Virtual Election Simulation Provides Glimpse of Security Risks
… coordination, orchestration and preparedness for future elections. The security professionals on the red team are always confident in their moves and the results.
We are one of the oldest democracies in the world. We have survived catastrophes as a nation far worse than election hacking, and we will not be sated by electronic fingers tipping the scales. But to ensure the integrity of the voting process, we need to continue to build on what we know. Democracy requires constant vigilance and constant learning. The 2016 election had lessons to teach, but we need to prepare to start preparing for the next election in 2024, not just this one on Nov. 3.
CF: Can cybersecurity professionals help to ensure secure elections at the local level?
SC: We have only begun to tap into the potential to create an army of cyber minutemen and women. Not only can we participate in educating our peers, we can also participate by directly protecting democracy. There are more election security tabletop exercises to run, and the adversary has more innovation in store for us all. Every generation needs to prepare to fight for democracy. Generations now must add the cyber battlefield to the more traditional land, sea, air and space battles.
SecurityScorecard Helps Make Elections Safer
SecurityScorecard is offering its ratings platform and questionnaire service at no cost to 2020 federal campaigns, and national parties and committees in partnership with Defending Digital Campaigns (DDC).
DDC is a nonpartisan organization that provides security products and services to federal campaigns to help them fend off cyberattacks.
SecurityScorecard’s ratings platform will allow any campaign to understand and continuously monitor its own cybersecurity risks. Campaigns also can send security questionnaires to any third-party vendors supporting their operations for a view of their cybersecurity risk.
Sachin Bansal is general counsel at SecurityScorecard.
“Third parties are the biggest attack vector for campaigns,” he said. “And many third parties for campaigns are small operations, such as a polling agency or an ad buyer. Despite their size, these third parties often hold sensitive data from campaigns, such as the personal information of thousands of voters who have consented to provide their information to the campaigns.”
In 2019, third-party data breaches were up significantly, Bansal said. So it’s not just campaigns that are struggling with the cyber hygiene of third parties, he said.
“There are two fundamental problems, which is what drove the creation of our partner, DDC,” he said. “The first is that campaigns have very limited resourcing since they are cash-strapped operations and cybersecurity can be costly. The other problem is cybersecurity-related expertise, which a campaign often does not have on staff. We’ve addressed this by donating our product through DDC, and our product is extremely simple to use so it does not require technical expertise.”
The number of cyberattacks has gone up exponentially since the pandemic started,” Bansal said.
“That along with the issues surrounding the 2016 election prompted us to take action and do our part to help make our democracy safer,” he said.
Massive Social Media Attack Highlights Weaknesses
A social media data broker exposed the public-facing profiles of 235 million TikTok, Instagram and YouTube users via a misconfigured online database.
Information exposed included profile name, real name, profile pic, account description, age, gender and more. Spammers can use this data to carry out more sophisticated and convincing phishing attacks.
Stephen Manley is chief technologist at Druva. He said organizations should protect themselves from this type of attack and the secondary threats that result from it.
“Cloud teams need to discover all their cloud assets so they can secure their data,” he said. “Some of the largest data leaks have come from …