Nolandia map.

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

In this week’s podcast (#113): Everybody worries about hacked voting machines. But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. Also: October is just around the corner and that means Cyber Security Awareness Month is upon us. So what are top cyber security professionals “aware of” these days? We talk with Justin Somaini the Chief Security Officer at SAP to find out.

A Bad Day in Nolandia

It’s a bad election day in Nolandia, the fictional city in an unnamed “Swing State.” A shadowy hacking group calling itself the “Broken Eagle Task Force” (or BETF) is protesting the ‘global order,’ and looking to disrupt voting within the city’s environs.

That’s the scenario of an exercise that took place high above Boston last week. The election hacking table top exercise, hosted by the firm Cybereason, pulled together city officials from the City of Boston, the City of Lowell, the Massachusetts State Police and the office of Massachusetts Governor Charlie Baker. 

BETF sign from hacking demonstration.
A sign from the election hacking demonstration.

There have been volumes written about the danger posed by hackers attacking voting machines and other election systems. But what if elections could be swayed by other means – without even touching voting equipment, vote tabulation systems or government networks?

The point is that election hacking need not involve election systems, said Ross Rustici, the senior director of intelligence services at Cybereason, who designed the exercise.

In our first segment, I was joined in the Security Ledger studio by Ross and Sam Curry, a Red Team member and Chief Product and Security Officer at Cybereason to talk about the goals of the election hacking exercise and also what surprises the event held.

I noted that disinformation was a big part of the Red Team’s arsenal, including the use of hoax emergencies – a gas leak, a bomb threat – to sow chaos. 

SAP CSO Justin Somaini

October is Cybersecurity awareness month. For consumers, that means boning up on account security – maybe getting a password manager. But what if you’re the Chief Security Officer of an $128 billion global corporation?

In our second segment of this week’s Security Ledger podcast We sat down with Justin Somaini to talk about what he’s making himself “aware of” this October. Somaini has the distinction of being the first CSO at Yahoo and also at Symantec. We talk about how even sophisticated tech firms can lose their way on security and the challenge of being the first Chief Security Officer on the ground inside a large, sophisticated global technology firm.

Comments are closed.