Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsSecurity Week: The Incentive to Disrupt Elections has Never Been Higher
https://www.securityweek.com/incentive-disrupt-elections-has-never-been-higher. . .
Attacks on the sanctity of the ballot box have already begun. Readers of this column will be familiar with some of the examples:
In the 2016 election cycle, we know that Russian actors probed the voter registration systems of at least 20 states.
Weve seen denial of service and ransomware attacks targeting state and local election agencies.
FireEye recently reported on Russian actors APT28 and Sandworm Team recently compromising multiple governments in Europe in advance of elections.
The vulnerabilities in voting machines are myriad, have been well documented, and yet equipment makers continue to sell these outdated machines. FireEye Intelligence has observed voting machines for sale in underground criminal forums, for attackers to practice against.
National parties and candidates organizations themselves have been targeted repeatedly.
State-sponsored misinformation campaigns have dominated the headlines recently.
Fortunately, the U.S. government has taken some steps to address these issues. The 2018 Help America Vote Act (HAVA) allocated $380M, to improve the administration of elections for Federal office, including to enhance election technology and to make election security improvements. States are able to use allocations from this fund to purchase new voting equipment that provides a paper record of the voters intent, implement audit systems, upgrade computer systems, facilitate cyber security training for election officials, implement cyber security best practices, and fund other cyber security-related activities.
Its a good start, but as of September 30, 2018, just $31.4M (8.3% of the total allocated) had been spent by the states. Of that total, $18M was on cyber security, and just under $11M was used for new voting machines. You might think that the states have been slow to make their requests, but all states and territories have indeed submitted their requests and received their grants. Some states have detailed plans for improving their cyber securityfor example South Carolina intends to spend $525,000 to conduct comprehensive risk and vulnerability assessments of their voter registration systems, remediate findings, conduct a penetration test of their e-poll book, and implement network monitoring solutions. Rhode Island intends to spend $734,000 to implement database activity monitoring, asset management systems, and a Security Information and Event Management system (SIEM) for their voting environmentin addition to budgeting for the necessary people to manage these tools.
On the other hand, several states have requested no funding for cyber security, or only token amountse.g., funding a small vulnerability assessment, but no budget for remediation. Its possible that these states had already allocated their own funds toward election security and dont need the HAVA grant funding. However, I have yet to work with a state government that felt adequately funded for cyber security. I suspect one reason for the slow uptake is just a lack of answers: beyond the obligatory assessments and vulnerability scans, what should election agencies be doing to properly secure their environments, protect voter information, and the ensure integrity of the vote? These are complex and highly distributed systems, and its not an easy answer, but one that I hope to explore more in future columns.
Its also my hope that we can properly fund more robust security for candidates organizations and national parties. Individual candidates are running campaigns on a shoestring budget, and a dollar spent to secure a database is one that isnt used on a yard sign. Its tough to prioritize security if funds arent specifically earmarked, but compromised campaigns can have global implicationsas we saw when the Clinton campaign was hacked in 2016, perhaps tipping the outcome of the election.
Attacks on the sanctity of the ballot box have already begun. Readers of this column will be familiar with some of the examples:
In the 2016 election cycle, we know that Russian actors probed the voter registration systems of at least 20 states.
Weve seen denial of service and ransomware attacks targeting state and local election agencies.
FireEye recently reported on Russian actors APT28 and Sandworm Team recently compromising multiple governments in Europe in advance of elections.
The vulnerabilities in voting machines are myriad, have been well documented, and yet equipment makers continue to sell these outdated machines. FireEye Intelligence has observed voting machines for sale in underground criminal forums, for attackers to practice against.
National parties and candidates organizations themselves have been targeted repeatedly.
State-sponsored misinformation campaigns have dominated the headlines recently.
Fortunately, the U.S. government has taken some steps to address these issues. The 2018 Help America Vote Act (HAVA) allocated $380M, to improve the administration of elections for Federal office, including to enhance election technology and to make election security improvements. States are able to use allocations from this fund to purchase new voting equipment that provides a paper record of the voters intent, implement audit systems, upgrade computer systems, facilitate cyber security training for election officials, implement cyber security best practices, and fund other cyber security-related activities.
Its a good start, but as of September 30, 2018, just $31.4M (8.3% of the total allocated) had been spent by the states. Of that total, $18M was on cyber security, and just under $11M was used for new voting machines. You might think that the states have been slow to make their requests, but all states and territories have indeed submitted their requests and received their grants. Some states have detailed plans for improving their cyber securityfor example South Carolina intends to spend $525,000 to conduct comprehensive risk and vulnerability assessments of their voter registration systems, remediate findings, conduct a penetration test of their e-poll book, and implement network monitoring solutions. Rhode Island intends to spend $734,000 to implement database activity monitoring, asset management systems, and a Security Information and Event Management system (SIEM) for their voting environmentin addition to budgeting for the necessary people to manage these tools.
On the other hand, several states have requested no funding for cyber security, or only token amountse.g., funding a small vulnerability assessment, but no budget for remediation. Its possible that these states had already allocated their own funds toward election security and dont need the HAVA grant funding. However, I have yet to work with a state government that felt adequately funded for cyber security. I suspect one reason for the slow uptake is just a lack of answers: beyond the obligatory assessments and vulnerability scans, what should election agencies be doing to properly secure their environments, protect voter information, and the ensure integrity of the vote? These are complex and highly distributed systems, and its not an easy answer, but one that I hope to explore more in future columns.
Its also my hope that we can properly fund more robust security for candidates organizations and national parties. Individual candidates are running campaigns on a shoestring budget, and a dollar spent to secure a database is one that isnt used on a yard sign. Its tough to prioritize security if funds arent specifically earmarked, but compromised campaigns can have global implicationsas we saw when the Clinton campaign was hacked in 2016, perhaps tipping the outcome of the election.
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
1 replies, 313 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (0)
ReplyReply to this post
1 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Security Week: The Incentive to Disrupt Elections has Never Been Higher (Original Post)
CousinIT
May 2019
OP
guillaumeb
(42,641 posts)1. And the need for the GOP to cheat.
The GOP literally cannot win nationally if the election is fair.
So they resort to various forms of voter fraud and outright suppression.