Public Sector Cybersecurity Weekly Briefing 11-03-2017

[VIDEO] Were You Aware That October Was Cybersecurity Awareness Month?

In case you didn’t participate in Security Awareness Training (SAT) this past October, this video training for government staff provided by Mike Hamilton can get you caught up.


US Voting Server in Election Security Probe is Mysteriously Wiped
The server in question is based in Georgia – a state that narrowly backed Donald Trump, giving him 16 electoral votes – and stored the results from the state’s voting systems. The deletion of its data makes analysis of whether the computer was compromised impossible to ascertain. There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could have be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record.


Senate Intel Committee Votes Behind Closed Doors Bill to re-up Section 702
“It’s unacceptable that an issue of this magnitude was debated behind closed doors. We now know what mischief they were up to in secret,” ACLU Legislative Counsel Neema Singh Guliani, said in a release. “Not only did they fail to curb the litany abuses that have occurred in recent years, in many respects, the bill would expand existing surveillance authorities.” The bill, which reauthorizes Section 702 for eight more years, “would further strip Americans of their constitutional rights,” she said.


Bipartisan Bill Would Boost States’ Election Cybersecurity
The bill proposed Tuesday by Republican Susan Collins of Maine and Democrat Martin Heinrich of New Mexico would authorize federal grants to states to upgrade their systems and require better sharing of information about efforts to hack state voting systems. The government confirmed that Russians sought to probe the databases of 21 states last year, but delayed for months disclosing which states were targeted.


Researchers Warn State System to Catch Voter Fraud has 99% False Positive Rate
A database system that will now be used by Indiana to automatically purge voter registrations that have duplicates in other states is 99 percent more likely to purge legitimate voters, according to a paper published last week by researchers from Stanford University, the University of Pennsylvania, Harvard, Yale, and Microsoft Research. Using the probability of matching birth dates for people with common first, middle, and last names and an audit of poll books from the 2012 US presidential election, the researchers concluded that the system would de-register “about 300 registrations used to cast a seemingly legitimate vote for every one registration used to cast a double vote.”


How Smart Cities Can Protect Against IoT Security Threats
The security issues facing smart cities are unlike anything ever before seen, and solutions to these problems haven’t yet sprung up en masse, meaning many different interest groups have proposed their own respective plans. By combing through some of today’s proposed solutions, we can identify some of the leading trends that will come to dominate the future of smart city security.


Let the Cyber Wars Begin: Federal Regulators Prepare Their Arsenal
According to the SEC, the defendants styled certain ICOs as sales in club memberships in order to evade securities laws, including registration requirements. The Cyber Unit also will investigate misconduct perpetrated using the dark web where cryptocurrencies are used to pay for illicit goods.  This is likely to be an area of great activity given that the number of cryptocurrencies being traded is at an all-time high and their financial value reached a historic peak in 2017.


Challenges to U.S. Election Integrity
Various concerns about the security of U.S. elections have arisen over the past two decades, some more significant than others. While many studies have shown that voter fraud, for instance, is vanishingly rare in the U.S., what about the state of electoral administration, lost votes, and cyberattacks? On 16 October, two experts teamed up at MIT to share insights from their research on what is and isn’t working in America’s electoral system.


US Government Wants “Keys Under Doormat” Approach to Encryption
Rosenstein said encryption serves, “a valuable purpose.” He called it, “a foundational element of data security and essential to safeguarding data against cyber-attacks.” And he said he supports, “strong and responsible encryption.” Which to him means, “effective, secure encryption, coupled with access capabilities.”


Michigan Governor Signs Volunteer Cyber Corps Bill
With the new law, called the Cyber Civilian Corps Act, the team is now designated in statute and doesn’t need a state of emergency to be called into action. That means it can step in, when requested, and provide technical assistance if the state gets hit by a cyberattack or data breach. The law also broadens the team’s reach to allow it to help local governments, nonprofits and businesses across the state.


Georgia Attorney General Quits Defense in Server Wiping Case
The Georgia attorney general’s office will no longer represent the state’s top elections official in an elections integrity lawsuit filed three days before a crucial computer server was quietly wiped clean. […] The erased hard drives are central to the lawsuit because they could have revealed whether Georgia’s most recent elections were compromised by hackers. Russian interference in U.S. politics, including attempts to penetrate voting systems, has been an acute national preoccupation since last year.


Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.