Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
8/22/2018
10:30 AM
Todd Weller
Todd Weller
Commentary
50%
50%

The Votes Are In: Election Security Matters

Three ways to make sure that Election Day tallies are true.

No matter what side of the political divide on which one falls, everyone agrees that the security and integrity of elections are critical. Throughout history, foreign adversaries have attempted to influence election outcomes to their benefit and, in 2016, the efforts escalated to cyberattacks. For this reason, the security of US elections and election infrastructure remains a top national concern, and in early 2017, the government designated the election system as one of our critical infrastructures. With the number of cyberattacks growing every day, improving cybersecurity will be a mandatory component in preserving our political process.

The US Department of Homeland Security (DHS) confirmed that at least 21 states have had their networks scanned by Russian adversaries. Scanning is the cyber equivalent of checking for holes in a fence, an unlocked door, or an open window. There are also confirmed reports of a few specific intrusions into government-owned voter registration databases.

The recent FBI indictments validate an organized cyberattack campaign that targeted political organizations, specifically the Democratic Congressional Campaign Committee and the Democratic National Committee. Not surprisingly, this attack began with spearphishing that resulted in network access, the planting of malware, lateral movement, and the exfiltration of sensitive data.

Federal, state, and local governments are responding with initiatives to improve the security of election infrastructure. Earlier this year, the federal government approved $380 million to be used by the states to improve election security. Currently, more than 20 states have requested access to funds and this should increase as we approach the 2018 midterm elections. The funds are being used to improve voter registration databases, election management systems, electronic voting machines, and election night reporting systems.

Ways to Improve Election Infrastructure Security
Election infrastructure is a complex web of systems and networks that involves more than 8,000 entities with resources distributed across both state and local governments. Notably, election infrastructure is not just the systems that support the actual election process but also includes the operations of candidates and campaigns. Improving election infrastructure security requires a combination of a renewed focus on basic cyber hygiene, as well as the strategic use of advanced security technologies, threat intelligence, and information sharing.

1. Revisiting Basic Cyber Hygiene
Whether we are talking about election infrastructure or corporate IT infrastructure, organizations often don't focus enough on cyber hygiene. Just focusing on the basics, which include hardening systems, ensuring proper access controls, and conducting security awareness training to mitigate the risk of users clicking on malicious links, can strengthen security posture. (Yes, John Podesta — we're talking about you!)

State and local governments can take advantage of complimentary DHS services when testing their election infrastructure, which include cyber hygiene scans on Internet-facing systems and risk and vulnerability assessments.

2. Deploying Next-Generation Cyber Technologies
Cybersecurity is an ongoing race between attackers and defenders. Therefore, it's critical that organizations incorporate more contemporary and advanced security technologies into cyber defense efforts.

Current systems are overwhelmed, and hackers have been able to fly under the radar through encrypted communications such as Secure Sockets Layer. Utilizing next-generation security solutions is another way to increase election infrastructure security. It is no longer good enough to solely rely on firewalls and intrusion detection and prevention systems to protect our political system. 

3. Using and Sharing Threat Intelligence
Threat intelligence and information sharing has become a critical element of cyber frameworks like the NIST Cybersecurity Framework. With election infrastructure spread across federal, state, and local government, it is imperative that these organizations not only use but also share threat intelligence.

The good news is there is a significant amount of organized threat intelligence and intelligence-sharing efforts that can be leveraged to improve election infrastructure security. Organizations such as DHS and the FBI are valuable partners in these efforts.      

There is also the Multi-State Information Sharing & Analysis Center (MS-ISAC), whose stated mission is "to improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments through focused cyber prevention, protection, response, and recovery." MS-ISAC serves as a central hub for members to access, contribute, and exchange threat intelligence. Earlier this year, MS-ISAC formed the Elections Infrastructure ISAC (EI-ISAC) to specifically support the needs of election infrastructure. EI-ISAC provides members sector-specific threat intelligence products, incident response and remediation, threat and vulnerability monitoring, cybersecurity awareness, and training products.

Thinking Ahead
To ensure our electoral system is protected for years to come, federal, state, and local governments have significantly increased investments in election infrastructure security. While no one thing will solve this problem overnight, by revisiting basic security hygiene, deploying next-generation technologies, and using, sharing, and acting on threat intelligence, we will begin to move forward in mitigating the massive amount of cyber-risk that currently threatens our election system.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early-bird rate ends August 31. Click for more info

Todd Weller, Chief Strategy Officer at Bandura Cyber, works with organizations of all sizes to improve their ability to use, operationalize, and take action with threat intelligence.  He brings over 20 years of cybersecurity industry experience with a unique blend ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:27:38 AM
Easy solution to this!
I spoke to my local MP Douglas Ross here in Moray, Scotland about my solution to all these security needs.

 

I asked him to start talking about allowing people to link a U2F security token to the chip in the UK passport. This would allow root of trust with your government.

 

Now if every person used hardware security keys like Yubico NEO and linked to the passport then you could build a system that you could use either anonymously or with details the use picks.

 

People should control their data.

 

Once you can prove and sign a form to say you are a legitimate citizen using U2F you stop all illegal acts. 100% as they are recorded and accountable.

The world need to use ROOT OF TRUST with PASSPORTS and U2F security tokens from FIDO.

Very easy to use and setup.

Never been remotly hacked ever.

 

This system could be used to audit the complete world, it would change security 100%

with everything being accountable, the black market would have to find another money to use.

 

This is why it's not happening, proves black market rules our leaders by making them rich.

 

 

Solved with root of trust

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.