Vulnerabilities / Threats
2/17/2017
11:00 AM
Connect Directly
Twitter
RSS
E-Mail
0%
100%

After Election Interference, RSA Conference Speakers Ask What Comes Next

Election-tampering called 'a red line we should not allow anyone to cross.'

RSA CONFERENCE -- San Francisco -- As discussion about possible American collusion with Russian interference in the 2016 US presidential election heats up in Washington, the events have also been a hot topic here. RSA Conference speakers have not only tackled recent hacking events specifically, but discussed how they exacerbate the weaknesses of an already fragmented, lightly regulated voting system with highly irregular security practices.

The fundamental questions: what comes next and why does it matter to cybersecurity professionals? 

Rep. Michael McCaul (R-TX), chairman of the House Homeland Security Committee, said during a keynote session Tuesday that he was first briefed on election-related attacks in the spring, and has "no doubt" Russians undermined the election.

"This is a red line we should not allow anyone to cross," said Rep. McCaul. 

"We must continue to call out Moscow for election interference. …  And if we don’t, I am certain they will do it again," he said.

McCaul also said that there must be a response to this behavior, and the "strategies should not include just returning fire."

These were thoughts echoed by John P. Carlin, chair of Morrison and Foerster LLP in a session called "Electoral Dysfunction" Wednesday. Until recently, Carlin was the US Department of Justice's assistant attorney general for national security; he left the position in October. "I'm very concerned about repeated conduct," by nation-state attackers, said Carlin.

During Carlin's tenure, DOJ developed a cybercrime "deterrence playbook" to discourage nation-state attacks on the US by ensuring there would be consequences for them. For deterrence to work, Carlin explained, the government would not only have to make it clear that it would take action in respond to specific acts, but make it clear that "we are going to take actions until the behavior stops."  

Michele Flournoy - founder and CEO of the Center for a New American Security, who served as Under Secretary of Defense for Policy from 2009 to 2012 - took aim at Russia and recent attacks specifically.

"We need to assess Russian with clear eyes," said Flournoy, during a session on the future of security and defense Tuesday. She explained that after the Cold War, Russia did not integrate with global community as other members of the Eastern Bloc, and that since Putin took leadership of the country a second time he has pursued a campaign "against democracy" and an effort to deunify allies. 

"We owe it to ourselves to investigate [these attacks] further," Flournoy said, saying that we need to "really map the extent of contact between the Trump campaign and Russia." 

(Later that day, the New York Times reported that members of the Trump campaign had repeated contact with Russian intelligence before the election. Some legislators, including Senate Foreign Relations Committee Chairman Bob Corker, a Republican, has since suggested that recently ousted national security adviser Michael Flynn should testify before Congress, telling MSNBC "Maybe there's a problem that obviously goes much deeper than what we now suspect." President Trump has suggested the controversy is manufactured.)

How much of this really falls under the purview of cybersecurity, though? No evidence has been reported of voting machines themselves being exploited or attacked in the 2016 US presidential election. The hacks and information leaks that did occur were not particularly sophisticated from a technological standpoint.

Despite that, "it may eventually come to be seen as the biggest hack in history," said Kenneth Geers, Comodo Senior Research Scientist and a NATO Cooperative Cyber Defence Center of Excellence Ambassador, in an interview with Dark Reading. Geers also spoke about the demonstrable connection between malware activity and significant political, socioeconomic events during a Comodo event here Monday and RSA presentations.  

Geers says one could "definitely draw a parallel" between Russian involvement in the US elections and the Ukraine election in 2014, because both included the hacking of political parties, doxing, and the information operations in social media - like the creation of fraudulent accounts and the spread of propaganda, which are not always seen as part of the American definition of "information security." 

While attackers could focus their hacking efforts on e-voting machines themselves, Geers said, it would easier to discover than these other, subtler methods, Geers said.

Carlin echoed this sentiment. "Think of how effective this was, and it did not attack the [systems we use to vote.]"

There are other, practical reasons attackers wouldn't go after voting machines. Mike Weber, vice president of labs at Coalfire explained in the "Electoral Dysfunction" session, although vulnerabilities have been found in machines before, many of them require physical access, or near access to the hardware. Therefore, it's simpler "not to attack the infrastructure, but the things that access the infrastructure" - like voter databases, for example.

These attacks nevertheless cause distrust in the very democratic process.

In the same session, Pamela Smith, president of Verified Voting said the 2016 election showed that the US vote auditing and recount process is "worse than we thought." There are roughly 6,000 voting jurisdictions in the US, all with their own rules. Some of the jurisdictions that were called upon to do a recount had no voter-verified paper trails, others had policies allowing them the option to re-run their machines' tally instead of counting the paper votes, and others halted the recounts before they were completed. 

Related RSA Content:

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GetErD973
67%
33%
GetErD973,
User Rank: Apprentice
2/19/2017 | 11:10:27 PM
Russians hacking election? Really?
So many things wrong with this concept.  First, a simple phish attack resulted in showing how the DNC was actually rigging the election and yet somehow what the DNC did is blamed on the Russians?

Second, the great USA has always tried to influence elections of other countries - why is it right when we do it and wrong when others try to do same to us?

If you are a credible security professional, this is a none story.  If you "hate Trump" and "love Clinton", then this is a great story to try to jam down everyone's throat.

 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.