IN THIS ISSUE
- See the latest election attacks in the Interactive Election Incident Map
- CyberDefenses's Perspective: Factoring in context to foster understanding.
- Are we prepared for upcoming elections? A cyberexpert weighs in.
- The fight against election disinformation. See what California is doing.
- Things you need to know about 2018 election security.
- New threats are facing election security. Learn what's causing the most worry.
- Discover why the ex-chief CIA is advising against panic, but for paranoia.
- Lawmakers draft more election security bills and neighborly warn Canada.
- CyberDefenses Blog: Detection and response tips to keep in mind on Nov. 6.
- Find out which events should be on your calendar.
Interactive Election Map
KEEPING ELECTION SECURITY NEWS IN PERSPECTIVE
By Monty St John, Director of Threat Intelligence
Very few would argue that recent headlines concerning election security haven't been alarming. From hacking to voting systems to stolen voter registration data and the deliberate distribution of false candidate information, it's no wonder people are questioning the integrity of election results.
It's hard to know who or what to believe, and while there is questionable information floating around, much of what we've read concerning election security is based on fact. However, "just the facts" without context can be just as dangerous or misleading as lies.
One example is the recent concern overthat were discovered in the Darknet marketplace.
Through our research, the CyberDefenses team has been able to confirm that the story is true, but the story doesn't warrant panic, and here's why:
- This voter registration data is already freely accessible to anyone who requests it from their state governments. In many cases, this information is used by candidates or non-profit organizations in marketing campaigns focused around gathering votes or support for causes.
- This information includes names, phone numbers, addresses and voter affiliation, not social security numbers or login credentials.
- This information is routinely found on the Darknet because many companies fail to take the right steps to protect it. Consequently, it is not available only via voter registration records. This fact reduces the probability that the data is related to an election-focused attack.
- Hackers tend to exaggerate their claims of how the data was collected or the type of data included to promote themselves as a go-to resource for valuable information. The likelihood of these records being sourced through nefarious means is probably slim.
- In many cases, this data is outdated. There is a high chance that it has been repackaged from old sources and is not as valuable as the sellers claim it is.
As November 6th draws closer, it is not surprising that the hacker community is capitalizing on the heightened focus around election security.They make an interesting claim that they have the ability to continuously retrieve voter registration information. Election officials should take these claims seriously by monitoring the data that is showing up in hacker forums. Plus, reviewing their data capture and dissemination process would be another wise move.
We're likely going to see more activity such as this. Some of it does indicate threats that should be addressed immediately, but other events, while concerning, aren't as alarming as some would want us to believe.
|GOVTECH.COM: EXPERT INTERVIEW ON 2018 ELECTION SECURITY|
In this exclusive interview, government technology thought leader Dan Lohrmann speaks with cyberexpert David O'Berry about federal, state and local cyberpreparedness regarding the upcoming 2018 and 2020 elections.
|NPR: CALIFORNIA LAUNCHES NEW EFFORT TO FIGHT ELECTION DISINFORMATION|
The California election officials are launching a new effort to fight the kind of disinformation campaigns that plagued the 2016 elections - an effort that comes with thorny legal and political questions. The state's new Office of Elections Cybersecurity will focus on combating social media campaigns that try to confuse voters or discourage them from casting ballots.
|VOA: THINGS YOU NEED TO KNOW ABOUT 2018 ELECTION SECURITY|
As U.S. voters prepare to go to the polls for the November 6 midterm elections, federal, state and local officials are preparing too. But whereas many voters are considering which candidates to support, government officials are working to safeguard the system against foreign interference.
|CBS NEWS: HOW AI IS CREATING NEW THREATS TO ELECTION SECURITY|
Cyberattacks targeting the 2018 midterm election aren't just relying on tested tactics like phishing attacks, social media influence campaigns, and ransomware targeting critical infrastructure - they're also harnessing technology in new and ever more threatening ways.
|YAHOO FINANCE: EX-CIA CHIEF'S TAKE ON ELECTION SECURITY: DON'T PANIC, DO STAY PARANOID|
In an interview with former Central Intelligence Agency director John Brennan, a longtime security expert, refrained from retreating into fingernail-chewing anxiety. Instead, Brennan said he's confident in the work being done to secure voting systems.
|NEXTGOV: LAWMAKERS WEIGH ANOTHER ELECTION SECURITY BILL AND WARN CANADA ABOUT HUAWEI|
Companies that produce election systems for state and local governments would have to be wholly owned and operated inside the United States under a bill introduced to a bipartisan trio of senators on Thursday. Lawmakers also claim that Canada's decision to include the Chinese company Huawei in its 5G telecommunications infrastructure could have dangerous consequences.
|Election Security Detection and Response:|
One if by Land, Two if by Sea...Three if by Cyber?
by Brian Engle, CISO
|As election officials have been preparing for the midterm elections, a key message has been to include cybersecurity in their ramp-up efforts. But with early voting starting soon and election day right around the corner, the time to proactively implement security measures has passed. Now is the time to invest in detection and response efforts. Here are some key areas election officials should be prepared to monitor and address.|