CNET's Dan Patterson interviewed Cris Thomas (aka Space Rogue), global strategy lead at IBM X-Force Red, about election hacking vulnerability risks. The following is an edited transcript of the interview.
2018: Election Hacking is a weekly series from TechRepublic sibling sites, CBS News & CNET, about the cyber-threats and vulnerabilities of the 2018 midterm election.
Dan Patterson: Fear is the theme that we see with election hacking. Can you help us understand how institutions are vulnerable? Our system, our process for hacking or process of voting. The news media, government organizations and institutions. How are these vulnerable?
Cris Thomas: The institutions or the organizations that actually run the elections, I think a lot of people forget that these are your neighbors. Your friends and neighbors that live next to you, that work as poll workers, that work at the state level. And, the elections themselves are monitored by both parties or multiple parties, as well as the news media. CNN, AP News, NBC, CBS, they all have stringers at various precincts that are counting the votes and reporting on those votes in real time. These are some of the checks and balances that are in place to help make sure that the elections are run properly and are counted properly.
SEE: Security awareness and training policy (Tech Pro Research)
Dan Patterson: Should we be worried about these institutions being undermined?
Cris Thomas: Obviously. We need to worry about the institutions being undermined, we need to worry about the, machines themselves being compromised. These are definitely risks that we need to worry about, we just need to put these risks in perspective and take appropriate action and not overreact.
Dan Patterson: You don't have to get into the specifics because I know an attribution in cyber attribution is very difficult, but can you articulate some of the threat actors that might be operating not just here in the United States, but around the world?
Cris Thomas: No.
Dan Patterson: Okay.
Cris Thomas: I mean, attribution is very difficult. The intelligence community in the US and other countries has pointed fingers at various organizations and countries. That's not my area of expertise, so I'll leave the attribution up to them.
SEE: Cybersecurity and the 2018 Midterms (TechRepublic Flipboard magazine)
Dan Patterson: What scares you?
Cris Thomas: I guess what really scares me are the machines themselves, that people don't take seriously the vulnerabilities that are present there. That people don't realize that there are outside actors that are attempting to disrupt our elections. That this apathy is in place that aren't recognizing that the threats are there and they're real and that we do need to take steps to minimize those.
- How Florida is bolstering election security after being targeted by Russian hackers (TechRepublic)
- Ohio taps college cybersecurity experts to audit election systems before 2018 midterms (TechRepublic)
- Hackers, trolls and the fight over your vote in the 2018 midterm elections (CNET)
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF) (TechRepublic)
- Did Russia's election hacking break international law? Even the experts aren't sure (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Election security is a mess, and the cleanup won't arrive by the midterms (CNET)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.