Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10/16/2020
03:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

US Counterintelligence Director & Fmr. Europol Leader Talk Election Security

The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.

Nations worldwide have faced the challenge of maintaining trustworthy elections in the face of evolving cyberthreats. As the United States rapidly approaches its 2020 presidential election, officials are concerned about how to best protect the democratic process from cyberthreats.

William Evanina, director of the National Counterintelligence and Security Center (NCSC) for the US Office of the Director of National Intelligence, joined former Europol Cyber Chief Sir Robert Wainwright and CrowdStrike chief security officer Sean Henry for a discussion at this week's Fal.Con 2020 conference. The three talked about top threats to election security around the world and how public and private sectors should collaborate.

Related Content:

Security Firms & Financial Group Team Up to Take Down Trickbot

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

"A big part of global election misinformation is hack and leak operations, as well as disruption of the electoral system, which puts into question the trustworthiness of the election infrastructure," said Henry, who previously served as the executive assistant director for the FBI's Criminal, Cyber, Response and Services Branch. "Will my vote count? Will your vote count? Can we be sure the election is secure and valid?"

For Evanina, the threat of disinformation and influence operations is top of mind. While this is "nothing new" for Russian threat actors, he said, it has grown into a massive problem for the US. Over the past year, adversaries have taken US modern events — protests, rioting, and COVID-19, among others — and accentuated and amplified them on social media, he explained.

"I would proffer the public and the democratic nations around the world really don't understand what disinformation and influence looks like and feels like when you see it," Evanina said. "I think social media, and the ability to promulgate information expediently on the Web, is going to be a big vulnerability for democracies going forward."

While disinformation campaigns and the spreading of false narratives are a global problem, "there's a side to this that's even more dangerous and insidious," Wainwright added. European officials who have explored attacks on election infrastructure and illicit funding operations as part of the election cycle have found attack operations have grown more advanced over time.

Between 2016 and 2020, "the complexity of threats as definitely moved on, and we definitely need to up our game as a result," he said.

A key component of this is intelligence sharing among nations, a practice that has intensified in recent years as counterterrorism efforts increased, Wainwright continued. While he was concerned these efforts would push election interference to the side, he reported over the past two years he has seen a greater intensive effort around protecting elections from attackers.

Prioritizing Public-Private Partnerships
This intelligence sharing exists both within Europe and within the US, as well as in transatlantic cooperation between agencies in Europe and in the US. But cooperation among governments is not enough: Experts agreed the private sector plays a critical role in defense and many companies — especially technology firms and social media giants — have a responsibility to help.

Social media companies have done a good job in the past five years of using their technological capabilities to remove terrorism content over the past five years, Wainwright said. "Some of these companies are working at a much more intensive rate than they were in 2016, because the challenge and the threat has moved on," he added. There's a big role they can play to aid in election security.

"The public-private partnership has never been more important than it is right now," said Evanina. It's a complicated situation he said, but he believes the government has to catch up with technology. Many employees in the private sector face trained, advanced attackers daily, Henry noted, and they could prove invaluable in helping government efforts.

This election cycle, the US government has partnered with Facebook, YouTube, Twitter, and other social media companies, which has exacerbated organizations' concern and desire to be a solution in protecting democracy, Evanina said. The problem is, these partnerships must work both ways. Companies must also be protected in the event they fall victim to a cyberattack.

"We have to acknowledge what's happening right now around the globe, where nation-state actors are using intelligence services to attack private sector companies," he said, pointing to the Equifax breach as an example. "We have to be willing and able to partner."

He called for the public and private sectors to "find a happy medium" where they can provide due diligence with information sharing, as well as privacy protection and protection from regulatory sanctions, after a company is victimized. "Being a victim cannot be something that's going to carry penalties," Evanina said.

This isn't about what role the government can play on one side and the private sector on the other, said Wainwright. A multiagency, multisector approach to election security is an "all-hands-on-deck" effort that involves two critical areas: ensuring high, common cybersecurity standards across election infrastructure, and understanding where threats come from. Here, he believes, we could potentially see great collaboration between the public and private sectors.

Ultimately, the experts agree that more needs to be done, especially with respect to informing the public of threats.

"I think we have not succeeded across our democratic countries in explaining to our populace how important and how fragile our democracy is," said Evanina. "And part of that fragility, the core fundamental basis of that fragility, is free and open elections."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
MarcW100
100%
0%
MarcW100,
User Rank: Apprentice
10/17/2020 | 9:53:36 PM
Oligarchy/darknet future or deep state/shallow state coup d'etat
The events described in this article focus on spies who are cloak & dagger but hemmed in on all sides by the inertia of cold war hegemony from bad state actors. That is the public sector. When the oligarchs on both side of this conflict clash this is the uncommon realm of private sector.

Of course, I am raising the bar too high for myself, but mark my words, Treadstone will have the last and final word. You can't keep a good positivist down.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11484
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.
CVE-2020-11485
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the u...
CVE-2020-11486
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.
CVE-2020-11487
PUBLISHED: 2020-10-29
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead ...
CVE-2020-11488
PUBLISHED: 2020-10-29
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to i...