Election security takes center stage at Black Hat
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Gabriella Turrisi/Axios
The security of the 2024 U.S. elections is one of the hottest topics on the floors of Black Hat and DEF CON this week.
Why it matters: With less than three months until Election Day, government officials and election security experts are eager to grow confidence in state and local governments' ability to accurately and safely tally legitimate votes.
Driving the news: The DEF CON Voting Village is running a simulated online election this week and asking hackers to try to break the system.
- Microsoft released a report this morning warning that Iranian cyber actors tried to hack a high-ranking presidential campaign official in June.
- Lester Godsey, CISO of Arizona's Maricopa County, came to Black Hat and explained how his locality has started labeling, identifying and responding to disinformation.
What they're saying: "I can guarantee that things will go wrong," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said during a keynote panel at Black Hat on Wednesday.
- "A poll worker will forget their key to the polling location," she added. "Somebody will pull out the plug on the printer so they can plug in their hot pot to make lunch."
- "There will be a storm. There will be a distributed denial-of-service attack. There could be a ransomware attack."
- But Easterly said election workers are well equipped to address these disruptions quickly without affecting voting integrity.
The big picture: Election security officials are facing several battles across multiple fronts leading up to the November vote.
- Foreign adversaries are using AI tools to create fake news stories and fake social media accounts that spread disinformation. GOP-fueled attacks against projects fighting disinformation have made this work even more challenging.
- Hackers are already trying to hack political campaigns, and politically motivated hackers are likely to try to take down websites and devices like voting machines on Election Day.
- Election workers and their loved ones are facing a swell of doxing and swatting threats.
Threat level: Easterly said that election infrastructure has never been more secure and that the community of election stakeholders has never been stronger.
Between the lines: What makes the U.S. election system more resilient to attacks is also one of its weaknesses: Each city, county and state administers an election differently.
- The outcome of an election is unlikely to be swayed by a disruptive event in a single county — and workers in those localities often have plans and resources to respond to those events quickly.
- But disinformation operatives can easily feed on confusion to sow distrust in the whole process — and subsequently the outcome of a major race.
What we're watching: Expect an upswell of public remarks across the state and national level trying to reassure the public about the integrity of their local voting processes.
- Whether those public statements will help assuage the power of mis- and disinformation is the real test.
