IoT
8/22/2018
10:30 AM
Todd Weller
Todd Weller
Commentary
50%
50%

The Votes Are In: Election Security Matters

Three ways to make sure that Election Day tallies are true.

No matter what side of the political divide on which one falls, everyone agrees that the security and integrity of elections are critical. Throughout history, foreign adversaries have attempted to influence election outcomes to their benefit and, in 2016, the efforts escalated to cyberattacks. For this reason, the security of US elections and election infrastructure remains a top national concern, and in early 2017, the government designated the election system as one of our critical infrastructures. With the number of cyberattacks growing every day, improving cybersecurity will be a mandatory component in preserving our political process.

The US Department of Homeland Security (DHS) confirmed that at least 21 states have had their networks scanned by Russian adversaries. Scanning is the cyber equivalent of checking for holes in a fence, an unlocked door, or an open window. There are also confirmed reports of a few specific intrusions into government-owned voter registration databases.

The recent FBI indictments validate an organized cyberattack campaign that targeted political organizations, specifically the Democratic Congressional Campaign Committee and the Democratic National Committee. Not surprisingly, this attack began with spearphishing that resulted in network access, the planting of malware, lateral movement, and the exfiltration of sensitive data.

Federal, state, and local governments are responding with initiatives to improve the security of election infrastructure. Earlier this year, the federal government approved $380 million to be used by the states to improve election security. Currently, more than 20 states have requested access to funds and this should increase as we approach the 2018 midterm elections. The funds are being used to improve voter registration databases, election management systems, electronic voting machines, and election night reporting systems.

Ways to Improve Election Infrastructure Security
Election infrastructure is a complex web of systems and networks that involves more than 8,000 entities with resources distributed across both state and local governments. Notably, election infrastructure is not just the systems that support the actual election process but also includes the operations of candidates and campaigns. Improving election infrastructure security requires a combination of a renewed focus on basic cyber hygiene, as well as the strategic use of advanced security technologies, threat intelligence, and information sharing.

1. Revisiting Basic Cyber Hygiene
Whether we are talking about election infrastructure or corporate IT infrastructure, organizations often don't focus enough on cyber hygiene. Just focusing on the basics, which include hardening systems, ensuring proper access controls, and conducting security awareness training to mitigate the risk of users clicking on malicious links, can strengthen security posture. (Yes, John Podesta — we're talking about you!)

State and local governments can take advantage of complimentary DHS services when testing their election infrastructure, which include cyber hygiene scans on Internet-facing systems and risk and vulnerability assessments.

2. Deploying Next-Generation Cyber Technologies
Cybersecurity is an ongoing race between attackers and defenders. Therefore, it's critical that organizations incorporate more contemporary and advanced security technologies into cyber defense efforts.

Current systems are overwhelmed, and hackers have been able to fly under the radar through encrypted communications such as Secure Sockets Layer. Utilizing next-generation security solutions is another way to increase election infrastructure security. It is no longer good enough to solely rely on firewalls and intrusion detection and prevention systems to protect our political system. 

3. Using and Sharing Threat Intelligence
Threat intelligence and information sharing has become a critical element of cyber frameworks like the NIST Cybersecurity Framework. With election infrastructure spread across federal, state, and local government, it is imperative that these organizations not only use but also share threat intelligence.

The good news is there is a significant amount of organized threat intelligence and intelligence-sharing efforts that can be leveraged to improve election infrastructure security. Organizations such as DHS and the FBI are valuable partners in these efforts.      

There is also the Multi-State Information Sharing & Analysis Center (MS-ISAC), whose stated mission is "to improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments through focused cyber prevention, protection, response, and recovery." MS-ISAC serves as a central hub for members to access, contribute, and exchange threat intelligence. Earlier this year, MS-ISAC formed the Elections Infrastructure ISAC (EI-ISAC) to specifically support the needs of election infrastructure. EI-ISAC provides members sector-specific threat intelligence products, incident response and remediation, threat and vulnerability monitoring, cybersecurity awareness, and training products.

Thinking Ahead
To ensure our electoral system is protected for years to come, federal, state, and local governments have significantly increased investments in election infrastructure security. While no one thing will solve this problem overnight, by revisiting basic security hygiene, deploying next-generation technologies, and using, sharing, and acting on threat intelligence, we will begin to move forward in mitigating the massive amount of cyber-risk that currently threatens our election system.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early-bird rate ends August 31. Click for more info

Todd Weller, Chief Strategy Officer at Bandura, works with large organizations in acting on their threat intelligence to prevent future attacks. He brings over 20 years of cybersecurity industry experience with a unique blend of operational and hands-on proficiency. He ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:27:38 AM
Easy solution to this!
I spoke to my local MP Douglas Ross here in Moray, Scotland about my solution to all these security needs.

 

I asked him to start talking about allowing people to link a U2F security token to the chip in the UK passport. This would allow root of trust with your government.

 

Now if every person used hardware security keys like Yubico NEO and linked to the passport then you could build a system that you could use either anonymously or with details the use picks.

 

People should control their data.

 

Once you can prove and sign a form to say you are a legitimate citizen using U2F you stop all illegal acts. 100% as they are recorded and accountable.

The world need to use ROOT OF TRUST with PASSPORTS and U2F security tokens from FIDO.

Very easy to use and setup.

Never been remotly hacked ever.

 

This system could be used to audit the complete world, it would change security 100%

with everything being accountable, the black market would have to find another money to use.

 

This is why it's not happening, proves black market rules our leaders by making them rich.

 

 

Solved with root of trust

 
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why the CISSP Remains Relevant to Cybersecurity After 28 Years
Steven Paul Romero, SANS Instructor and Sr. SCADA Network Engineer, Chevron,  11/6/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19205
PUBLISHED: 2018-11-12
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
CVE-2018-19206
PUBLISHED: 2018-11-12
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
CVE-2018-19207
PUBLISHED: 2018-11-12
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
CVE-2018-1786
PUBLISHED: 2018-11-12
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
CVE-2018-1798
PUBLISHED: 2018-11-12
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...