Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/26/2019
04:00 PM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Global Cyber Alliance And Center For Internet Security Launch Free Cybersecurity Toolkit for States And Local Election Offices

Developed with Funding from Craig Newmark Philanthropies, Toolkit Focuses on Mitigating Most Common and Addressable Cyber Risks

EW YORK, June 25, 2019 – Today, the Global Cyber Alliance (GCA), in partnership with Craig Newmark Philanthropies and the Center for Internet Security,® Inc. (CIS®), announces a FREE toolkit aimed at providing election authorities with additional easy-to-use solutions that will help mitigate the most common risks to free and fair elections. This toolkit will help government entities responsible for securing local, state and national elections handle daunting security challenges posed by today’s digital world.  Election offices are already working overtime against increasing threats, and the toolkit provides more resources for them to consider. Earlier this year, Craig Newmark Philanthropies contributed a $1.068 million gift to help GCA provide critical cybersecurity protections for media, journalists, election offices and community organizations, and this toolkit is a step in that effort.

“Election infrastructure is critical infrastructure – as vital to daily lives as nuclear power plants or water-filtration facilities,” said Philip Reitinger, President and CEO of GCA. “Election security must be a national and global priority, especially as securing elections is one of the most difficult tasks for a democracy, and the shortage of resources available to many election offices exacerbates the challenge.”

The toolkit is intended to help election offices add to their security program with free operational tools and guidance and has been assembled to help implement the recommendations in A Handbook for Elections Infrastructure Security. In this document, the Center for Internet Security, Inc., working with election offices, election associations and vendors, as well as academia, has established a set of best practices for securing the systems that comprise our election infrastructure. 

“The fabric of American democratic society relies on citizen trust in a fair, equitable and secure elections process,” said Craig Newmark. “The GCA Cybersecurity Toolkit offers election officials with proven cybersecurity policies and protections to help prevent elections from being hijacked by those who want to inflict damage on free and open societies.”

Elections are local, but the threats to their integrity are global. More than 99 percent of votes in the U.S. are cast or counted by computer, and the U.S. Department of Homeland Security has designated election systems as critical infrastructure.

Today’s cyber risks to elections are multiple and alarming. These risks include the compromise of voter registration data, election infrastructure hacking to alter vote counts, denial-of-service attacks against election offices, phishing campaigns directed at election officials, impersonation of emails from election offices and others, and the viral spread of false information through websites and social media.

“GCA has compiled a number of valuable free resources that will help election officials implement the security best practices outlined in A Handbook for Elections Infrastructure Security,” said John Gilligan, CIS President and CEO. “CIS appreciated the opportunity to collaborate with GCA on the Cybersecurity Toolkit for Elections.”

Election officials now confront an onslaught of cyber threats that inflict serious risks to the integrity of elections and the democratic process. Although these officials work hard to secure election infrastructure, there are thousands of election offices across the country with disparate security resources that will benefit from the GCA Cybersecurity Toolkit.

For more information and to access the toolkit, visit https://gcatoolkit.org/elections.

 

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

About Craig Newmark Philanthropies

Craig Newmark Philanthropies was created by craigslist founder Craig Newmark to support and connect people and drive broad civic engagement. The organization works to advance people and grassroots organizations that are getting stuff done in areas that include trustworthy journalism, voter protection, gender diversity in technology, and veterans and military families. For more information, please visit: CraigNewmarkPhilanthropies.org.

 

About CIS

CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center ® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit www.cisecurity.org or follow us on Twitter: @CISecurity.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5118
PUBLISHED: 2019-11-18
A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in the boot loader module when measuring commandline parameters.
CVE-2019-12422
PUBLISHED: 2019-11-18
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVE-2012-4441
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
CVE-2019-10764
PUBLISHED: 2019-11-18
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which m...
CVE-2019-19117
PUBLISHED: 2019-11-18
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.