Black Hat USA: Ignore the 'Irresponsible Noise' About Election Security

BLACK HAT USA — During Wednesday’s Black Hat USA 2024 keynote, U.S. cybersecurity leader Jen Easterly said election officials nationally ran secure elections in 2018, 2020 and 2022, and there’s no reason to believe 2024 elections won’t be just as secure.

Easterly is director of the Cybersecurity and Infrastructure Security Agency (CISA).

The Black Hat USA keynote panel, titled “Democracy's Biggest Year: The Fight for Secure Elections Around the World,” focused on how key international leaders are approaching election security risks to the democratic processes.

Easterly joined Felicity Oswald, CEO of the United Kingdom’s National Cyber Security Centre (NCSC), and Hans de Vries, COO of the European Union Agency for Cybersecurity (ENISA), on the election security keynote panel.

CISA's Jen Easterly

More than 2 billion people are voting this year globally. That includes more than 50 countries.

Easterly Tells Black Hat Attendees Election Security Is In Good Hands

“In the United States, states run elections,” Easterly said. “The federal government does not run elections; it really is down to the states. Now in the aftermath of Russian attempts to interfere and influence the presidential election in 2016, at the beginning of 2017, election infrastructure was designated as critical infrastructure, and CISA was designated the sector risk management agency. So we are the federal government lead that works with state and local election officials. Over the past seven years, we have been working with our intel community and our FBI partners to significantly improve the security and resilience of election infrastructure supporting those state and local election officials who are on the front lines of administering, managing and securing elections.”

Related:Black Hat USA: Check Point, Varonis Systems, Contrast Security, More

There is no evidence that malicious actors changed, altered or deleted votes or had any material impact on the outcome of elections in 2018, 2020 and 2022, she said.

“That has been validated time and again to include multiple court challenges and in any state that was close in 2020, there were paper records that were counted and recounted, and audited to ensure accuracy,” Easterly said. “In this job, I have the privilege to spend a lot of time with election officials at the state and local level of both parties across the nation, and I know how tirelessly they work to ensure that every one of their citizens’ votes are counted as cast, and it’s why I have so much confidence in the security and integrity of elections, and why the American people should as well.”

Related:CrowdStrike or Microsoft: Who's to Blame for Global IT Outage?

The United Kingdom has had two elections this year and NCSC was “laser-focused” on hostile threats, and in the end citizens were able to vote securely, Oswald said.

ENISA has seen manipulation attempts, but all were minor at the local level, de Vries said. Cooperation and information sharing kept elections there safe.

Scroll through our slideshow above for more from Wednesday at Black Hat USA.