Election security has improved since 2016 | Techno Glob


Comment

Welcome to Cybersecurity 202! Watching a Brooklyn Net car accident provokes reactions ranging from craning my neck to schadenfreude.

Below: Banks report record amounts in potential ransomware payments and a rally to counter ransomware takes place in Washington. First:

In election security, there is a gap between technical reality and political reality

A majority of experts in our network survey told us they are no more concerned about cyber threats in this election than they were in 2020.

And for good reason. Since the election security push began after the 2016 election, election systems have been strengthened with $880 million in federal funding and more states have switched to hand-marked paper ballots.

As our Post colleague Glenn Kessler pointed out in a fact-check this week, election fraud was already a rare occurrence. New developments in election security further reduce the risks — but that’s unlikely to deter some Trump-supporting Republican voters and activists from claiming election fraud next week in races where their candidate won’t win.

  • “In physical and technological terms, we have made enormous progress since 2004, even since 2016. Politically, we are very much at risk,” it said. Mark Lindeman, director of policy and strategy at Verified Polling. “And the gap between technological reality and political reality is a troubling one.”

In 2016, more than 22 percent of voters lived in jurisdictions using electronic voting machines without paper backups, which many experts say makes them more of a security risk. Now, according to Verified Voting, a nonprofit that tracks election technology, less than 5 percent.

States including New Jersey and Louisiana have had problems shutting down electronic voting machines without paper backups. But even the perceived laggards have made significant improvements, Lindemann observed. In 2020, 36 percent of Texas voters lived in counties with a type of paperless machine known as direct-recording electronic. In 2022, this number has decreased to 6 percent.

Nationwide, the number of electoral jurisdictions using hand-marked paper ballots also increased from 48 percent to 69 percent in 2022.

A lot of changes are happening, a lot. Michigan, Nevada and others are testing the idea of ​​risk-limited audits. Many states have passed laws leading them to hand-marked paper ballots.

At least six states rely on modems to transmit unofficial results, which increases the risk of hacking, Politico reported last month. Michigan says it is phasing them out entirely and “the vast majority” will no longer use them, as the Detroit Free Press quoted the secretary of state’s office as saying.

Future elections may usher in a “virtually new generation of voting technology.” Those who follow the latest Voluntary Electoral Assistance Commission guidelines, said Edward Perez, board member of OSET, a non-profit, non-partisan organization dedicated to election infrastructure and open election technology. Those guidelines include things like the ability of voting systems to deliver data needed to support post-election audits.

Yet progress is uneven. In some areas there has been a huge gain, in others less.

In 2018, Cyber ​​Security 202 highlighted Colorado’s leadership on election security. It’s still fair, Perez told me, how elections are run in the likes of California, Oregon and Washington.

Colorado and four other states (Georgia, Pennsylvania, Rhode Island and Virginia) have adopted what security experts call the gold standard for auditing election results, known as risk-limited audits.

But subjectively, those audits also vary in caliber, Lindemann told me, depending on factors like what led to the audit.

  • “Nobody is in a position to say definitively that one audit is better than another because it really depends on what you value most,” Lindemann said.

Election security experts have pointed to other states they are running behind. here is David BakerExecutive Director of the Center for Election Innovation and Research, last year:

Funding for election security has been far less than requested. If $880 million in federal funds sounds like a lot, remember that state election officials have asked for $5 billion in President Biden’s fiscal year 2023 budget alone — part of a $20 billion request for election administration over the next 10 years.

And there is another concern: Election officials have quit their jobs. Lindemann said he was deeply concerned about the “massive turnover in the election administration”.

  • “The fact that we are seeing election officials being pushed out of office is a legitimate threat to national security,” he added. Intimidation of election officials is on the rise.

(“Election security”, “election administration” and “election integrity” are hard to cleanly divide. The conservative Heritage Foundation think tank ranks states on election integrity based on things like voter ID laws because they keep elections safe. Liberals oppose the measure because They say it makes voting difficult.)

One of the obstacles to progress in electoral security is increasing political polarization. Perez said, “One side of the place” spoiled the election by rejecting it. Therefore, future legislation to improve election security is unlikely. “I don’t think anyone should be holding their breath for that,” he said.

The NSA inspector general found an analyst had broken surveillance rules

According to a newly released 2016 report obtained by the National Security Agency’s watchdog, the analyst “developed a surveillance project nearly a decade ago that involved the unauthorized targeting and collection of private communications of people or organizations in the US.” Bloomberg Newsof Jason Leopold, Katrina Manson and William Turton. In 2016, the then Inspector General of the NSA, George Ellard, the analyst wrote a letter indicating a possible violation of the law. It is not clear whether the authorities took action against the analyst, whose name was redacted. In May 2013, two whistleblowers launched an investigation.

“The inspector general’s report sheds new light on unauthorized surveillance and laxity at a secret agency whose global covert practices have come under intense scrutiny for wiping out massive amounts of data — protected by U.S. law from surveillance without authorization. ” he writes. “The IG’s investigation unfolded when news was first being published based on leaked classified documents from a former NSA contractor. Edward Snowden,” has no indication that it is related to the programs disclosed by Snowden.

The NSA did not respond to questions from Bloomberg News about the matter, but an NSA spokesperson told the outlet that the agency is “fully committed to the rigorous and independent oversight provided by the NSA Office of Inspector General.” He added, “NSA operates within a culture of compliance to ensure that NSA’s foreign intelligence operations are conducted in accordance with all applicable laws, regulations, and procedures.”

US banks report record amounts in potential ransomware-related payments

US financial institutions reported more than $1 billion in ransomware payments last year, double the amount reported in 2020. CNN’s Sean Lingas reports. A report on ransomware data from the Treasury Department’s Financial Crimes Enforcement Network says that three-quarters of ransomware incidents in late 2021 involved Russia, its proxies or individuals acting on its behalf.

“The Treasury Department’s analysis is based on reports that US banks are required to file with regulators to prevent money laundering,” Lingas writes. “It includes data from US banks and international banks with US customers. This includes things like the amount of extortion and extortion attempts by banks or their customers.” The FBI discourages US organizations from paying ransom.

It’s unclear whether the increase in ransomware-related payments is because banks have improved their reporting or because there are more ransomware incidents.

US Allies End Ransomware Summit in Washington

Over the next year, the Counter Ransomware Initiative will establish an international Counter Ransomware Task Force led by Australia, create an investigative tool kit, publish a joint advisory on ransomware and share information on cryptocurrency addresses and techniques used by ransomware gangs. Fact sheet published by the White House. The plans were announced as three dozen countries and some private-sector partners wrapped up two days of meetings in Washington to discuss ransomware.

In a joint statement, the countries pledged to share information about ransomware “as widely as possible” so that other countries can protect themselves. They also said they will further disrupt ransomware gangs and that they will “work together to prioritize disruption targets to leverage the resources and tools available to more effectively pursue hard and complex targets.”

Dropbox Discloses Breach After Hacker Steals 130 GitHub Repositories (Bleeping Computer)

Aviation executive allowed to proceed with ‘fraudulent’ claims in London court (Reuters)

UK spy chief warns of growing threat from ‘hackers for hire’ (Financial Times)

Amid Election Conspiracy Theories, CISA Says No Credible Threat to Voting Machines (CyberScoop)

Interview: FCC Commissioner Says Government Should Ban TikTok (Axios)

  • The International Cyber ​​Security Forum in Montreal concluded today.

Thanks for reading. see you tomorrow





Source link