Election Security Insights – August 2018
In This Issue
- See the latest election attacks in the Interactive Election Incident Map
- CyberDefenses Perspective: Keeping Defcon hacks in context. Learn how.
- US officials are looking for voter system problems at Defcon. Here's why.
- Hacked voting systems aren't the only issue. See what's also causing worry.
- 60 Minutes shares what happened when Russia targeted US elections.
- Learn how three US senators are fighting hostile nation election hacking.
- Three 2018 campaigns have already been hacked. Find out who's behind it.
- Insights into the US intel community's assessment of Russian interference.
- CyberDefenses Blog: How much election cybersecurity funding is enough?
- Find out which events should be on your calendar.
Interactive Election Incident Map
In this interactive map, we capture information about the latest election cybersecurity incidents as they occur. Stay informed of the most recent attack locations and methods so you're armed with knowledge that can help you protect your data and systems.
DEFCON "VOTING VILLAGE" SCRATCHES THE SURFACE OF THREATS FACING THE ELECTIONS SYSTEM
Hackers congregated in Las Vegas last week for the annual Defcon convention, and the topic of election cybersecurity was front and center. As the November US midterm elections draw closer, the reality of Russian interference in the 2016 election has moved election cybersecurity from a relatively niche technical issue to a high profile subject that warrants its own specialized event at the conference. For the second year, Defcon has hosted "Voting Village" giving hackers an opportunity to do their best to break into and/or defend election machines.
The result was similar to last year - hackers successfully infiltrated voting equipment which outlined issues with voting machines and emphasized that upgrades, patching, and having appropriate staff are still the best answers to addressing vulnerabilities. However, the "Voting Village" exercises were able to explore only a few of the many complex components involved in the elections ecosystem. While they exposed that there are critical elements that need to be fixed, it would be overreaching and overreacting to say it means the elections infrastructure is incompetent.
Here's why. It's difficult to simulate the reality of the elections ecosystem. First, it's much broader than voting machines, which Defcon attempted to demonstrate this year by adding mock election office networks and voter registration databases for participants to defend and/or hack. Secondly, election process elements, like networks, databases, voter check-in and results publishing, are widely disconnected from one another, both logically and geographically. Yet, out of logistical necessity, these elements were connected at Defcon which provided unfettered access and interconnectivity that doesn't exist in the real world.
The key takeaway is there are important distinctions between the issues that surfaced at Defcon and their outcomes in real life conditions. It doesn't mean that there is nothing to learn from a meeting like this, but it does mean we need to properly understand the context. Election officials are right to point out that the hacks are unrealistic, but the heightened awareness generated by these exercises have helped spur action by lawmakers who have begun to introduce election security legislation. If a singular message exists, its the need to be proactive and advocate for resources to fix the issues.
CNET: US OFFICIALS HOPE HACKERS AT DEFCON FIND MORE VOTING MACHINE PROBLEMS
The US Department of Homeland Security is working hand-in-hand with Defcon organizers. The goal is to create simulated cyber attack scenarios that could shed light on threats to prepare for in the upcoming US midterm elections. Elections security is a major concern as cyberattacks threaten the trust and integrity of democratic election processes around the world.
CNN: ELECTION OFFICIALS' CONCERNS TURN TO INFORMATION WARFARE AS HACKERS GATHER IN VEGAS
Now in its second year at the annual Defcon hacker convention, "Voting Village" is helping election officials understand potential cybersecurity vulnerabilities facing the democratic process as we head into the November elections. In addition to concerns over voting machine security, the threat of information manipulation is another serious issue to address.
60 MINUTES: WHAT HAPPENED WHEN RUSSIAN HACKERS TARGETED THE U.S. ELECTIONS INFRASTRUCTURE
Russian operatives launched a widespread cyberattack against state voting systems during the 2016 presidential election. Former officials say no votes were changed but an Election Day attack could have created chaos at the polls.
GRAHAM, WHITEHOUSE, BLUMENTHAL INTRODUCE BILLS TO PREVENT HOSTILE NATIONS FROM UNDERMINING AMERICAN DEMOCRACY
Three U.S. Senators have introduced two bipartisan bills that would improve cybercrime prevention and bolster the United States' election infrastructure. The International Cybercrime Prevention Act would enable federal prosecutors to shut down botnets while the Defending the Integrity of Voting Systems Act would it a federal crime to hack voting systems used in federal elections a federal crime.
CNN: RUSSIANS ATTEMPTED TO INFILTRATE THREE 2018 CAMPAIGNS, MICROSOFT SAYS
Russian intelligence operatives attempted to hack into the online accounts of staffers on three congressional campaigns in the upcoming midterm elections, a Microsoft executive said, marking the first public acknowledgement of a Russian attack on a 2018 race.
WASHINGTON POST: VICE PRESIDENT PENCE AFFIRMED THE U.S. INTELLIGENCE COMMUNITY'S ASSESSMENT THAT RUSSIA SOUGHT TO INFLUENCE 2016 ELECTIONS
In his first speech on cybersecurity at a conference on the topic hosted by the Department of Homeland Security, Vice President Mike Pence addressed the controversy around whether or not Russia sought to influence the 2016 elections. He stated that while no votes were changed, Russians did attempt to weaken the democratic process by seeking to "sow discord and division."
Election Cybersecurity Funding: How Much Is Enough?
by Brian Engle, CISO
As states decide how to wisely use their portion of the $380 million funding bill provided by Congress for cybersecurity efforts, many are discovering more questions than answers. There is still much to understand about what it will take to build up adequate defenses against sophisticated adversaries that election officials have never had to face before now. Consequently, it's difficult to determine exactly how much funding will be enough.
New Orleans, LA
St. Louis, MO
Sept. 10 - 11
CyberDefenses is an award-winning Managed Security Services Provider (MSSP) specializing in election security. Schedule a 30-minute conversation to learn how we can help protect your election from cyber attack.