By Joseph Marks
PowerPost Analysis
Analysis
Interpretation of the news based on evidence, including data, as well
as anticipating how events might unfold based on past events

In this Nov. 6, 2018 file photo people vote at a polling place in Las Vegas. (AP Photo/John Locher,File)
PRINCETON, N.J. — If Russian hackers seek to disrupt the 2020 election, it will be county election officials on the front lines. And some are diving in to war games so they can be ready for anything Moscow or another U.S. adversary can throw at them.
Election officials from New Jersey’s 21 counties huddled at tables in a hotel ballroom here, hashing out how they’d respond to Election Day cyberattacks. In some attack scenarios, hackers shut down voter registration databases, loaded voter files with phony information, or compromised county social media accounts so they start spreading false information about polling locations. They also prepared for what happens if attackers locked up election office computers with ransomware or shut down cellphone towers across multiple states.
How the U.S. fares during an Election Day hack is likely to rest on the response of local election administrators in the first few hours, state and federal officials told me.
“The county level is where all the risk is,” a Homeland Security Department cybersecurity official who was helping one county with its response-planning told me. “They own it in a way no state official does and certainly no federal official could. It’s always live or die at the county level.”
The war-games are a sign of how drastically local politics has changed in this new era of cyberwar -- preparing responses to attacks by a powerful nation-state is a far cry from more ordinary tasks of getting poll workers to voting locations on time and planning contingency operations for storms or other physical disasters. And there's no turning back, as federal offiicals have warned Russia is likely to try to repeat its hacking and disinformation campaign in 2020 and other U.S. adversaries, including China, Iran and North Korea, may try as well.
"I regret to report that I believe it will get worse before it gets better," former DHS Secretary Jeh Johnson, who oversaw DHS’s response to Russia’s 2016 election operation, told the New Jersey county officials during a lunchtime speech.
More than a dozen states have held election hacking war games for county officials during the past two years — many of them with help from the Department of Homeland Security. But the vast majority of those exercises have been done behind closed doors.
During the New Jersey exercise, county election officials had five minutes to game out a response plan to each hypothetical attack — typically getting their ideas by flipping through thick binders where they keep plans for all kinds of contingency scenarios.
Every time a county didn’t come up with a plan within the five-minute limit – or came up with a bad plan — a facilitator made a note in the county’s evaluation. In the coming months, state election officials will be poring over those evaluations and working one-on-one with county officials to fix everything they did wrong, officials said.
In some cases, county officials told me they’d already worked out detailed responses to numerous types of cyberattacks. In other cases, the counties were only beginning to game-plan out how they might respond to digital attacks.
Counties have trained for years to keep elections running despite physical disasters such as hurricanes and disease outbreaks, but they’ve been on a crash course learning about responding to cyberattacks since the 2016 election, Robert Giles, director of the New Jersey Division of Elections, told me.
“We've evolved so much since 2016 and I think the counties have a good handle on it now,” Giles told me. “The point of this exercise is to get them to think about all the potential things that could happen … Doing their due diligence and having a plan in place so they can be responsive.”
The exercises also give DHS a better idea of where the agency can offer more help to local election officials, Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency, told reporters on the sidelines of the exercise. Krebs’s agency has been racing across the nation to do cybersecurity testing and training for state and local election officials since soon after Russia’s hacking and influence operation undermined the 2016 contest.
“It’s about both knowing what to do on a bad day but also issue spotting beforehand so we can minimize the chances of those things happening,” he said.

A Justice Department sign. (Patrick Semansky/AP)
PINGED:
Authorities arrested 281 fraudsters worldwide yesterday as part of an
effort to disrupt a growing number of scams designed to dupe businesses
and individuals into sending wire transfers for fraudulent reasons, the
Justice Department announced in a news release. Dubbed
“Operation reWired,” the effort took place over four months and included
74 arrests in the United States plus 169 in Nigeria and others in
Kenya, Turkey, France and elsewhere.
The IRS, which
assisted in the investigation, found that conspirators stole more than
250,000 identities and filed more than 10,000 fraudulent tax returns to
collect nearly $100 million in refunds. Authorities seized nearly $3.7
million in total.
In “business email compromise”
schemes, criminals impersonate a company’s employees over email to
convince other employees to wire them money. The scams can also take on a
number of other forms including fraudulent rentals or vehicle sales.

President Trump listens to national security adviser John Bolton. (Leah Millis/Reuters)
PATCHED: President Trump’s firing of national security adviser John Bolton on Tuesday removes one of the administration’s most significant architects of cybersecurity policy.
During his tenure, Bolton pushed a new, offensive cybersecurity strategy aimed at ratcheting up pain for U.S. cyber adversaries that included retaliatory cyberattacks against Russia and Iran.
Bolton was also responsible for eliminating a key White House cybersecurity coordinator position — which drew harsh criticism
from cyber pros who said it would make it far tougher for the
government to make key cybersecurity policy decisions. It's not clear
how any of those policies will play out under Bolton's sucessor.
Here’s a take from Politico’s Eric Geller:
Bolton's cyber legacy:— Eric Geller (@ericgeller) September 10, 2019
1️⃣ Eliminating WH cyber coordinator job
2️⃣ Downgrading homeland security adviser
3️⃣ Pushing for more aggressive operations to deter & punish
He was especially in sync with other officials on 3️⃣ (see NSPM 13 & CyberCom's "persistent engagement" strategy).

The Iowa state flag. (Charlie Neibergall/AP)
PWNED: State election officials are pushing back against a report released by cybersecurity company NormsShield yesterday dinging a number of unnamed state election offices for leaving their systems vulnerable to digital attacks.
Vermont
Secretary of State Jim Condos pointed to a number of possible
discrepancies in the report, including that email accounts that
NormShield said were breached did not belong to the office's domain. "At
best it appears to be reflective of the State of [Vermont] IT systems —
not the Secretary of State’s office,” Condos said. “We operate on our
systems separate from the state.”
Iowa's Secretary of State Paul Pate said his office stopped using the domain NormShield scanned (state.ia.us) years ago.
“You
would think a firm that claims expertise in cybersecurity could do a
simple Google search to find the correct address of a state website,”
Pate said.
NormShield's chief security officer, Bob
Maley, shot back that his company also scanned the Iowa Secretary of
State’s current domain for cybersecurity weaknesses and “found very
little difference.” The erroneous domain came from a list maintained by
the National Association of State Election Directors, he said.
PUBLIC KEY
— Cybersecurity news from the public sector:
President
Trump on Tuesday issued a notice extending a national emergency
declaration over foreign interference in U.S. elections.
The Hill
The Hill
CEOs who signed: Amazon, AT&T, Dell, IBM, SAP, Salesforce, Visa, Mastercard, and JP Morgan Chase.
ZDNet
ZDNet
State
officials said the theft occurred after an employee’s email account was
compromised, but that all payments to beneficiaries will go out on
time.
StateScoop
StateScoop
— Cybersecurity news from the private sector:
The
U.S. has yet to green-light any sales to Huawei Technologies,
frustrating chip makers more than two months after President Trump
agreed to ease export restrictions on the Chinese telecom giant.
Wall Street Journal
Wall Street Journal
As
more and more devices get connected to the Internet of Things,
researchers say compromising pumps has become a hot topic on cyber
criminal forums.
ZDNet
ZDNet
Online
retailer CafePress sent a letter to customers this week informing them
that their personal information, including Social Security numbers, was
breached.
Fast Company
Fast Company
— Cybersecurity news from abroad:
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.