Modern field guide to security and privacy

Homeland Security increases focus on cybersecurity at the polls

Robert Silvers, assistant secretary for cybersecurity at Homeland Security, said the agency is helping states fortify voting systems against digital tampering before November's presidential election.

|
Melanie Stetson Freeman/The Christian Science Monitor
Robert Silvers, assistant secretary of the Department of Homeland Security, spoke Thursday in Cambridge at the Security of Things Forum cohosted by Passcode.

Department of Homeland Security officials may not expect malicious hackers to sway November's election, but the agency is offering more protections to help states secure voting systems.

After this summer's Democratic National Committee breach, and a recent FBI warning of digital tampering with state election boards, Homeland Security has stepped up efforts bolster cybersecurity at the polls and for state election boards.

"We are working with election stakeholders to offer assistance on a voluntary basis," said Robert Silvers, the agency's assistant secretary for cyber policy. "We want to leave no stone unturned."

Mr. Silvers said DHS will coordinate efforts through the National Association of Secretaries of State, a Washington organization that represents the elected officials who certify state vote counts around the US.

More than 9,000 US jurisdictions will work together to add up digital and paper ballots on Election Day. Silvers said that DHS is working with state election officials involved in that process to provide on-site scans of voting software for potential vulnerabilities.

In August, Homeland Security Secretary Jeh Johnson said his agency would "carefully consider" labeling US election systems as critical infrastructure. The move, championed by some US lawmakers, would put federal dollars toward digital security measures for electronic voting machines.

After cyberattacks on voter databases in Illinois, Arizona, and potentially other states, the agency published a list of best practices that officials can use to secure voter registration data against would-be hackers. Those measures include applying software updates and restricting high-level technical privileges to key officials.

Silvers would not confirm whether DHS is still considering labeling voting as critical infrastructure. In a survey of Passcode's Influencers, a group of digital security and privacy experts, 62 percent of respondents said the protection is not enough to safeguard voting from hackers.

"Designating the US electoral system as critical infrastructure is little more than security theater," says Rodney Joffe, senior vice president at Neustar, a Virginia-based technology company. "For the 2016 cycle, [it's] game over.” 

But with election forecasters predicting a tight race between Hillary Clinton and Donald Trump this November, some experts suggest even minimal tampering at the polls could have a major impact.

"An attacker only needs to target swing counties in one or two swing states to impact a national election," said James Scott, a senior fellow at The Institute for Critical Infrastructure Technology.

Mr. Scott says most US states haven't accepted DHS's offer to secure the polls, leaving many jurisdictions using "dilapidated systems" and in need of better security protections, including simulated hacks conducted by cybersecurity professionals.

Without those measures in place, he says, digital tallies "may not be secured if the state is not willing to cooperate. The security of election systems should not be a bureaucratic game." Watchdog group Verified Voting says that so far, nine states have adopted DHS protections, but agency has not confirmed that number, or identified any participants. 

Homeland Security's attention on cybersecurity at the polls comes as the department is increasingly focused on bolstering nationwide digital defenses in the face of ever-increasing data breaches. 

On Thursday at the Security of Things Forum in Cambridge, Mass., Silvers announced that DHS would spearhead a government plan to develop strategic principles for securing internet-connected devices.

The strategy, scheduled for release before the end of 2016, aims to build on federal efforts led by agencies such as the National Institute of Standards and Technology, which published a framework to help secure critical infrastructure – to help companies building web-connected products secure those devices for consumers. 

"We are counting on networks functioning to drive more of our live-sustaining activities, from medical devices to control systems. We're growing a national dependency," Silvers said at the forum cohosted by Passcode. "Internet of Things security is a public safety issue, it’s a homeland security issue, and we have to treat it as such."

This story was updated after publication.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Homeland Security increases focus on cybersecurity at the polls
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0923/Homeland-Security-increases-focus-on-cybersecurity-at-the-polls
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe