It’s impossible to overstate the importance of tomorrow’s Keynote at the Black Hat security conference in Las Vegas – Democracy's Biggest Year: The Fight for Secure Elections Around the World.As the session’s description relates, more than 2 billion voters will cast ballots to shape the future of their nation and the world. The challenges of protecting the democratic process have never been greater with increases in cyberattacks from enemy states, the outsize influence of social media, and the novel threats posed by Generative AI.[For up-to-the-minute Black Hat USA coverage by SC Media, Security Weekly and CyberRisk TV visit our spotlight Black Hat USA 2024 coverage page.]Reading the daily news headlines, just about every major organization has been breached. It compels us to ponder the timely question: If major corporations like AT&T, Microsoft, and United Healthcare can’t stop cybercriminals from breaching their networks, how can notoriously underfunded cybersecurity defenses at the organizations that manage our elections possibly stay safe? For cybercriminals to succeed, they must have a motivation to attack and the means to succeed. Except at the very highest levels, there’s limited financial gain for cybercriminals to carry out a direct attack on our electoral systems. There’s no “un-stolen” data left to steal and no leverage to demand a ransom payment. More important, the nature of the process offers many built-in deterrents.Keep in mind the U.S. electoral system, like many others, is highly decentralized. Elections and balloting are conducted at the state and local levels, not through a single nationwide system. Individual states have their own processes, rules, and systems. Our systems involve a remarkably manual process that relies on large numbers of people who are not integrated in a cohesive manner. This decentralized structure makes it nearly impossible for a single threat actor to influence outcomes across the entire country.There are also strong cybersecurity physical security measures already in place. Election systems, particularly those involving voting machines and electronic tabulation, are regularly upgraded with improved security measures. This includes multifactor authentication, encryption, and stringent physical security measures.There are also robust election integrity checks and paper trails. These include pre-election testing of voting machines, post-election audits, and chain of custody procedures for ballots and voting equipment. Most voting systems in the U.S. include a paper trail that allows verification of results and greater certainty to the accuracy. This was put to the test following the 2020 U.S. presidential election when 60 legal cases were filed in multiple states alleging fraud and/or irregularities in the election process. In the end, no evidence to substantiate claims of widespread fraud or actions that would impact the election results were found.
Black Hat, Critical Infrastructure Security
Security industry braces for Democracy’s biggest test yet

Today’s columnist, John Gunn of Token, offers a preview on Wednesday morning's Black Hat panel on elections, which will include CISA Director Jen Easterly. (DHS)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds