Aug 10, 2018

Election hackers return to DEF CON as states look to Congress to fund solution

Andcherla Marcelin, a Miami-Dade election support specialists, checks voting machines for accuracy. Photo: Joe Raedle/Getty Images

The hacker conference DEF CON launched its second annual election hacking extravaganza on Friday after last year's conference led cybersecurity enthusiasts to discover several security flaws in election equipment and are poised to do the same thing again this year.

The big picture: One secretary of state argued at the event that the problem may be less about rediscovering how unsecure machines are, and more about getting the funding to do anything about it.

What they're saying: "We spend $700 billion for defense," California Secretary of State Alex Padilla told Axios. "Last week, the White House said that election security was a national security issue. For less than 1 tenth of 1%, Congress could make a world of difference."

The event: Padilla was one of several high profile attendees at this year's conference. He and Homeland Security Assistant Secretary for the Office of Cybersecurity and Communication Jeanette Manfra both spoke at the event and several Homeland Security cybersecurity experts participated in the hacking.

The background: Congress fronted $380 million for new election systems earlier this year — but that money came from a fund started more than a decade ago.

  • "The money Congress appropriated last month isn’t cybersecurity money, it’s still hanging chad money," said Padilla, who would later echo the remarks at a panel. "We need cybersecurity money."
  • Padilla noted that the changing cybersecurity landscape requires continually updated systems and replacing equipment. The one-time Congressional gift would not be enough for every state to make necessary repairs, let alone keep systems secure on any long-term basis.

State officials worry the hacking event will be misconstrued. The speed and thoroughness with which hackers tunneled into voting machines and a poll book last year received widespread press coverage.

  • On Thursday, the National Association of Secretaries of State said it supported the hacking event this year, but wanted to be clear the hacking did not accurately represent real world conditions.
"Providing conference attendees with unlimited physical access to voting machines...does not replicate accurate physical and cyber protections established by state and local governments. "

Hacking voting machines often needs to be done with physical access to each machine. Following proper security hygiene guidelines, including limiting access to machines, minimizes those threats.

  • Still, the DEF CON event is very useful, argue Manfra and Padilla. "I'd rather learn what to defend against here than from a hacker," said Padilla.

Go deeper

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 3:30 a.m. ET: 1,203,923 — Total deaths: 64,795 — Total recoveries: 247,273Map.
  2. U.S.: Total confirmed cases as of 3:30 a.m. ET: 312,237 — Total deaths: 8,502 — Total recoveries: 14,997Map.
  3. Public health latest: CDC launches national trackers and recommends face coverings in public. Federal government will cover costs of COVID-19 treatment for uninsured. The virus is hitting poor, minority communities harder and upending childbirth.
  4. 2020 latest: "We have no contingency plan," Trump said on the 2020 Republican National Convention. "We're having the convention at the end of August."
  5. Business updates: Restaurants step up for health care workers. Employees are pressuring companies to provide protections during coronavirus.
  6. Oil latest: Monday meeting among oil-producing countries to discuss supply curbs is reportedly being delayed amid tensions between Saudi Arabia and Russia.
  7. Education update: Many college-age students won't get coronavirus relief checks.
  8. 1 🏀 thing: The WNBA postpones start of training camps and season.
  9. What should I do? Pets, moving and personal health. Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  10. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

World coronavirus updates: Confirmed cases top 1.2 million

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens and confirmed plus presumptive cases from the CDC

The number of novel coronavirus cases surpassed 1.2 million worldwide Saturday night, as Spain overtook Italy as the country with the most infections outside the U.S.

The big picture: About half the planet's population is now on lockdown and the global death toll was nearing 64,800, by Sunday morning, per Johns Hopkins data.

Go deeperArrowUpdated 50 mins ago - Health

U.S. coronavirus updates: Death toll surpasses 8,500

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Andrew Witherspoon/Axios

Recorded deaths from the novel coronavirus surpassed 8,500 in the U.S. early Sunday, per Johns Hopkins data. The death toll in the U.S. has risen over 1,000 every day for the past four days, since April 1.

The big picture: President Trump said Saturday America's is facing its "toughest" time "between this week and next week." Anthony Fauci, director of the National Institute of Allergy and Infectious Diseases, said U.S. deaths are expected to continue to rise during this period.

Go deeperArrowUpdated 1 hour ago - Health