Articles

Cybersecurity under fire: CISA’s former deputy director decries post-election…

Matt Travis talks about CISA’s role in the recent US elections and how President Trump and his surrogates have politicized the security function.

Matt Travis, the former deputy director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), kicked off this year’s Aspen Cyber Summit yesterday with a keynote interview by journalist Kara Swisher. Travis provided an insider’s view of the events leading up to the firing of CISA director Christopher Krebs and discussed the fallout from President Donald Trump’s attempts to undermine the agency.

The just-concluded president election represented “the most secure election in American history,” according to Krebs. Despite this achievement, or perhaps because of it, Krebs was summarily fired by Donald Trump via a tweet on November 17. Before Krebs was dismissed, the White House asked for the resignation of Brian Ware, the highly regarded assistant director for cybersecurity for CISA. After Krebs’ forced departure, Matt Travis, CISA deputy director and Krebs’ right-hand man at CISA, resigned from the agency.

On Sunday, Krebs, a lifelong Republican, told 60 Minutes’ Scott Pelley that he has complete confidence in the election outcome. He dismissed as conspiracy theories some of Trump’s increasingly convoluted stories of how President-Elect Joe Biden “stole” the election. Krebs said that Trump’s attorney Rudy Giuliani’s promotion of unproven election fraud was an “attempt to undermine confidence in the election, to confuse people, to scare people.”

Following the 60 Minutes interview, another Trump attorney, Joseph DiGenova, said that Krebs should be “taken out and shot” for contradicting Trump’s unsubstantiated claims of voter fraud. Yesterday, Krebs told CBS’s Savannah Guthrie that he is looking into potential legal action following DiGenova’s bald threat. Alex Stamos, former Facebook CISO and founder of the Stanford Internet Observatory, filed a complaint against DiGenova with the DC Bar’s Office of Disciplinary Counsel and encouraged his fellow infosec peers to do the same.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

Security in the spotlight as the US heads into…

lead centered=”no”
A new report and tabletop exercise show how the upcoming US elections could be disrupted at the local government level without hacking the election itself.
/lead

Attacks on the digital infrastructures of US state, local, tribal and territorial (SLTT) governments continue at a healthy clip, a chronic trend that does not bode well for election security as the nation moves into the crucial run-up to the 2020 presidential election. Although a lot of research has focused on the potential hacking of election equipment and related backend infrastructure, recent studies and exercises suggest that adversaries can disrupt the democratic process almost as well by simply targeting other local government and community systems.

In a report released today, cybersecurity firm Blue Voyant presents the results of a study that examined the local governments’ cybersecurity posture in 108 jurisdictions going back to 2017. They found a steep rise in ransomware attacks on SLTT governments from 2017 to 2019 and a jump in the amount of ransom demanded from $30,000 in 2017 to $380,000 in 2019, with some ransom amounts exceeding $1 million.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Tiffany Tertipes on Unsplash

Articles

No election security funding in latest round of stimulus…

lead centered=”no”Doubts raised about funding for 2020 election security and mail-in voting as money omitted from the latest stimulus bill./lead

While the economic and social fallout of the coronavirus captures virtually all federal, state and local policymaking resources, the US is quickly moving into a critical election season with election safety and security issues still unresolved. Yesterday, the House of Representatives voted overwhelmingly to pass the latest in a string of coronavirus-related bills, a $484 billion economic stimulus measure, the Paycheck Protection Program, and Health Care Enhancement Act.

That bill, a companion to a law passed by the Senate, did not contain provisions to help states and local jurisdictions with the likely need for mail-in voting and increased voting security, as some lawmakers and state officials had earlier hoped.

This latest stimulus bill follows several other pieces of stimulus legislation, including a significant bill signed into law on March 27, the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The CARES Act provided $400 million for states to “prevent, prepare for, and respond to coronavirus, domestically or internationally, for the 2020 Federal election cycle.” Those funds are aimed at making voting in the upcoming presidential and other elections in November “safe” given the coronavirus scourge and the likely need for a quick shift to mail-in ballots in addition to continued electronic voting at polling stations.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

On the 2020 Congressional cybersecurity agenda: Critical infrastructure, copyright…

lead centered=”no”Despite the distraction of an election year, Congress is expected to give the Department of Homeland Security tools to identify critical infrastructure threats and copyright exemptions to security researchers./lead

Distracted by high-profile developments, gridlocked by partisan resentment, and time-crunched due to the election year, Congress is nevertheless swinging into gear on specific cybersecurity issues, Washington insiders told attendees at Shmoocon 2020 this past weekend. Among the top items that Congress might tackle are new subpoena powers to address critical infrastructure threats, a big-picture policy report, and copyright law exemptions that protect security researchers.

Congressional interest in cybersecurity has escalated over the past decade, the panelists agreed. “Congress members are aware of a challenge. They want to do something to fix it,” Nick Leiserson, legislative director to Congressman Jim Langevin (D-RI), a senior member of the House Armed Services and Homeland Security Committees, said. “There is engagement, and that is very important. That is a change that is not where we were ten years ago when my boss was being looked at oddly by his colleagues. You know, they were like, ‘Here’s the tinfoil hat, Jim,'” he said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

US elections remain vulnerable to attacks, despite security improvements

lead centered=”no”Continued Russian interference, insecure paperless voting processes will sow doubt about the next election./lead

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact.

Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

CISA’s Krebs seeks more measured approach to election security…

lead centered=”no”
The Cybersecurity and Infrastructure Security Agency director says overhyped concern is a problem, while election officials say they reap the benefits of improved communications.
/lead

Given the too-late realization that Russia interfered in the 2016 presidential election through massive disinformation campaigns and — as the Mueller report most recently documented with a few new twists — actual efforts to hack into state elections systems, it’s no surprise that election security under the rubric of “Protect 2020” was a key theme running throughout the Cybersecurity and Infrastructure Security Agency’s (CISA) second annual Cybersecurity Summit.

Even so, CISA Director Christopher Krebs kicked off the summit by cautioning against the fearful language and overwrought concerns currently surrounding the topic of election security. “We’ve got to be more straightforward, more measured, more reasonable in how we talk about things. Election security is a great example. Are there true, absolute, fundamental risks in the infrastructure? Yes, but we have to take the hysteria out of the conversation because ultimately what we do is we drive broader voter confidence down,” he said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

U.S. Rep Lieu hopeful for election security bill prospects

lead centered=”no”
Congressman sees Republican softening on gun legislation as a sign they might be willing to consider election security. Calls on the security community to expose election system weaknesses.
/lead

U.S. Representative Ted Lieu (D-CA) thinks that Senate Majority Leader Mitch McConnell’s weakening opposition to gun legislation bodes well for the prospects of passing an election security bill. Several election security measures have stalled in Congress since the 2016 presidential election because McConnell has refused to take them up on the Senate side.

“I know that public sentiment has shifted on the gun issue so that Mitch McConnell is now willing to consider background checks on guns and red flag laws,” Lieu tells CSO Online. “That wasn’t something he had been saying a few weeks ago. So, you never know when something can happen that will shift public sentiment in such a way that will force him to take up a vote for election security.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Why one of America’s top experts is hopeful for…

lead centered=”no”
Voting machines and elections in general are still vulnerable to hacking, says Matt Blaze, but adoption of risk-limiting audits and software independence gives opportunity for improvement.
/lead

In the aftermath of the 2016 presidential election, election security quickly became one of the hottest political and cybersecurity research topics. The growing unease that foreign and other adversaries might meddle in our digital voting infrastructure gave way to a growing chorus among some experts to disband digital voting technology altogether and revert to paper ballots.

Six top-tier information security experts issued an alarming report about what they had discovered when they took apart voting machines at DEF CON’s Voting Village last year. They found dozens of severe vulnerabilities in a range of voting equipment, including one in a device from top voting technology supplier Election Systems & Software that could allow an attacker to remotely hijack the system over a network and alter the vote count.

One of those experts, Georgetown University professor and noted cryptographer Matt Blaze, told attendees at this year’s annual Shmoocon conference that in the 20 years he has been studying election security, “it is the hardest security problem I’ve ever encountered.”

This article appeared in CSO Online. To read the rest of the article please visit here.