民主最重要的一年：世界各地爭取安全選舉的鬥爭

明天在拉斯維加斯舉行的黑帽安全會議上的主題演講的重要性怎麼強調都不為過——民主最重要的一年：為世界各地的安全選舉而戰。正如會議描述所述，超過 20 億選民將投票決定他們國家和世界的未來。隨著來自敵國的網路攻擊的增加、社群媒體的巨大影響以及生成人工智慧帶來的新威脅，保護民主進程的挑戰從未如此嚴峻。

output: As we approach Black Hat, I can’t overstate the importance of tomorrow’s Keynote: Democracy's Biggest Year: The Fight for Secure Elections Around the World.

輸出：當我們接近黑帽時，我無法誇大明天主題演講的重要性：民主最重要的一年：為世界各地的安全選舉而戰。

As the session’s description relates, with more than 2 billion voters set to cast ballots this year to shape the future of their nation and the world, the challenges of protecting the democratic process have never been greater. This is especially true with the increase in cyberattacks from enemy states, the outsize influence of social media, and the novel threats posed by Generative AI.

正如會議描述所述，今年將有超過 20 億選民投票塑造他們國家和世界的未來，保護民主進程的挑戰從未如此嚴峻。隨著來自敵國的網路攻擊的增加、社交媒體的巨大影響以及生成人工智慧帶來的新威脅，這一點尤其如此。

Just about every major organization has been breached, which begs the timely question: If major corporations like AT&T, Microsoft, and United Healthcare can’t stop cybercriminals from breaching their networks, how can the notoriously underfunded cybersecurity defenses at the organizations that manage our elections possibly stay safe?

幾乎每個主要組織都遭到了入侵，這就引出了一個及時的問題：如果像AT&T、微軟和United Healthcare 這樣的大公司都無法阻止網絡犯罪分子破壞其網絡，那麼管理我們選舉的組織中眾所周知的資金不足的網路安全防禦又如何阻止呢？

For cybercriminals to succeed, they must have a motivation to attack and the means to succeed. Except at the very highest levels, there’s limited financial gain for cybercriminals to carry out a direct attack on our electoral systems. There’s no “un-stolen” data left to steal and no leverage to demand a ransom payment. More important, the nature of the process offers many built-in deterrents.

網路犯罪分子要成功，他們必須有攻擊動機和成功手段。除了最高層級之外，網路犯罪分子對我們的選舉系統進行直接攻擊的經濟利益有限。沒有「未被竊取」的資料可供竊取，也沒有手段要求支付贖金。更重要的是，該過程的性質提供了許多內在的威懾因素。

Keep in mind the U.S. electoral system, like many others, is highly decentralized. Elections and balloting are conducted at the state and local levels, not through a single nationwide system. Individual states have their own processes, rules, and systems. Our systems involve a remarkably manual process that relies on large numbers of people who are not integrated in a cohesive manner. This decentralized structure makes it nearly impossible for a single threat actor to influence outcomes across the entire country.

請記住，與許多其他國家一樣，美國的選舉制度是高度分散的。選舉和投票是在州和地方各級進行的，而不是透過單一的全國性系統。各州都有自己的流程、規則和系統。我們的系統涉及一個非常手動的過程，該過程依賴大量沒有以凝聚力方式整合的人員。這種分散的結構使得單一威脅行為者幾乎不可能影響整個國家的結果。

There are also strong cybersecurity physical security measures already in place. Election systems, particularly those involving voting machines and electronic tabulation, are regularly upgraded with improved security measures. This includes multifactor authentication, encryption, and stringent physical security measures.

強而有力的網路安全實體安全措施也已經到位。選舉系統，特別是涉及投票機和電子表格的選舉系統，會定期升級並改善安全措施。這包括多因素身份驗證、加密和嚴格的實體安全措施。

There are also robust election integrity checks and paper trails. These include pre-election testing of voting machines, post-election audits, and chain of custody procedures for ballots and voting equipment. Most voting systems in the U.S. include a paper trail that allows verification of results and greater certainty to the accuracy. This was put to the test following the 2020 U.S. presidential election when 60 legal cases were filed in multiple states alleging fraud and/or irregularities in the election process. In the end, no evidence to substantiate claims of widespread fraud or actions that would impact the election results were found.

還有強大的選舉完整性檢查和書面記錄。其中包括投票機的選前測試、選後審計以及選票和投票設備的監管鏈程序。美國的大多數投票系統都包含書面記錄，可以驗證結果並提高準確性。 2020 年美國總統大選後，這一點受到了考驗，多個州提起了 60 起法律案件，指控選舉過程中存在欺詐和/或違規行為。最終，沒有發現任何證據證明存在廣泛的欺詐行為或影響選舉結果的行為。

Other cyber risks to the electoral process

選舉過程的其他網路風險

Disinformation against candidates and the electoral process will remain a significant risk of influencing elections. Federal investigations into the 2016 Presidential election revealed that Russian operatives conducted activities to influence the election. This included breaching and releasing emails from the Democratic National Committee.

針對候選人和選舉過程的虛假資訊仍將是影響選舉的重大風險。聯邦對 2016 年總統大選的調查顯示，俄羅斯特工進行了影響選舉的活動。這包括洩漏和洩漏來自民主黨全國委員會的電子郵件。

There remains disagreement as to what extent this influenced the outcome of the election, but it’s clear they aimed to manipulate public opinion. The backdrop to this is the generational shift in how Americans source their news. Today, 62% of Americans get their news from social media, and 48% from TikTok alone.

對於這在多大程度上影響了選舉結果仍存在分歧，但很明顯他們的目的是操縱公眾輿論。其背景是美國人獲取新聞的方式發生了世代轉變。如今，62% 的美國人從社群媒體獲取新聞，其中 48% 僅從 TikTok 獲取新聞。

While we must remain vigilant in protecting against the risk of cyberattacks, the most significant threat to our democratic process is the broad disengagement of voters. Consider that past claims of fraud and manipulation, true or not, involved remarkably small numbers of votes. At the same time, one-third or more of registered voters in the U.S. fail to vote in Presidential elections, enough to swing the outcome of any election.

雖然我們必須保持警惕，防範網路攻擊的風險，但對我們民主進程的最大威脅是選民的廣泛脫離。考慮過去關於欺詐和操縱的指控，無論真實與否，涉及的選票數量都非常少。同時，美國有三分之一或更多的登記選民未能在總統選舉中投票，這足以左右任何選舉的結果。

With a panel that includes brilliant cybersecurity leaders such as Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), as well as cybersecurity leaders from around the world, I'm looking forward to an impactful and memorable session.

小組成員包括網路安全和基礎設施安全局 (CISA) 主任 Jen Easterly 等傑出的網路安全領導者以及來自世界各地的網路安全領導者，我期待著一場有影響力且令人難忘的會議。

John Gunn, chief executive officer, Tokenoutput:

Tokenoutput 執行長約翰岡恩 (John Gunn)：