In This Issue
- See the latest election attacks in the Interactive Election Incident Map
- CyberDefenses's Perspective: Factoring in context to foster understanding.
- Are we prepared for upcoming elections? A cyberexpert weighs in.
- The fight against election disinformation. See what California is doing.
- Things you need to know about 2018 election security.
- New threats are facing election security. Learn what's causing the most worry.
- Discover why the ex-chief CIA is advising against panic, but for paranoia.
- Lawmakers draft more election security bills and neighborly warn Canada.
- CyberDefenses Blog: Detection and response tips to keep in mind on Nov. 6.
- Find out which events should be on your calendar.
Interactive Election Incident Map
In this interactive map, we capture information about the latest election cybersecurity incidents as they occur. Stay informed of the most recent attack locations and methods so you're armed with knowledge that can help you protect your data and systems.
Cyberdefenses Perspective
KEEPING ELECTION SECURITY NEWS IN PERSPECTIVE
By Monty St John, Director of Threat Intelligence
Very few would argue that recent headlines concerning election security haven't been alarming. From hacking to voting systems to stolen voter registration data and the deliberate distribution of false candidate information, it's no wonder people are questioning the integrity of election results.
It's hard to know who or what to believe, and while there is questionable information floating around, much of what we've read concerning election security is based on fact. However, "just the facts" without context can be just as dangerous or misleading as lies.
One example is the recent concern over 35 million voter registration records that were discovered in the Darknet marketplace.
Through our research, the CyberDefenses team has been able to confirm that the story is true, but the story doesn't warrant panic, and here's why:
- This voter registration data is already freely accessible to anyone who requests it from their state governments. In many cases, this information is used by candidates or non-profit organizations in marketing campaigns focused around gathering votes or support for causes.
- This information includes names, phone numbers, addresses and voter affiliation, not social security numbers or login credentials.
- This information is routinely found on the Darknet because many companies fail to take the right steps to protect it. Consequently, it is not available only via voter registration records. This fact reduces the probability that the data is related to an election-focused attack.
- Hackers tend to exaggerate their claims of how the data was collected or the type of data included to promote themselves as a go-to resource for valuable information. The likelihood of these records being sourced through nefarious means is probably slim.
- In many cases, this data is outdated. There is a high chance that it has been repackaged from old sources and is not as valuable as the sellers claim it is.
As November 6th draws closer, it is not surprising that the hacker community is capitalizing on the heightened focus around election security.They make an interesting claim that they have the ability to continuously retrieve voter registration information. Election officials should take these claims seriously by monitoring the data that is showing up in hacker forums. Plus, reviewing their data capture and dissemination process would be another wise move.
We're likely going to see more activity such as this. Some of it does indicate threats that should be addressed immediately, but other events, while concerning, aren't as alarming as some would want us to believe.
Noteworthy Headlines
GOVTECH.COM: EXPERT INTERVIEW ON 2018 ELECTION SECURITY
In this exclusive interview, government technology thought leader Dan Lohrmann speaks with cyberexpert David O'Berry about federal, state and local cyberpreparedness regarding the upcoming 2018 and 2020 elections.
NPR: CALIFORNIA LAUNCHES NEW EFFORT TO FIGHT ELECTION DISINFORMATION
The California election officials are launching a new effort to fight the kind of disinformation campaigns that plagued the 2016 elections - an effort that comes with thorny legal and political questions. The state's new Office of Elections Cybersecurity will focus on combating social media campaigns that try to confuse voters or discourage them from casting ballots.
VOA: THINGS YOU NEED TO KNOW ABOUT 2018 ELECTION SECURITY
As U.S. voters prepare to go to the polls for the November 6 midterm elections, federal, state and local officials are preparing too. But whereas many voters are considering which candidates to support, government officials are working to safeguard the system against foreign interference.
CBS NEWS: HOW AI IS CREATING NEW THREATS TO ELECTION SECURITY
Cyberattacks targeting the 2018 midterm election aren't just relying on tested tactics like phishing attacks, social media influence campaigns, and ransomware targeting critical infrastructure - they're also harnessing technology in new and ever more threatening ways.
YAHOO FINANCE: EX-CIA CHIEF'S TAKE ON ELECTION SECURITY: DON'T PANIC, DO STAY PARANOID
NEXTGOV: LAWMAKERS WEIGH ANOTHER ELECTION SECURITY BILL AND WARN CANADA ABOUT HUAWEI
Companies that produce election systems for state and local governments would have to be wholly owned and operated inside the United States under a bill introduced to a bipartisan trio of senators on Thursday. Lawmakers also claim that Canada's decision to include the Chinese company Huawei in its 5G telecommunications infrastructure could have dangerous consequences.
CyberDefenses Blog
Election Security Detection and Response: One if by Land, Two if by Sea...Three if by Cyber?
by Brian Engle, CISO
As election officials have been preparing for the midterm elections, a key message has been to include cybersecurity in their ramp-up efforts. But with early voting starting soon and election day right around the corner, the time to proactively implement security measures has passed. Now is the time to invest in detection and response efforts. Here are some key areas election officials should be prepared to monitor and address.
cyberdefenses.com/elections | elections@cyberdefenses.com
CyberDefenses is an award-winning Managed Security Services Provider (MSSP) specializing in election security. Schedule a 30-minute conversation to learn how we can help protect your election from cyber attack.