The Race to Secure Voting Tech Gets an Urgent Jumpstart

Numerous electronic voting machines used in United States elections have critical exposures that could make them vulnerable to hacking. Security experts have known that for a decade. But it wasn’t until Russia meddled in the 2016 US presidential campaigns and began probing digital voting systems that the topic took on pressing urgency. Now hackers, researchers, diplomats, and national security experts are pushing to effect real change in Washington. The latest update? It’s working, but maybe not fast enough.

On Tuesday, representatives from the hacking conference DefCon and partners at the Atlantic Council think tank shared findings from a report about DefCon’s Voting Village, where hundreds of hackers got to physically interact with—and compromise—actual US voting machines for the first time ever at the conference in July. Work over three days at the Village underscored the fundamental vulnerability of the devices, and raised questions about important issues, like the trustworthiness of hardware parts manufactured in other countries, including China. But most importantly, the report highlights the dire urgency of securing US voting systems before the 2018 midterm elections.

“The technical community … has attempted to raise alarms about these threats for some years,” said Frederick Kempe, president and CEO of the Atlantic Council, in a panel discussion. “Recent revelations have made clear how vulnerable the very technologies we use to manage our records, cast our votes, and tally our results really are … These findings from the Voting Village are incredibly disconcerting.”

Fortunately, the past few months have seen signs of progress. The Department of Homeland Security is moving forward with its critical infrastructure designation for voting systems, which frees up resources for helping states secure their platforms. The Texas Supreme Court is currently considering a lawsuit challenging the state’s use of digital voting machines. And in Virginia, state officials are converting voting systems to use paper ballots and electronic scanners before the November 7 elections. They say the change was motivated by the findings at DefCon’s Voting Village.

Susan Greenhalgh, an elections specialist for the vote-security group Verified Voting, which worked with Virginia officials this fall, applauded the “transition into real-world change” that had transpired in just the last few months.

Virginia and Texas represent important progress, but plenty of work remains. Five states still rely solely on digital voting machines without paper backups, and at least 10 states have mixed voting infrastructure, with certain counties that use digital voting without paper. These systems are the most vulnerable to manipulation, because you can’t audit them afterward to confirm or dispute the digital vote count in the case of suspected tampering.

“The one core point that election security experts and others have been making about why our votes are safe was that the decentralized nature of our voting systems, the thousands and thousands of voting offices around the country that administer the election, is what kept us safe,” Jake Braun, a DefCon Voting Village organizer and University of Chicago researcher said. “Because Russians [or other attackers] would need to have tens of thousands of operatives go get physical access to machines to actually infiltrate the election. We now know that’s false.”

With only a handful of companies manufacturing electronic voting machines, a single compromised supply chain could impact elections across multiple states at once. The Voting Village report emphasizes that there is a huge amount of change required in the US to address security issues at every point in the election workflow, from developing more secure voting machines to sourcing trustworthy hardware, and then actually setting up voting system devices and software for use in a secure way. DefCon founder Jeff Moss says that the goal for next year’s Voting Village is to have a full election network set up so hackers can evaluate and find weaknesses in a complete system, not just individual machines.

The Department of Homeland Security recently confirmed that Russia infiltrated various election-related systems in 21 states during 2016, and access to a full voting-system setup would give security researchers additional real world insight into defending US voting infrastructure. But as was the case with acquiring real voting machines for last summer’s conference, Moss says it has been extremely difficult to gain access to the third-party proprietary systems that states use to coordinate voting.

Related Stories

  • Brian Barrett

    America’s Electronic Voting Machines Are Scarily Easy Targets

  • Lily Hay Newman

    The Simple Fix That’d Help Protect Georgia From Election Hacks

  • Andy Greenberg

    Hacked or Not, Audit This Election (And All Future Ones)

“I would love to be able to create any kind of a complete system, that’s what we’re aiming for,” he said during the panel. “The part that’s really hard to get our hands on is the backend software that ties the voting machines together to tabulate and accumulate votes, to provision voting ballots, to run the election, and to figure out a winner. And boy do we want to have a complete voting system for people to attack. There’s never been a test of a complete system—it’s just mind boggling.”

DefCon’s voting village and interdisciplinary partnerships are certainly raising awareness about election security and motivating change, but with some elections just a few weeks away and the midterms rapidly approaching, experts agree that change may not be coming quickly enough.

“We’ve got a lot to do in a short period of time,” said Douglas Lute, a former national security advisor to President George W. Bush and former US ambassador to NATO under President Barack Obama. “In my over 40 years of working on national security issues I don’t believe I’ve seen a more severe threat to American national security than the election hacking experience of 2016. Russia is not going away. This wasn’t a one shot deal.”

Tech

Alphabet’s Project to Restore Wireless Service in Puerto Rico With Balloons Gets FCC Approval

Project Loon has already proven its real-world usefulness once this year.

The FCC has approved an experimental license for Alphabet, Inc’s Project Loon to attempt to restore wireless service to storm-ravaged Puerto Rico using its high-altitude balloons, according to FCC Chief of Staff Matthew Berry.

Though the Loon technology is not entirely proven, it could help speed the restoration of vital communications as the U.S. territory works to recover from the devastation of Hurricane Maria.

It could also help prove the business case for Loon, one of the experimental “moonshots” debuted as part of Google, and now housed under Alphabet subsidiary X.

More than 80% of Puerto Rico’s cellular towers are still out of service more than two weeks after the arrival there of Hurricane Maria, and nearly one-third of the island’s counties have no service, according to the FCC. Rebuilding conventional cell towers will be “a long road,” T-Mobile told CNN, thanks to challenges including not just the cost of construction, but, according to some wireless companies, theft and crime against their operations.

Get Data Sheet, Fortune’s technology newsletter.

Loon balloons, which carry communications equipment as high as 20 kilometers into the atmosphere, would circumvent those earthbound hurdles — at least temporarily. Loon recently rolled out internet and LTE service in Peru after flooding there, reportedly providing coverage for an area roughly the size of Switzerland. The balloons that were deployed in Peru, in fact, were launched from Puerto Rico.

However, restoring communications to Puerto Rico may be more challenging. Loon requires local partners to work, and in the case of the Peru project, relationships with wireless providers and other players were already in place. But in earlier statements to Mashable, a Loon spokesman said the Puerto Rico effort would be “a little more complicated because we’re starting from scratch.”

Contracting with governments for deployment in disaster zones could eventually become a revenue stream for Loon, which debuted in 2013. Alphabet has begun ramping up pressure for moonshots to generate revenue, partly in hopes of diversifying beyond the search-driven advertising business that still makes up the overwhelming majority of its profits.

Tech

IDG Contributor Network: An under-pressure OpenStack gets support from an (in)famous individual

Last week saw a few thousand devoted OpenStack community members flock to Boston to take part in the bi-annual OpenStack Summit. This summit marks a major turning point for the initiative. Since we all congregated in Barcelona last year, there have been some major pieces of news which have rocked the community. Only a couple of weeks before the event, Intel pulled out of a partnership with Rackspace to build an OpenStack-based test facility, and OpenStack poster boy Mirantis pivoted from a pure OpenStack strategy to one covering a number of open source initiatives.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Visual Studio’s cloud IDE gets smarter about builds

Microsoft’s Visual Studio Team Services cloud-based application development platform is improving pull requests, package management, and GitHub build integration.

Upgrades will make it easier to work with pull requests assigned to teams, Microsoft said in a bulletin discussing improvements planned for rollout during the next few weeks. “When a PR is created or updated, email alerts will now be sent to all members of all teams that are assigned to the PR,” the company said in release notes on Team Services. A future release will support pull requests assigned to Azure Active Directory groups and teams containing these groups.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

Microsoft’s OneDrive for Business gets Mac client, shared folder sync

Microsoft gave users and administrators of OneDrive for Business some new features on Tuesday that they’ve requested for a while.

The company also launched a new Mac client for its business-focused cloud storage service that can be deployed outside the confines of the Mac App Store. Users will also be able to sync files from SharePoint sites and OneDrive for Business shared folders to their desktops, like they have been able to for files that they own.

IDC Research Manager Chandana Gopal said in an interview that she saw the new features are Microsoft’s attempt to play catch up with other players in the enterprise cloud storage market like Box and Dropbox, which already offer Mac clients and broad syncing of all the files stored in their services. What’s more, Box and Dropbox are working on making it possible for people to stream files from the cloud to the desktop when they need them.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Microsoft gets support for its fight against government gag orders

Microsoft has secured some big allies in a fight against the federal government, including three of its chief rivals, plus a hometown airline. 

Microsoft is fighting the government over its right to tell customers when federal agents request their data and emails. The company filed a lawsuit in April against the federal government, charging such gag orders violate the Constitution and threaten the future of cloud computing. 

+ Also on Network World: Microsoft says tech companies ‘whipsawed’ by conflicting laws on global data transfer +

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

IDG Contributor Network: Kubernetes becomes more scalable, gets support for hybrid clouds

Earlier this week, Google released version 1.3 of Kubernetes, the open source container orchestration software.

The release brings support for deploying services across “multiple clouds (including on-prem), support for multiple node types, integrated support for stateful services (such as key-value stores and databases), and greatly simplified cluster setup and deployment on your laptop. Now, developers at organizations of all sizes can build production scale apps more easily than ever before,” Aparna Sinha, a product manager at Google, wrote in a blog post announcing the release.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

IBM gets 215 million patient profiles in $2.6 billion analytics firm buy

IBM’s Watson Health, the company’s 10-month-old healthcare data crunching unit, plans to acquire Truven Health Analytics and its 215 million patient profiles, with the ultimate goal of helping health-care providers make better business and patient-care decisions.

The $ 2.6 billion deal, announced Thursday, gives IBM Watson Health access to a huge new data set in the unit’s efforts to mine data to improve health-care quality while controlling costs.

Including data from Truven, Watson Health will have access to about 300 million patient data sets, IBM said. Using IBM’s Watson Health Cloud, health-care organizations will be able to combine several data sets.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

Microsoft’s Azure Stack beta gets new services and DevOps tools

People testing out the public beta of Microsoft’s Azure Stack private cloud system have some new platform services and DevOps tools to play with less than two weeks after it initially launched. 

Starting Monday, users can download a beta version of the Web Apps feature for Azure App Service that runs on Azure Stack and makes it easier for people to build websites on top of it. Users can also install new beta tools for running MySQL and SQL Server workloads on Azure Stack. The system already has built-in tools for running things like virtual machines.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

SQL Server 2016 gets an R (language) rating

With the latest preview of Microsoft SQL Server 2016, Microsoft tipped its hand about its plans to integrate the R language with its products.

Joseph Sirosh, Corporate Vice President of the Data Group at Microsoft, outlined in a blog post the major features unveiled in SQL Server 2016 in its latest Community Technology Preview (CTP). Most of the discussion referred back to earlier announcements about the capabilities planned for the product, but among the genuinely new announcements is SQL Server R Services.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

Microsoft’s Azure cloud gets live video encoding for everyone

Microsoft has made its Live Encoding service generally available as part of a slew of updates announced Thursday for the Azure Media Services suite. 

Live Encoding lets broadcasters send one video stream to Microsoft’s cloud and get it encoded there into an adaptive bitrate stream that can be sent to different types of devices. That means a video producer can send a single high-quality stream to the cloud that can then be streamed in lower quality to people on slower connections. 

It’s a tool that has already been used by partners like NBC in high-pressure situations including streaming video from the 2014 Winter Olympics. Microsoft has the potential to draw in both large companies with massive streaming loads and smaller operations that handle far less than an Olympics worth of video.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Google’s container management service exits beta, gets uptime guarantee

Google is the latest cloud service provider to rally behind containers, an emerging type of virtualization technology that adherents claim can streamline the process of running workloads in the cloud.

Google is now offering a container management service, called the Google Container Engine, for production workloads. This sets the stage for businesses to run their most important applications within containers on the Google Cloud Platform.

A growing number of organizations use containers as a way to build applications that can be easily scaled, duplicated and upgraded. The new service provides a way to manage large numbers of containers, eliminating a lot of the low-level work of orchestrating operations involving many containers.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

Google’s container management service exits beta, gets uptime guarantee

Google is the latest cloud service provider to rally behind containers, an emerging type of virtualization technology that adherents claim can streamline the process of running workloads in the cloud.

Google is now offering a container management service, called the Google Container Engine, for production workloads. This sets the stage for businesses to run their most important applications within containers on the Google Cloud Platform.

A growing number of organizations use containers as a way to build applications that can be easily scaled, duplicated and upgraded. The new service provides a way to manage large numbers of containers, eliminating a lot of the low-level work of orchestrating operations involving many containers.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

The cloud gets mobile apps moving

Immediately after Hurricane Sandy tore through New York City in October 2012, city officials needed a quick way to show the damage that had been done to streets and infrastructure.

They needed an app — and they needed it immediately.

For a quick turnaround, Cordell Schachter, chief technology officer at New York City’s Department of Transportation, asked his crew to stop work being done on what was eventually to be a street excavation permit app and had programmers repurpose it to show street damage instead.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

VMware gets help to build and deploy cloud apps more easily

VMware gets help to build and deploy cloud apps more easily
Working to make its public cloud more competitive, VMware has partnered with Bitnami to make using open source apps and development environments on vCloud Air easy. The Bitnami Launchpad for VMware vCloud Air OnDemand website lists …
Read more on PCWorld

Joyent Adds Non-Docker Services to Triton Container Cloud
Joyent announced the ability to run container-native Linux images directly on bare metal with Joyent Triton, its bare metal container cloud. While running Docker is a focus of Triton, Joyent is extending its capabilities beyond Docker, its first major …
Read more on Data Center Knowledge

Why aren't we sharing more cloud applications?
According to Sheridan, who spoke at the June 17 MeriTalk Cloud Brainstorm Event, it's “maddening” that government agencies use similar cloud applications — like data intake systems and workflow management systems — that are rebuilt for each agency.
Read more on GCN.com