---

@ogormrob wrote:

 

Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?

 

---

I love NIST and they are actually doing great work in moving us towards a more secure future with post-quantum cryptography standardization, but that can't be done "fast". It is a least a couple of more years away. Have they had success in seeing adoption of their Cybersecurity Framework? Patchy at best would be the way to describe it. If DHS had actually stepped up to the plate and provided industry with incentives then it would have been great. I hope they keep trying.

---

@ogormrob wrote:

I have been in the security business for about 10 years but I am appalled when both sides of the aisle say we have problems with outside countries intervening with our US elections but not one legislator has an idea of what that means exactly and how to fix it. To me it means comprehensive overhaul of government election cyber security defense but is anyone really doing anything about that?

 

No, no one will understand how open we are to direct attack from the outside. I will say that the government is getting it together with Cyber Central agencies and such but are they that committed to dumping money into that rather than the next pork barrel project or border wall project?

Maybe the next project should be finish (fast) what NIST has so diligently put together. However, we need something that is comprehensive, consistent, quickly implemented and reaches all across business and government sectors. But we need it now?

 

We have are heads on a swivel right now with all the democrat vs. republican drivel and I can assure you we are going to get hit hard in the coming years with an APT outside-in cyber attack that will knock our socks off!

 

Where is the concern with that ? To all my colleagues out there assure me otherwise? Let me know that we are preparing our defenses (and offenses) properly to save getting hit by massive breach that will happen when we are consumed with all the other disjointed priorities out there? 

---

Unfortunately, this is not just an issue in the US and until all the governments screw their heads on properly, we are going to be be faced with this type of thing happening.

 

I tend to agree and just waiting for the other shoe to drop......maybe sooner than we think.

 

 

> ogormrob (Viewer) posted a new topic in Tech Talk on 02-06-2020 02:22 PM in the

> I
> have been in the security business for about 10 years but I am appalled when
> both sides of the aisle say we have problems with outside countries intervening
> with our US elections but not one legislator has an idea of what that means
> exactly and how to fix it.

Well, a) yes, very few legislators (actually, very few people at all) understand the
problem and the technical factors that make technology a way to make it worse,
and b) it's a hugely complicated problem.

For one thing, misinformation and disinformation can have a massive impact on
elections, and there are very few technical solutions to those problems.

> To me it means comprehensive overhaul of government
> election cyber security defense but is anyone really doing anything about that?

There are a few issues there: one, you live in the US, and election processes are a
state, rather than federal, responsibility. So you have to convince every single
state to have at the problem. Also, there are some solidly entrenched and vested
interests in *not* having the problem fixed. (Look at the ownership of voting
machine companies in the US some time. It'll scare you silly.)

> I will say that the government is getting it together with Cyber Central
> agencies and such but are they that committed to dumping money into that rather
> than the next pork barrel project or border wall project?

If you offer users security or pork barrel projects, they'll choose pork every time
...

> Maybe the next project
> should be finish (fast) what NIST has so diligently put together. However, we
> need something that is comprehensive, consistent, quickly implemented and
> reaches all across business and government sectors.

Good luck with that.

>   We
> have are heads on a swivel right now with all the democrat vs. republican drivel
> and I can assure you we are going to get hit hard in the coming years with an
> APT outside-in cyber attack that will knock our socks off!

Oh, you don't need anything that sophisticated. Just mess with people's
perceptions of the reliability of the election. A small group of people just created
absolute havoc with the Iowa situation, simply by calling the support lines so that
people with legitimate problems couldn't get through.

>   Where is the
> concern with that ? To all my colleagues out there assure me otherwise?

I give you no assurance. The situation is worse than you think.

> Let me
> know that we are preparing our defenses (and offenses) properly to save getting
> hit by massive breach that will happen when we are consumed with all the other
> disjointed priorities out there? 

Here's some further reading:
http://catless.ncl.ac.uk/Risks/search?query=voting

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Ambivalent? Well, yes and no.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB