TITLE: A New Way to Debug Our Election Systems
AUTHOR: Eugene Wallingford
DATE: August 22, 2016  4:18 PM
DESC: 
-----
BODY:
In
<A HREF="https://www.schneier.com/blog/archives/2016/07/the_security_of_11.html">
   The Security of Our Election Systems</A>,
Bruce Schneier says that we no longer have time to sound alarm
about security flaws in our election systems and hope that
government and manufacturers will take action.  Instead...

<BLOCKQUOTE><EM>
 We must ignore the machine manufacturers' spurious claims
 of security, create tiger teams to test the machines' and
 systems' resistance to attack, drastically increase their
 cyber-defenses and take them offline if we can't guarantee
 their security online.
</EM></BLOCKQUOTE>

How about this:

The students in my department love to compete in cyberdefense
competitions (CDCs), in which they are charged with setting
up various systems and then defending them against attack
from experts for some period, say, twenty-four hours.  Such
competitions are growing in popularity across the country.

Maybe we should run a CDC with the tables turned.  Manufacturers
are required to set up their systems and to run the full set of
services they promise when they sell the systems to government
agencies.  Students across the US would then be given a window
of twenty-fours or more to try to crack the systems, with the
manufacturers or even our election agencies trying to keep their
systems up and running securely.  Any vulnerabilities that the
students find would be made public, enabling the manufacturers
to fix them and the state agencies to create and set up new
controls.

Great idea or crazy fantasy?
-----