Tech,Space,Gaming, and Science Fiction News to wet your whistle
Examining Potential Election Vulnerabilities: Are They Avoidable?
In the U.S and global communities, election security is a large concern because so many aspects of it can be insecure and open to attacks that may shift public opinion or be used for personal gain. Not only does the complexity of the U.S. government raise concerns about security, campaigns also have weak points that make it a target for attacks.
Limited IT Resources Put Campaigns and Voters at Risk
Given limited IT budgets, volunteers— who often work directly with voters, sometimes use their own personal devices and applications to communicate with other team members and supporters; they also have access to key private data belonging to candidates and team members. These personal devices are also used to access campaign systems such as the Voter Activation Network (NGP VAN) that include voter information to support operations such as phone banking and door-to-door canvassing. Without proper security controls, these personal devices can be used by adversaries to put both the campaign and voters at risk. Additionally, the threat of fake news has evolved with the advent of deepfake technology, which in recent times has been combined with artificial intelligence (AI), video and audio to create media that appears to be authentic— but is not.
Although security controls such as two-factor authentication (2FA) are helpful, campaigns and voters may still be at risk. Abel Morales, a security engineer at Exabeam, recommends that campaigns use user and entity behavior analysis (UEBA) to detect anomalous authentications. "By monitoring staffers' behaviors and detecting anomalies from their typical workflows, IT would be able to reduce the impact of threats introduced through social engineering, phishing and other malicious techniques." This method also can be used to detect voter anomalies as well.
The continuing threat of ransomware attacks and nation-state attacks
Ransomware attacks on voter databases and systems can facilitate payments in exchange for voter information. Ransomware encrypts data until a ransom is paid and could also be used to manipulate voting results or lock administrators out of critical data during an election therefore compromising voter confidence. Additionally, the increase in nation-state attacks are another major concern. Some officials believe that foreign influence on our elections will more likely come through social media to shape public opinion towards whatever direction serves their specific goals. In particular, the FBI is worried that Russia will use social media to cause further division between the political parties or hack campaign websites to spread misinformation.
Does the government's structure make election security more difficult?.
The intricacies of the U.S. voting system also affect the security of elections because state and local governments are not forced to use the federal government's testing standards. State and local governments have the option to adopt these security standards, use their own, or a hybrid. Also, testing for state and local governments can be completed by private companies or local universities, as there is no single federal test certification program. This deviation from the federal standard is also seen in the lack of mandatory audits to verify the integrity of the machines and testing procedures, and the management of the voter registration database system which contains voter records. Many of these database systems are outdated and ill-equipped to handle today's cybersecurity threats, making it easier for adversaries to delete or add voters. Although these differences can be detrimental to the security of elections, they make it difficult for attackers to launch a large-scale, coordinated attack.
The makeup of the voting machine market is a huge risk
Three companies make up more than 90 percent of the voting machine market, suggesting that a compromise of just one of these three companies could have a significant impact on any election. Manipulation is not a formidable task given many of these machines are running outdated software with existing vulnerabilities. Some machines are still running Windows software that Microsoft no longer supports. With the support of federal funding, state and local counties have been upgrading their systems. These machines also use a software-only security approach that offers less protection than a combination of software and hardware security and can easily be manipulated.
Internet-connected devices increase risk
Our U.S. voting system is comprised of many different types of devices with varying functions including tallying and reporting votes. Security experts note that web-based systems such as election-reporting websites, candidate websites and voter roll websites are easier to attack compared to a voting machine. Many of these systems are IoT devices that have their own unique security challenges. Often, they are shipped with factory-set, hardcoded passwords; they're unable to be patched or updated; and have outdated protocols and lack encryption. They are also susceptible to botnets that can exploit large numbers of devices in a short period. IoT attacks could also compromise a user's browser to manipulate votes and cut power to polling stations.
Proactive responses to help understaffed election IT teams
To prevent targeted attacks, campaign IT tech teams and staffers are performing training courses to learn how to detect and report suspicious emails. The DNC has created a security checklist for campaigns with recommendations, and the Center for Internet Security has also developed a library of resources to help campaigns including a Handbook for Elections Infrastructure Security. Machine-based learning systems enable limited teams to operate 50 percent more efficiently through automation – which is essential given the scale and number of elections. Security orchestration, automation, and response (SOAR) as part of a modern SIEM can also orchestrate remediation in response to an identified anomaly through playbooks. SOAR automatically identifies and prioritizes cybersecurity risks and responds to low-level security events, which is extremely useful for state and local government agencies that operate with small cybersecurity teams.
Republicans and Democrats unite to offer a helping hand
In late 2019, recognizing the seriousness of election attacks and the lack of security resources, former campaign managers for Hillary Clinton and Mitt Romney launched a non-profit organization, Defending Digital Campaigns (DDC), which offers free to low-cost security technology and services to federal election campaigns. Some experts predict that the 2020 election will be one of the most anticipated digital security events in U.S. history. Given the complexity of the election process and voting system, security automation, behavior analytics and security education can be a part of the solution for managing a secure voting process.
About the author:Tim Matthews brings over 20 years of experience building and running software marketing teams and a focus on the security market. Prior to Exabeam, he was Vice President of Marketing at Imperva, where he led a worldwide marketing team.
NextVR has been partnering with the NBA to livesream games for the last two years , and now it's going to cover the upcoming Finals. After each game, the service will upload free-to-watch highlights in a new high-resolution format to its dedicated NextVR app, which works with most virtual reality headsets. Those with higher-end VR gear like the HTC Vive Pro will be able to fully appreciate the higher-resolution format, according to a press release. The company's partnership with the NBA continues to be the only regular VR sports programming across all mainstream American sports (along with the occasional golf tournament ). via Engadget RSS Feed https://ift.tt/2JmjptE If New feed item from http://www.engadget.com/rss-full.xml , t
ASUS is moving further into the cryptocurrency hardware market with a motherboard that can support up to 20 graphics cards, which are typically used for mining . The H370 Mining Master uses PCIe-over-USB ports for what ASUS says is sturdier, simpler connectivity than other mining-focused motherboards. You can manage each port and graphics card with on-board diagnostics. One feature scans your system when you boot up to determine the status of each port, while there are onboard LEDs that signify a problem with components such as memory or the processor (there's space for an Intel 8th-gen Core CPU ). ASUS has added some other features to optimize mining as well. The H370 Mining Master follows last year's B250 Mining Expert, which had room for 19 CPUs via PCIe ports. ASUS says that board had far more sales than it expected, which prompted the company to keep t
I've been a big fan of Botnik Studios , the comedy group responsible for internet gems like the neural network-generated Coachella lineup poster containing bands like "Billions of Mario." They've been putting out consistently great parodies of Scrubs scripts , ads for beef , and handsome names for boats , each of them made using a predictive text keyboard. I was curious about what exactly this meant and how I, too, could utilize AI to create viral hits, so I called up Botnik Studios CEO and former Clickhole writer Jamie Brew to explain in the video above. Botnik has a browser-based Predictive Writer that you can load up with "voices", hence its name, Voicebox. It works in a similar way to your phone's predictive text, by suggesting a group... Continue reading… via The Verge - Tech Posts https://ift.tt/2LaYqr4