Public Sector Cybersecurity Weekly Briefing 12-22-2017

Securing the 2020 Election Process (Part 1)

To more accurately describe how the 2016 election outcome was likely influenced and what needs to be done to mitigate a repeat in 2018 or 2020, I believe it is necessary to start out by taking a closer look at the stakeholders involved in an election and then map the set of threats to these stakeholders before jumping to conclusions about what needs to be done.

 

Millions of California Voter Records Exposed in Unprotected MongoDB 
“Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery),” he said.  Just about every piece of PII on the voter was included in the database. This included name, address, phone number, email, place of birth, voting precinct and gender.

 

Senators to Introduce Bipartisan Bill to Prevent Foreign Cyber Interference in Elections
The bill, spearheaded by Sen. James Lankford, R-Oklahoma, and also sponsored by Sen. Lindsey Graham, R-South Carolina, Sen. Amy Klobuchar, and Sen. Kamala Harris, D-California, is intended to better the communication between the Department of Homeland Security, the intelligence community and state election offices, in efforts to thwart future interference in U.S. elections by foreign actors.

 

Months After Federal Warnings About Russian Software, Local Governments Respond
Local governments do not have federal secrets of importance to the Russians.” Hamilton says he is much more concerned with cyberthreats to critical infrastructure like water, gas and electricity. […] “Local governments manage traffic; they manage stormwater; they conduct emergency management. The impact of a disruption there is loss of life,” Hamilton says.

 

To Unlock Hidden Talent, Symantec Prepares State and Local Cybersecurity Challenge
The event is structured as an online competition that gives teams of one to four participants a two-day window to respond to simulated cybersecurity scenarios modeled after real malware and ransomware attacks. The company’s platform simulates financial institutions, governments, and other players that might be involved in a real-world attack.

 

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.