Published on August 28th, 2019 📆 | 1773 Views ⚑
0U.S. Government Plan To Halt Election Cyberattacks Misses One Major Issue
The U.S. Government is planning a move to protect voter registration databases and systems against cyberattacks including ransomware ahead of the 2020 election.
Š 2018 Bloomberg Finance LP
The U.S. Government is planning a move to protect voter registration databases and systems against cyberattacks including ransomware ahead of the 2020 election. According to Reuters, intelligence officials fear the databases may be targeted by nation state hackers, who will seek to âmanipulate, disrupt or destroyâ the data.
It comes after the systems used to validate votersâ eligibility were compromised in 2016 by Russian adversaries keen to influence the outcome of the election.
The systems were deemed to be a risk because they are one of the few pieces of election technology still connected to the internet, U.S. officials said.
Specifically, the Cybersecurity Infrastructure Security Agency (CISA) is concerned that databases could be targeted by ransomware, which encrypts data so it is unreadable until the victim pays the attackerâusually in cryptocurrencies such as Bitcoins.
Ransomware in the news
Ransomware has been a feature of several attacks on U.S. cities in recent months. In June, Florida City Riviera Beach paid out an astonishing $600,000 to ransom hackers that took over its systems a few weeks previously. More recently this month, a Texas Cyberattack took 23 government agencies offline.
The new U.S. government program focusing on protecting voter registration databases forms part of a wider initiative to identify the most likely attack vectors ahead of the 2020 presidential election. It is due to launch in about a month.
âRecent history has shown that state and county governments and those who support them are targets for ransomware attacks,â CISA director Christopher Krebs said. âThat is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.â
The CISA program will include educational material as well as penetration testing and vulnerability scans. The material will include advice on how to prevent and recover from ransomware attacks.
Yet it wonât advise whether to pay the ransom when someone becomes a victim of this type of cyberattack. U.S. officials claimed this is because they are focused on preventing them from happening in the first place.
CISA election program: Is ransomware the right focus?
Cyberattacks such as ransomware are certainly a major threat, and manipulating election data could be devastating. However, some experts believe the focus of the plan is too narrow. Tim Erlin, VP, product management and strategy at Tripwire says it is âunfortunateâ that the focus on protecting US elections is âso narrow.â
âRansomware has been in the spotlight lately, especially for government agencies. Itâs a real concern, but itâs by no means the only issue for election security.â
Protecting the democratic process and infrastructure, while combating nation state level attacks to manipulate the voting public is âa daunting mission,â says Ian Thornton Trump, security head at AMTrust Europe. He says âsocial media sock puppets that can amplify divisive messages in key targeted areasâ make it very difficult to secure elections.
âYou would think that meaningful changes would have been made after the report on Russian influence activity,â Thornton-Trump says. âUnfortunately, due to partisan politics, no legislation has been brought into law.â
Philip Ingram, MBE, a former colonel in British military intelligence, says the use and abuse of information âis the biggest threat we have today.â
âMarketeers and advertisers have been doing it for years. It's been described as warfare; we have successfully used it and fallen for it in conflicts. But it is information and it is perception aimed at all of the senses.â
Thornton-Trump points out the difficulties in tackling disinformation and manipulation spread via social media. âThe very foundations of our social relationships to friends, family and government are being manipulated at mass scale. The social constructs we live in are defined by technology.â
Nation state cyberattacks come from multiple vectors that also include infrastructure such as power grids. This saw the U.S. government last month launch an initiative to secure the SCADA based systems that underpin these using âretroâ technologies.
Thereâs no doubt that nation states will continue to attempt to disrupt and influence by interfering with elections and attacking other critical elements that are connected to the internet. It requires a multi-pronged and in-depth approach: Letâs hope the government is doing far more behind the scenes.
">
The U.S. Government is planning a move to protect voter registration databases and systems against cyberattacks including ransomware ahead of the 2020 election. According to Reuters, intelligence officials fear the databases may be targeted by nation state hackers, who will seek to âmanipulate, disrupt or destroyâ the data.Â
It comes after the systems used to validate votersâ eligibility were compromised in 2016 by Russian adversaries keen to influence the outcome of the election.Â
The systems were deemed to be a risk because they are one of the few pieces of election technology still connected to the internet, U.S. officials said.
Specifically, the Cybersecurity Infrastructure Security Agency (CISA) is concerned that databases could be targeted by ransomware, which encrypts data so it is unreadable until the victim pays the attackerâusually in cryptocurrencies such as Bitcoins.Â
Ransomware in the news
Ransomware has been a feature of several attacks on U.S. cities in recent months. In June, Florida City Riviera Beach paid out an astonishing $600,000 to ransom hackers that took over its systems a few weeks previously. More recently this month, a Texas Cyberattack took 23 government agencies offline.Â
The new U.S. government program focusing on protecting voter registration databases forms part of a wider initiative to identify the most likely attack vectors ahead of the 2020 presidential election. It is due to launch in about a month.Â
âRecent history has shown that state and county governments and those who support them are targets for ransomware attacks,â CISA director Christopher Krebs said. âThat is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.â
The CISA program will include educational material as well as penetration testing and vulnerability scans. The material will include advice on how to prevent and recover from ransomware attacks.Â
Yet it wonât advise whether to pay the ransom when someone becomes a victim of this type of cyberattack. U.S. officials claimed this is because they are focused on preventing them from happening in the first place.
CISA election program: Is ransomware the right focus?
Cyberattacks such as ransomware are certainly a major threat, and manipulating election data could be devastating. However, some experts believe the focus of the plan is too narrow. Tim Erlin, VP, product management and strategy at Tripwire says it is âunfortunateâ that the focus on protecting US elections is âso narrow.â
âRansomware has been in the spotlight lately, especially for government agencies. Itâs a real concern, but itâs by no means the only issue for election security.â
Protecting the democratic process and infrastructure, while combating nation state level attacks to manipulate the voting public is âa daunting mission,â says Ian Thornton Trump, security head at AMTrust Europe. He says âsocial media sock puppets that can amplify divisive messages in key targeted areasâ make it very difficult to secure elections.Â
âYou would think that meaningful changes would have been made after the report on Russian influence activity,â Thornton-Trump says. âUnfortunately, due to partisan politics, no legislation has been brought into law.â
Philip Ingram, MBE, a former colonel in British military intelligence, says the use and abuse of information âis the biggest threat we have today.â
âMarketeers and advertisers have been doing it for years. It's been described as warfare; we have successfully used it and fallen for it in conflicts. But it is information and it is perception aimed at all of the senses.â
Thornton-Trump points out the difficulties in tackling disinformation and manipulation spread via social media. âThe very foundations of our social relationships to friends, family and government are being manipulated at mass scale. The social constructs we live in are defined by technology.â
Nation state cyberattacks come from multiple vectors that also include infrastructure such as power grids. This saw the U.S. government last month launch an initiative to secure the SCADA based systems that underpin these using âretroâ technologies.Â
Thereâs no doubt that nation states will continue to attempt to disrupt and influence by interfering with elections and attacking other critical elements that are connected to the internet. It requires a multi-pronged and in-depth approach: Letâs hope the government is doing far more behind the scenes.Â
Gloss