Incident Details

Incident: Technical Difficulties Delayed Hackers at DARPA Voting Machine Prototypes

Published Date: 2019-08-11

Postmortem Analysis
Timeline	1. The software failure incident happened during the Defcon event in Las Vegas, as mentioned in Article 88605. 2. Published on 2019-08-11. 3. Estimated timeline: The incident occurred in August 2019.
System	1. DARPA-funded secure voting machine prototypes at the Voting Village [88605]
Responsible Organization	1. Technical difficulties during the machines' setup were responsible for causing the software failure incident [88605].
Impacted Organization	1. Hackers participating in Defcon were impacted by the software failure incident [88605].
Software Causes	1. Technical difficulties during the machines' setup prevented hackers from accessing the systems [88605].
Non-software Causes	1. Technical difficulties during the machines' setup [88605] 2. Connectivity issues with external devices [88605] 3. Test suite not running on one machine [88605]
Impacts	1. The software failure incident resulted in hackers being unable to access the voting machine systems for the first two days of the security conference, delaying the vulnerability assessment process [88605]. 2. The machines' inability to connect with external devices hindered the testing for vulnerabilities, impacting the overall assessment of the voting machine security [88605]. 3. The software failure incident caused a delay in the project's progress and the team's ability to address vulnerabilities promptly, affecting the intended purpose of showcasing the prototypes at the Voting Village [88605].
Preventions	1. Proper testing and quality assurance procedures during the development phase could have potentially prevented the software failure incident [88605]. 2. More thorough pre-event testing and setup of the voting machines to ensure they were fully functional before the start of the event could have helped prevent the technical difficulties experienced during the setup [88605]. 3. Implementing robust network connectivity testing to ensure the voting machines could connect to external devices as intended, which would have allowed hackers to test for vulnerabilities [88605].
Fixes	1. Improving the setup process of the voting machine prototypes to ensure they function correctly from the start could fix the software failure incident [88605]. 2. Conducting thorough testing and quality assurance checks before showcasing the machines at events like Defcon to identify and resolve any technical difficulties or bugs in advance [88605].
References	1. Joe Kiniry, a principal research scientist at the government contractor [88605] 2. Harri Hursti, co-founder of the Voting Village [88605] 3. WIRED [88605]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident related to the voting machine prototypes at the Voting Village, where technical difficulties during setup prevented hackers from accessing the systems, happened with the organization Galois. This incident occurred during the Defcon security conference in Las Vegas [88605]. (b) The article mentions that at the last two Defcon events, hackers found vulnerabilities in voting machines used in current elections within minutes because the machines were often outdated. This indicates that similar incidents of vulnerabilities being found in voting machines have happened with other organizations or their products at previous events [88605].
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase can be seen in the article where it mentions technical difficulties during the setup of the secure voting machine prototypes at the Voting Village. The machines brought by Galois had various problems during setup, such as connectivity issues, test suite failures, and inability to connect to networks [88605]. (b) The software failure incident related to the operation phase is evident in the article where it states that hackers couldn't access the systems of the voting machine prototypes over the first two days of the security conference due to a bug in the machines. This hindered the operation and testing of the machines by the hackers [88605].
Boundary (Internal/External)	within_system	(a) within_system: The software failure incident in this case was primarily due to technical difficulties within the voting machine prototypes set up at the Voting Village during Defcon. The machines experienced various problems during setup, such as connectivity issues, test suite failures, and inability to connect to external devices, which hindered hackers from accessing the systems and finding vulnerabilities [88605]. These internal technical issues directly impacted the ability of hackers to interact with the machines and conduct security testing. (b) outside_system: The article does not mention any significant contributing factors originating from outside the system that directly led to the software failure incident. The focus is primarily on the technical difficulties within the voting machine prototypes themselves that prevented hackers from accessing the systems and finding vulnerabilities [88605].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident in this case was primarily due to technical difficulties during the setup of the secure voting machine prototypes at the Voting Village. The machines had bugs that prevented hackers from accessing their systems over the first two days of the conference [88605]. (b) Human actions also played a role in the software failure incident as the team behind the voting machine prototypes intentionally added vulnerabilities to test the system's defenses against flaws. Additionally, the team was looking to learn from the failures and improve the project for the future, indicating human involvement in the incident [88605].
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident in the article was primarily due to hardware issues. The DARPA-funded voting machine prototypes faced technical difficulties during setup, preventing hackers from accessing the systems initially. Issues such as machines not connecting to networks, test suites not running, and inability to get online were mentioned, indicating hardware-related problems [88605]. (b) The software failure incident also had software-related contributing factors. The article mentions that the machines had bugs that didn't allow hackers to access their systems initially. Additionally, the machines had difficulties during setup, and one machine had a test suite that didn't run, highlighting software-related challenges [88605].
Objective (Malicious/Non-malicious)	non-malicious	(a) The software failure incident described in the article is non-malicious. The failure was attributed to technical difficulties during the setup of the secure voting machine prototypes at the Voting Village during the Defcon conference. Hackers were unable to access the systems initially due to a bug in the machines, which prevented them from finding vulnerabilities. The team working on the project aimed to allow hackers to find vulnerabilities in order to improve the system's security [88605].
Intent (Poor/Accidental Decisions)	accidental_decisions	(a) The intent of the software failure incident related to poor decisions: - The software failure incident at the Voting Village during Defcon was not due to the machine's security features that had been worked on for four months but rather technical difficulties during the machines' setup [88605]. - The team built the voting machine prototypes after looking at voting machine mistakes over the last two decades and created them with security standards comparable to the Department of Defense [88605]. - Galois even added vulnerabilities on purpose to see how its system defended against flaws [88605]. (b) The intent of the software failure incident related to accidental decisions: - The failure during the setup of the voting machine prototypes at the Voting Village was described as technical difficulties rather than intentional decisions [88605]. - The team encountered a myriad of different problems during the setup, indicating that the issues were not intentional but rather accidental [88605]. - The team was already preparing to bring the project back to Defcon in 2020 to learn from what went wrong, suggesting a focus on improving and addressing accidental decisions rather than intentional ones [88605].
Capability (Incompetence/Accidental)	accidental	(a) The software failure incident in the DARPA-funded voting machine prototypes at the Voting Village was attributed to technical difficulties during the machines' setup. The machines brought by Galois encountered various problems during setup, preventing hackers from accessing their systems for the first two days of the conference [88605]. (b) The accidental nature of the software failure incident is highlighted by the fact that the bugs in the machines were not intentionally introduced but rather occurred as unforeseen technical difficulties during setup. The team had been working on the security features of the machines for four months, indicating that the failure was not deliberate but a result of unexpected issues [88605].
Duration	temporary	(a) The software failure incident in this case was temporary. The article mentions that the reason hackers couldn't crack the secure voting machine prototypes during Defcon was due to technical difficulties during the machines' setup [88605]. These technical difficulties prevented hackers from accessing the systems over the first two days of the event. The team was able to solve the problem on three machines and was working to fix the last two before Defcon ended. Additionally, the article highlights that the machines had difficulties connecting to external devices, which hackers would need to test for vulnerabilities. Despite these temporary setbacks, the team was optimistic about resolving the issues and bringing the project back to Defcon in 2020 to learn from what went wrong and improve the system [88605].
Behaviour	crash, omission, timing, value, other	(a) crash: The software failure incident in the article can be associated with a crash behavior. The voting machine prototypes experienced technical difficulties during setup, which prevented hackers from accessing their systems over the first two days [88605]. (b) omission: The software failure incident can also be linked to an omission behavior. The machines had issues connecting with external devices, which hackers would need to test for vulnerabilities. One machine couldn't connect to any networks, another had a test suite that didn't run, and a third machine couldn't get online [88605]. (c) timing: The timing behavior is evident in this software failure incident as well. The machines were eventually fixed, allowing hackers to find vulnerabilities, but this resolution occurred later than desired, causing a delay in the process [88605]. (d) value: The software failure incident does not directly align with a value behavior as the voting process itself worked, but the machines had issues connecting with external devices and running certain tests, which could be considered as performing their intended functions incorrectly in those aspects [88605]. (e) byzantine: The byzantine behavior is not explicitly mentioned in the article as the software failure incident primarily revolved around technical difficulties, setup issues, and delayed access for hackers to find vulnerabilities on the voting machine prototypes [88605]. (f) other: The other behavior observed in this software failure incident could be related to the intentional addition of vulnerabilities by the Galois team to test the system's defense against flaws. This deliberate inclusion of vulnerabilities for testing purposes represents a unique aspect of the software behavior in this context [88605].

IoT System Layer

Layer	Option	Rationale
Perception	network_communication, embedded_software	(a) sensor: The software failure incident reported in the article is not related to a sensor error. The failure was primarily due to technical difficulties during the setup of the voting machine prototypes brought by Galois to the Voting Village at Defcon [88605]. (b) actuator: The failure was not related to an actuator error. The article does not mention any issues with the actuator components of the voting machine prototypes. (c) processing_unit: The failure was not directly attributed to a processing error. The main issue mentioned in the article was technical difficulties during the setup of the machines, which hindered hackers from accessing the systems initially [88605]. (d) network_communication: The failure was partially related to network communication errors. Some of the machines had issues connecting to networks or online, which limited the ability of hackers to test for vulnerabilities that required external connections [88605]. (e) embedded_software: The failure was partially related to embedded software errors. One of the machines had a test suite that didn't run, indicating a software-related issue, and another machine couldn't connect to any networks, which could be attributed to embedded software problems [88605].
Communication	unknown	The software failure incident described in the article does not directly relate to a failure at the communication layer of the cyber-physical system. The failure was primarily attributed to technical difficulties during the setup of the secure voting machine prototypes at the Voting Village during the Defcon conference. The issues mentioned in the article were related to bugs in the machines that prevented hackers from accessing their systems initially, difficulties in connecting the machines to external devices, and problems with running test suites and getting online. These issues do not specifically point to failures at the link_level or connectivity_level of the cyber-physical system [88605].
Application	TRUE	The software failure incident described in the article [88605] was related to the application layer of the cyber physical system. The failure was attributed to technical difficulties during the setup of the secure voting machine prototypes at the Voting Village during the Defcon conference. Specifically, a bug in the machines prevented hackers from accessing their systems over the first two days of the event. This bug hindered the machines' functionality and impeded the intended testing and vulnerability assessment by hackers, indicating an issue at the application layer of the system [88605].

Other Details

Category	Option	Rationale
Consequence	delay, non-human, theoretical_consequence, other	(a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software failure incident reported in the articles [88605]. (b) harm: People were physically harmed due to the software failure - There is no mention of any physical harm to individuals due to the software failure incident reported in the articles [88605]. (c) basic: People's access to food or shelter was impacted because of the software failure - There is no mention of people's access to food or shelter being impacted by the software failure incident reported in the articles [88605]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident did not directly impact people's material goods, money, or data as the focus was on testing the security of the voting machine prototypes [88605]. (e) delay: People had to postpone an activity due to the software failure - The software failure incident did cause a delay in hackers being able to access the voting machine systems during the setup phase at the Voting Village [88605]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident affected the functionality of the voting machine prototypes brought by Galois to the Voting Village, hindering hackers' ability to test for vulnerabilities [88605]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident did have consequences in terms of delaying the hackers' access to the voting machine systems for vulnerability testing [88605]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The potential consequences discussed in the articles include the risk of hackers finding vulnerabilities in the voting machines, which could have implications for election security [88605]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The software failure incident led to a delay in hackers being able to assess the security vulnerabilities of the voting machine prototypes, impacting the intended testing process at the Voting Village [88605].
Domain	information	(a) The failed system was related to the information industry as it involved secure voting machine prototypes set up at the Voting Village during the Defcon security conference [88605]. The voting machines were designed to prevent hackers from tampering with votes and ensure the security of the voting process, highlighting the importance of information security in elections.

Sources

DARPA's $10 million voting machine couldn't be hacked at Defcon (for the wrong reasons) - CNET - Published on: 2019-08-11
Article ID: 88605

Back to List