In response to statements by John Ratcliffe, the Director of National Intelligence, and Christopher A. Wray, the F.B.I. Director, that Iran and Russia have both obtained American voter registration data and are attempting to influence the presidential election, an expert with cybersecurity strategy offers perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
We need to remember that the real danger in election tampering up to this point has arisen from misinformation. It’s the number one threat, not actual hacking into election systems. Misinformation campaigns have as we’ve seen interfered with elections – as CISO Chris Krebs said at the recent Hack at the Harbor Conference. That said, state, local and tribal jurisdictions are often running older information technology systems and too many are even running systems that have been designated as at end-of-life – no further cybersecurity patches are being issued.
Among the most important things that state, local and tribal representatives can do are invest in their IT and cybersecurity and IT infrastructures, and also invest in their security teams. In the government sector in particular, we still see a lot of out of date systems – especially across the city, county and state information systems.
Just this week, the NSA advised public and private enterprise organizations to patch 25 vulnerabilities – an explicit warning about patching vulnerabilities that have been known and for which patches have long been available. It’s not that state and local governments are not committed to security, it’s that they may not have the resources readily available to deploy the patches and they just don’t know the downside implications of this failure. Otherwise they’d free up the resources and get the job done.
Most public and private organizations need to invest far more in security and in their teams. Because the reality is that if public services have been hobbled by ransomware, enabled by out of date systems and unaddressed patches, the public sector can’t provide us with the services we as citizens need. It’s time to elevate this as a budget priority.
Additionally, it’s disappointing that when the US Government makes statements about Iran, they do not also include cautionary statements to avoid inflaming tensions that may be misdirected at the more that 2 million Americans of Iranian descent who also happen to be US voters. Especially at this time of heightened civil concerns around the election, this may be worth considering and incorporating into future alerts to reduce the hate crimes that have been occurring against Americans of Iranian descent.
It’s also worth remembering that Iran’s people have dealt with deprivation as a result of sanctions against them, and while the Administration didn’t sanction humanitarian aid such healthcare aid, the current sanctions prevent many international banks and countries from deeper involvement in expeditious processing of relief.