Anomali CEO Hugh Njemanze and Dark Reading discuss the importance of sharing threat intelligence across the country’s highly decentralized voting systems to safeguard the integrity of upcoming elections.
Learn more about how to defend election security systems by downloading Anomali’s whitepaper, Cybersecurity Challenges for State and Local Governments. Join the community by downloading your free STIX/TAXII solution today.View Transcript
Hi, this is Lenny Liebmann of Dark Reading, and I'm speaking with Anomali CEO, Hugh Njemanze.
Hugh, it's great to see you.
It's great to see you, Lenny.
So first question I want to ask has to do with election security.
Are we any safer in November of 2018 than we were in 2016?
I would say we are more secure.
I would not say we are completely secure, and we may never be.
However, some clear signs that we are getting more secure-- organizations are starting to get better about sharing information with each other, both about potential threats that they can see and also about actual attacks that are being observed.
That's on the one hand.
On the other hand, the election services and infrastructure themselves are being taken very seriously.
And at the national level, this has now become designated as a part of critical infrastructure.
Tell me specifically, what does that technical designation of critical infrastructure mean?
Well, it came about after 9/11 as part of the Patriot Act.
And basically, it's about the concept that certain things-- resources-- are vital to the safety of the nation when under attack.
And that could include things like the electrical grid.
It could include production and delivery of food and water.
It could include health care systems and services, and also emergency services.
So basically, the idea is there are 16 different categories like that that are designated as critical infrastructure.
And now, election services are a subsection of government facilities service area for critical infrastructure.
OK, so that sounds good, but I still have to come back to the question.
Are we safer now than we were before?
We definitely are safer.
That doesn't mean we're all the way safe.
No matter how much you do to defend the infrastructure itself, in the case of elections there's always going to be incentives to undermine elections.
And there have been since long before electricity.
But also, if you can't attack the system itself, you can still attack the voters by changing their opinions, via social engineering, and we saw some of that in the last election with social network attacks.
And so we've learned some lessons from before, but there's always new exploits, new attacks, new vectors, right?
So we're exposed to that.
And so one of the benefits of having this designation is you have access to a lot more information that could come from government agencies, like the Department of Homeland Security, DHS.
And also, it empowers the election infrastructure organizations to protect certain information about both security approaches and also maybe vulnerabilities that haven't been addressed yet from being revealed through things like Freedom of Information Act.
So this is interesting.
So you really put an emphasis on sharing information across these organizations that manage these elections, which are very disparate and distributed.
Because while it's true that the election infrastructure is very, very distributed, decentralized, which is an advantage because you can't subvert the whole thing by attacking one piece of it.
But the flip side of that is there's lots and lots of different systems of different vintage.
Some of them are obsolete.
There's lots of small organizations that are not very strongly staffed.
And so the more we can get them to share information with each other, they can feed off of each other's strengths and then it's like attacking a large organization, rather than attacking the small office that might be susceptible.
And Anomali is specifically engaged in facilitating this kind of information sharing?
Very much so.
This is a key interest for Anomali.
And we've invested in threat-sharing standards, such as STIX and TAXII.
We've created a tool called STAXX that we disseminate for free that allows organizations to share information that is encoded using these standards at no cost.
We've funded research on election security.
We've made that available in the form of blogs, white papers, and other research materials.
We've even sent a representative to the Capitol to promote information sharing amongst different organizations.
And if somebody is watching this right now and they're somehow engaged with election security, what would you then suggest as kind of a first step to engage?
I would say they should engage with their related ISIG, which is information security infrastructure group.
And also, they should visit the Anomali website.
We have links and pointers to various resources, and we're here to help.
Thanks so much for sharing that with us.
It's a pleasure.
Thank you for watching.
Again, Lenny Liebmann of Dark Reading.
We've been speaking to Anomali CEO, Hugh Njemanze.
Thanks for watching.