►
From YouTube: Elections Cybersecurity (From a Legislative Perspective)
Description
Here’s the good news: 2020’s election saw no known cyberattacks. Here’s the bad news: The future could be—is likely to be—a different story. Find out what are the threats and what are steps lawmakers can take to protect the very core of our democracy. Learn from experts at the University of Southern California’s Election Cybersecurity Initiative, where the catch phrase is, “Our Candidate is Democracy.”
A
That's
a
good
message
to
everyone
to
turn
your
ringers
off
all
right.
Well,
welcome
everyone
to
election
cyber
security
from
a
legislative
perspective.
It
actually
warms
me
quite
a
bit
to
know
that
so
many
of
you
are
joining
us
today.
The
topic
is
critical
to
our
democracy,
but
with
the
next
general
election
20
months
away
and
with
so
many
other
competing
legislative
priorities,
many
people
may
be
thinking
election.
Cyber
security
is
on
the
I'll
think
about
that
later
list.
A
So
for
you
all,
you
are
keeping
it
top
of
mind,
and
I
really
appreciate
that.
So,
let's
start
with,
is
there
a
problem?
I
have
that
answer
from
a
report
released
just
two
days
ago.
This
was
a
report
from
the
department
of
justice
and
the
department
of
homeland
security
and
their
top
line
was
this
no
evidence
found
that
a
foreign
government
manipulated
any
election
results
referencing
the
2020
election,
but
that
sounds
great
and
then
it
goes
on
to
say
that
russia,
chinese
and
iranian
government-affiliated
actors
quote
materially
impacted
the
security
of
certain
networks.
A
End
quote
during
the
the
2020
election.
So
I'm
glad
that
there
was
no
manipulation
of
election
results,
but
I
am
puzzled
by
those
material
impacts
that
were
had
and
we
will
learn
more
about
that
during
our
next
hour
plus
much
more.
But
let's
start
with
introductions.
I'm
wendy
underhill,
I'm
the
director
of
ncsl's
election
and
redistricting
team,
and
I
want
to
emphasize
that
word
team.
Behind
the
scenes
we
have
brian
hinkle.
A
We
have
mandy
zach
ben
williams
and
christy
zamarripa
and
those
are
the
folks
that
really
make
the
magic
happen
for
us
on
elections
and
redistricting,
and
our
goal
at
ncsl
is
to
serve
legislators
and
legislative
staff
throughout
the
nation,
and
we
do
that
primarily
by
answering
questions.
So
if
you
have
questions
that
we
might
be
able
to
answer
by
all
means,
let
us
know-
and
if
we
don't
know
the
answers,
we
may
easily
know
where
to
find
the
experts
who
do
and
of
course
that's
what
we've
done
today.
A
A
You
probably
recognize
his
name
because
he's
been
a
journalist
for
some
50
years
and
he's
worked
at
cbs
and
npr
and
the
newseum
just
to
name
three
of
his
former
affiliations,
but
for
our
purposes,
what
really
matters
is
that
he's
the
director
of
the
university
of
southern
california's
initiative
on
election
cyber
security,
which
provides
training
in
all
50
states,
to
reinforce
election
integrity
and
to
build
defense
against
digital
attacks?
Welcome
adam.
A
Oh
glad
to
have
you,
we
also
have
clifford
newman
with
us
today
he's
a
scientist
at
the
information
sciences
institute
at
usc,
and
he
also
holds
a
research
faculty
appointment
in
the
computer
science
department,
which
of
course
makes
me
wonder
how
you
have
two
jobs,
but
that's
okay.
I
learned
from
looking
at
his
bio
that
his
research
focuses
on
issues
of
scale
in
large
distribution
systems.
C
A
Thank
you.
Thank
you.
When
I
read
your
bio
and
then
I
knew
you
were
also
key
on
this
election.
Cyber
security
part
I'm
like
whoa.
This
is
a
man
who
never
sleeps
all
right,
so
bios
for
both
adam
and
cliff
will
be
in
the
chat
box
for
you.
So
let's
just
go
ahead
and
get
started
here.
Adam
tell
us
how
it
is
that
a
journalist
ended
up
at
the
university
of
southern
california
and
involved
with
elections
cyber
security.
What
is
this
program
that
you
are
directing.
B
B
How
we
got
involved
in
cyber
security
is
that
after
I
retired
and
moved
to
the
usc
washington
dc
office,
we
used
to
have
a
quarterly
series
of
planning
meetings
to
try
to
update
cell
phone
regulations
to
try
to
work
with
agencies
to
modernize
regulations
and
other
things
that
might
have
been
out
of
out
of
date
and
in
one
of
those
meetings.
Six
years
ago,
vince
cerf
who
was
the
co-inventor
of
the
internet
back
in
the
1960s.
B
He
said:
why
aren't
we
talking
about
securing
everything
on
the
internet?
You
can
buy
a
coffee
maker
now
with
an
ip
address,
I
mean
lg
wants
to
send,
sell
you
a
refrigerator
connected
to
the
internet.
We
need
to
secure
everything
on
the
internet
and
everybody
around
the
table.
Nodded
said,
okay
from
now
on,
it's
the
internet
of
things
and
securing
the
internet.
B
Well,
our
partner
that
came
in
right
after
the
national
governors
association.
They
decided
to
make
usc
their
research
partner
on
cyber
security
and,
of
course,
after
the
2016
election,
the
security
of
elections
really
bubbled
up
to
this
top
as
as
number
one
priority.
So
we
did
programs
with
the
nga,
including
off
the
record
programs
for
state
governments
at
state
capitals
and
then
last
year
in
2020,
we
did
50
states
programs
for
all
each
of
the
50
states,
most
of
them
virtual
because
of
the
pandemic.
B
But
we
reached
almost
4
000
people,
the
state
and
campaign
election
workers
and
others
with
that
are
independent,
non-partisan
and
vendor
and
platform.
Agnostic,
we'll
be
back
again
this
year
in
2021,
starting
next
thursday
march
25th,
with
the
first
of
a
series
of
workshops
again
for
the
50
states.
A
Well,
that's
great.
It
sounds
as
though
what
people
who
are
attending
today
can
get
is
a
sense
of
what
usc
has
to
offer
on
this
topic
and
that
there's
ways
for
them
to
dig
in
deeper
with
you,
as
as
things
progress,
so
you've
mentioned
2016
and
now
we've
been
through
the
2020
election
cliff.
Can
you
tell
us
how
the
2020
election
was
different
in
terms
of
cyber
security
from
previous
elections?.
C
C
C
We
also
learned
unrelated
to
the
election
about
the
solar
winds,
breach,
which
highlighted
the
cyber
capabilities
of
the
russians
and
other
adversaries,
and
I
think
it
was
actually
the
strict
isolation
of
the
election.
Tabulating
systems
from
other
government
functions,
one
of
the
things
that
that
was
put
in
place
here
that
really
prevented
the
solar
winds,
breach
from
affecting
the
elections.
A
Okay,
so
it
sounds
like
2016
was
a
heads
up
2017
and
on
we
had
the
federal
government
come
in
with
dhs
and
cisa.
Can
you
tell
us
what
cis
stands
for?
I
know
what
it
is,
but
I
can't
give
you
its
what
it
means:
cyber
security
infrastructure,
okay,
we'll
get
it
in
the
chat
box.
So
we
get
that
straight.
So
a
lot
of
attention
was
paid
and
you've
made
the
point
that
the
actual
equipment
that
counts
the
votes
is
separated
from
the
internet.
A
C
Well,
no,
I
mean
it's
it,
it's
something
that
we
can't
say
occurs
everywhere,
but
that
level
of
isolation
is
stronger
than
just
having
you
know
the
normal
government
employees
and
you
know,
I
mean
think
of
how
often
we've
heard
about
breaches
at
the
dmv
and
things
like
that.
There
is
stronger
isolation.
A
Got
it
got
it
now?
I
forgot
to
say
to
everyone
who's
out
in
the
audience
that
you
all
are
welcome
to
join.
In
the
conversation,
you
can
put
your
questions
in
the
chat
box
or,
if
you'd
like
to
be
unmuted
and
ask
your
question
out
loud.
That's
fine,
too.
If
you
can
find
the
the
hand
to
raise
your
hand,
please
do
so
cliff.
The
other
thing
about
the
2020
was
that
there
was
a
pandemic.
I'm
sure
you
remember
that.
How
did
that
change
the
cyber
security
threats
to
elections
if
it
did
in
any
way.
C
Well,
you
know
it
changed
the
cyber
threats
to
a
lot
of
organizations,
because
you
have
more
and
more
employees
that
are
working
from
home
now
because
of
the
strict
isolation
that
we've
got
with
the
vote,
counting.
No,
we
weren't
sending
the
employees
that
are
gonna
count
votes
to
do
it
at
home.
Okay,
we
didn't
do
that.
You
did
end
up
with
more
and
more
voters
voting
by
mail,
for
example,
but
that
didn't
have
a
strict
cyber
security
element
to
it.
C
It
did
affect
some
other
issues
around
the
election,
but
generally
because
we
are
working
more
and
more
from
home.
If
you
give
your
employees
access
to
sensitive
data
from
your
home
from
their
home
locations,
you
no
longer
have
the
level
of
physical
security
around
where
they're
accessing
that
data,
and
that
does
create
some
cyber
security
issues.
A
And
I'm
working
at
home
for
ncsl-
and
I
bet
many
of
the
people
in
the
audience-
are
also
working
from
home.
We've
just
been
asked
to
shift
over
to
multi-factor
authentication
to
turn
on
our
equipment
and
I'll.
Tell
you
all
how
naive
I
was
I
said.
Well,
I
don't
really
need
to
do
that
because
I'm
just
in
my
house
and
I
never
go
anywhere-
I
can't
lose
my
computer
and
no.
No.
That
was
not
the
right
answer.
C
Right
well,
the
multi-factor
authentication,
you
use
tooth
warts,
some
kinds
of
threats,
and
I
think
we're
going
to
talk
a
little
bit
about
those
a
bit
later.
There
are
other
steps
that
you
would
take
specifically
when
you're
at
home,
and
that
gets
in
line
with
sort
of
physical
takeover
of
of
locations.
A
B
Well,
they,
the
people
are
mainly,
as
you
said
at
the
beginning,
coming
from
russia,
china,
iran,
to
some
extent,
north
korea.
Actually,
david
sanger,
who
covers
intelligence
in
the
new
york
times,
told
me
that
there
are
more
than
30
countries,
3-0
more
than
30
countries
that
are
hacking
into
the
united
states,
trying
to
peer
into
how
our
systems
are
working,
including
election
systems.
But
the
big
player
by
far
is
russia
and
they
have
the
r
d
budget
to
try
to
crack
into
our
secure
systems.
B
We
saw
over
the
course
of
2020
new
and
different
techniques
that
russia
was
using
and,
interestingly,
russia
turned
out
to
be
almost
like
the
r
d
center
for
all
the
bad
actors,
because
if
russia
did
something,
then
china
and
iran
might
copy
them
a
week
or
two
later
so
so
that's
the
major
threat
is
russia
and,
and
they
have
a
building
full
of
people
in
saint
petersburg,
st
petersburg,
russia.
Working
on
this.
A
Oh,
my
goodness,
so
what
you
told
us
is
that
threats
are
viral
and
spreading
around
the
nation.
I
don't
know
if
we
want
to
go
so
far
as
to
say
there's
a
pandemic
of
it,
but
when
you
get
to
30
stations,
nation
states,
maybe
so
what
about
domestic
threats
are?
Should
we
be
thinking
about
other
kinds
of
threats
as
well.
B
The
domestic
actors
tend
to
be
in
it
for
the
money,
the
foreign
actors
are
trying
to
discredit
our
election
system,
trying
to
discredit
democracy
itself,
but
they're,
using
some
of
the
same
techniques
to
try
to
steal
passwords,
to
try
to
get
through
lightly
lightly
guarded
systems
and
and
going
after
as
as
as
we
know,
sometimes
a
small
school
district
or
a
hospital,
and
so
it's
cyber
security
is,
is
something
which
is
it's
just
something
where
you
just
can
never
sleep.
It
just
is
all
around
you.
A
I
got
it
they're
they're
trying
to
they've
got
thousands
of
attacks
coming
and
you
have
to
defend
against
all
of
them.
It
sounds
like
so.
The
defensive
position
is
is
pretty
tough
cliff.
Let's
talk
a
little
bit
more
about
some
of
the
things
that
have
already
surfaced.
We
had
the
word.
Ransomware
come
up
already
tell
us
what
that
is,
and
can
you
put
like
an
example
around
it,
so
we
can
really
understand
that
you've
got
people
at
all
different
levels
here.
So
what
is
a
ransomware
attack
and
how?
C
And
actually,
I'd
like
to
broaden
the
term
a
little
bit
to
sort
of
malware
or
malicious
software
that
takes
over
your
system
and
the
term
that
we
use
sort
of
technically
is
subversion.
It
subverts
your
system
now,
if
you
install
malware
by
clicking
on
a
bad
link
to
an
attack
site,
for
example,
or
by
installing
apps
or
applications
that
you
really
shouldn't
you're,
getting
them
from
an
untrusted
source
or
something
this
software
can
then
disable
your
system
and
that's
sort
of
what
we
see
in
the
terms
of
ransomware.
C
That's
why
the
paper
trail
is
so
important
and
there
are
many
additional
steps
that
can
be
taken
to
really
lock
down.
That
is
protect
the
integrity
of
critical
systems
and,
believe
me,
these
steps
are
being
taken
not
universally,
but
in
many
of
the
systems
that
are
out
there,
they
are-
and
that
makes
it
more
difficult
for
such
malware
to
actually
take
hold.
But
that's
the
kind
of
thing
that
could
conceivably
happen
from
and
ransomware
and
malware
are
forms
of
subversion.
Now,
there's
another
form
of
subversion.
We've
heard
a
lot
about
in
the
news
recently.
C
This
is
what
we
call
supply
chain
subversion.
That's
when
this
malicious
code
is
inserted
in
the
manufacturing
or
distribution
process
of
software
and
the
solarwinds
breach.
That
we've
heard
about
sort
of
separate
from
the
election
is
an
example
of
this
kind
of
supply,
chain
subversion
and
by
the
way
we
did
hear
in
the
aftermath
of
the
election.
The
refuted
accusations
from
the
trump
campaign
of
this
kind
of
supply
chain
subversion
in
the
dominion
voting
software.
Now
this
was
refuted,
but
but
that
is
precisely
an
example
of
the
kind
of
subversion
that
could
occur.
A
C
That
is
supply
chain
subversion.
If
you
purchase
a
piece
of
software
and
the
company
from
which
you
purchased
that
software
and
downloaded
it
embedded
malware
in
that
software.
That's
also
supply
chain
subversion,
and
it
doesn't
need
to
be
necessarily
the
company
that
inserted
it
directly.
It
could
be
someone
that
hacked
into
the
company
and
inserted
it
on
their
behalf
and
now.
A
Can
I
just
you're
scaring
me:
I
just
want
to
report
that
you're
making
me
think
that
there's
nothing
safe
in
the
world
and
maybe
that
is
in
fact
the
case.
But
now
could
you
tell
us
about
fishing?
I
we've
all
heard
fishing
a
little
bit
and
hopefully
most
of
us
are
getting
training
to
try
to
avoid
it.
But
I
have
to
admit
those
of
us
who
aren't
in
your
field
are
probably
a
little
more
relaxed
about
that.
So
what
is
fishing
and
how
does
it
relate
to
elections.
C
Okay,
well,
fishing
actually
comes
back
to
your
comment
earlier
about
thinking.
Oh,
I
don't
need
second
factors
of
authentication
or
things
like
that
when
you're
working
at
home,
so
one
of
the
ways
adversaries
get
into
our
systems
is
by
stealing
our
passwords
and
a
common
way
to
do.
That
is
by
sending
us
messages
that
look
legitimate
or
that
otherwise
cause
us
to
click
on
a
link
log
into
what
we
think
is
a
legitimate
website.
C
But
then
we
just
gave
the
criminal
our
password.
So
for
an
election
official
that
was
quote
phished,
then
the
criminal
might
get
access
to
restricted
systems.
More
often,
it's
the
end
users
who
are
fished
which
could
enable
changing
of
addresses
or
other
things
to
mess
up
that
individual's
voter
registration,
for
example.
Let's
say
you
pretended
to
be
the
election
site
and
you
stole
the
user's
password
and
you
changed
where
their
their
ballots
get
sent,
for
example,
or
if
it's
a
campaign
official.
C
Now
the
main
takeaway
with
respect
to
phishing
is
first
really
awareness
and
second
to
employ
things
like,
and
here's
what
you
were
talking
about,
accepting
the
factors
of
authentication
such
as
the
text
message
code
that
comes
to
your
phone
or
stronger
method.
So,
in
addition
to
the
password
you
need
to
prove
you
are
actually
in
possession
of
some
physical
device
and
the
two
factors
together
provide
for
a
stronger
form
of
authentication.
A
C
Well,
finally,
denial
of
service
attacks
simply
tries
to
shut
down
systems
by
overwhelming
them,
with
fake
queries,
for
example,
or
disabling
communications,
and
they
are
very
difficult
to
deal
with
from
a
computer
security
perspective
other
than
through
redundancy.
What
we
call
over
provisioning
of
resources
so
that
you
end
up
overwhelmed
now
the
biggest
problems
and
the
things
that
you've
sort
of
seen
with
respect
to
maybe
elections
is
things
like
the
denial
of
service
attack
on
voter
registration
systems.
Now
denial
of
service
attack
is
sometimes
indistinguishable
from
just
a
simple
failure.
C
Okay,
so
you
can
try
to
cause
these
failures
by
overwhelming
the
systems,
but
we
actually
saw
two
instances
of
of
general
failures,
not
cyber
attacks,
but
causing
this
kind
of
denial
of
service
in
florida.
The
day
that
the
vote
of
the
voter
registration
deadline,
their
system
simply
became
overwhelmed
with
the
number
of
people
trying
to
register
the
effect
of
that's
really
no
different
than
if
an
adversary
were
trying
to
call
it,
and
in
virginia
you
saw,
I
guess,
a
a
verizon
work.
C
B
B
A
A
Some
of
what
we're
talking
about
makes
me
realize
that
cyber
security
is
sort
of
one
subset
of
an
umbrella
group
of
things
that
could
go
wrong
in
an
election.
Cyber
security
attacks
is
only
one
of
many
things.
You
could
have
a
power
outage,
you
could
have
a
line
cut,
you
could
have
a
tornado,
and
maybe
the
protection
is
similar.
Can
you
draw
any
anything
together
there
for
us.
C
Well,
absolutely,
I
often
speak
about
it
in
this
way,
so
you've
got
similarities
between
cyber
security
and
sort
of
more
general
failures
that
can
occur,
but
there
is
a
big
difference,
and
the
big
difference
is
that
when
you
look
at
things
like
hurricanes
tornadoes,
you
look
at
things
like
just
just
failures
of
of
electrical
equipment.
There
is
a
statistical
distribution
of
those
that
allows
you
to
apply
statistics
to
understand
how
you
put
redundant
resources
in
place
to
deal
with
some
number
of
failures.
C
A
B
Sure,
well,
our
friends
at
the
homeland
security
have
a
wonderful
expression.
They
say
what
is
the
return
on
investment
for
a
bad
actor,
and
one
of
the
great
strengths
of
american
elections
is
that
we
are
decentralized.
We
have
on
the
order
of
10
000
different
elections
around
the
country,
president
of
the
united
states.
Then
we
add
all
the
numbers
together
and
we
come
up
with
the
electoral
college
on
a
winner.
B
Well,
the
so
it's
very,
very
difficult
if
you
are
sitting
in
a
foreign
country
or
if
you're,
a
bad
actor
in
the
united
states.
If
you're
trying
to
tamper
with
the
election
at
the
point
at
which
people
actually
are
casting
votes,
because
that's
just
they're
just
too
many
targets
so
they've,
they
start
to
look
for
places
where
the
election
results
are
centralized
and
the
big
central
point
on
election
night.
This
has
nothing
to
do
with
the
state's
tabulating
results
or
the
secretaries
of
states
certifying
the
results.
B
B
All
the
television,
all
the
cable,
all
the
radio
and
the
internet,
and
so
adversaries
now
realize
that
the
ap
is
the
place
to
to
attack
on
election
night,
whether
it's
to
take
the
system
down
and
if
the
ap
goes
down
on
election
night,
we
simply
don't
have
election
returns
that
night
until
the
states
report
the
results,
which
can
be
two
three
four
five
in
2020
seven
days
later
so
again,
the
adversaries
are
working
to
reduce
faith
in
democracy
itself.
That's
a
pretty
dramatic
reduction
of
faith
in
democracy
itself.
If
you're.
A
Excellent
point,
so
you
could
attack
voter
registration,
which
we
did
see
some
of
in
2016
without
actually
changing
any
records
and
that's
bad,
but
it
doesn't
change
the
vote.
You
could
attack
the
vote
itself.
That's
really
catastrophic,
but,
as
cliff
has
explained,
that's
not
really
happening
or
you
could
attack
as
the
results
are
heading
to
the
ap
or
the
way
I
was
thinking
of
it
as
to
the
press
more
generally
or
wherever
it's
going,
and
that
will
so
confusion
and
doubt
which
is
not
something.
That's
going
to
work
on
elections.
B
A
B
Absolutely
and
we've
seen
we've
seen
again
over
the
course
of
the
2020
election
year,
russia
in
particular,
using
new
techniques
and
they
would
roll
out
in
different
ways.
For
example,
there
was
something
called
franchising.
I
think
that's
the
word
that
homeland
security
used,
where
russia
and
and
some
other
countries
actually
paid
american
journalists
who
were
unaware
of
who
was
paying
them
to
file
phony
reports
or
file
reports
which
were
misleading.
B
Russia
actually
had
russia
and
china.
I
believe,
actually
had
websites
running
on
computers
in
the
united
states
masquerading
as
journalistic
websites,
but
actually
they
were
propaganda
and
trying
to
spread
confusion
and
in
2020
when
everybody
everybody
on
this
call
knows
that
we
were
changing
the
the
dates,
places
and
methods
of
how
you
vote.
B
It
was
really
critical
that
correct
information
reached
the
voters,
and
so
some
bad
actors
were
doing
their
best
to
so
confusion,
very
little
expense
to
them,
but
but
the
again
trying
to
dent
confidence
in
democracy
and
trying
to
create
confusion.
Sometimes
they
were
accidental.
I'm
sure
you
remember.
There
were
some
billboards
put
up
by
an
election
information
organization
and
they
had
made
a
mistake.
B
They
actually
made
a
mistake
on
on
the
election
day
and
there
it
was
on
billboards
and
they
corrected
them,
but
under
the
best
of
circumstances.
As
we
all
know,
elections
are
very,
very
complicated
things
to
to
hold
and
and
any
tampering
with
the
the
reliable
chain
of
information
can
really
be.
It
can
really
cause
confusion.
A
I
I've
heard
it
said-
and
this
is
probably
an
urgent
urban
legend-
that
that
candidates
can
say
democrats
vote
on
tuesday
and
republicans
vote
on
wednesday.
I
don't
know
if
that's
ever
happened,
or
vice
versa.
Whichever
way
you
want
to
tell
that
story,
and-
and
so
that's
misinformation
that
predates
the
internet,
but
misinformation
has
to
be
dealt
with
somehow,
no
matter
where
it's
coming
from,
and
I
don't
think
we
have
policy
solutions
yet
on
how
to
deal
with
misinformation.
Any
thoughts
about
options
at
the
state
level,
where.
B
What's
up
what
secretaries
of
state
said
and
we
had
in
in
close
to
half
the
states
where
we
did
workshops?
Last
year
we
had
the
secretary
of
state
opening
the
program
and
they
always
emphasize
that
for
reliable
information
go
to
the
state
government
to
the
secretary
of
state
or
whoever.
The
responsible
election
official
is
sometimes
lieutenant
governor,
sometimes
attorney
general.
But
that
is
your
rock
solid
source
of
of
good
information.
A
Got
it
got
it,
and
I
am
going
to
bring
this
around
soon
to
legislative
options,
so
just
be
thinking
about
that
cliff
and
adam.
What
are
things
on
any
of
the
things
we've
discussed
that
that
can
be
addressed
with
policy
as
opposed
to
with
boots
on
the
ground?
Perhaps,
but
before
we
get
there
cliff.
We
we've
mentioned
physical
security
briefly,
but
I'm
thinking
about
it
in
the
election
envelope,
but
about
locks
and
bipartisan
teams
that
kind
of
stuff.
A
C
Now,
when
the
adversary
is
a
legitimate
user,
we
use
things
like
whole
disk
encryption.
So
someone
gets
hold
of
your
laptop
as
you're
going
through
airport
security.
You
know
you
don't
want
them,
just
sucking
all
the
data
right
off
of
it,
but
I
think
that
this
physical
security
of
devices
plays
a
role
in
elections
in
the
sense
that
we're
not
going
to
anytime
soon
see
us
actually
conducting
our
elections
online.
Where
you
vote
from
your
cell
phone
or
you
vote
from
your
laptop
computer.
Why?
Not?
C
Because
it's
hard
enough
to
protect
all
the
devices
that
are
in
the
possession
of
the
election
officials,
it's
impossible
to
protect
all
the
devices
that
are
in
the
hands
of
the
individual
voters,
because
you
don't
necessarily
trust
all
those
voters
I
mean.
If
you
take
not
to
say
we
shouldn't
trust
our
populace,
but
understand
that
every
one
of
the
adversaries
that
is
trying
to
manipulate
votes
is
themselves
a
potential
voter
and,
as
a
result,
you've
got
to
be
concerned
about
securing
their
devices.
C
You've
got
to
be
concerned
about
securing
the
devices
of
all
the
legitimate
voters.
In
light
of
maybe
all
these
apps
that
you
install
on
your
cell
phone,
I
mean
I
like
to
ask
how
many
apps
you've
installed
on
your
cell
phone.
You
know
you
get
up
to
about
40,
apps
and
people
are
still
raising
their
hands.
Every
one
of
these
apps
is
a
potential
vulnerability.
It's
a
potential
one
of
those
viruses
or
malware.
A
A
All
right,
we
won't
do
it
now,
that's
good!
Okay!
So
when
I
asked
you
that
question
about
physical
security,
I
have
to
tell
you
what
I
thought
you
were
going
to
say
is
that
locks
matter
lights
matter,
cameras
matter,
those
seal,
tapes
on
voting
equipment
and
bipartisan
teams.
So
you
didn't
say
that
you
don't
have
to
say
that.
But
that's
when
I
was
thinking
about
physical
security.
I
was
literally
thinking
that
kind
of
stuff
for
the
ballots
and
for
the
voting
equipment.
Yeah.
C
Well,
the
seal
tapes
that
you
said
on
the
equipment
is
part
of
one
of
the
things
that
that
creates
sort
of
the
physical
center,
but
the
steel
tapes
is
something
you
call
tamper
evidence
rather
than
tamper
proof.
In
other
words,
that
tape
doesn't
prevent
someone
from
getting
in
and
changing
things
what
it
does
is.
A
B
Well,
what
we
saw
last
year
when
we
went
to
all
50
states
again,
most
of
them
virtually
because
of
the
pandemic,
but
we
saw
that
each
state
has
interesting
and
strong
resources
and
assets,
including
and
starting,
perhaps
with
state
governments.
Each
of
the
state
governments
has
cyber
security
assets
which,
in
each
in
each
of
the
workshops
we
would
say
here
are
the
places
you
can
go
in
your
state.
Here
are
the
agencies
in
your
state
and
the
states
are
all
different,
but
the
states
and
that's
good.
B
The
states
are
the
laboratories
of
democracy
and-
and
we
saw
some
really
outstanding
examples
of
of
of
innovations
in
each
of
the
50
states.
The
national
guard
is
a
new
player
since
five
years
ago
they
really
stood
up
as
a
major
force
in
cyber
security
and
probably
already
very,
very
closely
working
very
closely
with
election
officials.
B
B
What
we
need
to
do
now
is
not
to
relax
our
vigilance,
because
our
adversaries
are
they're
inventive.
They
have
r
d
they're
using
different
techniques
and
and
so
stay
up
to
date
on
updates
that
are
coming
from
homeland
security
and
cisa
their
their
assets.
That
are
excuse
me,
resources
that
are
available
from
the
federal
government
and
from
industry
and
wendy.
If
I
may,
if
I
can
just
put
up
a
slide,
I
can
just
share
my
screen.
B
B
A
B
In
2019,
when
we
were
planning
our
2020
50
state
campaign,
we
met
with
people
state
election
and
campaign
officials,
national
officials
here
in
washington,
and
we
met
with
people.
Who've
run
campaigns
again
for
governor
for
the
senate
for
the
house,
and
we
read
with
people
who
run
presidential
campaigns
and
two
of
them
who
are
actually
at
usc.
B
A
I
love
it.
I
just
think
that
that
needs
to
be
brought
out.
Every
time
we
talk,
we
should
we
should
revisit
that
question
cliff
on
your
side.
I
wonder
if
you
are
able
to
use
your
crystal
ball
and
tell
us
about
threats
that
might
be
coming.
I
mean
sort
of
more
of
the
same
or
or
maybe
it's
too
hard
to
know.
What's
the
next
step,
but
we've
already
identified
that
registration
was
where
the
interest
was
in
2016
and
misinformation
was
what
we
saw
most
of
in
2020.
C
Well,
you
know,
I
think
the
adversaries
are
going
to
continue
to
try
to
attack
the
infrastructure
itself
and
actually
the
counting
of
votes
and
you're
gonna
see
what
they
learned
in
things
like
solarwinds
being
applied
in
a
much
more
manner
to
try
to
get
them
deeper
into
these
particular
systems.
In
fact,
one
of
the
things
you
need
to
understand
about
nation-state
attacks.
C
We
need
to
be
extremely
vigilant
about
them,
and
the
kinds
of
things
that
we
need
to
focus
on
in
terms
of
our
protection
of
these
systems
is
really
the
issue
of
integrity
of
our
systems.
The
assurance
that
we
have
on
the
particular
components
that
we
run.
How
can
we
best
assess
that
the
software
that
we
install
next
year
is
going
to
be
free
from
these
kinds
of
vulnerabilities
and
yeah?
C
A
You're,
right
and-
and
that
gets
to
the
next
question
that
could
be
for
either
one
of
you
and
that's
about
resources
when
people
are
really
scared.
When
something
bad
happens,
they
put
their
focus
on
it
and
they
put
their
money
towards
it
and
they
devote
personnel
towards
it
so
with
getting
through
the
2020
election,
as
we
saw,
no
votes
were
tampered
with
as
far
as
anybody
knows,
including
department
of
homeland
security.
C
Okay,
so
so,
I
think,
think
a
couple
of
things.
First
of
all,
many
of
the
problems
that
we're
trying
to
address
with
cyber
security
in
the
area
of
elections
elections
are
simply
an
application
of
a
broader
problem,
so
there
should
be
more
fundamental
research
on
this
issue
of
assurance
of
our
computer
systems
in
general.
That
will
share
dividends
across
both
the
election
community
and
sort
of
government
in
general
corporations
in
general,
and
that
means
that
the
cost
of
some
of
that
work
can
be
spread.
C
C
I
mean
there
are
many
kinds
of
voter
fraud
that
occur
and
things
like
that
and
understand
which
of
these
are
more
organized
they're,
going
to
have
greater
impact
versus
which
are
you
know,
even
less
than
grass
roots
sort
of
the
the
daughter
of
someone
that
passed
away.
The
terms
of
the
palette
you're
not
gonna,
expend
a
lot
of
money
dealing
with
that
because,
first
of
all,
statistically
the
effect
balances
out.
C
Are
there
things
that
can
be
done
to
improve
the
well
almost
physical
security
aspect
of
that
in
terms
of
distribution
of
ballots?
In
terms
of
balancing
the
let's
say,
signature:
verification
where
you
need
to
balance.
You
know
the
problem
of
maybe
too
many
ballots
being
rejected
because
of
a
minor
change
in
the
signature
versus
wholesale
attempts
to
manipulate
things
that
might
occur
in
that
one.
B
Wendy
in
terms
of
resources,
I
think
that
we
can
expect
more
resources
from
to
be
available
from
the
federal
government
this
year,
because
I
think
everybody
realizes
it's
a
problem,
and
I
mean
some
resources
were
available
last
year.
But
we
expect
to
have
some
more
and
that's
something
which
is
going
to
be
extremely
important.
A
I
completely
agree
that
more
funding
from
the
federal
government
would
be
welcomed
in
the
states,
and
I
know
that
many
of
the
local,
the
elections
are
run
by
local
counties
and
some
have
more
resources
than
others,
and
some
states
have
more
resources
on
their
own
than
others,
and
so
I
I
think
I've
heard
it
said
in
the
past
that
the
weak
link
could
easily
be
the
small
poor
county.
So
it's
to
everybody's
advantage
at
the
local
level
at
the
state
level
and
then
at
the
federal
level
to
be
looking
at
what
what's
the
appropriate
share.
A
I
I
want
to
say
I'm
going
to
wrap
us
up
fairly
soon
here,
but
I
wanted
to
kind
of
give
you
a
chance
adam
to
talk
about
what
you
experienced
in
terms
of
the
professionalism
or
the
commitment
of
election
officials
around
the
nation.
The
question
has
come
up
this
year.
Were
they
partisan
in
one
way
or
another,
and
I
think
you
have
a
very
excellent
vantage
point
to
make
some
statements
about
election
officials.
B
Everybody
took
elections
very
seriously
and
we
it
was
very
impressive
to
go
across
the
country
and
see
and
state
after
state
how
well
things
worked
and
there's
some.
There
are
some
people
who
haven't
received
the
credit.
They
should
I'll
just
mention
one
state,
nebraska
nebraska
pivoted
from
25
mail
and
voting
to
75
mail-in
voting,
and
they
did
it
in
a
matter
of
days.
People
said
that
was
impossible.
B
They
said,
oh
it'll,
take
you
months,
maybe
years
to
do
that,
no
somehow
in
nebraska
they
pulled
that
off
in
a
matter
of
very
short
time.
That
was
stunning.
That
was
stunning
and
other
states
actually
started
to
study.
How
did
nebraska
do
that,
and
so
there
are
stories
like
that
across
the
country
which
a
few
of
which
actually
wound
up
in
the
national
national
press,
but
it
was
a
quite
an
education
for
us
and
reassuring
for
us.
A
That's
fabulous.
My
experience
has
primarily
been
very
excellent,
with
local
election
officials
and
certainly
with
the
state-level
people.
So
it
feels
to
me
is
that
that's
a
subject
within
the
general
public
administration
universe,
where
people
who
are
willing
to
do
everything
from
sweep
the
floors
and
turn
out
the
lights
to
become
sort
of
the
cyber
security
expert
for
their
county
or
wherever
it
might
be.
It's
a
lot
of
hats
that
those
folks
wear.
Okay,
here's
my
wrap-up
question.
A
C
Well,
you
know,
I
think
in
some
sense
you
know
we
started
off
with
some
good
news,
at
least
around
the
2020
election,
and
that
is
that
the
awareness
and
the
commitment
as
adam
was
just
speaking
about
is
somewhat
encouraging.
So
you
know,
I
think
that
is
a
really
good
news.
In
fact,
you
know
on
some
of
our
calls:
we'd
have
the
secretary
of
state
explaining
some
of
the
things
that
they
were
doing
and
I'd
think
to
myself.
You
know
this
is
worthy
of
a
lecture.
I
might
give
my
students
in
cyber
security.
C
It
showed
some
level
of
real
understanding
of
what,
and
I
think
that
that
is
encouraging.
It's
really
all
about
awareness,
whether
it
is
awareness
from
the
low-level
individual
awareness
of
phishing's,
two-factor,
authentication
or
other
things
for
awareness
at
the
higher
level
about
the
importance
of
of
isolation
and
things
that
you
did
see
start
to
be
applied
in
these
areas,
and
I
think
that's
probably
the
biggest
encouragement
that
we've
got.
B
Well,
the
the
a
big
success
story
in
2020
was
that
we
were.
We
had
a
classic
good
election.
We
did
not
see
any
successful
tampering,
certainly,
as
attorney
general
barr
said
nothing
that
would
change
the
election
in
terms
of
cyber
security
tempering,
but
the
election
official
in
kentucky
had
a
wonderful
way
of
talking
about
it.
He
said
you
know
nobody
got
in
we,
we
could
see
the
bad
actors
trying
to
trying
the
doorknob
to
see
if
they
could
get
in
and
they
couldn't
get
in.
So
that's
that's
the
good
news.
A
I
want
to
leave
us
on
a
good
note,
and
my
good
news
here
is
that
usc
has
made
the
kind
of
commitment
that
you
all
have
made
to
being
in
this
space
and
making
your
work
available
around
the
nation.
So
I
want
to
thank
you
both
for
doing
it
mention
again
that
you
have
an
event
on
march
25th
coming
up
and
that's
in
the
chat
box.
A
If
anybody
wants
to
do
it
and
I'm
going
to
think
of
you
all
as
partners
to
ncsl
and
encourage
anyone
who's
on
the
line
to
think
of
you
as
possible
partners
in
their
state
or
their
community,
this
will
be
recorded
and
we
will
link
it
on
ncsel's
elections.
Cyber
security
webpage
and
with
that
I'm
going
to
just
say
thanks,
very
much
stay
in
touch
and
stay
engaged
with
the
work
you're
doing
and
pretend
that
everybody
in
the
outside
is
applauding
for
you
all
now.
Thank
you.