The presidential election in the United States is heating up, as the first debate of election season took place on Tuesday night. This event, along with the first wave of mail-in ballots that are scheduled to go out in the coming weeks, signal that we are truly in the middle of the madness. November 3rd may still be a ways out, but the election has taken over conversations across the country and the globe. This madness extends into election security, which is hard enough to preserve in any election year, let alone 2020.
The election, and more specifically, election security is the topic of discussion for this week’s installment of Byte Sized News. We’ve got stories on everything election-related in the world of cybersecurity, ranging from 2020 election data breaches to a Vladimir Putin “cyber truce” troll sent to the US.
As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on the most compelling developments in the field.
Our first story from the week comes from Cyber Scoop and discusses Vladimir Putin, the president of Russia. Putin put out a statement earlier this week that many believe was intended to “troll” the United States regarding Russia’s tampering in the 2016 presidential election. While the statement Putin put out doesn’t explicitly say the phase “cyber truce,” the statement called for a “a comprehensive program of practical measures to reboot our relations in the field of security in the use of information and communication technologies (ICTs).” While the rest of Putin’s statement remains vague and broad, the relationship between the US and Russia in the world of cybersecurity is a hot button one. Putin made no specific mention of Russia’s well-documented misdeeds in the world of cyberspace, nor did he make any accusations about what the United States has done to respond to these misdeeds. While some have seen this message and called for the United States to formally make peace with Russia in the cyber realm (that is, if Putin was actually being serious), many wonder if a deal like this is even possible in practice.
Our next story from the week comes from InfoSecurity Magazine and directly relates to Tuesday’s presidential debate. Twitter has allegedly banned over 100 Twitter accounts that were focused on disrupting online chatter regarding the presidential debate. Twitter claims that it was tipped off to these accounts by the FBI, and once they were aware, acted quickly to defuse the problem. Twitter made an official statement about its action: “We identified these accounts quickly, removed them from Twitter, and shared full details with our peers, as standard. They had very low engagement and did not make an impact on the public conversation. Our capacity and speed continue to grow, and we’ll remain vigilant.” This statement continued by affirming “As standard, the accounts and their content will be published in full once our investigation is complete. We’re providing this notice to keep people updated in real time about our actions. We wish to thank the FBI for their assistance.” This situation isn’t the first time that Twitter has had to step in to suspend mass-coordinated activities from Iran, as they previously banned 5000 state-backed accounts in June of last year.
Moving on, our next article from this election-focused week comes from The Hill. This article focuses on a group of more than a dozen privacy and civil rights groups that have demanded that Amazon discloses information about election-specific data breaches. These groups, which include Color of Change and Demand Progress, cited past data released by Reuters that involved voter data (which was hosted on Amazon’s servers) being left online. This situation was seen as disheartening by the group, who cited that at least one of Amazon’s election services will be used in over 40 states in this year’s election. “Amazon’s election services – including running election websites, storing voter registration information and ballot data, and helping to provide live results on election night – concentrate private voter data and history in a single centralized system,” the groups said in a collective statement directed toward Amazon CEO Jeff Bezos. “A single breach could have catastrophic consequences for election integrity in dozens of states.”
Our second-to-last article from the week comes from Homeland Security Today and details an alliance that’s aimed to inform US voters. University of Southern California (USC) has allied with Google, elected officials, and nonprofit leaders on a mission to inform voters on some of the most important information regarding the upcoming election. This information includes where, when, and how to vote in the 2020 election, which is now just six weeks away. The alliance, called The Voter Communication Task Force, supported by USC Annenberg Center on Communication Leadership & Policy, is a nonpartisan initiative with a narrow focus: to identify and help others implement the best ways to communicate reliable election information to already-registered voters. The Task Force has impressive backing: it is led by former state Govs. Jack Markell (D-Del.) and Brian Sandoval (R-Nev.). The Voter Communications Task Force also includes Google Vice President Vint Cerf, widely known as “the father of the Internet”; New Mexico Secretary of State Maggie Toulouse Oliver, who also is president of the National Association of Secretaries of State (NASS); Nancy Gibbs, director of Harvard’s Shorenstein Center and former editor-in-chief of TIME; and Reta Jo Lewis, director of congressional affairs for the German Marshall Fund and former special representative for Global Intergovernmental Affairs for the U.S. State Department.
Our last story from the week comes from State Scoop and details a new vulnerability disclosure program launched by the state of Iowa. Iowa Secretary of State Paul Pate announced the new program, which allows outside security experts to find and patch weaknesses in its websites, including those related to elections. Iowa’s program is patterned after Ohio’s vulnerability disclosure program, which focuses on giving legal protection to researchers hunting for bugs that could leave its networks susceptible to attacks if unaddressed. Iowa is working on the program with the company Bugcrowd, an ethical-hacking firm that crowdsources cybersecurity professionals to look for flaws in its clients’ systems. “We already have a strong infrastructure in place, but election cybersecurity is a race without a finish line,” Pate said in a statement earlier this week. “We are bolstering our cyber maturity by allowing responsible testing and reporting of our systems to the private sector.” This program is the second in what is sure to be a string of many states establishing programs, because, while vulnerability disclosure programs are becoming more common in the corporate world, very few states have actually implemented them.