Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10/16/2020
03:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

US Counterintelligence Director & Fmr. Europol Leader Talk Election Security

The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.

Nations worldwide have faced the challenge of maintaining trustworthy elections in the face of evolving cyberthreats. As the United States rapidly approaches its 2020 presidential election, officials are concerned about how to best protect the democratic process from cyberthreats.

William Evanina, director of the National Counterintelligence and Security Center (NCSC) for the US Office of the Director of National Intelligence, joined former Europol Cyber Chief Sir Robert Wainwright and CrowdStrike chief security officer Sean Henry for a discussion at this week's Fal.Con 2020 conference. The three talked about top threats to election security around the world and how public and private sectors should collaborate.

Related Content:

Security Firms & Financial Group Team Up to Take Down Trickbot

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

"A big part of global election misinformation is hack and leak operations, as well as disruption of the electoral system, which puts into question the trustworthiness of the election infrastructure," said Henry, who previously served as the executive assistant director for the FBI's Criminal, Cyber, Response and Services Branch. "Will my vote count? Will your vote count? Can we be sure the election is secure and valid?"

For Evanina, the threat of disinformation and influence operations is top of mind. While this is "nothing new" for Russian threat actors, he said, it has grown into a massive problem for the US. Over the past year, adversaries have taken US modern events — protests, rioting, and COVID-19, among others — and accentuated and amplified them on social media, he explained.

"I would proffer the public and the democratic nations around the world really don't understand what disinformation and influence looks like and feels like when you see it," Evanina said. "I think social media, and the ability to promulgate information expediently on the Web, is going to be a big vulnerability for democracies going forward."

While disinformation campaigns and the spreading of false narratives are a global problem, "there's a side to this that's even more dangerous and insidious," Wainwright added. European officials who have explored attacks on election infrastructure and illicit funding operations as part of the election cycle have found attack operations have grown more advanced over time.

Between 2016 and 2020, "the complexity of threats as definitely moved on, and we definitely need to up our game as a result," he said.

A key component of this is intelligence sharing among nations, a practice that has intensified in recent years as counterterrorism efforts increased, Wainwright continued. While he was concerned these efforts would push election interference to the side, he reported over the past two years he has seen a greater intensive effort around protecting elections from attackers.

Prioritizing Public-Private Partnerships
This intelligence sharing exists both within Europe and within the US, as well as in transatlantic cooperation between agencies in Europe and in the US. But cooperation among governments is not enough: Experts agreed the private sector plays a critical role in defense and many companies — especially technology firms and social media giants — have a responsibility to help.

Social media companies have done a good job in the past five years of using their technological capabilities to remove terrorism content over the past five years, Wainwright said. "Some of these companies are working at a much more intensive rate than they were in 2016, because the challenge and the threat has moved on," he added. There's a big role they can play to aid in election security.

"The public-private partnership has never been more important than it is right now," said Evanina. It's a complicated situation he said, but he believes the government has to catch up with technology. Many employees in the private sector face trained, advanced attackers daily, Henry noted, and they could prove invaluable in helping government efforts.

This election cycle, the US government has partnered with Facebook, YouTube, Twitter, and other social media companies, which has exacerbated organizations' concern and desire to be a solution in protecting democracy, Evanina said. The problem is, these partnerships must work both ways. Companies must also be protected in the event they fall victim to a cyberattack.

"We have to acknowledge what's happening right now around the globe, where nation-state actors are using intelligence services to attack private sector companies," he said, pointing to the Equifax breach as an example. "We have to be willing and able to partner."

He called for the public and private sectors to "find a happy medium" where they can provide due diligence with information sharing, as well as privacy protection and protection from regulatory sanctions, after a company is victimized. "Being a victim cannot be something that's going to carry penalties," Evanina said.

This isn't about what role the government can play on one side and the private sector on the other, said Wainwright. A multiagency, multisector approach to election security is an "all-hands-on-deck" effort that involves two critical areas: ensuring high, common cybersecurity standards across election infrastructure, and understanding where threats come from. Here, he believes, we could potentially see great collaboration between the public and private sectors.

Ultimately, the experts agree that more needs to be done, especially with respect to informing the public of threats.

"I think we have not succeeded across our democratic countries in explaining to our populace how important and how fragile our democracy is," said Evanina. "And part of that fragility, the core fundamental basis of that fragility, is free and open elections."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarcW100
100%
0%
MarcW100,
User Rank: Apprentice
10/17/2020 | 9:53:36 PM
Oligarchy/darknet future or deep state/shallow state coup d'etat
The events described in this article focus on spies who are cloak & dagger but hemmed in on all sides by the inertia of cold war hegemony from bad state actors. That is the public sector. When the oligarchs on both side of this conflict clash this is the uncommon realm of private sector.

Of course, I am raising the bar too high for myself, but mark my words, Treadstone will have the last and final word. You can't keep a good positivist down.
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark Reading,  12/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27409
PUBLISHED: 2020-12-04
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
CVE-2020-27408
PUBLISHED: 2020-12-04
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
CVE-2020-27765
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause ot...
CVE-2020-27766
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, b...
CVE-2020-27767
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application avai...