Election Security At Def Con
DAVID GREENE, HOST:
This weekend thousands of hackers will converge on Las Vegas to try their hand at breaking into, well, all sorts of stuff - medical devices, cars and even voting equipment. They're being encouraged to do this in hopes of finding vulnerabilities ahead of the 2020 election. Joining us from Las Vegas, site of the Def Con hacking conference, is NPR's Miles Parks who covers election security. Hi there, Miles.
MILES PARKS, BYLINE: Hi, David.
GREENE: Well, so how important is this in terms of election security, getting people to try and break into voting systems so you can really understand what's vulnerable and what's not?
PARKS: Well, it's really important, especially when you consider the context of how voting officials have viewed this sort of behavior in the past. I mean, we're only just a couple years removed from election supervisors, people in Congress casting doubt on whether Russia was - Russian attackers were able to break into any sort of voting equipment at all and then, more broadly, whether the equipment that we were using to vote to register was vulnerable.
So we're past that point. You know, there's pretty broad consensus that this issue - cybersecurity in voting - is something worth talking about. You know, the Senate intelligence committee released a report about Russian interference a couple weeks ago, and they cited work that was found at this conference last year. And then this weekend, a U.S. Senator, Ron Wyden from Oregon, is actually going to be giving the keynote address. So this has gone pretty mainstream at this point.
GREENE: OK, a lot of confidence that they can learn a lot of important stuff there. So how does it actually work? I mean, what do you actually watch as you're at this conference?
PARKS: So let me set the stage here. Going back to just how our voting system works - right? - private companies, not government officials are actually overseeing the equipment that we use to vote, whether it's websites, the actual voting equipment, the registration equipment. And they don't allow anyone behind the scenes to poke around and see what's actually going on. And not just, like, you or me - I'm talking about the government officials who are actually contracting these companies out. They don't even let those people look at it and confirm the security of the equipment.
So this weekend is the time for that poking around to happen. So there is going to be thousands of people poking around equipment that was purchased on eBay, purchased at government auctions to either take a shot at messing with the equipment or to take notes on the people taking a shot and messing with the equipment.
And these people, David, they're really good. I've been warned by multiple people I need to have my cellphone off when I'm walking around here because there's going to be hackers who are going to be in the public Wi-Fi trying to get into whatever equipment they can.
GREENE: Oh, wow. OK, keep your phone off, Miles. So there's been so much scrutiny of 2016 and what happened. I mean, do people feel like things have improved since then as we start heading into 2020 with the potential for more cyberattacks?
PARKS: There's no question that things have definitely gotten better. Federal resources are on a completely different level in terms of communicating about this subject. But the actual equipment we're going to be using to vote will be largely the same. On a whole, no one I've talked to was - has been willing this week to say that they don't think there won't be cyberattacks in the future. I talked to Amit Yoran. He's the CEO of a cybersecurity company called Tenable. And he's also a former DHS cyber official.
AMIT YORAN: Just when you think it couldn't get worse, there's always a creative, innovative, manipulative influence. And this is very much a cat and mouse game.
PARKS: So it's important, right here, to say that there's no evidence that any votes, even in 2016 when we saw those cyberattacks into a voter registration system in Illinois, for instance - no - we have no evidence that any votes or any voting data was changed. But as we'll see this weekend, there are still vulnerabilities in a lot of different aspects of this system.
GREENE: NPR's Miles Parks in Las Vegas. Thanks, Miles.
PARKS: Thank you, David.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.