One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1493781 |
| Date de publication | 2019-12-10 14:00:00 (vue: 2019-12-17 22:00:15) |
| Titre | Rising to the challenge of delivering more secure elections |
| Texte | As efforts to modernize and digitize outdated and aging elections infrastructure take hold across the U.S., the demand for a revolutionized approach to cybersecurity has become an increasing imperative. Democratic nations rely on public trust in the integrity of their institutions and in a republic with the guiding principles of government “of the people, by the people and for the people.” There is perhaps a no more important system that that of free, fair, and secure elections. As we move deep into the digital era, societies have come to expect innovation in every aspect of their lives. And while governments have often been slower to respond to this reality, innovations to elections systems are beginning to appear, such as mobile vote centers, digital pollbooks, QR code-based ballots, and even remote voting through mobile applications. Adoption of these new technologies has the potential to bring many benefits, including an improved voter experience and increase individual participation in the democratic process through enhanced access to cast a ballot. However, digital-enabled network and cloud-supported architectures introduce new and unique challenges, particularly in the area of cybersecurity. Consider the realities of elections operations that create potential vulnerabilities and opportunities for exploitation: Infrastructure is often stood up rapidly, on-demand and used only for very short intervals of time. Supporting physical and network infrastructure is frequently leased or borrowed from various disparate entities (schools, libraries, government offices) and traffic may be routed across various untrusted networks. Many poll workers and support staff are temporary contractors or volunteers (whose qualifications vary greatly by state) and may be trained insufficiently. Voting machines and supporting infrastructure (routers, switches, firewalls, etc.) can spend significant amounts of time in storage and then are quickly deployed; sometimes passing through multiple hands, creating possible chain-of-custody challenges. Physical safeguards of polling stations are difficult to scale and cost prohibitive. Addressing these and other challenge begins with sound risk management strategies that align government focus, limited budgets, and time constraints to the areas of greatest positive impact. Let’s start with some good framing questions. What are the risks? Vulnerabilities? Threats? Understanding the risks to election operations is key. Unfortunately, all too often public focus is unduly placed or heavily weighted on hackers, external threat actors, and hostile nation states. In reality, one of the biggest threats to an election is a lack of public confidence in the veracity of the results; in other words, perception. Basic security violations can do just as much, if not more, harm than a foreign threat actor and are more likely to occur. To combat these threats, stay focused on building a system that reinforces security fundamentals like integrity, audibility, accountability, non-repudiation and verifiable chain-of-custody. What are the regulatory mandates, and can we go further with security best practices? The Department of Homeland Security (DHS) designates elections systems as critical infrastructure; which mandates a host of regulatory standards and guidelines that must be adhered to or at least evaluated for applicability. It’s important to understand how the NIST guidelines and CIS v7, for example, address the development of your controls and the |
| Envoyé | Oui |
| Condensat | “of “proprietary near 3rd abnormalities access accountability achievable; achieve across activity actor actors adding additionally address addressing adhered adoption advanced aggressively aging agreement align all amounts any appear applicability application applications approach appropriate architects architecture architectures are area areas aspect assessment assume attuned audibility authorization awareness back background ballot ballots barriers based basic basics beat because become been beginning begins benefits best beyond biggest borrowed both breaches bring broader budgets build building business but can capabilities cases cast centers chain challenge challenges challenging checks choose cis claims cloud clouds code collaboratively combat come coming communities community complexity compliance complicate compromise compromised conclusion confidence consider consistent constant constraints continually continuous contractors control controls correlation cost could create creating critical cross culture custody cybersecurity data deep defending defensible delivering demand demands democratic demonstrate department deployed; designates detection develop development dhs difficult digital digitize disparate disruption drum during duty eases easier easy ecosystem effort efforts election elections empowered empowering enable enabled end enforce engineers enhanced entire entities environment era etc evaluated even event every evolving evolving; example expect expectations expected experience experts exploitation: external fact fair faster fiduciary firewalls flows focus focused footprint foreign framing free frequently from front full functional fundamental fundamentals further goal good governance government governments greatest greatly guard guidelines guiding hackers hands harm has have heavily help mitigate here higher hold homeland hood host hostile how however human identifying impact imperative implemented implementing important improved include including incorporate increase increasing individual industry information” infrastructure infrastructure; innovation innovations insider institutions insufficiently integrated integrity intelligence interconnected internal intervals introduce introducing invest it’s its itself just key lack landscape leased least legal let’s levels libraries like likely limited limiting link lives local logical look lowered machines make makes malicious manageable management mandates many marketed master mature maturity may meet mentioned methodically might mindfulness minimum misalignment mitigation mobile models modernize monitoring more move much multiple must nation nations need negotiating network networks new nist noise non not occur offering offers offices often one only operates operation operations opportunities order organization organizational other otherwise ought outdated participation particularly partners party passing patterns people perception perhaps physical placed platform policies policy poll pollbooks polling poor positive possible potential practice practices practicing prevent prevention principles process product product and program prohibitive providing public push qualifications questions quickly range rapidly real realities reality recognizes reduces regulatory reinforces rely remote republic repudiation require requires resources respond results; revolution revolutionized rigor rise rising risk risks routed routers safe safeguards scale schools scope secure security segmentation separation serves service short should significant simplifies slower societies solutions solving some sometimes sound spend staff standards start state states stations stay stood storage strategies strictly such suppliers support supported supporting switches system systems take task teams technologies technology temporary terms than that them then these threat threats through tightening time too traditional traffic trained transparency trust trusted ultimately under understand understanding unduly unforeseen unfortunately unique untrusted |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.