NEW TECH: A couple of tools that deserve wide use — to preserve the integrity of U.S. elections
As the presidential debate season ramps up, the specter of nation-state sponsored hackers wreaking havoc, once more, with U.S. elections, looms all too large.
It’s easy to get discouraged by developments such as Sen. McConnell recently blocking a bi-partisan bill to fund better election security, as well as the disclosure that his wife, Transportation Security Elaine Chao, has accepted money from voting machine lobbyists.
Related: Why not train employees as phishing cops?
That’s why I was so encouraged to learn about two new tools that empower individual candidates – and local election officials – to take proactive steps to make election tampering much more difficult to successfully pull off. In the current geo-political environment, every forthright step can make a huge difference.
First, there’s a tool called the Rapid Cyber Risk Scorecard. NormShield, the Vienna, VA-based, cybersecurity firm that supplies this service, recently ran scores for all of the 26 declared presidential candidates — and found the average cyber risk score to be B+.
What this tells me is that the presidential candidates, at least, actually appear to be heeding lessons learned from the hacking John Podesta’s email account – and all of the havoc Russia was able to foment in our 2016 elections. NormShield found that all of the 2020 presidential hopefuls, thus far, are making sure their campaigns are current on software patching, as well as Domain Name System (DNS) security; and several are doing much more.
My takeaway: other candidates can use this scorecard, which runs assessments of 10 cyber risk categories, as a starting point to harden their campaigns.
Another such service that can do a ton of good was announced last week by Global Cyber Alliance (GCA), in partnership with Craig Newmark Philanthropies and the Center for Internet Security. It’s a free cybersecurity toolkit for elections that gives local election authorities actionable guidance on how to mitigate the most common risks to trustworthy elections.
Shoring up defenses
This service spins out of Craig Newmark Philanthropies contribution of a $1.068 million gift to help GCA provide critical cybersecurity protections for media, journalists, election offices and community organizations.
Reitinger
“Election offices are working hard to shore up their defenses, but many are under resourced to do everything that needs to be done,” Philip Reitinger, President and CEO of GCA, told me. “Our goal is to help organizations create more secure ecoystems to support a free and fair election processes. I talked to Craig Newmark and the Center for Internet Security, and both wanted to partner with GCA to create something tangible that was useful to the people responsible for conducting elections.”
Kudos to Reitnger — and to philanthropist Craig Newmark, the founder of Craigslist.com.
The GCA tool kit directly addresses the most commonplace election hacking methodologies, including:
•Compromising of voter registration data; election infrastructure hacking to alter vote counts.
•Denial-of-service attacks against election offices.
•Phishing campaigns directed at election officials.
•Impersonation of emails from election offices and others.
•The viral spreading of false information through websites and social media.
This timely toolkit has been beta-tested by more than 60 local elections organizations, and now needs to get widely distributed. Thousands local elections remain at high risk. Let’s not forget how Russia targeted elections in 39 states back in 2016.
“We eorked with CIS and took these best practices and then developed a toolkit to operationalize them and enable elections offices – regardless of size or budget – to prevent some of the most common cyber attacks used to affect the election process,” Reitinger told me.
9 ways to secure polls
The best practices have been organized into these nine categories:
•Know What You Have: The first step toward better security is to know what you have. Identify the applications, devices and accounts that you need to protect.
•Configure Securely: Enables users to make sure they are using all built-in security settings for the products and software they have purchased.
•Control Access: Tools that enable organizations to control, manage and limit access to systems.
•Update Your Defenses: Details how to make sure all devices and applications remain updated with the latest fixes/patches.
•Beyond Simple Passwords: Provides detailed information on keeping strong passwords and deploying two-factor authentication.
•Prevent Phishing and Viruses: Offers free tools to prevent phishing and viruses to include DNS filte
•Protect Your Brand: The reputation of election organizations can impact the fairness of an election. The reputation is shaped by how they communicate with citizens – mostly through email. GCA offers email security solutions that prevent malicious actors from hijacking email domains and sending emails that are spoofed to look legitimate.
•Backup and Recover: Solutions that enable organizations to constantly backup their systems and data and recover in the event of a cyber attack.
•Log and Monitor: Good cyber hygiene is an ongoing process and it is important to continuously monitor systems to know what additional defenses need to be deployed.
If you’re working on a campaign or involved in any way with a local election, please bring these tools to the attention of folks in leadership. Now is precisely the time to start taking essential fundamental steps to preserve the integrity of our elections . Talk more soon.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/new-tech-a-couple-of-tools-that-deserve-wide-use-to-preserve-the-integrity-of-u-s-elections/
