Congress and national security leaders have been urged to take action to address issues in voting machines.
After DEF CON’s Voting Village came under fire from the National Association of Secretaries of State (NASS) over the introduction of an area designed to test voting machines, DEF CON’s report on the voting village said that Congress must act, as “problems outlined in this report are not simply election administration flaws that need to be fixed for efficiency’s sake, but rather serious risks to our critical infrastructure and thus national security.”
In four steps to be taken, the report claims that Congress must take action, and also fund election security as “no state or local government will ever be able to raise enough capital to defend itself from a determined nation state” and security standards must be funded and implemented.
The other points called for a “Crisis Communications Plan” as State and local government election results web pages are “the most insecure component of our election infrastructure,” and while many local election officials have advocated for Congress to act and fund robust security practices, the report said it is not enough.
“National security leaders must also remind Congress daily of the gravity of this threat and national security implications,” it said. “It is the responsibility of both current and former national security leaders to ensure Congress does not myopically view these issues as election administration issues but rather the critical national security issues they are.”
DEF CON officials said that among the “dozens of vulnerabilities identified in the last two years” of the Voting Village, the insecure supply chain, capability for remote attacks despite insistence that the machines are ‘air gapped’, the ability to hack a machine in an average of six minutes and failure to fix serious flaws all prove a persistent problem.
“The failure to fix existing, reported vulnerabilities and the disconnect between the reports of election security experts and the reactions of some election equipment vendors speaks directly to the reason Voting Village was created,” the report said.
“The Voting Village aims to increase access to election security knowledge in order to better protect American democracy and the electoral system. We believe that knowing the risks involved in how America votes is always better than sticking our heads in the sand. Although we have redacted some information from this report, it is a realistic, if pessimistic, view of how easy it is for individuals to exploit bad design and sidestep election protections. We hope that it will move the United States towards action.”