Articles

Election security status: Some progress on ballot integrity, but…

lead centered=”no”
With the election less than two months away, government and election officials say voting itself is more secure, but Russian disinformation remains largely unaddressed.
/lead

The presidential election in 2016 was a wake-up call that the security of the country’s election infrastructure can never again be considered a sure thing. During the last presidential campaign, Russia hacked into the Democratic National Committee’s network and stole emails from Clinton campaign officials while also breaking into at least two county voting systems in Florida. Those digital security attacks took place alongside destructive disinformation campaigns that ran on vulnerable and unprepared social media networks.

At this year’s Billington Cybersecurity Summit, 55 days before the next presidential election, experts weighed in on the progress, or lack thereof, that the US has made in securing America’s elections since 2016.

Chris Krebs, head of the Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA), told attendees that three-and-a-half years after he joined the agency it has “turned the corner in a really meaningful way” on cybersecurity. “We’re working in all 50 states on a regular basis to share information, to secure their systems, to ensure that they have all the resources they need to be prepared, whether it’s a COVID environment or non-COVID environment.”

Matthew Masterson, senior cybersecurity advisor at CISA, says his group is hard at work on supporting the more than 8,800 officials who run the country’s elections. Many of the voting jurisdictions are small but many election offices represent the largest IT operations in their counties in terms of total number of assets.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Kari Sullivan on Unsplash

Articles

CMMC bakes security into DoD’s supply chain, has value…

lead centered=”no”
The Cybersecurity Maturity Model Certification provides a means for the Department of Defense to certify the security capabilities of its contractors, but it’s a good way to assess the cybersecurity maturity for all companies.
/lead

Just as the coronavirus pandemic was getting underway in January, the Department of Defense (DoD) launched an ambitious cybersecurity certification and compliance process called the Cybersecurity Maturity Model Certification (CMMC). This framework has five certification levels of maturity that are designed to ensure that the Pentagon’s 300,000 contractors can adequately protect sensitive information.

The CMMC embraces existing well-known federal cybersecurity frameworks including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, and AIA NAS9933, as well as compliance procedures from the Federal Information Security Management Act (FISMA). One of the most significant changes for DoD contractors under the CMMC is the need to undergo external security audits.

“There were some simple things that our communities weren’t doing and we needed to find a way to make them repeatable, accountable and to provide metrics and make them auditable,” Katie Arrington, CISO for acquisition and sustainment, DoD, said at the 10th Annual Billington Cybersecurity Summit, which was held virtually this year. “So, we created this model with collaboration with industry and academia.”

The CMMC “is one piece of a massive cultural reform that’s been going in the department since 2018,” Arrington said, pointing to something called the Adaptive Acquisition Framework, a set of policies designed to introduce innovation into what has long been the sluggish thicket of the federal acquisition process. “It’s refreshing to see that acquisition is now understanding the new emerging capabilities and how we need to move through those.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by İsmail Enes Ayhan on Unsplash