and actually, at the very beginning, put the malware in so that when that software is downloaded on the machine. it already has the malware inside it and these are things, read the newspaper today. we're seeing this done every single day. so, as kind of the bottom line is, are the voting machines spectral? no, they're not. they're hardware and software and we've demonstrated that this can happen.

so, i think that this, if you follow logically this scenario, it should give each one of us causes to pause and really be concerned about the elections and our processes and these voting machines of the future. >> thank you. so, mr. gilligan, as the entitle, or the head of the entity that helps with the cyber security and ones that administer our elections, what are we going to do about this? [inaudible] >> first thought would be-- intractable problem. i was chief information officer of the air force some time ago and i'll tell story to me to

put into context what we with the security used to do. they would do a penetration analysis of each of the services, air force being one and then we'd get a debriefing. i'm sure they're a lot better today. but back then my biggest fear was if anyone was sitting in that room from the outside i would be fired because nsa was successful in penetrating the system and i said this is not helpful. i need to know where to start. and so, nsa came back after a month and a half and they said, you know, nobody ever asked this question, but it was helpful because we got our offensive teams and our defensive teams together and they put together what they thought were these are the areas that we see that are exploited or that we exploit. now, i only paid attention to the first part of the briefing because they said 80% of the

attacks happens in origin, misconfigured software, software that's not configured originally properly or hasn't been hacked and that's where we start and that's what i did. i give that story as a way of giving some context for the center of internet security is focused on what we call best practices, and con figuring software and patching, knowing what's on your network, controlling administrative privilege, auditing, et cetera, are all sort of what we call basic hygiene, good practices and they truly are effective. those types of practices, against the majority of the attacks. and i mean, the philosophy being, why do something sophisticated, some examples were given here, if you can get on the net and go after the misconfigured software? equifax is a good example.

equifax is a good example because the apache strut software that was exploited is an open source software, it does not have a supply chain issue, and it's often embedded in other products, as sherri mentioned. so this gets to be sort after complex problem. anyway the center for internet security focuses on best practices, we provide-- we take commercial versions of products and we, through a collaborative process, we define what should be the secure configuration. we disable those things that have high security risk. we enable, control that are going to ensure that we have better security. and then we promulgate those. in addition, we have developed what we call the set of controls, it's the basic hygiene activities, that happens to be 20 of them, and 0 your view is, if an organization focuses on these, they are addressing the most common threat patterns and they're going to be significantly more secure.

so, our effort internally is going to be to take the elections eco system and to develop a set of best practices, a handbook for best practices for election systems. and we're going to do this following our normal process and sort of a collaborative manner. we have, you know, about 4 or 500 people currently who collaborate with us, we're going to expand that horizon a bit because there are a number of those who have specific expertise on election systems and we're going to invite them and obviously dhs in this. and we're going to invite the elections system committee which has responsibility for working on the voting machines themselves and secretaries of state and other elected officials. let's get together and quickly by the end of this calendar year produce a set of best practices that will be given to the state and local government. our effort will compliment what

the elections system commission is developing presently, with the national institute of standards and technology, called the voluntary voting systems guidelines, version 2.0, which is an updated version trying to address a number of issues, including security. so, that effort, we're going to undertake immediately. obviously, based on the background of the organization, focusing on best pragctices, we've got a foundational effort for this. we're going to move forward. the other hat as jake mentioned weware under internet security, under dhs oversight and funding we provide security to states, local, tribal and territory, tribal or territorial organizations. we have about 1500 members. we provide education, we provide security monitoring, vulnerability assessment, we

provide incident response capabilities, alerts and warnings. in addition, as part of our education campaign, we're going to increase our emphasis using this handbook on election systems in conjunction with other our best practices to see if we can't use election systems and improve across state, local, tribal and territorial organizations. >> fantastic. jeff, can you tell us, what are you guys planning for next year at def con? >> so version 2. so, next year is our last year under the-- when do we find out if it gets renew renewed? >> the first application period is over, i'm not-- last year we had, that was in may when we had the last push. >> in may, so we might know if it's going to be extended or not so we'll be able to adjust what we do next year.

the idea is, we want to get our hand on this part that's really hard to get our hands on is the back-end software that ties voting machines together to tabulate and accumulate votes and to provision of voting ballots and to run the election, to figure out a winner. boy, we really want to have a complete voting system to attack. so, people can attack the network, they can attack the physical machines, they can go after the data bases. this is a mind-boggling part just like it's the first time this has been done with no nda's, there's never before a test of a complete system. it's mind-boggling. harri can tell you ten inside baseball stores why that is. and special, i would love to create any kind of a complete system. it doesn't have to be the most up-to-date complete system, but that's what we're aiming for, we want a complete end to end system so it's one less thing

to argue about, we can say, look, we did it here, too. >> and everything from the voter walking in, register the vote. maybe the def con attendees who want to play they register on-line and keep the data base online just like a county would and maybe people attack that before the show and then we'd have the poll books and the voting and tabulation and everything. and so we're going to definitely, with the success this year, we're going to try to invite some of the manufacturers to see, do they want to help us out, do they want to provide any best practices, but really, there's just been crickets in that area. i think probably because it's the first scrutiny the manufacturers ever had and they're really not quite sure what to do and that's a pretty routine response. we saw that from the medical device world. car world, access control, atm. when the industries first come into contact with hackers, as

people giving an honest opinion of their technology, they pull back and hide for a while. once they figure out you're not going away. >> we're not going away and tell you-- if you do a good job we're going to tell you it's awesome and a poor job, hey, please fix that. the best part is, it's free. you're getting some of the world's best hackers doing pro bono work, giving away reports for free. normally, these people are thousands and thousands of dollars a day and they're just doing it because they want to see what's possible. so, i tell them, take advantage of this free resource, learn what you can. >> okay. so before-- >> and jeff, i think this is a little bit-- in the studies which have been made by ohio, california, none of those really have had everything, not the infrastructure. they've been concentrating on voting machines. even if you look at the voting

machines in def con village, we look at the certain part that we hadn't looked in these studies. these kind of comprehensive, this is the election office, let's take a look from the-- at how to, that has not been done ever. >> in 15 years. >> well, longer than that. and the other thing that i want today point out, and what is in the u.s. we checked it back from electric knockout. it's the def con of latin america, buenos aires. the same problems we are talking here are right now in argentina, and this is a international problem. we have a different flavors of democracy, but we have similar problems. so this is really an international move. >> that's a great segue to our next speaker, general douglas. >> thank you very much.

first thanks to fred at atlantic council. you've done an extraordinary thing. two communities that reside in washington that don't usually meet for lunch. these are the technical experts, the hacker community, sometimes you can tell by our dress, and the diplomatic national security community. ap we've got you all in the same room. which is really important because that merger of these two communities really highlights my main point today and that is that the technical vulnerabilities that were just described are really, i think, given the 2016 experience, raise this to a national security issue. in fact, in my over 40 years of working on national security issues, i don't believe i've seen a more severe threat to american national security than

the election hacking experience of 2016. now, that may sound extreme, but when you consider the fundamental connection which could have been compromised, and may have been compromised last year, and this is the fundamental democratic connection between the individual voter and the results of the election, if you can compromise that, you don't need to attack america with planes and ships and you can undermine democracy from the inside. and i think that's really the nature of this threat. today's session is not about the forensics of the 2016 elections. i have confidence, i think we as americans should have confidence that the multiple investigations that are underway will reveal to us the full impact of what happened in 2016. the forensics here will come out. but we do know this much, we know that russia tried to influence the election outcome last year in the favor of one

candidate, and we know at a minimum they tried to discredit the outcome by casting doubt on its legitimacy. that's enough to get started, okay? why is it so serious? one of the questions here that sherri asked, so, who cares? who would want to do this to us? well, we have at least one answer based on the 2016 experience and that is vladimir putin's russia. let me make five quick points about why the 2016 experience is worth paying attention to. first of all, this is a national security issue because putin's already demonstrated successfully that he can do this. in military terms, a threat is the combination of a capability and the intent to use it. all right? well, that's the end of that statement. he has the capability and he did use it. so we have both capability and intent here. he influenced our political process, he cast doubts on our

democracy and frankly, look at workout today. he added to the gridlock, the political gridlock in washington today, all at very low cost to him. in military terms, this is a classic definition of a threat. we would never accept, we would never accept this level of vulnerability in any of our traditional national security systems. think about the military command and control system. we would never accept this, all right? the targeting system, our intelligence systems, the weapons control systems, systems that control our nuclear weapons, right, we would never accept the kind of vulnerability that was exposed at def con this year. so, we've got work to do. the second reason that this is a national security issue is that russia is not going away. this wasn't a one-shot deal where they maybe tried something and they're onto the next target. vladimir putin can be in office at least until 2029, and even

when he's replaced some day, any successor russian leader would likely be attracted to similar track particulars to inflame russian nationalism and to weaken his international opponent at low cost. so they're onto a tactic that i think will stick. russia learned a lot from what i think were a series of probing attacks in 2016. my guess is they were somewhat surprised at what they learned. much like some of the participants at def con. they were surprised at how out of date it is and vulnerable it is. i think we should the next attacks would be more targeted and even more sophisticated. so the russian threat is real. it's here to stay even beyond putin. third, this is a national security issue because others watched. others were observing what happened in 2016. if russia can attack our elections so can others, think about iran, north korea, the

so-called islamic state and others. fourth, this is a national security issue because time is short. the 2018 and 2020 national elections are really just around the corner. i mean, 2018 elections are 13 months out. and we're disclosing today by way of the findings of the def con report just how vulnerable these symptoms are and we've got essentially 13 months to harden our democracy, harden the process. and finally, this is a national security issue because other democracies are vulnerable, too. the panel mentioned democracies elsewhere, but democracy in europe and south america are also vulnerable, as these same democracies make up our community, of our closest allies and our closest international partners, so isn't an america only vulnerability. we know for sure that russia has tested to penetrate and corrupt other electoral systems, think about the french elections in the spring, but

long before that, the elections in ukraine, processes in georgia. major attacks on the baltic states and so forth. so for these reasons, all of these reasons, the security of the u.s. election process should be a top national security issue. now, look, i'm not the expert here on the process and voting and the machine and the hardware, the software, that's not-- we have those experts here, that's not me. the good news though is with these experts assembled we pretty much know what we have to do. and we've got to get that set of bad practices that john gilligan mentioned out to where the rubber meets the road. that's literally not only to the 50 states in the union, but thousands of voting jurisdictions across those states. so, we've got a lot to do in a short period of time. we agree, and we commit to you

today that this group, this informal coalition will convene and within two months, come back to this community, this joined community, with best practices. this has to be a nonpartisan, bipartisan effort. this is not about party politics, this is about our fundamental rights as mrn citizens, and about the health of our american democracy. look, for over 40 years, as the military officer or as a diplomate, i didn't question the sanctity, the validity of my vote. like many in the military and state department communities and the intelligence communities, we often vote by paper ballot because we voted by absentee ballot and i see a lot of head shaking in the room here, you complete your ballot. you sign the back of the envelope and mail that in. frankly for 40 some years that

was enough for me. i did my civic duty and had confidence that that vote was going to count. over the last 12 months, given the experience of 2016, i don't feel that way anymore. and i just challenge all of us to think seriously about the challenges that we now know took place, that were attempts to compromise and corrupt our fundamental rights as voting citizens. so, look, it's time to get this fixed and we've got to secure our voting system as a national security priority and this report, this report is a first start. so let me turn it back to jake. [applaus [applause] >> thank you, general. so, we're going to open up for questions and i want to highlight three points that the panelists and speaker made here and make sure that everybody takes home with them as doug

wife's like to say, whenever i go to an event i want to either learn, know or do something coming out of it. so, here are the three things you can learn, know or do coming out of this. number one is, there were dozens of successful attacks into the machines, they're all outlined in the report or most are outlined in the report. and the one that we really want to highlight that came out after a lot of research done on the machines after def con was that with parts made all over the world and software made all over the world and as sherri said there are only three or four manufacturers, the one core point that kind of election security experts and others have been making why those are safe, the decentralized nature of our voting system, the thousands and thousands of voting offices around the country that administer the elections, is what kept us safe because russians would have to have tens of thousands of operatives

have physical access to the machines, we now know that's false. a handful of attacks manufacturers not in the united states, the russians could plant malware into thousands of machines all at once and hack the united states election without leaving the kremlin. that's pretty important finding number one. number two, is, i think what jeff said, which is that especially if you're an election official, the thing to do coming out of this, contact the folks at def con and offer to give out your machines, your data bases, give them access to whatever you want tested and jeff said this is essentially free testing and training for your staff and that would normally cost you millions of dollars to purchase on your own. and finally, maybe most importantly, the center for

internet security is convening a coalition, informal coalition of pretty impressive folks, like the atlantic council, to arrive at best practices, and then to help educate congress as to why they need to pay for these best practices to be implemented and then ensure that state and local governments implement them. so with that, i want to open it up to-- >> oh, when is harri's hack op technology? >> oh, at the end. [laughter] >> we'll have a live demonstration. >> yes? >> hi, i'm sorry. oh. [inaudible] >> i didn't know if you were pointing to somebody else. sei this is so important and critical. and i was at the def con conference and lectures and harri has been amazing on this. i want to raise awareness how

important this information was as a translated to states actually going to secure their voting system. and some people may know, the state of virginia recently transitioned all of their voting equipment to paper ballots and they did so because of some of the vulnerabilities that were disclosed in the def con conference. they reached out to us, and we helped get them some information and i know harri was in contact with them giving them information and letting them know what was found and they were able to go and provide that information to the state board of elections, this is the department of state. and the state board of elections was able to take that information and understand the security vulnerabilities, moving to paper ballots, a transparent system that can help protect us. i want to thank you for seeing this into real world change. >> fantastic. >> professor, do you have a question? >> okay.

introduce yourself. >> sure, i'm alex halderman, a professor of computer science and engineering at university of michigan and i've been working on the problem of securing election infrastructure for about ten years. and i just wanted to offer a couple of reflections on this absolutely fantastic achievements out of def con. first, as the ambassador lute says, this is absolutely a national security problem and i think that's the biggest thing that's changed between when i started working in this field and today. we started in about 2007 thinking, well, it's possible that some people might tamper with a few localized election systems, but, state level attacks, nation state attackers, changing a national result, that sounds like science fiction. it doesn't sound like science fiction anymore. the voting system as we've seen

in many, many different studies over the past ten years that have come out of different academic groups, is vulnerable throughout the technical infrastructure. the infrastructure is adecade or decades out of date, and there are all kinds of ways that attackers might be able to compromise voting equipment. what the def con results do in my mind more than anything else, this is an amazing confirmation and extension of all of the different work that has shown machines to be vulnerable. and now, even in machines like the acu vote tsx here that harri and others have studied in the past, they're yet more vulnerabilities being found by studying it at def con 2. these machines are broken to the core. but in terms of the solution and i think the best practices

that will be developed by this new initiative are going to be a fantastic step towards helping states secure the infrastructure, but the one other component that is just so critical in this and part of the center of the solution is really low tech. and that's to make sure that we're voting using paper, as about 70% of the country already does. and that we're looking at enough of that paper to know whether the computer results are actually right, through post-election audits. these are two simple and low tech steps, but as president trump himself said on election day, there's something really nice about paper, you don't have to worry about hacking and by taking these simple and low cost steps i think we can go a long way to protecting against so many different threats in this sphere. >> yes. >> i actually have two

questions about the technical aspects of the report. the supply chain problems, which you brought up. beyond creating chaos in the election, can those be used in any way to target a specific election? >> well, first of all, the short answer is yes, because if you have a persistent attack, then, that is your universal door and your only question, what is the comment and control structure. one of the easiest things is actually name of candidate on a ballot because you cannot change it. you can use multiple ways of communicating with the persistent attack. >> sherri. >> yeah, my comment would be, just assume all you can do is create chaos, we know there's more than that.

but just to have, you know, even a little chaos would cause a loss of confidence in the system and cause people to walk around and say, is this legitimate, was the election legitimate and even if it was, the fact that people are questioning that i think is hugely damaging to the system and democracy in general. i don't think you have to go past creating the chaos for this to be a significant problem for us to pay attention to. >> i'm sorry i-- >> go ahead. >> assuming that-- assuming that there-- that voting, that either the company's charged with maintaining the systems or states who are maintaining the systems follow best practices, the back doors would still only be accessible to the usb attack, am i-- just trying to get the sense of

the extent of the-- >> so, let me answer two things. first thing, i think we have to rethink our trade model. in dealing with our thinking, the model is a candidate wants to win. they have not been-- people are not asking what are the possible reasons. for example, if i would be a professional criminal and would i know that there is no results on wednesday, there will be a stock market reaction and if i can bet on that, i can make a huge amount of money. so, there's a humongous opportunity, by not causing chaos. and the other machines have a usb port, the other thing the false statement there's no

wireless. and whatever is the opinion you have about jill stein forced a recount, one of the information that came out in a while is that there's a new generation of machine which uses wireless modem connecting to verizon. what could possibly go wrong? so, the answer here is that we really found as a community that this information is-- it has been in public documents, and stuff never disseminated and wireless, but now it's already back in use. so, you don't need to have a physical usb. you can just use wireless. >> that was my second question, is the report only mentions the one machine that-- or the one brand of machine that had the wi-fi remote. >> we're hoping for another

sto storm. >> but you mentioned the machines that connect to verizon and-- and. >> the information flow, you probably want to maybe try the 200, but there's a paper ballot scanner machine where one of the the features is wireless capability. and do you want to comment on that? >> okay. >> and alex has more involved than i was. we were both involved in-- . right, so, what we know from studies of different machines as well as the back end infrastructure is that there are several ways that they might be remotely attacked. one is through the supply chain as panel lists have emphasized that could be through machines when they're sold or through software updates to the machines delivered to the

manufacturers. another route is through a style attack before the election, every single voting machine has to be programed with the design of the ballot. races and candidates and that programming is copied into the machine through a memory cord or usb stick. what we've demonstrated in past studies, if you can modify that programming you can take control of the voting condition and to miscount the votes and to shift votes to candidates that you want. that's a danger because the files that define the ballot are often created on machines that are connected to the internet. >> let me chime in. the other thing here is that what has been discovered, also, is that it's commonly in the united states, this is really u.s. specific issue, is that the smaller jurisdictions use

the service companies to do the programming for them and that means that the actual programming of the machine happens outside of the legal jurisdiction, who is responsible for running the election, which, in my opinion, means that they have no control of their own election. >> yes, go ahead. >> let me just try to raise the conversation a little bit above the machines themselves because that's-- this is a known vulnerability. but when you take jeff's approach, it's a whole life cycle or eco system of the election process, there are other equally disturbing visibilities. so think about the voter registration data bases, for example. all the voters here in the awed once. you're on tomorrow data base used to validate your entry to the ballot. so if you can corrupt the data bases all stored on the internet. by transposing two digits of your street address or changing

your middle initial, right? the voter, doing his civic duty shows up at arlington fire station and across the river to video that day. the i.d. does not meet the data base, he never gets to the ballot. you look at the life cycle of the process, this gets to jeff's point, this is one known vulnerability, but there are likely other vulnerabilities equally problematic. >> go ahead. >> i hope the panel can comment. alex has worked on this issue for a long time and the solution on the voting machine front is the low tech solution, vote on paper. look at the paper. but the problem seems to be political in getting to the solutions and you know, our nato allies have moved to

paper. the french election, they used to do internet voting for overseas and military voters and they stopped in in face of the threat. the dutch moved to paper and then hand counted the paper in the last election, and we are struggling at the national level to get voluntary grants available to states so they can maybe switch to paper, so they can do post election audits. if you can talk about the-- how to create a political climate of urgency, which just doesn't seem to be there. >> well, so, i think that's like a-- i think that's exactly why we're trying to do this and exactly why we're partnering with the atlantic council, which is, you know, one of the preeminent national security organizations in the country. we think that without firmly positioning that this is national security, as the national security problem that it is, we'll never get the urgency that we need and that's exactly why we're here today

and exactly why we're so excited that the center for secure mass convened these for best practices and to help with that. >> and this is sort of-- i'm going to ask doug that, is this sort of lack of imagination, like going from the abstract to the concrete and you have so many things to worry about and this is one more. now that it's arrived, you have to take steps and that's scary because now you have to face a new problem. there's no four years of-- this is a new issue which brings with it some risks. you know, you have entrenched lobbying interests in that. and i'm sure the manufacturers don't like being called out. i mean, who would? nobody would. and so, and i'm sure some people stake their reputations and careers on buying this and the budgets and there's a lot of interests involved and you'll have to pull a u-turn and i bet that's going to be a

problem. >> that's right, it's fundamentally a mental shift from the presumption that your vote is secure or our votes are secure, to now, i think, a presumption that, you know, maybe they're not so secure. and that doesn't come overnight, but that's why events like today, why the def con experience, events like today. these reports are so important. the first steps in addressing any problem is that there's a problem and what we're trying to do is amplify that nationally so there is a broad recognition that this is a problem. that's it's a national security problem that it's a bipartisan or nonpartisan problem and cuts across the structures and that we in america have to wake up to. at one time we thought we were invulnerable. it turns out we're vulnerable. >> harri. >> i think he had comment. just go ahead. >> dustin with reuters.

related on the last question and broader more systemic vulnerabilities, just recently notified 21 states believe they were targeted on some levels by russian hackers and a couple of states said that's not true. what you told us is not our election systems, but our department of labor or something was scanned or targeted, wisconsin, california, i think there were one or two others. so i'm wondering if the issue of how we run elections in the united states on sort of the state, federal, relationship, if that's a specific vulnerability in your view that makes the united states more-- makes it more difficult to address these problems? because our other tensions and two of those tensions specifically, dhs says they're trying to work more with the states and in the past couple of weeks shown there's a lot of tension in the room when they try to discuss these ideas and

try to figure out what really happened last year and move forward to 18 and 2020. i'm wondering if you have specific recommendations how to address the federal government and the states can be improved going forward. >> john, do you want to comment on that? you've got to thread this needle every day. >> yeah, so going forward, dhs working with the states has agreed that there will be a much more invigorating process for notification and information sharing, so they're agreed that they're going to create what's called elections information sharing and analysis capability. and so, i think that's-- and so, the early results on that collaboration and coordination are going a long way to resolving some of what i saw were the problems in the past. he think a lot of problems in the past were, if i could descri

describe there were technical activities that were recognized and the technical community within different organizations were notified. now, that happens every day. and so, it was the tie to the elections and as ambassador lute pointed out, sort of, we've sort of weaken to significance for potential threat patterns and i think that that's what caused some confusion is that at the time it was recognized there was an activity, but it was viewed as sort of the run of the mill, everyday event. it was only in retrospect when it was linked to a pattern of activity, and then it became to rise to the level of saying, wait a minute, this is really a campaign that has a particular objective and then i think all of the early communications sort of got sort of lost and so i think going forward there's been a commitment to say, all right, we just need to make sure that we're engaging with

key stake holders and those who have responsibility and not with the technical community and hope that helps a little bit. >> in the back with the black book. >> thank you very much. paul from nsi. thank you very much def con for the work you've done and those who collaborated with this. i have a historical question related to the supply chain. i don't know the exact year, but roughly about eight years ago when a security colleague of mine came to me after what he-- when he came from china, election equipment manufactured in china and i told him to report that to the authorities and linked him on that. i'm wondering if anyone knows anything about that situation?

i think debolt is out of the business now, but the idea that equipment is being manufactured at a country like china and if any analysis, do we have any analysis of any equipment that was, let's say doctored, specifically doctored for the in your opinion of exercising an option if they chose to affect an election. ... two things to. that one is when you look at holes, it's full of hard to understand are the holes or is it just because it's just sloppy, it's quality. dumb -- are not adversaries are not done, they'll make sure that if there number of problems, one is their back door in and if they're caught, they'll say

of problems here, it's hard to tell if that problem was intentionally put there to be used or not. secure systems where the >> wait a minute that's a sophisticated back door you can have this conversation but at you know, probably don't have to install anything specific because it isba already so -- oe of exemptions prevents us from sharing so research percent got their hands on the machines they the software on afl these machines. but there's a prohibition for copyright where you can't just publish the software dump. you can look at them. you can analyze them but can't post for y anyone to download so we're a little bit hampered because you pretty much have to get your own machine, dump your own software analyses your own software and tell world what you

found without releasing the software.. butel some people are doing that looking through by their and functions that don't make sense. but it isrd not as as as we woud like because you can't share to a larger community to get a widespread analysis. so perry had had a really interesting find on one of the -- taiwan -- taiwan machine. >> so yeah first of all the machine which is is from -- it saves manufactures from taiwan when you find a company to find their main well the only is in china. so that's probably there. but more to point a second many thist area for working this is almost impossible tool make any kind i of reasonable educated guess whether you're looking.

you want to think it is. but there's so many things where you really in the finding you stop and say what would be the legal use for these? what would be the reason you would do this? the answer always a test. so also i would like to point out by the way puerto rico i wasn't planning to do a live demo here because of the time we have. so one more thing i want to point out is that hardware is software, rightt now think that soflt software is cheap and hardware is millions of dollars. we are going leave the last few minutes of this forum on voting machine has hacking and election security all available on our website go to c-span.org. live now to capitol hill for hearing on transportation infrastructure investment builders and transportation specialists will be offering proposals to keep up with population increases and demand

for freight transportation. live coverage here on c-span2 should start? just a moments. [silence]

[silence] [silence]