Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
8/22/2018
10:30 AM
Todd Weller
Todd Weller
Commentary
50%
50%

The Votes Are In: Election Security Matters

Three ways to make sure that Election Day tallies are true.

No matter what side of the political divide on which one falls, everyone agrees that the security and integrity of elections are critical. Throughout history, foreign adversaries have attempted to influence election outcomes to their benefit and, in 2016, the efforts escalated to cyberattacks. For this reason, the security of US elections and election infrastructure remains a top national concern, and in early 2017, the government designated the election system as one of our critical infrastructures. With the number of cyberattacks growing every day, improving cybersecurity will be a mandatory component in preserving our political process.

The US Department of Homeland Security (DHS) confirmed that at least 21 states have had their networks scanned by Russian adversaries. Scanning is the cyber equivalent of checking for holes in a fence, an unlocked door, or an open window. There are also confirmed reports of a few specific intrusions into government-owned voter registration databases.

The recent FBI indictments validate an organized cyberattack campaign that targeted political organizations, specifically the Democratic Congressional Campaign Committee and the Democratic National Committee. Not surprisingly, this attack began with spearphishing that resulted in network access, the planting of malware, lateral movement, and the exfiltration of sensitive data.

Federal, state, and local governments are responding with initiatives to improve the security of election infrastructure. Earlier this year, the federal government approved $380 million to be used by the states to improve election security. Currently, more than 20 states have requested access to funds and this should increase as we approach the 2018 midterm elections. The funds are being used to improve voter registration databases, election management systems, electronic voting machines, and election night reporting systems.

Ways to Improve Election Infrastructure Security
Election infrastructure is a complex web of systems and networks that involves more than 8,000 entities with resources distributed across both state and local governments. Notably, election infrastructure is not just the systems that support the actual election process but also includes the operations of candidates and campaigns. Improving election infrastructure security requires a combination of a renewed focus on basic cyber hygiene, as well as the strategic use of advanced security technologies, threat intelligence, and information sharing.

1. Revisiting Basic Cyber Hygiene
Whether we are talking about election infrastructure or corporate IT infrastructure, organizations often don't focus enough on cyber hygiene. Just focusing on the basics, which include hardening systems, ensuring proper access controls, and conducting security awareness training to mitigate the risk of users clicking on malicious links, can strengthen security posture. (Yes, John Podesta — we're talking about you!)

State and local governments can take advantage of complimentary DHS services when testing their election infrastructure, which include cyber hygiene scans on Internet-facing systems and risk and vulnerability assessments.

2. Deploying Next-Generation Cyber Technologies
Cybersecurity is an ongoing race between attackers and defenders. Therefore, it's critical that organizations incorporate more contemporary and advanced security technologies into cyber defense efforts.

Current systems are overwhelmed, and hackers have been able to fly under the radar through encrypted communications such as Secure Sockets Layer. Utilizing next-generation security solutions is another way to increase election infrastructure security. It is no longer good enough to solely rely on firewalls and intrusion detection and prevention systems to protect our political system. 

3. Using and Sharing Threat Intelligence
Threat intelligence and information sharing has become a critical element of cyber frameworks like the NIST Cybersecurity Framework. With election infrastructure spread across federal, state, and local government, it is imperative that these organizations not only use but also share threat intelligence.

The good news is there is a significant amount of organized threat intelligence and intelligence-sharing efforts that can be leveraged to improve election infrastructure security. Organizations such as DHS and the FBI are valuable partners in these efforts.      

There is also the Multi-State Information Sharing & Analysis Center (MS-ISAC), whose stated mission is "to improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments through focused cyber prevention, protection, response, and recovery." MS-ISAC serves as a central hub for members to access, contribute, and exchange threat intelligence. Earlier this year, MS-ISAC formed the Elections Infrastructure ISAC (EI-ISAC) to specifically support the needs of election infrastructure. EI-ISAC provides members sector-specific threat intelligence products, incident response and remediation, threat and vulnerability monitoring, cybersecurity awareness, and training products.

Thinking Ahead
To ensure our electoral system is protected for years to come, federal, state, and local governments have significantly increased investments in election infrastructure security. While no one thing will solve this problem overnight, by revisiting basic security hygiene, deploying next-generation technologies, and using, sharing, and acting on threat intelligence, we will begin to move forward in mitigating the massive amount of cyber-risk that currently threatens our election system.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early-bird rate ends August 31. Click for more info

Todd Weller, Chief Strategy Officer at Bandura Cyber, works with organizations of all sizes to improve their ability to use, operationalize, and take action with threat intelligence.  He brings over 20 years of cybersecurity industry experience with a unique blend ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:27:38 AM
Easy solution to this!
I spoke to my local MP Douglas Ross here in Moray, Scotland about my solution to all these security needs.

 

I asked him to start talking about allowing people to link a U2F security token to the chip in the UK passport. This would allow root of trust with your government.

 

Now if every person used hardware security keys like Yubico NEO and linked to the passport then you could build a system that you could use either anonymously or with details the use picks.

 

People should control their data.

 

Once you can prove and sign a form to say you are a legitimate citizen using U2F you stop all illegal acts. 100% as they are recorded and accountable.

The world need to use ROOT OF TRUST with PASSPORTS and U2F security tokens from FIDO.

Very easy to use and setup.

Never been remotly hacked ever.

 

This system could be used to audit the complete world, it would change security 100%

with everything being accountable, the black market would have to find another money to use.

 

This is why it's not happening, proves black market rules our leaders by making them rich.

 

 

Solved with root of trust

 
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16307
PUBLISHED: 2019-09-14
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKe...
CVE-2019-16294
PUBLISHED: 2019-09-14
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16309
PUBLISHED: 2019-09-14
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.