Election Security Insights – February 2019
In This Issue
- CyberDefenses's Perspective: Learn how you can change security culture.
- Intel officials are concerned about foreign adversaries. Here's why.
- Discover why an expert is optimistic about election security improvements.
- Looking ahead to the 2020 election has some worried.
- A glance back to 2018 shows what went well and what didn't.
- Rhode Island is fighting back against Russian election interference. Here's how.
- See the latest election attacks in the Interactive Election Incident Map
- CyberDefenses Blog: Protect 2020 with groundbreaking election security services.
- Find out which events should be on your calendar.
Interactive Election Incident Map
In this interactive map, we capture information about the latest election cybersecurity incidents as they occur. Stay informed of the most recent attack locations and methods so you're armed with knowledge that can help you protect your data and systems.
Transforming Security Culture in Your Election Department
By Brian Engle, CISO and Director of Advisory Services, CyberDefenses
Securing elections against cyberattack has been top of mind for election officials for many years. Working to protect elections is nothing new and many organizations have made strong strides in the right direction. However, as we approach the 2020 election, the attacks, breaches and headlines from 2016 continue to haunt those of us responsible for making sure elections are safe from tampering and disruption. Stories continue to trickle in of breaches and attacks that circumvented existing security measures. In some cases, credentials were stolen from an unsuspecting staffer or a system weakness was left exposed by a third-party vendor. The harsh lesson behind these examples is that overlaying security onto election operations is not enough. Election security must be woven into the culture so that it is pervasive across every possible level of the entire election process.
It is not uncommon to focus election security efforts exclusively on voting technology, such as voting machines or tabulation systems, and security at this level is certainly important. However, election security must go beyond these systems. The reality is cyberattackers infiltrate elections using a variety of different methods across the entire election process.
An effective election security initiative encompasses every aspect of the process. From the moment a voter registers or a candidate files until the election results are certified and published, each point where data or voting functions could be exposed should be evaluated and secured.
Implementing security across this full scope requires a customized effort. Employing the same cybersecurity techniques and tactics used to secure businesses doesn’t align with the election process. Elections typically involve unique steps, several different locations and departments with varying technologies, a hybrid manual and digital environment and a workforce comprised of short-term volunteers as well as full-time staffers.
Another key difference between elections and business environments is that the motivations and attack techniques involved in elections are widely varied. Unlike corporate breaches motivated largely by financial gain, election attacks are motivated by a range of different desired outcomes, from furthering a community agenda to destabilizing an entire democratic system. Securing elections must factor in all likely scenarios so that security teams can effectively focus on and monitor the right type of suspicious activity.
What’s more, ensuring that your team understands the different motivations and attack methods is an important part of building a culture that integrates security into every aspect of the election process. At a minimum, every staffer should be equipped with a clear understanding of why it’s so critical to protect system login credentials, how they can spot an attack, and what they can do to immediately stop it and report it. Making this level of security awareness a baseline aspect of every staff member and volunteer’s job will go a long way toward instilling a culture that revolves around security. This all-encompassing cultural approach is the best way to make certain you aren’t leaving gaps exposed to attacks.
In many cases, security efforts focus only on voter machines or tabulation systems, but the reality is cyberattackers infiltrate elections using a variety of different methods across the entire election process. CyberDefenses election security services address the entire process from voter registration to electronic results reporting.
PowerPost: The Cybersecurity 202: US Adversaries Are Raising Their Cyber Game, Intel Officials Warn
All four of the United States' main global adversaries are investing heavily in offensive cyber capabilities and are more likely to use digital attacks to gain strategic advantage. Elections are still a target.
CSO: Why One of America's Top Experts Is Hopeful for Better Election Security
Georgetown University professor and noted cryptographer Matt Blaze, told attendees at this year's annual Schmoocon conference that in the 20 years he has been studying election security, "it is the hardest security problem I've ever encountered."
Politico: Intelligence Heads Warn of More Aggressive Election Meddling in 2020
In a worldwide threat assessment to the Senate Intelligence Committee, Director of National Intelligence Dan Coats wrote that competitors such as Russia, China and Iran "probably already are looking at 2020 U.S. elections as an opportunity to advance their interests."
Council of Foreign Relations: Year in Review: Cyber Threats and the Mid-Term US Elections
In 2018, the United States held elections amidst wide-ranging efforts to protect this vital democratic process from foreign cyber threats. The 2018 elections ended without the cyber crises that marked the 2016 elections, but this outcome should not obscure the difficulties encountered this year in protecting U.S. elections from cyber threats.
Time: Russia Wants to Undermine Trust in Elections. Here's How Rhode Island Is Fighting Back
Voting experts say election audits are critical to thwarting attempts to meddle with American democracy. As election officials around the country prepare for 2020, security advocates hope they will look to Rhode Island to take tangible steps to fortify their votes against any shadow of doubt.
University of Pittsburgh Institute for Cyber Law, Policy and Security: Blue Ribbon Commission On Election Security Releases Report
From the National Academies of Sciences, Engineering, and Medicine and the U.S. Senate Intelligence Committee to hundreds of cybersecurity experts, the key remedies are clear: Use voting systems with voter-marked paper ballots; improve cybersecurity of election management and voter registration systems; conduct robust post-election audits; and have good contingency planning in place. These recommendations, and more, are detailed in this report.
CyberDefenses Launches the Protect 2020 Election Security Bundle
By Brian Engle, CISO and Director of Advisory Services, CyberDefenses
Drawing from our extensive experience in cybersecurity and elections, CyberDefenses has put together a new program designed to help election organizations strengthen their defenses against election attacks between now and the 2020 election.
CyberDefenses is an award-winning Managed Security Services Provider (MSSP) specializing in election security. Schedule a 30-minute conversation to learn how we can help protect your election from cyber attack.