30 August 2018

California Emerges as a Leader at Black Hat / DEFCON on Election Security

Synack

At Black Hat/ DEFCON, home to the Vote Hacking Village and host to over 20,000 attendees each year, Synack brought a thoughtful perspective by hosting our own event specifically for state and local government leaders: “How Hackers Help Protect our Elections and the American Way of Life”. Since the aftermath of the 2016 Presidential Election when the Department of Homeland Security informed 21 states that their elections had been hacked, election security has been top of mind for many Americans. Just this summer, Synack launched our pro-bono effort to provide our crowdsourced penetration testing service to states for free so that states can know about and act on the vulnerabilities in their election systems.

We know that states are doing a lot in efforts to strengthen their cybersecurity, and election systems are just one piece to a larger puzzle. At this event, we wanted to highlight the notable efforts of Secretaries of State who are committed to not only securing elections, but protecting American liberty on a broader scale as well.

Rita Gass, the CIO of the Secretary of State’s Office in California, is one such leader who was the natural choice to speak at Synack’s bipartisan gathering at Black Hat. Gass, who oversees California Secretary of State’s security and technology operations, has been an innovator and thought leader in the space. Jay Kaplan, Synack’s Co-founder & CEO and ex-NSA, moderated the discussion while simultaneously providing a real “hacker perspective” to the topics at hand. The diverse audience helped to create a full perspective on the state of election security across the United States today.

The California Secretary of State has been a pioneer in election cybersecurity. This year, California invested the largest amount of all states to-date in updating its voting systems– $134 million– and they invested an additional $3 million to help strengthen election cybersecurity. The state is also one of the first to establish an Office of Elections Cybersecurity and the Office of Enterprise Risk Management.

The California Secretary of State’s Office also engaged at the DEFCON conference where the Secretary of State, Alex Padilla, spoke on election security to a packed audience. Padilla called on Congress to provide more resources to states that are under-resourced and welcomed efforts from hackers (some as young as 11 years-old) to help the state of California learn some lessons. Synack helped to support the young hackers as co-sponsor for a kid’s event at DEFCON alongside R00tz, a nonprofit that teaches kids white hat hacking, and Army Cyber. The Secretary of State commented, “I’m here [at DefCon]. I think there’s a lot of value in this convening and in the spirit of this convening. In the Vote Hacking Village, I hope to see what kinds of lessons we can take away that we might not yet have thought of in California. I’d rather be enlightened today than be enlightened after an incident.” Synack agrees, which is why we augment our platform with a crowd of hackers to provide an adversarial perspective.

During her talk on election security and cybersecurity more broadly, Gass highlighted a number of points that Secretaries of State should keep in mind before the midterms in 2018:

  • Collaborate and share information – Elections require collaboration from federal, state, and county level officials. Through its newly created Office of Enterprise Risk Management, California will coordinate efforts between the Secretary of State and local election officials, to help establish best practices.
  • The talent shortage is growing – Cyber attacks are increasing at a fast pace and the government needs to keep up through recruiting the best talent. (Synack could not agree more, by the way.) There is estimated to be a 3.5M person cyber talent shortage by 2021 (according to Cybersecurity Ventures). In the words of Synack CEO, Jay Kaplan, “Synack’s crowd of hackers provides a perfect complement to what security teams are doing internally, and at a much greater scale.”

Synack enjoyed hosting information security professionals from states in the Western region and looks forward to continuing to promote its effort to offer of $550k in pro bono testing to states. We hope that through our “Secure the Election” initiative, all 50 states can learn a little more about how to assess their security risk and protect American democracy.