The case for white hat hacking of our election software

Science & Tech 21:23 28.10.2018
Congress did not pass the bipartisan Secure Elections Act. This means in the two years since Russian interference disrupted our election systems, we have failed to improve security around the technologies that support our election processes.
 
Legislating a fix to the problem is proving futile. It’s time to ask ourselves – as citizens, elected leaders, technologists and those interested in protecting our democracy – what else we can do to improve election security.
 
A recent report delivered to Capitol Hill found that “election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack,” according The Wall Street Journal.
 
Shouldn’t we view our elections through the lens not just of security, but safety? Think about it this way: we have the NTSB for travel, the FDA for food, OSHA for workplace safety. We would scarcely accept 50 percent of cars on the road to be faulty or 50 percent of food on grocery store shelves to be tainted.
 
That’s why states should open up voting systems and machines to the white hat hacker community. Much of the technology we enjoy using today, our smartphones and apps and internet-connected vehicles, is safer and more secure because it’s been probed by hackers to expose and report vulnerabilities that are then corrected. The software that powers the digital world, including election systems, can be made more secure via bug bounties that enable the hacking community to get to work.
 
Hackers can be exceptionally creative, constantly thinking outside the box. Security experts close to a product will have made assumptions that attackers will ignore. Bringing in outside hackers with their own attack tools will uncover new risks. This is one of the clear values of bug bounty programs. Keep in mind, this is not a replacement for sound security engineering as part of the development process, it should be in addition.
 
State governments should accept offers of companies to perform penetration tests of election websites. Election system hardware and software vendors, long opposed to scrutiny, risk their reputations each year they deemphasize security. Both states and their election system vendors should embrace ongoing bug bounty programs that facilitate collaborative disclosure of security flaws.
 
You can look to the bug bounty programs of Google and Facebook to see this in action. These organizations, among the most prolific and profitable companies ever built, have internal security teams that are working to secure the software they create, but interesting bugs are still found by outsiders. This is the example government must learn from. One Google bug bounty program received 470 qualifying vulnerability reports in the past year, each with the potential to make Google software more secure.
 
The risks of not opening up election software and equipment to white hat hacking are straightforward: attackers get access to software and systems and find bugs that they don’t report. They then later exploit these bugs during an election.
 
Making bounties high will attract lots of attackers who will want to report what they find.
 
In short, more eyes on the problems is always going to lead to better security.
 
Our society and culture values a safer world. Allowing these systems to be hacked, working along with election system vendors, is our most sure-fire bet toward creating safer elections. The results may be ugly at first, but we’ve experienced the alternative, and no one wants a repeat.
Hikmat Hajiyev: "Azerbaijan is a natural link connecting Central Asia and Europe" - VIDEO

News line

Russian MFA calls 102nd Military Base only guarantee of Armenia's sovereignty
17:01 29.03.2024
"The Ukrainian army is addicted to gambling" - says Ukrainian MP
"The Ukrainian army is addicted to gambling" - says Ukrainian MP
16:50 29.03.2024
Why are the US and the EU arming Armenia? - Pundit talks on Ednews
16:39 29.03.2024
Erdogan to visit US on May 9
Erdogan to visit US on May 9
16:26 29.03.2024
Hulusi Akar, US congressmen mull Azerbaijan-Armenia peace process
15:52 29.03.2024
Russian ambassador sees no reasons to expect Russian-US ties to improve
15:36 29.03.2024
British army lifts ban on serving soldiers having beards
British army lifts ban on serving soldiers having beards
15:29 29.03.2024
Hikmat Hajiyev: "Azerbaijan is a natural link connecting Central Asia and Europe" - VIDEO
15:13 29.03.2024
Azerbaijan weather forecast for March 30
Azerbaijan weather forecast for March 30
15:00 29.03.2024
Tajikistan detains 9 people over Russian concert shooting
Tajikistan detains 9 people over Russian concert shooting
14:46 29.03.2024
Washington Is Forming A New Alliance - OPINION
14:32 29.03.2024
Individuals identified as drug users will not be admitted for service in Azerbaijani tax authorities
14:14 29.03.2024
Philippines' Catholic devotees nailed to crosses to re-enact crucifixion
Philippines' Catholic devotees nailed to crosses to re-enact crucifixion
14:00 29.03.2024
Umud Mirzayev: EU's South Caucasus Visit Aims to Maintain Regional Influence
13:45 29.03.2024
Public Television of Armenia Reveals Villages to be Returned to Azerbaijan
13:39 29.03.2024
Death toll of Israeli strike in Syria rises to 42, war monitor says - UPDATED
13:25 29.03.2024
Azerbaijan toughens penalties for non-compliance with rules of state of emergency regime
Azerbaijan toughens penalties for non-compliance with rules of state of emergency regime
13:12 29.03.2024
How will the EU's visit to the South Caucasus affect the peace process? - Former ambassador talks to Ednews
13:00 29.03.2024
Azerbaijan tightens sanctions for breaching special operation zone rules on religious extremism
12:45 29.03.2024
Azerbaijan toughens penalties for non-compliance with rules of social emergency environment regime
12:33 29.03.2024
About $7 bln of foreign direct investment was invested in Azerbaijan last year
12:00 29.03.2024
Number of people injured in Crocus City Hall terrorist attack reaches 382
11:48 29.03.2024
Media: Netanyahu rejected the Mossad Chief's proposal for a possible agreement in Gaza
11:37 29.03.2024
Azerbaijani Parliament's meeting kicks off
11:26 29.03.2024
An American couple founded a website, which identifies brands that support Israel
An American couple founded a website, which identifies brands that support Israel
11:07 29.03.2024
US scientists name infection more dangerous for brain than coronavirus
US scientists name infection more dangerous for brain than coronavirus
11:00 29.03.2024
Parviz Shahbazov: Foundations of 4 new renewable energy plants will be laid this year
Parviz Shahbazov: Foundations of 4 new renewable energy plants will be laid this year
10:50 29.03.2024
Japan eyes self-driving expressway lane network
10:40 29.03.2024
Oil prices end 1Q24 with strong growth
10:30 29.03.2024
SECRETS of the European Union's visit to the South Caucasus - Fikret Sadigov EXPLAINS
10:25 29.03.2024
Ammunition found in Khankandi
Ammunition found in Khankandi
10:10 29.03.2024
Iran’s top diplomat: Military presence of third countries in Caspian Sea goes against interests of region
Iran’s top diplomat: Military presence of third countries in Caspian Sea goes against interests of region
10:00 29.03.2024
Armenia officially announces freezing its participation in CSTO
09:50 29.03.2024
US hopes to return to purchase of 72 fighter jets per year amid budget cuts
09:38 29.03.2024
Another 138 IDPs leave for Fuzuli
09:28 29.03.2024
Netanyahu: "We have strategic assets of Hamas"
09:17 29.03.2024
Date of next meeting of Armenian and Azerbaijani Parliament Speakers announced
09:00 29.03.2024
Russia prepares for new offensive in May-June l – says Zelensky
23:52 28.03.2024
Russian investigators have evidence of Ukraine link to Crocus terrorists
22:24 28.03.2024
Committee members of the EU Council will visit the South Caucasus region
19:48 28.03.2024
Hamısı