Election Security

This year’s Black Hat conference kicked off in the most unexpected way any of us would have imagined – virtually. For attendees, Black Hat was instrumental in sharing a steady stream of new security research and threat intel, and had an impressive lineup of speakers. The security summer camp kicked off with a keynote from Georgetown’s Matt Blaze, Stress-testing Democracy: Election Integrity During a Global Pandemic that seemingly set the tone and key theme at Black Hat 2020 – election security. Media during Black Hat also caught wind of election security news, with Wired sharing how Synack and ES&S together will set a monumental example in the election technology industry and reinforce ongoing movement toward embracing security research. 

Shared during Synack’s joint talk with ES&S during Day 1 of Black Hat, “Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers” Synack and ES&S will work together to run crowdsourced penetration tests on various ES&S products, while bridging the long-standing gap between researchers and voting machine vendors, as 

election vendors are an integral part of American democracy. ES&S also announced a vulnerability disclosure policy that included vital components such as a remediation timeline of 90 days, an in-scope list of systems, and further guidance to independent researchers for testing. The policy was very well received.

“Election Systems & Software LLC, the top U.S. seller of voting-machine technology, is calling a truce in its feud with computer-security researchers over the ways they probe for vulnerabilities of the company’s systems,”

—Wall Street Journal

Concern over voting access and election integrity is growing, especially in today’s pandemic environment while adding some complexity, and with unique issues. As we are only months away from the next presidential election, ES&S affirmed its commitment to working with Synack’s security researchers to strengthen the nation’s voting infrastructure. Synack will help shape the integrity of voting by managing a program for ES&S in which the Synack Red Team will examine and attempt to hack ES&S’s new model of its electronic poll book, devices that election officials use to manage voter register data for elections. 

Security for the upcoming elections is a big challenge many are trying to overcome. To help build trust with the American public, critical infrastructure and election systems are leaning on crowdsourced security – and it’s becoming integral to help states and localities carry out the safest and most secure elections possible.

“Independent security researchers have played a pivotal role in securing elections and the ability to work more closely with companies such as ES&S will only improve efforts to safeguard U.S. democracy,” said Mark Kuhr, CTO & Co-Founder, Synack.

As the security talent gap continues to be an evolving topic of discussion, building communities of women in security is important to foster growth and leadership. At Black Hat 2020, the community track included a number of meetups and tracks surrounding women, community and inequality within the security industry.

Women in Security 

Not only was Election security on our minds at Synack, but so was gathering the brightest women in security for our annual Black Hat Courageous Women’s event. Even though this year we went virtual, there was no shortage of power, great conversations, and connecting on various issues. 

Synack kicked off its first virtual Courageous Women’s event bringing together more than 50 women in the security space for an engaging conversation featuring Rashmi Gopinath, General Partner at B Capital Group, Camile Stewart, Head of Security and Privacy at Google Play + Android, Ruby Zefo, Chief Privacy Officer at Uber, and Synack’s very own Aisling MacRunnels. We hope to continue the dialogue with our crowd of women in security in the fall. Be on the lookout! 

Synack’s Courageous Women CISO initiative was developed to bring female security leaders and executives together to support each other in having a bigger impact in their companies and industry. 

Black Hat Virtual 

A first one for the books, Synack participated in a virtual booth at Black Hat 2020. We must admit, the ease of the platform paired with listening to talks in our own time without the hustle and bustle of an in-person conference was quite well-received. Overall, the experience was pleasant and was welcomed by the Synack team, helping generate increased awareness of the benefits of a crowdsourced security platform.

That’s a wrap! We look forward to next year’s Black Hat 2021 with welcome arms.

Posted by Charlie