I have been in the security business for about 10 years but I am appalled when both sides of the aisle say we have problems with outside countries intervening with our US elections but not one legislator has an idea of what that means exactly and how to fix it. To me it means comprehensive overhaul of government election cyber security defense but is anyone really doing anything about that?
No, no one will understand how open we are to direct attack from the outside. I will say that the government is getting it together with Cyber Central agencies and such but are they that committed to dumping money into that rather than the next pork barrel project or border wall project?
Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?
We have are heads on a swivel right now with all the democrat vs. republican drivel and I can assure you we are going to get hit hard in the coming years with an APT outside-in cyber attack that will knock our socks off!
Where is the concern with that ? To all my colleagues out there assure me otherwise? Let me know that we are preparing our defenses (and offenses) properly to save getting hit by massive breach that will happen when we are consumed with all the other disjointed priorities out there?
@ogormrob wrote:
Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?
I love NIST and they are actually doing great work in moving us towards a more secure future with post-quantum cryptography standardization, but that can't be done "fast". It is a least a couple of more years away. Have they had success in seeing adoption of their Cybersecurity Framework? Patchy at best would be the way to describe it. If DHS had actually stepped up to the plate and provided industry with incentives then it would have been great. I hope they keep trying.
@ogormrob wrote:I have been in the security business for about 10 years but I am appalled when both sides of the aisle say we have problems with outside countries intervening with our US elections but not one legislator has an idea of what that means exactly and how to fix it. To me it means comprehensive overhaul of government election cyber security defense but is anyone really doing anything about that?
No, no one will understand how open we are to direct attack from the outside. I will say that the government is getting it together with Cyber Central agencies and such but are they that committed to dumping money into that rather than the next pork barrel project or border wall project?
Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?
We have are heads on a swivel right now with all the democrat vs. republican drivel and I can assure you we are going to get hit hard in the coming years with an APT outside-in cyber attack that will knock our socks off!
Where is the concern with that ? To all my colleagues out there assure me otherwise? Let me know that we are preparing our defenses (and offenses) properly to save getting hit by massive breach that will happen when we are consumed with all the other disjointed priorities out there?
Unfortunately, this is not just an issue in the US and until all the governments screw their heads on properly, we are going to be be faced with this type of thing happening.
I tend to agree and just waiting for the other shoe to drop......maybe sooner than we think.
@dcontesti wrote:
@ogormrob wrote:... not one legislator has an idea of what that means exactly and how to fix it [election security].
Unfortunately, this is not just an issue in the US and until all the governments screw their heads on properly, we are going to be be faced with this type of thing happening.
This goes beyond election security specifically to the intersection of the public interest and cybersecurity. Security commentator Bruce Schneier has begun to promote what he calls "public-interest technologists", people who stand at that intersection and can speak to members of both communities. See his collection of thoughts and resources at https://public-interest-tech.com/.
Mike
How many governments around the world actually get it? After 20 years in government, they are driven by different motives, politics and budget cutting. If the funds are not there today, they will be available when something goes wrong overnight to avoid embarrassment.
Regards
Caute_cautim
From my experience of the public sector, the people who suffer due to the large lagging behind is in fact the taxpayer. This is a perennial issue, worldwide, which needs to be solved - they need to be fully accountable.
Regards
Caute_cautim