Vital Infrastructure
On this high-stakes 12 months for democracy, the significance of strong election safeguards and nationwide cybersecurity methods can’t be understated
09 Aug 2024
•
,
3 min. learn
The point out of election safety, particularly in a 12 months the place the vast majority of the world is destined to vote, brings to thoughts pictures of a voting machine and even some type of subversion of on-line voting or counting processes. So it was not an enormous shock when the opening keynote of this 12 months’s Black Hat USA convention was titled “Democracy’s Largest 12 months: The Battle for Safe Elections Across the World”.
The aftermath of the CrowdStrike outage
However forward of the convention itself, the cybersecurity ecosystem was rocked by the latest CrowdStrike incident that triggered main world disruption – and a panel of presidency company leaders from across the globe clearly wanted to handle this primary.
One of many panelists, Hans de Vries, COO of the European Union Company for Cybersecurity, supplied an attention-grabbing commentary: “It was an attention-grabbing lesson for the dangerous guys”. This attitude is probably not instantly apparent, because the incident in query was not malicious.
Nevertheless, if a nation-state or a cybercriminal wished a real-world simulation of how a cyberattack may unfold and trigger world disruption, the CrowdStrike incident simply delivered a full proof-of-concept, full with insights into restoration occasions and the way society as an entire handled the injury left within the incident’s wake.
Defending the poll field
Additionally on the stage was Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Safety Company, and Felicity Oswald OBE, CEO of the UK’s Nationwide Cyber Safety Centre, and all three panelists did handle the subject of election safety.
The consensus appeared to recommend that apart from makes an attempt to disrupt elections, corresponding to denial-of-service assaults, the chance to an election end result being manipulated resulting from an assault on the infrastructure know-how was practically non-existent. Processes are in place to make sure every vote, forged on paper or electronically, has quite a few failsafe mechanisms built-in to ensure that it’s counted as meant. That is reassuring information.
The dialogue then shifted to the unfold of misinformation surrounding the election course of. The panel recommended that adversaries aiming to control the end result focus extra on creating the notion that the election course of is damaged, quite than on immediately hacking it. In different phrases, they intention to make voters really feel that their votes should not safe, spending extra effort on sowing concern concerning the course of than on attacking the method itself.
Nationwide cybersecurity frameworks underneath the microscope
Later within the day, one other presentation took on the subject of evaluating nationwide cybersecurity frameworks. Offered by Fred Heiding from Harvard, the analysis examined how completely different governments strategy the safety of their nationwide cybersecurity. The analysis group evaluated 12 international locations utilizing a 67-point rubric, rating them as innovators, leaders or under-performers primarily based on their cybersecurity posture.
The scorecard strategy encompassed a number of attention-grabbing classes, together with defending folks, establishments and programs, constructing partnerships and speaking clear insurance policies. Even the size of every nation’s technique doc had a bearing on the rating, and these diversified broadly, from 133 and 130 pages for Germany and the UK, respectively, down to simply 24 for South Korea, and 39 pages for the USA.
Some international locations, corresponding to Australia and Singapore, stood out as leaders in additional areas of the scorecard than others, both main or assembly the bar throughout all classes. The UK occupied a center floor with six main scores and 4 that met the bar. The USA, in the meantime, had the alternative, with 4 main scores and 6 that met the bar.
Solely two international locations obtained lagging scores in some areas – Germany and Japan. It’s vital to notice that the scorecards introduced solely coated seven of the twelve international locations. Moreover, that is, after all, an educational analysis paper that checked out coverage quite than its execution – some international locations may do an amazing job of drafting methods whereas falling quick in implementation, or vice versa.
As a parting thought, it’s vital that we maintain our governments to account for his or her cybersecurity insurance policies and their preparedness to guard our society and residents.