cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ogormrob
Viewer II

Is it me or is the government not seeing the forest for the trees?

I have been in the security business for about 10 years but I am appalled when both sides of the aisle say we have problems with outside countries intervening with our US elections but not one legislator has an idea of what that means exactly and how to fix it. To me it means comprehensive overhaul of government election cyber security defense but is anyone really doing anything about that?

 

No, no one will understand how open we are to direct attack from the outside. I will say that the government is getting it together with Cyber Central agencies and such but are they that committed to dumping money into that rather than the next pork barrel project or border wall project?

Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?

 

We have are heads on a swivel right now with all the democrat vs. republican drivel and I can assure you we are going to get hit hard in the coming years with an APT outside-in cyber attack that will knock our socks off!

 

Where is the concern with that ? To all my colleagues out there assure me otherwise? Let me know that we are preparing our defenses (and offenses) properly to save getting hit by massive breach that will happen when we are consumed with all the other disjointed priorities out there? 

6 Replies
AppDefects
Community Champion


@ogormrob wrote:

 

Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?

 


I love NIST and they are actually doing great work in moving us towards a more secure future with post-quantum cryptography standardization, but that can't be done "fast". It is a least a couple of more years away. Have they had success in seeing adoption of their Cybersecurity Framework? Patchy at best would be the way to describe it. If DHS had actually stepped up to the plate and provided industry with incentives then it would have been great. I hope they keep trying.

dcontesti
Community Champion


@ogormrob wrote:

I have been in the security business for about 10 years but I am appalled when both sides of the aisle say we have problems with outside countries intervening with our US elections but not one legislator has an idea of what that means exactly and how to fix it. To me it means comprehensive overhaul of government election cyber security defense but is anyone really doing anything about that?

 

No, no one will understand how open we are to direct attack from the outside. I will say that the government is getting it together with Cyber Central agencies and such but are they that committed to dumping money into that rather than the next pork barrel project or border wall project?

Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?

 

We have are heads on a swivel right now with all the democrat vs. republican drivel and I can assure you we are going to get hit hard in the coming years with an APT outside-in cyber attack that will knock our socks off!

 

Where is the concern with that ? To all my colleagues out there assure me otherwise? Let me know that we are preparing our defenses (and offenses) properly to save getting hit by massive breach that will happen when we are consumed with all the other disjointed priorities out there? 


Unfortunately, this is not just an issue in the US and until all the governments screw their heads on properly, we are going to be be faced with this type of thing happening.

 

I tend to agree and just waiting for the other shoe to drop......maybe sooner than we think.

 

 

jmikesmith
Newcomer III


@dcontesti wrote:

@ogormrob wrote:

... not one legislator has an idea of what that means exactly and how to fix it [election security].

 

Unfortunately, this is not just an issue in the US and until all the governments screw their heads on properly, we are going to be be faced with this type of thing happening.

 


This goes beyond election security specifically to the intersection of the public interest and cybersecurity. Security commentator Bruce Schneier has begun to promote what he calls "public-interest technologists", people who stand at that intersection and can speak to members of both communities. See his collection of thoughts and resources at https://public-interest-tech.com/.

 

Mike

rslade
Influencer II

> ogormrob (Viewer) posted a new topic in Tech Talk on 02-06-2020 02:22 PM in the

> I
> have been in the security business for about 10 years but I am appalled when
> both sides of the aisle say we have problems with outside countries intervening
> with our US elections but not one legislator has an idea of what that means
> exactly and how to fix it.

Well, a) yes, very few legislators (actually, very few people at all) understand the
problem and the technical factors that make technology a way to make it worse,
and b) it's a hugely complicated problem.

For one thing, misinformation and disinformation can have a massive impact on
elections, and there are very few technical solutions to those problems.

> To me it means comprehensive overhaul of government
> election cyber security defense but is anyone really doing anything about that?

There are a few issues there: one, you live in the US, and election processes are a
state, rather than federal, responsibility. So you have to convince every single
state to have at the problem. Also, there are some solidly entrenched and vested
interests in *not* having the problem fixed. (Look at the ownership of voting
machine companies in the US some time. It'll scare you silly.)

> I will say that the government is getting it together with Cyber Central
> agencies and such but are they that committed to dumping money into that rather
> than the next pork barrel project or border wall project?

If you offer users security or pork barrel projects, they'll choose pork every time
...

> Maybe the next project
> should be finish (fast) what NIST has so diligently put together. However, we
> need something that is comprehensive, consistent, quickly implemented and
> reaches all across business and government sectors.

Good luck with that.

>   We
> have are heads on a swivel right now with all the democrat vs. republican drivel
> and I can assure you we are going to get hit hard in the coming years with an
> APT outside-in cyber attack that will knock our socks off!

Oh, you don't need anything that sophisticated. Just mess with people's
perceptions of the reliability of the election. A small group of people just created
absolute havoc with the Iowa situation, simply by calling the support lines so that
people with legitimate problems couldn't get through.

>   Where is the
> concern with that ? To all my colleagues out there assure me otherwise?

I give you no assurance. The situation is worse than you think.

> Let me
> know that we are preparing our defenses (and offenses) properly to save getting
> hit by massive breach that will happen when we are consumed with all the other
> disjointed priorities out there? 

Here's some further reading:
http://catless.ncl.ac.uk/Risks/search?query=voting

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Ambivalent? Well, yes and no.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

How many governments around the world actually get it?  After 20 years in government, they are driven by different motives, politics and budget cutting.  If the funds are not there today, they will be available when something goes wrong overnight to avoid embarrassment.  

 

Regards

 

Caute_cautim

Caute_cautim
Community Champion

From my experience of the public sector, the people who suffer due to the large lagging behind is in fact the taxpayer.   This is a perennial issue, worldwide, which needs to be solved - they need to be fully accountable.

 

https://securityintelligence.com/posts/public-sector-security-is-lagging-how-can-states-and-governme...

 

Regards

 

Caute_cautim