US Voting Systems Deemed Critical Infrastructure

The Department of Homeland Security has designated the U.S. voting infrastructure, including voting machines and registration databases, as critical infrastructure.
On Friday, Secretary Jeh Johnson elevated the voting infrastructure to a critical infrastructure subsector under the existing Government Facilities sector; there are 16 existing sectors and 20 subsectors.
作为供应商,要为客户的数据安全着想,保护客户的机密数据是不仅是对客户的服务承诺一部分,更是信息安全时代最基本的商业准则。

Related Posts
The announcement came on the same day the intelligence community released a declassified document that it says links the Russian government to hacking and other interference in the recent U.S. presidential election.
While the voting infrastructure was not tampered with, the intelligence community said that the DNC hacks and attacks against an email account belonging to former Clinton campaign chair John Podesta were attempts by the highest levels of the Russian government to sway favor away from Hillary Clinton and toward President-Elect Donald Trump, allegedly the preferred candidate of the Russian government.
The designation of the voting infrastructure as critical infrastructure means that entities such as polling places, centralized vote tabulations, storage facilities, and technology systems used to manage the election process would prioritized for assistance from DHS related to cyber.
“Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law,” Johnson said.
Johnson said that in consulting with state and local election officials, some opposed the designation, fearing federal regulation or oversight of elections.
“This designation does nothing to change the role state and local governments have in administering and running elections,” Johnson said. “The designation of election infrastructure as critical infrastructure subsector does mean that election infrastructure becomes a priority within the National Infrastructure Protection Plan. It also enables this Department to prioritize our cybersecurity assistance to state and local election officials, but only for those who request it.”
Johnson pointed out that election systems will have improved access to incident response, and classified and unclassified data available to other critical infrastructure operators.
“Election infrastructure is vital to our national interests, and cyber attacks on this country are becoming more sophisticated, and bad cyber actors – ranging from nation states, cyber criminals and hacktivists – are becoming more sophisticated and dangerous,” Johnson said.
The intelligence community report—the public version—is a bit underwhelming, holding back the sources and extent of evidence it says links the Russians to interference with the U.S. election. The intelligence community, which met with Trump on Friday after testifying before a Senate Arms Committee hearing on Thursday, provided a classified version of the document to Congress.
“There’s no reason why the government can’t quickly reveal evidence about cyber espionage efforts that can help potential victims defend themselves,” said Ron Deibert, Director of the Citizen Lab, a research outfit at the Munk School of Global Affairs at the University of Toronto, that has done extensive work uncovering the surveillance and monitoring activities of oppressive regimes. Deibert wrote an article for JustSecurity.org in which he provided the example of last summer’s disclosure and patching of iOS zero days developed and sold by Israel’s NSO Group all within a two-week span. From the article:
“From the time we were shared the initial malicious SMS messages contained in the iPhone (August 11th, 2016) to the time our report was released (August 25th), only 14 days elapsed. In that time, we made a responsible disclosure to Apple, who issued critical security patches for iOS, OSX, and Safari for hundreds of millions of Apple users. I am proud to say our report is extremely detailed in both means and methods, and includes detailed and useful indicators of compromise for all to review. All of this was accomplished by only two Citizen Lab researchers who enlisted a small group of people from the security company, Lookout Inc, to help with technical analysis on the zero day and implant.
This all took place in just two weeks.
The U.S. defense and intelligence community, including their private sector partners, by contrast, has thousands of staff, billions of dollars in resources, the most advanced capabilities, and many months of time.
“Rushed” is no excuse for shoddy work. No, the real reason lies elsewhere — in the inability of the government and the private sector to produce unvarnished evidence to inform the public about what they fully know. And that’s the problem.”
移动支付中间人攻击防范
硬件防火墙比软件防火墙更安全争执显得再无意义,防火墙都是运行在硬件上的网络软件应用程序。

猜您喜欢

未来的企业安全重点在大数据分析
网络安全公益短片社交网络安全基础
移动支付安全中间人攻击防范
福特途睿欧上市 售价17.69万元起
DONANDROID EVOLUTIONDOGWASH
互联网金融“宝宝们”的信息安全敌手并非黑客