Securing our Nation's Election Infrastructure

Conference:  Defcon 26



The presentation discusses the importance of cybersecurity in elections and critical infrastructure, and the need for collaboration between government, private sector, and IT researchers to defend against adversaries.
  • Old and unsupported software, such as outdated PHP, poses a significant vulnerability in election systems and critical infrastructure
  • Election officials are slower than the government and other entities in fixing and patching these issues, highlighting a resource issue
  • Penetration testing reveals that phishing emails are a common tactic used by adversaries to gain access to election and non-election places
  • The cybersecurity issue is not just an American problem, but a global one that requires collaboration between various sectors and participation in policy debates
  • The Department of Homeland Security has a national mission to assess and improve cybersecurity in critical infrastructure, including elections
The speaker mentions that the election issue has brought cybersecurity to the forefront in a way that nothing else had, and that the traditional concepts of democracy, intellectual property, privacy, and free expression are being undermined by adversaries. The speaker encourages participation in policy debates and emphasizes the need for more people who understand technology to engage in these discussions.


Fair elections are at the core of every democracy and are of paramount importance to our national security. The confidence in our electoral process is fundamental to ensuring that every vote- and therefore every voice- matters. In recent years, our Nation has become increasingly uneasy about the potential threats to our election infrastructure. The activities to undermine the confidence in the 2016 presidential election have been well documented and the United States (U.S.) Government has assessed that our adversaries will apply lessons learned from the 2016 election and will continue in their attempts to influence the U.S. and their allies' upcoming elections, including the 2018 mid-term elections. As the lead agency for securing the Nation's cyber infrastructure, the Department of Homeland Security (DHS) has a mission to maintain public trust and protect America's election systems. In January 2017, the DHS Secretary designated election systems as critical infrastructure. This designation means election infrastructure has become a priority in shaping our planning and policy initiatives, as well as how we allocate our resources. DHS is working directly with election officials across 8,000 election jurisdictions and throughout 55 States and territories, to help them safeguard their systems. As the threat environment evolves, DHS will continue to work with state and local partners to enhance our understanding of the threat, share timely and actionable threat information, and provide essential physical and cybersecurity tools and resources available to the public and private sectors to increase security and resiliency. DHS is committed to ensuring that our adversaries never succeed with their campaign to undermine our democracy.