Teach yourself cybersecurity with skills-based education | Cyber Work Podcast


(upbeat music) – Welcome to this week’s episode of the “Cyber Work with Infosec” podcast. Each week, I sit down with a different industry thought leader and we discuss the latest cybersecurity trends, how those trends are affecting the work of infosec professionals,
while offering tips for those trying to break in or move up the ladder in the cybersecurity industry. 2020 as you know is right
around the corner and with it, there is another presidential
election coming up, with all its attendance security issues. For 2020, Infosec is attempting to get ahead of these potential issues. Use our free election
security training resources to educate poll workers
and volunteers on the cybersecurity threats they face
during the election season. For more information about how to download your training packet, go to
infosecinstitute.com/iq/election-security-training, or visit the link in the description. Our guest today is Adam Darrah, Director of Intelligence for Vigilante. He’s a national security and
threat intelligence expert, who spent eight years
working for the US government coordinating across
several federal agencies to fill critical knowledge gaps on national security policies. We’re gonna talk about the 2020 elections and specifically around the
concept of election meddling, and coordinated disinformation campaigns, as well as ways that smart voters can separate fact from fiction when new shocking news comes
into their social media feed. Adam Darrah is an experienced
intelligence analyst, skilled in putting international affairs into cultural and political contexts. Before joining Vigilante, Adam served as Director of Intelligence at InfoArmor. Previously, he spent eight years working for the US government, coordinating across several federal agencies to
fill critical knowledge gaps on national security
priorities, which helped form his specialization in Central Eurasian political security and
intelligence issues. Adam holds a bachelor’s
and master’s degree in Russian from the University of Utah, and the University of
Arizona respectively. Adam, thank you for joining us. – Thanks, Chris, it’s
a pleasure to be here. – Okay, I just realized I should’ve asked beforehand, is it Darrah or Darrah? – It’s Darrah like Sarah. It’s fine.
– Darrah like Sarah, okay. We will of course, correct on the way up. So in a previous episode on the podcast, we discussed some of the security issues that came to pass with the 2016 election, as well as concerns that were surrounding the then-upcoming midterm
elections in 2018. Based on most available research, can you tell me what kind of security breaches, tamperings, or other issues, actually happened in 2016, and
2018 versus the predictions? – Yeah, absolutely, let’s
get into this a little bit, and I just wanna set the stage
with a little bit of context. Election operations from
an intelligence perspective are consistent and they’re ongoing, and so, in the lead-up to 2016, you have US adversarial governments working around the clock in three primary areas. You have the ongoing
human intelligence effort to infiltrate campaigns, get to know people, and get insider information. You have a signals intelligence campaign, where you’re trying to, or
an adversarial government’s trying to get on your
electronic communications, and eavesdrop, and again,
so they have an advantage. Then you have, you know,
open source information. That can be defensive
as well as offensive, and what we saw in 2016
is really the first time, a few foreign powers decided
to be very aggressive in their offensive operations
and misinformation campaigns. The ongoing signals intelligence and human intelligence operations, that was nothing new to me,
it wasn’t shocking to me but the overt nature of the brazenness in their open-source
campaigns to misinform voters was quite shocking in 2016
and in the lead-up to 2016. – Now how about 2018, I didn’t really hear that many stories about the midterms. Were there any noteworthy
security issues in that election? – You know from where I
was sitting at the time, that was not for whatever reason, again we didn’t see as many brazen attempts to misinform voters here
in the United States. And as far as the ongoing
human intelligence and signals intelligence operations, those remained in effect,
that mandate didn’t go away just because some would argue that they purposely got their hand
caught in the cookie jar on purpose to send a
message to us in 2016. – Yeah, I was gonna ask about that. Do you have any theories on why 2018 was so quiet by comparison? – Yes, I do, I think they’ve
moved on to the next thing. I think our adversaries,
they pivot very quickly. They’re highly sophisticated
in their trade craft and it is my personal opinion that they’ve already pivoted to the next thing in order to sprinkle some discord and some misinformation or perhaps something else for future campaigns in order to disrupt a very
stable, and to destabilize a very stable and democratically
elected government. – So based on your initial research, how many of these points of
attack have been rectified? Are there new attack
vectors, do you feel like the things that were a problem in 2016 are still a problem going into 2020? – Yes, in short, yes.
– Short version. – I wish, I wish and again
I’m not exactly a cynic. I believe in America, I
believe in the rule of law. What’s great about our country is that we do have a rule of law
and we don’t rule by law. We’re not arbitrary, we haven’t gone down the arbitrary enforcement of law here yet. And so other people,
other people that operate here in this country,
they can operate without, we’re not a police state
and so they still have the freedom if you will,
the freedom of movement to operate on the
internet, on our streets, they can go to parties,
they can still walk around. So the traditional avenues to let’s say, get an advantage over
American policy makers is still in effect, that hasn’t gone away. I think our federal law enforcement have done an excellent job in doing the best they can with the tools they have but since we’re not a police
state, we’re not gonna monitor every single little
thing that happens here. Moreover on the electronics
side, on the open-source side and let’s call it the hacking side, we still have voter lists being leaked in the deep and dark web, we still have a concerted effort by
legal business entities to gather information about citizens here. So I mean, those threats and
the data security involved with protecting against those threats, that’s still either
really good or really bad depending on the company’s
security practices. So those threat vectors are still there. – Okay, so since one of
your areas of expertise is Central Eurasian political security and intelligence issues as well as how nation states conduct
disinformation campaigns, I want to learn more about that from you. So let’s start by talking about any recent or noteworthy examples in your global area of
expertise, Eurasian, of vote tampering or
disinformation campaigns. Are there things that
we should be watching and things that we can learn
from this part of the world that could apply to the 2020 election? – Absolutely and I think that’s a very well thought out question. And I’m gonna quote unquote pick on Russia as an example because that happens to be my primary area of expertise.
– Sure. – And I have a lot of
respect for the culture and everything but my goodness, in the lead-up to 2016
I was noticing things and techniques being employed on our soil that they’ve employed for a very long time against their own people
and what you see is they want to prep the battlefield so election day goes the
way they want it too. – Right.
– And so what you do to prep the battlefield is you control the media messages, you
control the narrative. Then you arbitrarily enforce law to send a message saying, “hey guys, “in the opposition that
we’re not too keen on, “chill out, please don’t
destabilize us on election day.” But you also want to have a
friendly opposition as well, an approved friendly opposition. – Approved opposition, yeah.
– Approved, absolutely. And on election day if things
pretty much go your way, you relax, you just
you know, because again these countries want to be
perceived like us, right? – Right.
– Look, we’re the same. We’re sophisticated, we’re stable, we’ve got a democratic process
and we love the law here. And so what you see is that okay, they decided okay, America
is always picking on us. America is always calling us out for being so unruly and
silly and we’re turning on against ourselves, we’re
unsophisticated, okay. Well how about this, how about
we run a similar campaign. Again, they’re not making
up the trade craft, this is something they’ve
perfected on their own soil. – Sure.
– And they just turn the laser beam on us and it’s been heartbreaking to watch how it’s worked. In other words, we have
turned on each other, we have become a little less stable, at least in our media narratives, in the way that we think about elections. I mean, we have an amazing process. We have an amazing country and to see even really smart people start to call the basic and foundational
document into question, I mean this is what I would call, regard as a very successful campaign that our adversaries have
conducted against us. – So along the, sort of the
physical hacking aspect of it, I want to hear more about your research into disinformation campaigns
that could be launched. It’s one thing to tamper with a voting box which can be traced or explained and is patently illegal
but it’s another thing to spread wrong information
by using social media to spread news about candidate acts and how they’re losing so
that voters are discouraged and might not be coming in after work to even bother voting
at all, or as you said, reduce confidence in the interest of the very idea of voting, this speaks to the general cynicism around voting. You hear a lot of, “well it’s
just gonna be stolen anyway,” or, “everyone’s equally
corrupt,” or whatever. So how do we sort of turn
this trend of cynicism around? – Wow, you know I, we need to– – Tall order, I realize.
– fall in love with our country again.
– We have 45 more minutes to figure
this out, so let’s do it. – No let’s do it, we need to fall in love with our country again.
– Right. – We need to fall in love
with each other again. We need to be, again, okay with people not seeing things the same
way, whatever tribe you’re in. Whatever political tribe you subscribe to, it’s time to again, respect
people who are not like us and it’s time to respect people on the other side of the aisle. And to fall in love with the idea of the great American experiment. And also, be okay with losing. Sometimes the person you
vote for is not going to win and it’s like, just grieve, it’s okay. I’m gonna wake up tomorrow, I’m gonna turn on my electricity, I’m
gonna have a warm house, everything’s gonna be
okay, so I don’t know how you re-win the hearts
and minds of your countrymen and to start learning that, like, “hey, “that guy that I don’t agree with “or the lady I see that
I’ve kind of ignored “because her Facebook
posts or her Twitter posts “are just so absurd,” maybe
it’s time to fall in love again I guess would be one way to look at it. And also, we also need to re-rely on that inner voice that we all have. If absurd things are coming across, if hyperbolic and absurd things are coming across the news wire or across a social media
feed, just breathe. It’s probably not true,
you know, laugh at it. And just go, “yeah, yeah,
okay I wish that was true “about the person I don’t
like,” but come on, no. It’s not true, so–
– Yeah, yeah I was gonna say I think that’s almost harder. It’s one thing to say,
“look at the terrible thing “that’s happening to
the guy I don’t like,” but it’s even harder to sort of, oh, this great thing that
I like about this candidate that’s probably unlikely is
probably also not happening. – Correct.
– But yeah I think it also speaks to sort of a need for some degree of media literacy
that we don’t have anymore. That there’s just, there’s such a rash of strange, quasi-legitimate
or illegitimate news sites that are quickly shared on social media before anyone can do fact-checking. I remember 2016, 2017, there were so many, I was going to book stores to take classes on media literacy and they would literally just send links of like,
here’s fact-checking groups, here’s non-partisan
things, here’s a spectrum of things across the
political spectrum that, whether you agree with them or not are fact-checked and
means tested and whatever. But there’s that sense that that’s not the case for a lot of people right now. – Correct, and even the
term “fact-checking” will send a chill down
half the country’s spine. – Sure.
– And the other half will be cheerleading
this so-called fact-check industry.
– Right. – So even something as non-controversial and level-headed and
medium as the sentences you just said are still cause
for controversy nowadays. – Sure.
– And so media literacy is interesting,
that’s an interesting concept but I don’t understand,
I mean I understand from a marketing perspective but it’s heartbreaking to watch my great country’s, these once great news
organizations just start down this very, this very dangerous road of they have the truth.
– Right. – And they’re the only
ones that have the truth and the reason our adversaries conduct these campaigns is because they work. The reason our adversaries conducted against their own people
is because they work. And because if you just accept
this is the new reality, which I don’t accept, I
don’t accept the premise that this has to be our new reality. – Yes.
– In my house, it’s not the new reality
but we double-down on these things because they work. I just wish there were
more voices out there just like, “everybody breathe.” – Yeah.
– The other side is not the end of the
world, my side is not the only source of truth and sometimes my side’s gonna win and sometime my side is gonna lose and I’m still
gonna shake their hands, I’m still gonna be polite, it’s all good. I can still rage, I still
be sad, I mean please, I can still rage and be
sad but I’m not gonna reputationally abuse the other side. – Yeah but I think going back to sort of the notion of getting
to the bottom of story, I think one of the things
that you hear a lot is, from people who
reflexively share things that they think, “well that’s
it, that person’s done for,” or, “this person got
completely taken down,” is that everyone’s so busy
now and everyone feels like I don’t have time to go back
to the congressional record to see if this really happened
or not but that’s part of it. I realize that there’s
not a panecea of perfect, even-handed news going back
to the 50’s or 60’s or 70’s or whatever but there’s
also this feeling that I don’t even know where to start looking to see whether this is true
or not, you know what I mean? – Exactly, and again I just want to clear up something very quickly, what’s going on today is
that we’ve also accepted the false premise that our adversaries have a side in our political fight. – Yeah.
– They don’t have a side. They don’t have a preferred candidate. We always have to ask ourselves,
why are they doing this right now?
– Right, right, okay. – Why does it appear that they are supporting one candidate
over the other, why, okay? It’s not because that’s the
person they want elected. – Right.
– They usually lean on the open door that’s gonna
lead into the most chaos, okay? Not because they, in my
opinion and my experience and with my knowledge of
how our adversaries work and how they view us, they view us the same way they view themselves. They don’t think we’re any different. They just think we’re better at pretending we live in a free society than they do. And so again, that cynicism is being, that Central Eurasian cynicism with regard to our leaders,
with regard to politics, with regard to the election process, with regard to the basic
and fundamentals of liberty, that cynicism, they’re
turning their laser beam, focusing it on the United
States political system and saying, “aha, that’s
actually working now, “they are tribal and see, they’re “just as bad as we are,
see,” and again to be clear, they don’t have a preferred side. – Right.
– They don’t trust any of us, actually.
– Mhmm, so speaking to that, it seems like there’s
probably a decent chance that no anti-tampering legislation is gonna come through in time for 2020. So what can citizens do to take this issue into their own hands, how do we dismantle this system that allows
outright propaganda or disinformation to flourish? – Pet a dog, pet your
cats, hug your loved ones. I think that’s the biggest, well okay, I’m only half joking because
we need to trust ourselves. We need to trust the inner voice, we need to trust that when something so absurd comes in front of our face, even if it’s against a
person we don’t like, and we want it to be true, “my goodness “I really hope this person
loves to abuse kittens,” or whatever it is, like, “oh man, “I really hope this person hates kittens,” it’s gonna be okay.
– Mhmm. – There are already plenty
of laws in the books. It is illegal to tamper
with voting machines. It’s illegal to ballot stuff, it’s illegal to register people who
aren’t alive or who– – Of course.
– It’s already illegal to vote twice, you know? – Sure.
– All these things already exist, right?
– Sure, there’s also a whole lot of selective
enforcement of that, I mean … – Correct, again, correct.
– I can send you some books. – Correct, but please if you can hear me and you’re thinking about doing something on behalf of your political tribe, that’s nefarious, please
don’t do it, it’s okay. – Right.
– And it’s okay to lose. It’s okay, we’re gonna be fine. So there’s already enough legislation. I think it’s really about respecting the United States voter
again and we need to get rid, to the best of our ability, this idea that somehow,
how can I say this, this idea that there’s
a dumb voting populous. – Mhmm.
– People are entitled to have their opinions.
– Right. – And that’s okay, and
just because somebody doesn’t have all the facts that you have, everybody deserves
their voice to be heard. And one thing that scares me a lot is when elections don’t go the way, in other countries when elections don’t go the way that they had tried
to make them go, let’s say, they begin trying to win the
election via the legal system. – Right.
– Or to overturn the results of a kind of free
and a kind of fair election. I’m speaking of other countries now, through the legislature,
through the courts. Or let’s just say in other countries, even if the election goes their way but they didn’t win by as much
as they thought they should have won, I mean we’re seeing people thrown in jail in other countries because of alleged ties
to foreign governments. – Right.
– I mean, it goes down a really silly and scary
place when you start, when a temper-tantrum persists. – Right.
– When we can’t be okay with losing for a few years. It’s gonna be okay, we’re only
gonna lose for a few years and then it’s fine, you know?
– Mhmm. – And so that’s the pattern
I see in other countries and then I look here
and I go, “my goodness, “please, no, no, no, no, we
don’t need this right now, “we’ll never need this, this
is still a great country, “we’re still the envy of the world, “even with all of our short comings.” We’re better than this, we are, and that message is not being promulgated– – Right.
– Or disseminated in my opinion.
– So, on an even larger scale than bots and social
media forums and so forth, this red disservation you have, things like Cambridge Analytica who can sway elections
by a marketing campaign, so do you have any
thoughts on any safeguards that have been put in
place to prevent this and if there aren’t any, what safeguards could realistically be put in place? So you know, if it’s
clear that this will be a once again, unregulated
2020, what do we do to combat influences like this? – Well again, secure your buckets. There are still companies
that do this today. – Mhmm.
– It’s all legal. They legally purchase our
information from social media, we’ve agreed to it when
we agree to the terms. We’re okay with that,
and so there’s nothing inherently illegal about companies such as Cambridge Analytica,
or it’s not even illegal, it may be in bad taste nowadays but it’s not illegal to
employ their analytics. What have you learned about
the voting population? It’s all about gathering the best information for your campaign, okay? So I don’t want to outlaw
people wanting more information about how to reach their
preferred voting population to, “hey vote for me because
I’m gonna solve world hunger,” or whatever it is.
– Right. – So I’m weary to start thinking that we need to start
legislating against people learning about how to
reach the voting populous, here in this country,
I’m nervous about that. – Right.
– Tactics, and again, where I worry is that I don’t, I didn’t hit that I agree to them mishandling the information
once they have it. – Mhmm.
– Meaning, I haven’t agreed for you
to leave my information exposed to the nefarious
actors on the dark web or to foreign entities
who are trying to use me, my social media to retweet,
to become my friend and to infiltrate my friends and then do their misinformation campaigns. I didn’t agree to be a part
of a intelligence operation. – Right.
– So again, I’m hesitant to really
come out strongly against firms like that because everybody does it. The guy starting out,
who’s starting a business, needs information about
the target market he wants or she wants to target, they deserve to have that information purchased legally and to make their business awesome. Same with candidates who
are running in this country. So yeah, I know this is
maybe a bit unpopular but all the parties do it,
all the candidates do it. They contact these types to message us. So when intelligence operation uses the same methods and trade craft that private business
and private individuals use for good, that’s where it gets tricky. So I don’t want to legislate
only because bad guys did it. This is where it gets a little tricky. – Okay, so what are some
dangers to watch out for from a social engineering perspective? Are there things that voters
should be watching for that are out there, like
there’s been reports of fishing campaigns that use email or phone calls to gather information or fake information disseminated in forms of phone polling
or attempts to harvest registration from phones,
like on a pure sort of technical level how should people keep themselves and their
information protected as we come into the election season? – Stellar, stellar question,
and this needs to get out, this needs to get out, it’s your identity. It’s your electronic
footprint, please own it. Own where you go on the internet, own it. Be purposeful, don’t click on everything, don’t sign up for
everything and if you have, get a grip on where
your email is being used for marketing purposes, again, legal, completely above board marketing purposes, get a handle on it, unsubscribe. If you don’t recognize emails, delete them, it doesn’t matter. If you don’t recognize the phone number, don’t answer it, block it, subscribe, there are services out there that will filter these types of phone calls. Listen to your inner voice,
you are smarter than you think. Your gut will not, and
if it is a loved one trying to find you after 20
years, they’ll find another way. – There’s other ways, right.
– They’ll find another way. So we don’t need to be so
anxious to answer all the mail, to answer all the phone
calls, be purposeful. Be smart, be vigilant, and
having a default mindset of security is great.
– Yeah. – But get out there, get a grip on what your digital footprint
is and start owning it and minimizing it.
– Get to know your security settings
on everything you do. – Google yourself, search for yourself. It’ll be eye opening.
– You’ll be surprised, absolutely, so can you give us any tips or strategies around separating fact from fiction regarding
election coverage? Are there certain types of red flags to watch out for when
seeing or considering sending out a potentially,
quote unquote game-changing news story that comes across
your social media feed? – Yeah, so my advice is breathe. If it’s too much, if it’s too sensational, you’re probably
unknowingly becoming a part of a misinformation campaign.
– Yeah, if it’s pushing your buttons–
– I’m not victim-blaming. – Sort of, if you’re
like, “oh, I knew it.” – Yeah, exactly and
even if it’s in support of the person you like.
– Right. – If it sets you off, and
if it taps into that part of our psyche that sets
you off like super excited, super angry–
– Right. – It starts at the individual. The individual needs to
begin to own what they spread and maybe just walk away,
turn it off, it’s okay. – Right.
– I’ve done that in my house. I’ve simply turned TVs off, I’m minimized, I’ve been purposeful, I’ve minimized my social media footprint, I’ve set strict boundaries around
my time on social media, what I choose to use it for,
it starts at the individual. But again, I would hate for
us to get into the mindset that we need somebody else to fix it. I think the individual
knows themselves well enough and their families well
enough to, let’s start there and let’s not become
a part of the problem. – Yeah I think during,
especially stressful times, it feels like sort of scrolling your social media feed for political news, it sort of triggers sort
of an addictive aspect of your personality and I know when things are going very bad, I obsessively scroll with that feeling that the next news piece is gonna be the one where it’s like, “everything’s gonna be fine,” and I think there’s a lot of people out there that there’s just that endless feeling of, “oh I gotta just
look for one more thing “and that’s gonna tell me that I can stop “worrying about this,” but you don’t get to stop worrying about this. – No, it’s not.
– It’s more nuanced than that. – You’re right, that’s
an excellent observation. And so again, I believe in the individual. I believe that people can
use their powers for good and I believe that one
day we’ll snap out of it. I’m also waiting for my social media feed, for the guy that hypnotized us to go, “okay and you’re back.”
– Right, yeah, yeah. – So I think we’ll get
there, we’re a great country. – So speaking of sort of
media literacy and stuff, can you sort of suggest, without
being partisan or whatever, certain ways of bringing
the voting populous up a bit more to speed about
current security dangers, even not necessarily
this candidate says this or this candidate says this but do you have any suggestions for
getting people to realize foreign actors do these things or voting boxes can still be hacked, they don’t have enough,
their firmware isn’t updated fast enough or they’re too
old or things like that. What are your thoughts on sort of getting that level of education out? – Oh, man, what a great question. And I’m gonna fall back on the silly sign that we see everywhere,
it’s cliche but it works. If you see something, say something. If you’re in line to cast your vote and somebody’s breaking a rule, somebody’s out campaigning
closer than they should. Somebody approaches, knocks on your door after voting registration
has legally ended and is asking you to register to vote, get their information, ask
them why they’re out here. What are you doing, I did that once. I was in a neighborhood,
I was driving through the neighborhood one day in
the commonwealth of Virginia and it was a few days past
the legal registration to vote and I stopped
and I saw these people. I recognized them by
their shirts and I mean, they weren’t hiding, you
know I stopped and I said, “excuse me, what are you
guys out doing today, “it’s a beautiful day, what
are you out doing today? “oh, you’re registering vote
but didn’t that deadline pass, “can I have your information,
this seems a little, “this is interesting to
me, I don’t understand “why you’re out voting, or
registering people to vote,” and they just walked away,
they didn’t want to talk to me. – Sure.
– So I mean, if you see something, say something. If you’re getting things in
your email, don’t click on them. If you’re getting things,
“hey register to vote, “it’s not too late,” and
you know it’s too late, it’s a trick.
– Yeah. – People just need to reassert
ownership over this process. – Right.
– This country doesn’t belong to somebody else, right, it’s ours. And this is a uniquely American thing. And I actually am very
grateful that each state, each county, each city, each precinct has it’s own way of doing
it cause there can be a coordinated attack effort.
– Right. – They can rabble-rouse here but you can’t meddle or interfere the
same way one county over. – Right.
– So take ownership, voter. And just recognize that you’re a lot more well informed than you are.
– Okay. So sort of fast-forwarding to, we’re talking like days
before the election. Everyone’s got their opinion,
everyone’s ready to go, what have you but now were at that point where there’s the possibility
for mechanical tampering, for cyber tampering, whatever. Sort of playing arm share quarterback, what’s the balance to be found between watching out for social
engineering concerns versus out-and-out software fraud? What do you think should be the focus for this next cycle based on what you see? – Social engineering is already happening. this isn’t, social engineering
is an ongoing operation, especially when it’s conducted on behalf of a very sophisticated and
adversarial nation state. What I mean, adversarial,
is that another country that views us as their primary adversary. So social engineering,
it’s going to continue and it’s happening right now.
– Right. – With regard to securing our, with regard to securing our
votes at the electronic level, at the network level, this is where I have very strong feelings that it’s the public and private partnerships. I think the public sector
should absolutely reach out to trustworthy, private expertise. I think the public
sector could learn a lot from what we do in the
private sector nowadays to help secure our own systems and maybe there should be increase
in that partnership. And without a fear of, I
don’t know, there’s a lot of distrust right now,
there’s a fear of distrust. And the federal government
and local governments have their reasons, you can’t just let anybody into your
systems, I mean I get it. But spreading the
expertise, sharing expertise across disciplines, I
think will absolutely help us prepare for 2020 and beyond at that very technical level.
– Okay, sketch out to me, I just thought of this, based on sort of private sector versus
public sector security technology aspects, draw me a prototype of a reasonably safe voting machine. What’s a thing that’s in your
ideal in-your-head version of a voting machine that’s
maybe not there right now for a lot of places
cause I know some of them are 20 years old, 30 years
old, there’s talk about firmware issues or things
that just can’t be secured. I’m not talking about someone whisks away a box of ballots or whatever, but I think there’s legitimate concerns
about outdated technology that’s very easy to hack
and things like that. What do you imagine as a very good, I’m not gonna say
unhackable but a very good hack-resistant voting machine? – Well I wouldn’t want any voting machine that I had in my precinct
transmit anything at all, ever. – Okay.
– Yes, it can be electronic. You slide your ballot in and it reads it however it reads it, I’m
not against technology by any stretch of the imagination, but I wouldn’t want any
voting machine that transmits unless it’s done in a
very, very secure manner. But while it’s standing still
and while it’s not needing to transmit, all those signals
that transmit are turned off until it’s time to tally the votes. But even then, right,
it gets very precarious because when it begins to transmit, you’re opening a screen door and it’s, we’re never gonna have, oh
man, did I just say never, it’s highly unlikely that
we’ll ever create a uniform, hack-proof voting system
here in the United States. It’s just not in our culture
to have a uniform thing that’s equal from Kansas to D.C. We’re not gonna have the
same thing in each precinct so I would just want to minimize signals in my voting machines, minimizing transmittable signals
would be my preference. – Okay, so when I wrote this
question, I didn’t realize this is, I feel you already kind of answered this a few times
but if you were given a magic, legislative gavel
to pass a passel of laws to make voting safer, more
accurate, what would you enact? It sounds like that’s not
necessarily where you head goes, but–
– No, I think it’s a great, I love going to these mind
spaces where we get to push ourselves to think a little bit more. No, you asked me that
question, I think about it, I would just, I wouldn’t
even want to wave a wand to change a law, I’d want to wave a wand, I wouldn’t even want to wave a wand to get people to think
like me, I would just want people’s heart rate to go down. I would wave a wand so people’s pulse would be at a healthy level and just their hearts would soften a bit. Because I believe in the
individual, I really do, I believe people are so
fascinating and complicated and wonderful and that once individuals make a decision, there’s impact in that. Once an individual decides,
“I’m not gonna buy into “the common belief that,”
whatever, fill in the blank. I’m not gonna become an
unwitting participant in this really interesting
and kind of dangerous circus that’s going on right now. When I’m approached
about, I’m not saying me but if I could wave a wand I would say, “hey when you’re approached
about a political,” whatever the outrage of the day is. I heard that this candidate
likes to kick puppies, it’s like okay, I’m gonna breathe and go, he doesn’t kick puppies.
– Right. – They don’t kick puppies,
nobody does that, okay. – Right, yeah.
– So I’m skeptical of when a large group of imperfect people get together and think they know more. And again, well-intentioned, lawmakers are very well-intentioned, I don’t think that they’re out going, “how
can I take over the world?” – Right.
– And accomplish the new world order, I
think it’s more like, “wow we need to do something,”
but let’s not be hasty to fix things that we’ve created and boy I love that question. I didn’t give you a
good answer but I would wave a wand and I would
say, “okay, everybody, “computers have to be off for 24 hours.” That’s what I would do.
– Right, right. – That’s the one, okay so I lied. – Cutting the cord for a while, yeah. – I would mandate a 24 hour fast from all internet connectivity.
– Yeah. – That’s what I would do.
– Sounds like bliss to me. – Just one day, just one day.
– Yeah, yeah, just deep breath, so to wrap up today, summarize your fears and
hopes for the next election and elections to come, what’s one thing that was adopted, if it was
adopted across the populous would help you sleep better
between now and November 2020? – Hmm, my hope is that we fall
in love with each other again as a country, my fear
is that we double down on the path we are currently on. Let’s stop, let’s stop
demonizing each other. Let’s stop thinking that
the more we do this, whoever the individual or group, the intelligence operation
that was conducted against the United States
that really was brought to the forefront in 2016 is ongoing and they’re not even having
to do anything right now. They’re just leaning back going, “wow, “all we had to do was
hand it off to the media.” And I’m not picking a side
here, I mean all of us. – Mhmm.
– And they’re running with it. These foreign actors are no longer having to pour gasoline, we’re
doing it now to ourselves. So my fear is that we double
down on this path we’ve chosen, my hope is that we won’t and
that we’ll fall in love again and laugh at each other again,
laugh at ourselves again about how silly our candidate is sometimes and that we just kind of get back to being the way we were before
this thing happened. And I know we will get there,
I do believe we’ll get there. – Well, Adam Darrah, thank
you very much for your time and insights today.
– Chris, it’s been a pleasure and I really appreciate
the great questions, man. This has really forced some great thoughts and I hope I haven’t said
anything too silly or awful. – Nope, absolutely, we
appreciate your insights and very glad you could
make the time today. – Anytime Chris, talk to you later. – Alright, and thank you all
for listening and watching. If you enjoyed today’s
video, you can find many more on our YouTube page,
just go to YouTube.com and type in Cyber Work with InfoSec to check out our collection of tutorials, interviews, and past webinars. If you’d rather have us in
your ears during your workday, all of our videos are also
available as audio podcasts. Just search Cyber Work with InfoSec in your favorite podcast
catcher of choice. To see the current
promotional offers available to listeners of this podcast, go to infosecinstitute.com/podcast, and again as I said at the top of the hour, use our free election
security training resources to educate poll workers and volunteers on the cyber security threats they may face during election season. For information about how to download your free training packet, visit infosecinstitute.com/iq/election-security-training, or click the link in the
description probably below. Thanks once again to Adam Darrah and thank you all again
for watching and listening. We’ll speak to you next week. (upbeat outro music)

2 Replies to “Teach yourself cybersecurity with skills-based education | Cyber Work Podcast”

Leave a Reply

Your email address will not be published. Required fields are marked *