Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Securing Voting Infrastructure before the Mid-Term Elections

991 vues

Publié le

The prospect of nation state interference with our 2018 mid-term elections is a reality that secretaries of state are facing. Given the fast-changing nature of the threat and the sprawling election infrastructure across the country, how are state officials securing their voting systems and databases in anticipation of the election? What are emerging strategies given the limited resources and unlimited needs? Where are the most vulnerable parts of the election systems and where should state officials focus their efforts given the potential for disruption? This webinar will provide an attacker’s view of a typical state-run election system and will make recommendations where to focus limited time and resources in the run up of the 2018 mid-term election in November.

Publié dans : Technologie
  • just started 6 weeks ago and I've gotten 2 check for a total of $2,200...this is the best decision I made in a long time! "Thank you for giving me this extraordinary opportunity to make extra money from home. This extra cash has changed my life in so many ways, thank you! CLICK HERE►►.........►►www. jobs62.com
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Visit this site: tinyurl.com/sexinarea and find sex in your area for one night)) You can find me on this site too)
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Looking to give and get some fun. I give you the finest and drink everything you got to offer. And much more if you can take it! Let's have some fun ---- http://diaria.club/id169066 Copy this link in your browser
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • my neighbor's mother makes $64 hourly on the laptop. She has been out of work for five months but last month her payment was $15080 just working on the laptop for a few hours. Go to this web site and read more............... ......job7000.com
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Sex in your area for one night is there SEX25.CLUB Copy and paste link in your browser to visit a site)
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Securing Voting Infrastructure before the Mid-Term Elections

  1. 1. © 2018 Denim Group – All Rights Reserved Building a world where technology is trusted. Securing Voting Infrastructure before the Mid-Term Elections John B. Dickson, CISSP @johnbdickson
  2. 2. © 2018 Denim Group – All Rights Reserved My Background • Ex-Air Force Intel & Cyber Officer • 20+ Year Security Professional • Denim Group Principal • Blogger Dark Reading Columnist • Political Science Major
  3. 3. © 2018 Denim Group – All Rights Reserved Denim Group | Company Background • Trusted advisor on all matters of software risk • External application & network assessments of voter registration systems • Threat modeling to identify areas of needed security improvement • Managed security services • Developed
  4. 4. © 2018 Denim Group – All Rights Reserved Webinar Overview • Mid-Term Election Cycle • The Nature of the Nation State Threat • Conventional Wisdom on Election Security • Threat Modeling – Thinking Like an Attacker • Shoring up the Election Infrastructure for the Mid-Terms • Questions & Answers
  5. 5. © 2018 Denim Group – All Rights Reserved Mid-Term Election Cycle
  6. 6. © 2018 Denim Group – All Rights Reserved What Happened in 2016?
  7. 7. © 2018 Denim Group – All Rights Reserved Mid-Term Election Cycle “We assess Moscow will apply lessons learned from its Putin- ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes.” Source: Assessing Russian Activities and Intentions in Recent US Elections, Intelligence Community Assessment, January 2017
  8. 8. © 2018 Denim Group – All Rights Reserved Mid-Term Election Cycle • $380 million from Federal Government • Might be an opportunity to apply lessons learned in 2016 and perfect 2020 attack strategies • 35 Senate seats, 435 House seats, 36 Governors offices involved in this election cycle • DHS Support • Building partnership • Sharing information • Making available tools
  9. 9. © 2018 Denim Group – All Rights Reserved Election Infrastructure • Voter registration databases and associated IT systems • IT infrastructure and systems used to manage elections • Voting systems and associated infrastructure • Storage facilities for election and voting system infrastructure • Polling places, to include early voting locations • Source: DHS, https://www.dhs.gov/topic/election-security
  10. 10. © 2018 Denim Group – All Rights Reserved Election Infrastructure “Voting systems and associated infrastructure”
  11. 11. © 2018 Denim Group – All Rights Reserved Election Infrastructure Election Infrastructure does not include: • Political action committees • Campaigns • Or any other non-state or local government election related group • Source: DHS, https://www.dhs.gov/topic/election-security
  12. 12. © 2018 Denim Group – All Rights Reserved Yet…. • Campaigns
  13. 13. © 2018 Denim Group – All Rights Reserved The Nature of the Nation State Threat
  14. 14. © 2018 Denim Group – All Rights Reserved Nature of a Nation State Threat • Different types of threat actors • Nation states, organized crime, hackavists • Near unlimited resources and unparalleled technical capabilities • Typically combined with social engineering, disinformation, and espionage • Goals: state secrets, intellectual property, defense technologies, undermining Western institutions
  15. 15. © 2018 Denim Group – All Rights Reserved Nature of the Russian State Threat • Influence Election Outcomes • Undermine Faith in the US Democratic Process • Undermine Faith in US institutions • Undermine US-led Democratic Order • SOW discord between US and its Traditional Allies
  16. 16. © 2018 Denim Group – All Rights Reserved Conventional Wisdom of Election Security
  17. 17. © 2018 Denim Group – All Rights Reserved Conventional Wisdom of Election Security • Election Security = Voting Machine Security
  18. 18. © 2018 Denim Group – All Rights Reserved Conventional Wisdom of Election Security • Election Security = Voting Machine Security
  19. 19. © 2018 Denim Group – All Rights Reserved Threat Modeling = Thinking Like an Attacker
  20. 20. © 2018 Denim Group – All Rights Reserved Threat Modeling – Thinking Like an Attacker Source: Department of Homeland Security Election Infrastructure Security Resource Guide
  21. 21. © 2018 Denim Group – All Rights Reserved Threat Modeling – Thinking Like an Attacker • A structured approach to analyzing an application (or system) to identify, measure, and address the cyber security risks associated with an application • Reviewing Risk • Impact (damage potential) • Possibility of attack • Ease of Exploit
  22. 22. © 2018 Denim Group – All Rights Reserved IoT Threat Model 22
  23. 23. © 2018 Denim Group – All Rights Reserved Shoring up the Election Infrastructure for the Mid- Terms
  24. 24. © 2018 Denim Group – All Rights Reserved Potential Strategies • Conduct vulnerability testing of known ”static” voting resources like voter registration systems • Provide rigorous training to election staff to identify social engineering attempts • Conduct anti-phishing training for key election officials • Review reporting entry point susceptibility to Distributed Denial of Service (DDoS)
  25. 25. © 2018 Denim Group – All Rights Reserved Potential Strategies • Consider 2-factor authentication and other e-mail defenses for state election officials • Train election judges and local officials to identify and report cyber attacks • Review recovery plans for target ransomware attacks • Educate campaigns on basics of cyber security • Formalize relations with local press for to ID disinformation activities
  26. 26. © 2018 Denim Group – All Rights Reserved Final Thoughts • View your systems from the perspective of an attacker • Identify and remediate most “Critical” and “High” vulnerabilities that put your state at risk • Leverage outside resources (EAC, NASS, MS- ISAC, consultants etc.)
  27. 27. © 2018 Denim Group – All Rights Reserved John B. Dickson, CISSP @johnbdickson www.denimgroup.com Questions and Answers

×