It simply can’t be ignored! The past elections the allegations of voting fraud, voting machine hacks and exposed emails. It’s all been covered in the news. Whether it’s fake or not, that would be left up to individuals and their own opinions, despite political party affiliation. However, the annual venue known as DEF CON that occurs in Las Vegas each year has for the second time set up a Voting Village right on the hotel premise. I have to admit that I have visited the village when it was first set up at the DEF CON 25 in 2017. I walked around and discovered that the voting machines IP addresses were always exposed without any encryption what so ever. That is why at DEF CON 26 another voting “hackers’” village was set up and established this year in 2018. The organizers at DEF CON, such as Dark Tangent are only setting these up to bring awareness to election officials and the industry. As a response, one of the companies, ES&S has responded to DEF CON 26 stating that the DEF CON 26 Voting Village is not viable.

Christopher Wlaschin, who is the vice president of systems security for ES&S, has already dealt with both Capitol Hill and independent security researchers before in regards to Elections and Voting Booth Vulnerabilities. Cyberscoop, an online cybersecurity magazine, reported that he was the former CISO for the Department of Health and Human Services (HHS). Therefore, Wlaschin has experience working with and answering both sides of the disagreement about the results from the DEF CON 26 Voting Village. Based on the first look and overview of the Voting Village, Wlaschin states, “What I saw at the Def Con 26 Voting Village was legacy hardware that had been purchased off eBay, without the benefit of any updates or other physical security controls. The equipment just laid bare on the table, allowing anybody who had a toolkit and plenty of time to try and manipulate the machine or somehow exploit a known vulnerability. Christopher Wlaschin also stated “that it had seemed contrary to him as a professional cybersecurity practitioner. You’ll probably find my peers who would say that any opportunity to reduce the attack surface on sensitive hardware and software is a wise thing to do. To give up hardware and software to anonymous people, whose intent is really unknown, some of those folks claim to be interested in helping strengthen U.S. election security, but you don’t know for sure, because they’re just anonymous”

Therefore, the company ES&S is stating that the results which came out of the DEF CON 26 Voting Village this year, would not happen in the real world because DEF CON 26, who set up the village was not able to duplicate or deploy any of the necessary security parameters like ES&S has established to ensure that voting booths were secure for elections security. Over the years, however, it will still be debated on whether or not The U.S. has established secure voting for upcoming elections. Until that time, the public must rely on this private company’s word. There also have been a number of new organizations stood up by both The U.S. Government by way of DHS and private industry in the form of a new Information Security Analysis Center (ISAC) organization for reporting and continued analysis to ensure our votes are kept confidential. Redport Information Assurance is also a premier vendor to ensure that your networking devices are kept secure even in the most critical of environments.

By Dr. Randall E. Sylvertooth

Source:
https://www.cyberscoop.com/chris-wlaschin-ess-def-con-voting-village-election-security/

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA