Not long ago, lawmakers might have been wary about showcasing the work of hackers who specialize in penetrating voting equipment. But on Thursday, organizers from the Def Con Voting Village — a collection of security researchers who hack election systems in hopes of making them more secure — received a warm welcome on Capitol Hill. The organizers were in town to unveil a new report identifying vulnerabilities in several widely used voting machines they tested during the Def Con hacking conference in Las Vegas over the summer, including a flaw in a vote tabulator that could allow a malicious actor to hack it remotely. They presented their findings in a meeting hosted by Rep. Jackie Speier (D-Calif.) and attended by staffers from the offices of Sen. Amy Klobuchar (D-Minn.), who is sponsoring an election security bill, and several other Democrats. The event highlights how the cybersecurity experts behind the Voting Village, which is only in its second year, are reaching beyond the niche and often apolitical community of Def Con in hopes of influencing the debate over how to secure the country’s election systems. The issue has received a wave of new attention since the 2016 election, when Russian hackers probed election administration systems in 21 states.
“What we’ve come to realize in the last two years is that, where there used to be a separation between cybersecurity and policy — there isn’t anymore,” Voting Village co-organizer Jake Braun told me. “Washington’s political space is becoming one of those centers of gravity for cyber. We have to engage on all fronts, or else we lose.”
A “staggering” number of vulnerabilities exist in the country’s voting systems, the Voting Village report warns. One machine used to count votes in 26 states, for example, contained a decade-old flaw that could allow malicious actors to infect it with malware, according to the report. The same machine could be hacked without requiring the attacker to have physical access, the report found. Another machine used in at least 15 states could be hacked with a pen in two minutes — a third of the time the average voter spends casting a ballot.
The organizers said the findings underscored the need for Congress to create basic cybersecurity standards for election equipment and send more money for states to upgrade their election infrastructure. “This is not an election administration issue, this is a national security issue,” Braun said at the meeting. “This body needs to act and fund a dramatic overhaul.”