1 / 38

Kateri Gill

Kateri Gill. June 13, 2019. Elections Security in a Connected World. State, Local, Tribal, or Territorial Government Entity. How We Got Here. Membership and Albert Overview. 50 State Election Offices. 1690 Local Election Offices (48 states). Membership. 4 Territorial Election Offices.

grow
Download Presentation

Kateri Gill

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kateri Gill June 13, 2019 Elections Security in a Connected World

  2. State, Local, Tribal, or Territorial Government Entity

  3. How We Got Here

  4. Membership and Albert Overview 50 State Election Offices 1690 Local Election Offices (48 states) Membership 4 Territorial Election Offices New Goal: Beat Tennessee 7 Election Official Associations 15 Election Vendors 50 State Election Sensors 24Bottom-Up Local Election Sensors Albert Sensor Coverage 71 State-Funded Local Election Sensors 2 Territorial Election Sensors

  5. How to Get to 100% Garfield County Auditor Yakima County Auditor

  6. About EI-ISAC Membership Free and Voluntary No Mandated Information Sharing Registration is the only requirement! To join or get more information: https://learn.cisecurity.org/ei-isac-registration

  7. Contact Maintenance • Notify EI-ISAC of any changes to contacts in your organization • Include both technical and executive contacts • Reach out if you’d like to adjust what you’re receiving elections@cisecurity.org Level 1 - Public information only Level 2- Public information and EI-ISAC member publications Level 3 - Public information, EI-ISAC member publications and organization specific notifications Level 4- Public information, EI-ISAC member publications, organization specific notifications, and an account on the EI-ISAC community on the HSIN portal *Non-technical information only can be designated for any level of access

  8. An Elections-focused Cyber Defense Suite • 24x7x365 network monitoring • Incident response and forensics • Threat and vulnerability monitoring • Election-specific threat intelligence • Training sessions and webinars • Promote security best practices www.cisecurity.org/ei-isac

  9. 24 x 7 Security Operations Center Central location to report any cybersecurity incident • Support: • Network Monitoring Services • Research and Analysis • Analysis and Monitoring: • Threats • Vulnerabilities • Attacks • Reporting: • Cyber Alerts & Advisories • Web Defacements • Account Compromises • Hacktivist Notifications To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@cisecurity.org

  10. Learning from history Why Are We Doing This?

  11. Why SLTT Governments? Criminals look for data... and governments have a lot of it!

  12. What Happened in 2016? Major Goal of the EI-ISAC is to avoid this • 21 States identified as being targeted • Notification process • State CISOs vs Election Offices • Education and Awareness

  13. Computer Emergency Response Team • Incident Response (includes on-site assistance) • Network & Web Application Vulnerability Assessments • Malware Analysis • Computer & Network Forensics • Log Analysis • Statistical Data Analysis • Penetration Testing To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@cisecurity.org

  14. Common Cyber Threats (by underlying commercial system)

  15. Perception Management TLP: WHITE

  16. What Could Possibly Happen? Glenn Thomas Jacobs (Kane)

  17. Learning from each other Value of Collaboration

  18. Classic Risk Equation

  19. Elections Sector Quarterly Report & Call • Compiles analysis of elections-specific events identified by/reported to EI-ISAC • Provides highlights of EI-ISAC activities

  20. Election Day Situational Awareness Room • Information sharing open to election officials and their designees on primary and election day

  21. Employee Mistakes

  22. Cybersecurity Spotlight • Key Security Terms and Best Practices • What it is • Why does it matter • What you can do • Released on Friday afternoons

  23. Data Breach or Hoax? Voter Records for Sale on RAID Forums October 5, 2018 • Identified by Anomali Labs and Intel 471 • Malicious Actor “Downloading” - voter reg data from 19 states (35 million records) • Pricing: $150-$12,500 • Information typically available by request October 17, 2018 • “Backdoor” claim • Updated data on a weekly basis October 20, 2018 • All 50 voter registration databases • 200 million voter records • $61,000

  24. Elections Weekly News Alert • EI-ISAC analysis to provide key context • General election industry or election security reports • Legislative action on election security issues • Best practice examples from peers in the election community • General technology/cybersecurity stories that may have an election link/impact • Released on Wednesday afternoons

  25. Using what we’ve learned Membership Matters

  26. Monthly Cybersecurity Advisory Summary • Addresses high risk vulnerabilities in common software • Useful for developing a patch management program

  27. Election-specific Cyber Alerts • Short e-mail alerts regarding immediate threats • Targeted at both executive and technical staff • Provides overview of activity and actionable recommendations • Executive Overview • Executive Recommendations • Technical Overview • Technical Recommendations https://www.youtube.com/watch?v=opRMrEfAIiI

  28. Malicious Code Analysis Platform • A web based service that enables members to submit and analyze suspicious files in a controlled and non-public fashion • Executables • DLLs • Documents • Quarantine files • Archives Or we can just analyze suspicious emails for you: submission@malware.cisecurity.org To gain an account contact: soc@msisac.org

  29. Ukraine’s Critical Infrastructure - 2015 Boryspil International Airport – Kiev, Ukraine Power Grid Shut Down 80,000 customers lost power for 6 hours BlackEnergy Malware Attributed to Russia

  30. Nationwide Cyber Security Review To Register: https://www.cisecurity.org/ms-isac/services/ncsr/ Questions? NCSR@cisecurity.org

  31. ISAC Annual Meeting Denver, Colorado Sunday, April 28 – Wednesday, May 1, 2019

  32. Continue Learning What Now?

  33. Third Party Breach Threat

  34. Election Technology Procurements

  35. What’s Next? Continue to build out the Elections-Focused Cyber Defense Suite • Management Tool & Collaborative Forum • Additional vulnerability identification activities • Situation Room Enhancements • Continued Albert Deployments Education and Awareness • Agency leadership roadshow • Blog posts and video series • Continued support for cyber exercises

  36. What’s Next? Continue to Promote Best Practices • Security Self-Assessment Program • Non-voting election technology • Election Technology Supply Chain Guidance • Secure Configurations • Political Campaign Security Supply Chain Guidance

  37. EI-ISAC 24x7 Security Operations Center 1-866-787-4722 SOC@cisecurity.org ELECTIONS@CISECURITY.ORG Kateri Gill Elections Program Manager 518.880.0779 Kateri.gill@cisecurity.org

More Related