voting

now browsing by tag

 
 

Parties close to agreement on voting plan, Parliament return, but committees prove sticking point, says Bloc MP | #tinder | #pof | romancescams | #scams

On the eve of Parliament’s return, government and opposition parties had reached a broad agreement on how the House of Commons and remote voting by Zoom would function—including making the […] View full post on National Cyber Security

#nationalcybersecuritymonth | Hitches in a voting vendor vulnerability disclosure program

Source: National Cyber Security – Produced By Gregory Evans

With help from Eric Geller, Mary Lee, Martin Matishak and Alexandra S. Levine

Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services at politicopro.com.

Story Continued Below

Lawmakers and election equipment makers discussed researcher probes of the companies’ wares at a rare hearing on Thursday.

A major software industry organization raised doubts about a proposed Commerce Department rule for information and communications technology supply chain security.

The risk of possible Iranian cyberattacks has stayed on the agenda for DHS, researchers and others.

HAPPY FRIDAY and welcome to Morning Cybersecurity! Stay strong, Betelgeuse. We’re all on your side. Send your thoughts, feedback and especially tips to tstarks@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

THE ROAD TO A CVD — Voting machine vendors keep inching toward a coordinated vulnerability disclosure program, Thursday’s House Administration Committee hearing revealed, but there are still some hitches emerging toward fuller collaboration with researchers. John Poulos, CEO of Dominion Voting Systems, testified that his company reached out to an organizer of DEFCON’s machine-hacking Voting Village because it was “interested in a more collaborative penetration testing with stakeholders,” and actually sent modern certified systems, but an internal conference dispute led to scuttling those plans.

The CEOs of Election Systems & Software (Tom Burt) and Hart InterCivic (Julie Mathis) both said their companies had submitted equipment to Idaho National Laboratory, which conducts vulnerability tests with DHS. Overall, Burt said he doesn’t want to hand-select red teams but is “interested in making sure we attract hackers who can make our systems better without requiring that the information that they discover be put into the public domain,” and would like to see the Election Assistance Commission manage the program and choose researchers.

At the same hearing, Chairwoman Zoe Lofgren expressed concern about the potential for internet connectivity on vote tabulators, and the vendors voiced support for federal rules creating reporting requirements for companies’ cybersecurity practices.

I DON’T EVEN KNOW WHERE TO START — The Commerce Department’s proposed regulation for information and communications technology supply chain security is unworkable because it gives the Commerce secretary “unbounded discretion to review commercial ICT transactions, applying highly subjective criteria in an ad hoc and opaque process that lacks meaningful safeguards for companies,” the software trade group BSA said in comments filed this morning as part of the proceeding. The proposed supply chain rule, released in November, would let the government block U.S. companies from buying equipment and services that jeopardize national security. But BSA said the rule needed a serious overhaul.

BSA policy director Christian Troncoso wrote that the rule needed better transparency mechanisms and “procedural safeguards,” more precise definitions of what types of transactions and entities are covered and better-defined criteria for blocking those transactions. BSA called for exempting companies from the rule if they meet certain supply chain security standards, ensuring that “an official with adequate levels of political accountability” supervises the process and formally involving the intelligence community in decisions.

The group also urged changes such as requiring annual reports to Congress, giving companies more time to respond to a proposed decision and letting an independent interagency group reverse any decision. Absent these changes, Troncoso said, the rule’s “broad scope” and “vaguely defined standards” will “put U.S. companies at a competitive disadvantage.”

UPDATING MY PROFILE CISA Director Chris Krebs and agency leadership met with acting Homeland Security Secretary Chad Wolf this week to discuss efforts to shore up election security and stave off potential cyberattacks originating from Iran following the U.S.-led airstrike. CISA is urging organizations to “assess their cyber readiness and take steps to protect their networks and assets, including heightened awareness, increasing organizational vigilance, confirming reporting processes, and exercising incident response plans,” according to a note.

They also discussed the mounting threat of ransomware and CISA’s efforts to support governments and businesses, as well as efforts to protect the 2020 elections from foreign interference, such as providing cybersecurity services and developing and exercising incident response plans.

IRAN’S STILL A THING, PART TWO — That recent Saudi Arabian alert about Iranian cyberattacks involves its hackers placing data-wiping malware on Bahrain’s national oil company Bapco, ZDNet pieced together. The new wiper strain is dubbed Dustman, and seemingly didn’t have the impact the hackers were looking for. And it doesn’t appear directly linked to the recent U.S.-Iran tensions, the outlet reported.

A Dragos report out Thursday highlighted an Iranian hacking group’s password-spraying attacks on the North American energy sector. “MAGNALLIUM’s increased activity coincides with rising escalations between the U.S. and allies, and Iran in the Middle East,” the report states. “Dragos expects this activity to continue.”

And Check Point released numbers on Thursday about the volume of Iranian attacks in the week since the U.S. launched missiles that killed general Qassem Soleimani showing no particular major uptick in attacks. Turkey was the top target of Iranian hackers, at 19 percent, compared to 17 percent for the U.S.

KIDS’ PRIVACY BACK IN THE SPOTLIGHT — From our friends at Morning Tech: As we await comprehensive data privacy legislation from Congress, a bipartisan pair of House Energy and Commerce lawmakers are offering a separate privacy measure — one aimed at bringing COPPA, the 1998 federal children’s online privacy law, up to date.

Reps. Tim Walberg (R-Mich.) and Bobby Rush (D-Ill.) on Thursday introduced the PROTECT Kids Act (shorthand for Preventing Real Online Threats Endangering Children Today), which would make location data and biometric data categories protected under the law; ensure that rules safeguarding children online also apply to apps on mobile phones; give parents more control over children’s data and consent; and task the FTC with reviewing the decades-old COPPA law and making recommendations on it to Congress.

“In the past, predators and perpetrators sought to harm our children by lurking near schoolyards and playgrounds,” Rush said. “But now — due to incredible advancements in technology — they are able to stalk our children through their mobile devices and in video game lobbies.”

Meanwhile, in the Senate: Sens. Ed Markey (D-Mass.), author of the COPPA bill, and Josh Hawley (R-Mo.) last spring introduced a bipartisan COPPA 2.0 bill (S. 748) that would, similarly, expand existing federal privacy protections for children and compel the FTC to enforce them. The agency is also doing its own self-reflection on whether COPPA rules need to be changed or updated.

TWEET OF THE DAY — “Come and get us!”

RECENTLY ON PRO CYBERSECURITY — House and Senate Democrats urged the FCC to take on SIM swapping scams. … “Countries that award 5G contracts to Western-aligned companies over Huawei won’t be hobbling their transition to next-generation wireless networks, a senior State Department official said.” … Belgian security services advised the government to limit the use of “non-trusted suppliers.” … Companies are reacting to California’s landmark Privacy Act by interpreting the complex law as they see fit.

Law firm Alston & Bird announced the election of 17 lawyers to its partnership, including Maki DePalo in the organization’s privacy and data security group.

Intrusion Truth has returned with more information on Chinese tech companies recruiting hackers for the government. CyberScoop

Las Vegas said it dodged a horrible cyberattack. ZDNet

Herb Lin contemplated the intersection of cyber and psychological operations. Lawfare

Malwarebytes said it found unremovable malware preinstalled on low-end smartphones sold to low-income Americans. ZDnet

“Industry working groups tasked with implementing the Pentagon’s landmark cybersecurity certification program have selected the University of Virginia’s Ty Schieber as board chairman, to lead the process for selecting a board of directors for an accreditation body that is expected to be up and running later this month.” Inside Cybersecurity

The PCI Security Standards Council and U.S. Chamber of Commerce blogged about Magecart.

Rockwell Automation is buying Israeli cybersecurity company Avnet Data Security. Security Week

That’s all for today.

Stay in touch with the whole team: Mike Farrell (mfarrell@politico.com, @mikebfarrell); Eric Geller (egeller@politico.com, @ericgeller); Mary Lee (mlee@politico.com, @maryjylee) Martin Matishak (mmatishak@politico.com, @martinmatishak) and Tim Starks (tstarks@politico.com, @timstarks).

Source link

The post #nationalcybersecuritymonth | Hitches in a voting vendor vulnerability disclosure program appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers to #Help Make #Voting #Machines Safe Again

Source: National Cyber Security – Produced By Gregory Evans

Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table.

Bipartisan bill to secure voting machines

U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”

That DEFCON event exposed vulnerabilities in the electronic voting machines used in the last U.S. election. Hackers took less than two hours to break into the 25 voting machines that were brought to the DEFCON conference, and the first machine was penetrated in minutes. The results of the findings released at an event at the Atlantic Council in October was one of the key provocations for the US senators to introduce the SAVE bill.

Interestingly, some of the significant findings after the alleged Russian breach were centered on the use of foreign materials in the production of these voting machines. Hackers at the DEFCON event pointed to the possibility of having malware embedded into the hardware and software along the entire supply and distribution chain. It was also believed that hackers could have tampered with voters’ registration on the touch screen voting machines.

Hackers enlisted to hunt for vulnerabilities in voting machines

Called the “Cooperative Hack the Election Program”, the initiative mirrors the bug bounty programs previously ran by the U.S. Department of Defense (DoD) where friendly hackers were invited to hack the Pentagon, Army and Air Force. The program is set to swing into motion one year after the bill is in play.

The stated objective of the program is “to strengthen electoral systems from outside interference by encouraging entrants to work cooperatively with election system vendors to penetrate inactive voting and voter registration systems to discover vulnerabilities of, and develop defenses for, such systems.”

Just like past U.S. DoD programs, the “Hack the Election” competition will offer incentives for hackers to find security weakness in the election system. Hackers playing by the rules will also be waived from the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).

Hackers to replicate past successes against voting machines

Looking at past results, we can expect excellent outcomes for the new program. The first of these bug bounties was the ‘Hack the Pentagon’ program where hackers found 138 vulnerabilities. This was quickly followed by the ‘Hack the Army’ program which yielded 118 vulnerabilities and ‘Hack the Air Force’ program with a bountiful harvest of 207 vulnerabilities.

While it is not clear if the hacking program is a one-off event, the bill does propose a requirement for integrity audits to be performed every four years on the voting machines starting from 2019. There is also the provision for grants to be given to help states enhance the security of their voting systems.

The post Hackers to #Help Make #Voting #Machines Safe Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Voting machines can be hacked without a trace of evidence

Voting machines can be hacked without a trace of evidenceSource: National Cyber Security – Produced By Gregory Evans The country’s voting machines are susceptible to hacking, which could be done in a way so that it leaves no fingerprints, making it impossible to know whether the outcome was changed, computer experts told President Trump’s voter integrity commission Tuesday. The testimony marked a departure for […] View full post on AmIHackerProof.com | Can You Be Hacked?

Could voting fraud panel create an easy target for hackers?

Source: National Cyber Security – Produced By Gregory Evans

Officials from both parties had a consistent answer last year when asked about the security of voting systems: U.S. elections are so decentralized that it would be impossible for hackers to manipulate ballot counts or voter rolls on a wide scale. But the voter fraud commission established by President Donald…

The post Could voting fraud panel create an easy target for hackers? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

World’s Most High-Tech Voting System to Get New Hacking Defenses

Source: National Cyber Security – Produced By Gregory Evans

Estonia, the only country in the world where voters elect their leaders through online balloting, is taking steps to fend off potential hacking attacks as cyber-security fears intensify. A software overhaul for the system, introduced in 2005, is ready for testing before local elections in October, according to Tarvi Martens,…

The post World’s Most High-Tech Voting System to Get New Hacking Defenses appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Computer expert: Some voting machines can be directly hacked

Source: National Cyber Security – Produced By Gregory Evans

Computer expert: Some voting machines can be directly hacked

A computer science professor told the Senate Intelligence Committee Wednesday that voting machines that create an electronic record of the voters’ decisions are open to fraud and computer hacking, vulnerabilities that are big enough to potentially change the outcome of some elections. J. Alex Halderman, professor of computer science at…

The post Computer expert: Some voting machines can be directly hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers attacked 4 Florida school districts, allegedly hoped to hack voting systems

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans We’ve heard a lot about Russians attackers attempting to hack the US election, but another hacking group also allegedly wanted to interfere …

The post Hackers attacked 4 Florida school districts, allegedly hoped to hack voting systems appeared first on Become007.com.

View full post on Become007.com

Massachusetts voting system not vulnerable to hacking, officials say

Source: National Cyber Security – Produced By Gregory Evans

Massachusetts voting system not vulnerable to hacking, officials say

From inside a vault, Northboro town clerk Andy Dowd pulled out a vote-counting machine. It has buttons and a screen like a computer, but no connectivity cables. “Right now, (with) our option there’s no way to connect this to the internet,” Dowd told WCVB. As with all voting-counting machines in…

The post Massachusetts voting system not vulnerable to hacking, officials say appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Computer scientist says S.C.’s voting system makes hacking difficult

15-1218-voting

Source: National Cyber Security – Produced By Gregory Evans

Computer scientist says S.C.’s voting system makes hacking difficult

In this election season amid concerns of hacked election data and possibly “rigged” elections, an examination of the South Carolina elections system should give us assurance in the integrity of our elections. Although our system is not without

The post Computer scientist says S.C.’s voting system makes hacking difficult appeared first on National Cyber Security.

View full post on National Cyber Security