民主最重要的一年：世界各地争取安全选举的斗争

明天在拉斯维加斯举行的黑帽安全会议上的主题演讲的重要性怎么强调都不为过——民主最重要的一年：为世界各地的安全选举而战。正如会议描述所述，超过 20 亿选民将投票决定他们国家和世界的未来。随着来自敌国的网络攻击的增加、社交媒体的巨大影响以及生成人工智能带来的新威胁，保护民主进程的挑战从未如此严峻。

output: As we approach Black Hat, I can’t overstate the importance of tomorrow’s Keynote: Democracy's Biggest Year: The Fight for Secure Elections Around the World.

输出：当我们接近黑帽时，我无法夸大明天主题演讲的重要性：民主最重要的一年：为世界各地的安全选举而战。

As the session’s description relates, with more than 2 billion voters set to cast ballots this year to shape the future of their nation and the world, the challenges of protecting the democratic process have never been greater. This is especially true with the increase in cyberattacks from enemy states, the outsize influence of social media, and the novel threats posed by Generative AI.

正如会议描述所述，今年将有超过 20 亿选民投票来塑造他们国家和世界的未来，保护民主进程的挑战从未如此严峻。随着来自敌国的网络攻击的增加、社交媒体的巨大影响以及生成人工智能带来的新威胁，这一点尤其如此。

Just about every major organization has been breached, which begs the timely question: If major corporations like AT&T, Microsoft, and United Healthcare can’t stop cybercriminals from breaching their networks, how can the notoriously underfunded cybersecurity defenses at the organizations that manage our elections possibly stay safe?

几乎每个主要组织都遭到了入侵，这就引出了一个及时的问题：如果像 AT&T、微软和 United Healthcare 这样的大公司都无法阻止网络犯罪分子破坏其网络，那么管理我们选举的组织中众所周知的资金不足的网络安全防御又如何能阻止呢？可能保持安全吗？

For cybercriminals to succeed, they must have a motivation to attack and the means to succeed. Except at the very highest levels, there’s limited financial gain for cybercriminals to carry out a direct attack on our electoral systems. There’s no “un-stolen” data left to steal and no leverage to demand a ransom payment. More important, the nature of the process offers many built-in deterrents.

网络犯罪分子要想成功，他们必须有攻击动机和成功手段。除了最高级别之外，网络犯罪分子对我们的选举系统进行直接攻击的经济收益有限。没有“未被窃取”的数据可供窃取，也没有手段要求支付赎金。更重要的是，该过程的性质提供了许多内在的威慑因素。

Keep in mind the U.S. electoral system, like many others, is highly decentralized. Elections and balloting are conducted at the state and local levels, not through a single nationwide system. Individual states have their own processes, rules, and systems. Our systems involve a remarkably manual process that relies on large numbers of people who are not integrated in a cohesive manner. This decentralized structure makes it nearly impossible for a single threat actor to influence outcomes across the entire country.

请记住，与许多其他国家一样，美国的选举制度是高度分散的。选举和投票是在州和地方各级进行的，而不是通过单一的全国性系统进行。各个州都有自己的流程、规则和系统。我们的系统涉及一个非常手动的过程，该过程依赖于大量没有以凝聚力方式集成的人员。这种分散的结构使得单个威胁行为者几乎不可能影响整个国家的结果。

There are also strong cybersecurity physical security measures already in place. Election systems, particularly those involving voting machines and electronic tabulation, are regularly upgraded with improved security measures. This includes multifactor authentication, encryption, and stringent physical security measures.

强有力的网络安全物理安全措施也已经到位。选举系统，特别是涉及投票机和电子表格的选举系统，会定期升级并改进安全措施。这包括多因素身份验证、加密和严格的物理安全措施。

There are also robust election integrity checks and paper trails. These include pre-election testing of voting machines, post-election audits, and chain of custody procedures for ballots and voting equipment. Most voting systems in the U.S. include a paper trail that allows verification of results and greater certainty to the accuracy. This was put to the test following the 2020 U.S. presidential election when 60 legal cases were filed in multiple states alleging fraud and/or irregularities in the election process. In the end, no evidence to substantiate claims of widespread fraud or actions that would impact the election results were found.

还有强大的选举完整性检查和书面记录。其中包括投票机的选前测试、选后审计以及选票和投票设备的监管链程序。美国的大多数投票系统都包含书面记录，可以验证结果并提高准确性。 2020 年美国总统大选后，这一点受到了考验，多个州提起了 60 起法律案件，指控选举过程中存在欺诈和/或违规行为。最终，没有发现任何证据证明存在广泛的欺诈行为或影响选举结果的行为。

Other cyber risks to the electoral process

选举进程的其他网络风险

Disinformation against candidates and the electoral process will remain a significant risk of influencing elections. Federal investigations into the 2016 Presidential election revealed that Russian operatives conducted activities to influence the election. This included breaching and releasing emails from the Democratic National Committee.

针对候选人和选举进程的虚假信息仍将是影响选举的重大风险。联邦对 2016 年总统选举的调查显示，俄罗斯特工开展了影响选举的活动。这包括泄露和泄露来自民主党全国委员会的电子邮件。

There remains disagreement as to what extent this influenced the outcome of the election, but it’s clear they aimed to manipulate public opinion. The backdrop to this is the generational shift in how Americans source their news. Today, 62% of Americans get their news from social media, and 48% from TikTok alone.

对于这在多大程度上影响了选举结果仍存在分歧，但很明显他们的目的是操纵公众舆论。其背景是美国人获取新闻的方式发生了代际转变。如今，62% 的美国人从社交媒体获取新闻，其中 48% 仅从 TikTok 获取新闻。

While we must remain vigilant in protecting against the risk of cyberattacks, the most significant threat to our democratic process is the broad disengagement of voters. Consider that past claims of fraud and manipulation, true or not, involved remarkably small numbers of votes. At the same time, one-third or more of registered voters in the U.S. fail to vote in Presidential elections, enough to swing the outcome of any election.

虽然我们必须保持警惕，防范网络攻击的风险，但对我们民主进程的最大威胁是选民的广泛脱离。考虑一下过去关于欺诈和操纵的指控，无论真实与否，涉及的选票数量都非常少。与此同时，美国三分之一或更多的登记选民未能在总统选举中投票，这足以左右任何选举的结果。

With a panel that includes brilliant cybersecurity leaders such as Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), as well as cybersecurity leaders from around the world, I'm looking forward to an impactful and memorable session.

小组成员包括网络安全和基础设施安全局 (CISA) 主任 Jen Easterly 等杰出的网络安全领导者以及来自世界各地的网络安全领导者，我期待着一场有影响力且令人难忘的会议。

John Gunn, chief executive officer, Tokenoutput:

Tokenoutput 首席执行官约翰·冈恩 (John Gunn)：