Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
8/22/2018
10:30 AM
Todd Weller
Todd Weller
Commentary
50%
50%

The Votes Are In: Election Security Matters

Three ways to make sure that Election Day tallies are true.

No matter what side of the political divide on which one falls, everyone agrees that the security and integrity of elections are critical. Throughout history, foreign adversaries have attempted to influence election outcomes to their benefit and, in 2016, the efforts escalated to cyberattacks. For this reason, the security of US elections and election infrastructure remains a top national concern, and in early 2017, the government designated the election system as one of our critical infrastructures. With the number of cyberattacks growing every day, improving cybersecurity will be a mandatory component in preserving our political process.

The US Department of Homeland Security (DHS) confirmed that at least 21 states have had their networks scanned by Russian adversaries. Scanning is the cyber equivalent of checking for holes in a fence, an unlocked door, or an open window. There are also confirmed reports of a few specific intrusions into government-owned voter registration databases.

The recent FBI indictments validate an organized cyberattack campaign that targeted political organizations, specifically the Democratic Congressional Campaign Committee and the Democratic National Committee. Not surprisingly, this attack began with spearphishing that resulted in network access, the planting of malware, lateral movement, and the exfiltration of sensitive data.

Federal, state, and local governments are responding with initiatives to improve the security of election infrastructure. Earlier this year, the federal government approved $380 million to be used by the states to improve election security. Currently, more than 20 states have requested access to funds and this should increase as we approach the 2018 midterm elections. The funds are being used to improve voter registration databases, election management systems, electronic voting machines, and election night reporting systems.

Ways to Improve Election Infrastructure Security
Election infrastructure is a complex web of systems and networks that involves more than 8,000 entities with resources distributed across both state and local governments. Notably, election infrastructure is not just the systems that support the actual election process but also includes the operations of candidates and campaigns. Improving election infrastructure security requires a combination of a renewed focus on basic cyber hygiene, as well as the strategic use of advanced security technologies, threat intelligence, and information sharing.

1. Revisiting Basic Cyber Hygiene
Whether we are talking about election infrastructure or corporate IT infrastructure, organizations often don't focus enough on cyber hygiene. Just focusing on the basics, which include hardening systems, ensuring proper access controls, and conducting security awareness training to mitigate the risk of users clicking on malicious links, can strengthen security posture. (Yes, John Podesta — we're talking about you!)

State and local governments can take advantage of complimentary DHS services when testing their election infrastructure, which include cyber hygiene scans on Internet-facing systems and risk and vulnerability assessments.

2. Deploying Next-Generation Cyber Technologies
Cybersecurity is an ongoing race between attackers and defenders. Therefore, it's critical that organizations incorporate more contemporary and advanced security technologies into cyber defense efforts.

Current systems are overwhelmed, and hackers have been able to fly under the radar through encrypted communications such as Secure Sockets Layer. Utilizing next-generation security solutions is another way to increase election infrastructure security. It is no longer good enough to solely rely on firewalls and intrusion detection and prevention systems to protect our political system. 

3. Using and Sharing Threat Intelligence
Threat intelligence and information sharing has become a critical element of cyber frameworks like the NIST Cybersecurity Framework. With election infrastructure spread across federal, state, and local government, it is imperative that these organizations not only use but also share threat intelligence.

The good news is there is a significant amount of organized threat intelligence and intelligence-sharing efforts that can be leveraged to improve election infrastructure security. Organizations such as DHS and the FBI are valuable partners in these efforts.      

There is also the Multi-State Information Sharing & Analysis Center (MS-ISAC), whose stated mission is "to improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments through focused cyber prevention, protection, response, and recovery." MS-ISAC serves as a central hub for members to access, contribute, and exchange threat intelligence. Earlier this year, MS-ISAC formed the Elections Infrastructure ISAC (EI-ISAC) to specifically support the needs of election infrastructure. EI-ISAC provides members sector-specific threat intelligence products, incident response and remediation, threat and vulnerability monitoring, cybersecurity awareness, and training products.

Thinking Ahead
To ensure our electoral system is protected for years to come, federal, state, and local governments have significantly increased investments in election infrastructure security. While no one thing will solve this problem overnight, by revisiting basic security hygiene, deploying next-generation technologies, and using, sharing, and acting on threat intelligence, we will begin to move forward in mitigating the massive amount of cyber-risk that currently threatens our election system.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early-bird rate ends August 31. Click for more info

Todd Weller, Chief Strategy Officer at Bandura Cyber, works with organizations of all sizes to improve their ability to use, operationalize, and take action with threat intelligence.  He brings over 20 years of cybersecurity industry experience with a unique blend ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:27:38 AM
Easy solution to this!
I spoke to my local MP Douglas Ross here in Moray, Scotland about my solution to all these security needs.

 

I asked him to start talking about allowing people to link a U2F security token to the chip in the UK passport. This would allow root of trust with your government.

 

Now if every person used hardware security keys like Yubico NEO and linked to the passport then you could build a system that you could use either anonymously or with details the use picks.

 

People should control their data.

 

Once you can prove and sign a form to say you are a legitimate citizen using U2F you stop all illegal acts. 100% as they are recorded and accountable.

The world need to use ROOT OF TRUST with PASSPORTS and U2F security tokens from FIDO.

Very easy to use and setup.

Never been remotly hacked ever.

 

This system could be used to audit the complete world, it would change security 100%

with everything being accountable, the black market would have to find another money to use.

 

This is why it's not happening, proves black market rules our leaders by making them rich.

 

 

Solved with root of trust

 
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...