320 likes | 341 Views
CISA Election SECURITY 101. DHS Color Palette Per OPA RGB Colors. Use Arial Font For All Text. Change Noah Praetz In Slide Master. Election Security Managing Risks & Building Resilience #Protect2020. Noah Praetz Former Director of Elections, Cook County, IL
E N D
CISA Election SECURITY 101 DHS Color Palette Per OPA RGB Colors Use Arial Font For All Text Change Noah Praetz In Slide Master
Election Security Managing Risks & Building Resilience #Protect2020 • Noah Praetz • Former Director of Elections, Cook County, IL • Co-Chair Federal Response Efforts • Senior Election Security Advisor, Cybersecurity & Infrastructure Security Agency (CISA), within DHS • Argonne National Labs & University of Chicago Cyber Policy Institute • Teach Election Law Course at DePaul University College of Law as Adjunct Professor • Advisory Board Member, Cyber Policy Initiative, University of Chicago
Election Security Risks & Resilience #Protect2020 • Election Inflection Points • 2000 & 2016 • Foreign Activities – Hybrid Threats – “Sweeping and systematic” • Information & Infrastructure • Federal, State, Local • Cook & Illinois • “2020 Vision” White paper – Key’s – “Defend, Detect, Recover” • Cyber Navigators
Elections Systems: Designated Critical Infrastructure “Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” 16 Sectors: Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Financial Services; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors, Materials and Waste; Transportation Systems; and Water and Wastewater Systems. • Authorities: Patriot Act, (Sec. 1016(e)); Department of Homeland Security, National Infrastructure Protection Plan (NIPP) 2013: Partnering for Critical Infrastructure Security and Resilience; Presidential Decision Directive 63, 199; Homeland Security Act of 2002, 6 U.S.C. § 131. • See https://www.eac.gov/assets/1/6/starting_point_us_election_systems_as_Critical_Infrastructure.pdf
Elections Systems: Designated Critical Infrastructure The 2017 designation of election infrastructure as critical infrastructure provides a basis for the Department of Homeland Security and other federal agencies to: • Recognize the importance of these systems; • Prioritize services and support to enhancing security for election infrastructure; • Provide the elections community with the opportunity to work with each other, the Federal Government, and through the Coordinating Councils; • Hold anyone who attacks these systems responsible for violating international norms.
Election Infrastructure Subsector Government Coordinating Council Federal, state, and local government partners formed the Election Infrastructure Subsector GCC (EIS-GCC) and met for the first time in Atlanta in October 2017 • The formation of the EIS-GCC was a milestone in multi-level government cooperation that bolstered election infrastructure security and resilience. The EIS-GCC: • Enables partners to leverage information sharing, cybersecurity and physical security products, resources, capabilities, and collective expertise. • Consists of 27 members, 24 of which are state and local election officials. • Is led by a five-member Executive Committee which meets biweekly (DHS/CISA; EAC; a Secretary of State; a state Election Director; and a local Election Director). • Adopted a Subsector Specific Plan in 2018. Subsector priorities for 2019-2020 were approved on February 1, 2019.
Election Infrastructure Subsector Coordinating Council Private sector stakeholders formed the Election Infrastructure Subsector Coordinating Council (EISCC) and met for the first time in February 2018 The EISCC: • Is led by a five-member Executive Committee. • Serves as the primary liaison between the private sector and government on election infrastructure security. • Facilitates information and intelligence sharing. • Coordinates with DHS and the EIS-GCC to develop, recommend, and review subsector-wide plans and procedures. • Established an action plan complete with goals and priorities in February 2019.
Threats to Election Infrastructure Adversaries: • Nation-state actors • Non-state actors • Cyber criminals motivated by financial gain Targets: • Voter registration databases • Voting systems • Election reporting systems • Storage facilities and polling places • Public confidence in the integrity of the election • Election officials and their families
Join the Election Infrastructure ISAC The EI-ISAC is a dedicated resource that gathers, analyzes, and shares information on critical infrastructure and facilitates two-way cybersecurity threat information sharing between the public and the private sectors. The EI-ISAC supports the election community through: • 24 x 7 x 365 network monitoring • Election-specific threat intelligence • Threat and vulnerability monitoring • Incident response and remediation • Training sessions and webinars • Promotion of security best practices
Positive Relationships – By the Numbers • EI-ISAC Membership - 1554 • 50 states and 4 territories • 1476 local election offices • 7 associations • 14 election vendors • Albert Sensors - 140 • 47 states and 1 territory • 92 local election offices States with a High Level of Local EI-ISAC Membership
Election Infrastructure Security – Adoption of Services • 43 States have utilized at least one DHS cybersecurity service • 30 States have utilized at least two DHS cybersecurity services • 14 states have utilized three or more DHS cybersecurity services • 6 states have leveraged five or more DHS cybersecurity services Services updated 4/2/2019
Progress in the 2018 Election Cycle New Trainings and Assessments • Driven by feedback from election officials, DHS now offers Remote Penetration Testing as well as “The Election Official as IT Manager” online course. National-level Election Security Tabletop Exercise • In August 2018, DHS hosted a three day tabletop exercise with 44 states, the District of Columbia, and 10 Federal agencies. Classified Briefings • DHS partnered with the Intelligence Community to share classified information on several occasions, pushing more threat information to this subsector than ever before. The most recent classified briefing was in February 2019. Election Day Situation Room • On Election Day, DHS hosted the National Cybersecurity Situational Awareness Room. This online portal for election officials and vendors facilitated rapid information sharing and provided election officials with virtual access to the 24/7 operational watch floor of the NCCIC. Establishment of the EI-ISAC • In February 2018, the EIS-GCC established the EI-ISAC, which is now the fastest growing ISAC ever. Funding Consideration Document • In May 2018, the EIS-GCC released a guidance document with potential short- and long-term funding considerations to support elections officials making decisions on how they could use newly available funding to help secure election infrastructure. Communications Protocols • In July 2018, the EIS-GCC issued a set of voluntary Communications Protocols to improve the efficiency and effectiveness of information sharing between election stakeholders.
DHS Resources for State and Local Election Officials Vulnerability Scanning • A scanning of internet-accessible systems for known vulnerabilities on a continual basis. As potential issues are identified, DHS notifies impacted customers so they may proactively mitigate risks to their systems prior to exploitation. Conducted remotely and fully automated. Remote Penetration Testing • Utilizes a dedicated remote team to assess and identify vulnerabilities and work with customers to eliminate exploitable pathways. The assessment simulates the tactics and techniques of malicious adversaries and tests centralized data repositories, externally accessible assets, and web applications. Phishing Campaign Assessment • Measures the susceptibility of an organization’s staff to social engineering attacks, specifically email phishing attacks. The assessment takes place during a six-week period. An assessment report is provided two weeks after its conclusion. The assessment report provides guidance, measures effectiveness, and justifies resources needed to defend against and increase staff training and awareness of generic phishing and spear-phishing attacks.
Top Recommendations Provided Across All EI Assessments Mitigate Internet Vulnerabilities in a timely manner Recommend that EI Subsector entity managers mitigate all internet-accessible high and critical severity level vulnerabilities within 30 days. Vulnerabilities with lower severity levels should be reviewed and either mitigated, or the associated risk formally accepted, within 60 days. Strengthen Password Policy and Auditing Processes Recommend the use of multi-factor password technology. Entities should perform regular audits of their password policy. Password best practices include ensuring that default passwords are never used in production, that strong passwords are required and used, and that administrators use encrypted password vaults. Implement Network Segmentation Internal network architecture should protect and control access to the entity’s most sensitive systems. Recommend that user workstations should be less trusted and connections to external networks should be isolated, controlled, and monitored. Follow Cybersecurity Best Practices EI Subsector entities should follow established enterprise network best practices for IT infrastructure, including the implementation of a strong patching methodology for operating systems and third-party products. Replace Unmaintainable Equipment All EI Subsector equipment should be maintainable with current security patching. Exceptions should be minimized and isolated.
CISA Election Security 101 Noah Praetz Senior Election Security Advisor Department of Homeland Security noah@praetzconsulting.com
DHS Countering foreign interference overview DHS Color Palette Per OPA RGB Colors Use Arial Font For All Text Change Presenter’s Name In Slide Master
Agenda • What is Foreign Interference • Case Studies • What Can DHS Do?
Goals of Election Interference Source: “Cyber Threats to Canada’s Democratic Process,” Canada Centre for Cyber Security
Spreading Disinfo Before and After Social Media Source: “A View from the Digital Trenches: Lessons from Year One of Hamilton 68,” Bret Schafer, 2018
Case Study: Louisiana Chemical Attack -- Russia Goal: Undetermined. Breadth of techniques used on a limited scale could indicate testing in U.S. • Access to cell phone numbers in local area • Established social media accounts and bots • Developed targeted media and key influencers list • Content developed includes: • Fake surveillance camera footage • Doctored images of flames engulfing plant • Fake YouTube video showing ISIS claiming responsibility • Wikipedia page content • Doctored CNN webpage showing disaster had made national news • Text messages and social media messaging • Text messages to local residents • Hundreds of Twitter accounts posting about “disaster” using hashtag #ColumbianChemicals and doctored images/videos • Tweets targeting reporters at local and national media – New Orleans Times-Picayune, CNN, and NYT • Tweets targeting political commentators Source: “The Agency,” Adrian Chen, New York Times Magazine
Case Study: U.S. Energy Markets -- Russia Goal: Disrupt U.S. energy markets to reduce competition to Russian energy • Developed memes to stoke passions around issue. • Targeted US energy companies, particularly with messaging around profits. • Messaging advocated abandonment of specific fuel sources. • Exaggerated claims of impact of renewable energy sources (e.g. Iowa clean energy effort). • Took both sides of climate change and drilling issues. • RT ran anti-Fracking stories that highlighted environmental and health issues. • Pushed messaging through unwitting US environmental groups and activists. • Pushed people to sign petitions aimed at stopping Dakota Access, Sabal Trail, and Enbridge Line 5 pipelines. • Clear understanding of U.S. and global energy markets. • Knowledge of U.S. energy companies and environmental groups. • Understanding of Dakota Access Pipeline and related controversy. Source: “US House of Representatives Committee on Science, Space and Technology Majority Staff Report on “Russian Attempts to Influence US Domestic Energy Markets by Exploiting Social Media”
Case Study: New Zealand -- China Goal: Promote China friendly policy. • Monitor local Chinese community via community organizations • Monitor ethnic Chinese political figures • Support and monitor Chinese language news and schools • Censor ethnic Chinese discussion of political issues in New Zealand • Work with “patriotic” business people, also known as ‘Red Capitalists’ • Use Chinese Student and Scholar Association to “guide” students and scholars. • Leverage business and economic organizations to influence NZ policy • Encourage political activism in New Zealand • Push messaging through community organizations, such as the “Peaceful Reunification of China Association of New Zealand,” which engages in a range of activities including block-voting and fund raising for ethnic Chinese political candidates • Ethnic Chinese political leaders in New Zealand come under pressure from China to support China’s goals, not many do not get coopted • Leverage former political leaders to push policy, often receiving positions in Chinese businesses • Seek to prevent criticism of China policy from being published in media and academic journals • Organize protests against Chinese critics • Organize meeting of New Zealand politicians and Chinese community issues to discuss issues of importance to China, such as reunification. • Encouraging political donations to major parties, a large number of donors are affiliated with Chinese organizations • Established state agencies focused on managing overseas agenda, to include influence. Integrated approach. • Establish and support community organizations in New Zealand – generally organized along place of origin, professional lines of work, or special interest type groups • Work done through embassies and consulates • Chinese state media. • Content cooperation agreements with local media outlets • Formed China-centered economic and strategic bloc Source: Brady, Anne-Marie, “Magic Weapons: China’s Political Influence Activities Under Xi Jinping,” Wilson Center
DHS Role in Countering Foreign Influence • Build National Resilience to Foreign Influence Operations • Partner engagement • Public awareness and education • Operational Support • Incident Reporting
What Should Owners and Operators Know? • Understand the Risk • Secure Systems • Secure Social Media Accounts • Don’t Amplify Disinformation • Think Before You Link • Know Your Source • Keep Emotions in Check • Positive, Factual Messages Only • Report Incidents • Talk to Employees
CFITF Can Help • Let Us Know What You Need • Products and Briefings • Incident Response Reporting
DHS Countering Foreign Influence Task Force Brian Scully CFITF Director Department of Homeland Security Brian.Scully1@hq.dhs.gov Phone: 202-450-8046
Source: “Russian Attempts to Influence U.S. Domestic Energy Markets by Exploiting Social Media,” House Committee on Science, Space, and Tech, 2018