web analytics

Election Experts Still Demanding More Federal Cyber Support – Source: www.databreachtoday.com

election-experts-still-demanding-more-federal-cyber-support-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Government

State Officials, Security Experts Warn of Increased Cyberthreats Ahead of Vote

Chris Riotta (@chrisriotta) •
September 11, 2024    

Election Experts Still Demanding More Federal Cyber Support
Experts say the United States should dedicate more resources for election administration. (Image: Shutterstock)

U.S. state officials and election security experts say federal funding for safeguarding election IT infrastructure is falling short of heightened cyberthreats but aren’t hopeful for a boost during the final weeks before the national vote.

See Also: New OnDemand | People-Centric Security for the Public Sector

Secretaries of state from across the country testified before Congress on Wednesday, warning that insufficient federal funding is hindering modernization efforts. They urged lawmakers to restore funding not approved by House appropriators for a program under the Help America Vote Act of 2002 that enables states to upgrade voting systems.

Arizona Secretary of State Adrian Fontes praised the Cybersecurity and Infrastructure Security Agency and the Department of Homeland Security as “vital” partners for state and local election officials (see: Inside CISA’s Unprecedented Election Security Mission). But he also said federal cyber and election security guidance often comes without necessary funding and told the House Administration Committee: “There is still more we could do at the federal level to support the hardworking Americans who run our elections.”

“If this is such a big deal, and it’s so important that we continue to have free and fair elections, fund them,” he later said.

Most experts agree that American election infrastructure is largely secure and resilient to targeted attacks. But the stakes are high, and the Nov. 5 presidential polling day will occur amid heightened global tensions as foreign adversaries deploy digital influence campaigns and other cyber tactics to undermine public confidence in the electoral process. The Department of Justice recently seized dozens of internet domains and announced sanctions against Russian media executives for orchestrating a widespread campaign to influence the presidential election (see: US Targets Russian Media and Hackers Over Election Meddling).

The FBI recently confirmed Iran was behind a hacking campaign that targeted both Vice President Kamala Harris and former President Donald Trump’s campaigns, resulting in the release of a research dossier that included information on Republican vice presidential nominee Sen. JD Vance, R-Ohio.

Congress isn’t likely to pass any legislation or grant new expansive funding for election security efforts before November, according to David Becker, election law expert and executive director at the nonpartisan Center for Election Innovation and Research. But even if Congress did approve new funding for election administration, the money “wouldn’t really be able to be spent in time to have much of an impact,” he told Information Security Media Group.

“There has not been adequate funding at either the federal or state level of elections overall,” Becker said.

Recent reports identify state voter registration databases as prime targets for domestic and foreign threat actors. A September report from The Center for Election Innovation and Research warns of potential breaches if election staff fail to follow secure access policies, such as using multifactor authentication or adhering to the principle of least privilege.

“We are seeing an increase in cyberattacks on critical election infrastructure, such as voter databases and election systems,” Theresa Payton, CEO of the cybersecurity firm Fortalice Solutions and former White House chief information officer, told ISMG. “This multifaceted approach to undermining elections – from cyber intrusions to the manipulation of public discourse – is one of the most dangerous threats we face at the core of our country.”

CISA released a checklist on Monday that election security officials and their IT teams can use to evaluate their current cybersecurity posture and identify any additional actions needed to address common threats. Senior officials previously told ISMG the agency is “committing more resources than ever before” toward election infrastructure ahead of the November vote and deploying a team of election security advisers to each of its regional offices nationwide to strengthen front-line support for local election workers.

James Turgal, vice president of global cyber risk at Optiv and former executive assistant director of the FBI’s information and technology branch, called the checklist a positive step but said it lacks critical information required to adequately secure local election IT infrastructure.

The checklist “does not even remotely refer to the steps or themes that information technology professionals need to focus on to protect the candidates, the back office and election office data and ecosystems,” Turgal said. He added that a recent joint advisory from CISA and the FBI on the effect of DDoS attacks on voting machines “fell short of providing actionable guidance that a CISO or CIO can use to secure their environment.”

Experts told ISMG that election and campaign officials should prioritize improving coordination with federal and state agencies and implementing robust training programs to address and mitigate these threats.

“Election offices should have policies in place to defend against social engineering attacks,” Turgal said, adding that all staff and volunteers should participate in social engineering and deepfake video training.

“Every campaign and state election office should secure cyber subject matter experts to build resilience in their people, systems and procedures,” he added.

As the campaign season continues to intensify ahead of the November vote, so too does the accompanying threat landscape – and the need for expansive national election security efforts. Experts say inadequate resources and funding risk leaving election systems exposed. And with emerging technologies adding new complexities, safeguarding the integrity of the electoral process has never been more critical.

“While we have made significant progress in securing voting infrastructure, the rise of AI-driven disinformation campaigns has introduced new challenges,” Payton told ISMG. “This evolution requires a more comprehensive approach to election security that addresses technical vulnerabilities and the human manipulation of information that can sway voter behavior.”

Defending the upcoming vote will also require a concerted effort to fortify existing systems and implement rigorous security protocols to ensure that all election staff and volunteers are well-prepared.

“We are in a better state in regard to cybersecurity than we’ve ever been,” Becker said Wednesday. “That’s largely due to the professionalism of election officials at the state and local level – not because of an adequate amount of funding, which we’re still lacking.”

Original Post url: https://www.databreachtoday.com/election-experts-still-demanding-more-federal-cyber-support-a-26267

Category & Tags: –

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android...
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly...
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO...
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for...
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense
Shaurya Rawal
Blockchain Security
Blockchain Security
RISK academy
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
BEST RISK MANAGEMENT PROMPTS FOR...
IGNITE Technologies
Best Alternative of Netcat
Best Alternative of Netcat
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide

More Latest Published Posts

ENISA-EUROPA
Cyber Resilience Act Requirements Standards Mapping
Cyber Resilience Act Requirements Standards Mapping
IGNITE Technologies
A Little Guide to SMB Enumeration
A Little Guide to SMB Enumeration
GMsectec
Adaptacióna PCI DSS 4.0
Adaptacióna PCI DSS 4.0
LogRhythm
A Guide to User and Entity Behavior Analytics (UEBA)
A Guide to User and Entity Behavior Analytics (UEBA)
BONI YEAMIN
100 Offensive Linux Security Tools
100 Offensive Linux Security Tools
SentinelOne
90 DAYS A CISO’S JOURNEY TO IMPACT
90 DAYS A CISO’S JOURNEY TO IMPACT
ChiefExecutive
Ciberseguridad: Prioridad Estratégica para los CEO.
Ciberseguridad: Prioridad Estratégica para los CEO.
CYBER SECURITY COALITION
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
INL/EXT
Cybersecurity for Distributed Wind
Cybersecurity for Distributed Wind
ARTIC WOLF
Cybersecurity Compliance Guide
Cybersecurity Compliance Guide
ESRAA MOHAMAD
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
DRAGOS
Impact of FrostyGoop ICS Malware on Connected OT Systems
Impact of FrostyGoop ICS Malware on Connected OT Systems
Victor Tong
Digital Operational Resilience Act – Control Mappings
Digital Operational Resilience Act – Control Mappings
ARMIS
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
IGNITE Technologies
Docker Penetration Testing
Docker Penetration Testing
IGNITE Technologies
Disk Group Privilege Escalation
Disk Group Privilege Escalation
Hiral Patel
Data LossPrevention(DLP)
Data LossPrevention(DLP)
Polygon
Digital identity – Deutsche Bank Corporate Bank
Digital identity – Deutsche Bank Corporate Bank
CSA Cloud Security Alliance
The Six Pillars of DevSecOps:Collaboration andIntegration
The Six Pillars of DevSecOps:Collaboration andIntegration
ASPIRE SYSTEMS
A complete guide toImplementingDevSecOps in AWS
A complete guide toImplementingDevSecOps in AWS
GAO
CYBERSECURITY PROGRAM AUDIT GUIDE
CYBERSECURITY PROGRAM AUDIT GUIDE
Apress
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
PWC
Data Privacy Handbook
Data Privacy Handbook
CERT-EU
DDoS Overview and Response Guide
DDoS Overview and Response Guide
IGNITE Technologies
Data Exfiltration Cheat Sheet
Data Exfiltration Cheat Sheet
CRC Press
Data Privacy for the Smart Grid
Data Privacy for the Smart Grid
New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security