Cyber attacks on Democratic processes

Slides:

Advertisements

Similar presentations

Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.

Advertisements

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Threats to I.T Internet security By Cameron Mundy.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

SEC835 Database and Web application security Information Security Architecture.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Information Security Issues at Casinos and eGaming

IT Security for Users By Matthew Moody.

BUSINESS B1 Information Security.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

IT security By Tilly Gerlack.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA

Security considerations for mobile devices in GoRTT

UOCAVA Report Overview and Status July 2008 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

In the Crossfire International Cooperation and Computer Crime Stewart Baker.

Chap1: Is there a Security Problem in Computing?.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

KASPERSKY INTERNET SECURITY multi-device  Average number of devices in households: 4.5  Consumer device diversity will continue to expand.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,

Security and resilience for Smart Hospitals Key findings

Defining your requirements for a successful security (and compliance

Cyber Security Zafar Sadik

Cybersecurity - What’s Next? June 2017

Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

Security Standard: “reasonable security”

Information Security.

Systems Security Keywords Protecting Systems

Contact Norton Support Canada for Firewall Issues.

Putting It All Together

Putting It All Together

That could never happen to me! Think again.

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.

Joe, Larry, Josh, Susan, Mary, & Ken

Cyber Security coordination in Europe CERT-EU’s perspective

A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.

Today’s Risk. Today’s Solutions. Cyber security and

Add your services to Microsoft 365 Business

Call AVG Antivirus Support | Fix Your PC

 Security is a must today. If your device is not secure with updated antivirus then it is surely vulnerable to the attacks of dangerous viruses, spyware.

I have many checklists: how do I get started with cyber security?

By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union

Risk of the Internet At Home

Social Engineering No class today! Dr. X.

Auburn Information Technology

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

The usage of ICT in the election process in Bulgaria

National Cyber Security

Chapter 4: Protecting the Organization

Keeping your data, money & reputation safe

Top Ten Cyber Security Hygiene Tips

How to Mitigate the Consequences What are the Countermeasures?

Cyber Risk & Cyber Insurance - Overview

Cybercrime and Canadian Businesses

Securing free and fair European elections

– Communication Technology in a Changing World

Protect Your Ecommerce Site From Hacking and Fraud

Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.

Security in mobile technologies

Presentation transcript:

Cyber attacks on Democratic processes Dr. Marnix Dekker, ENISA

ENISA, the EU Cybersecurity agency CAPACITY Hands on activities POLICY Support MS & COM in Policy implementation Harmonisation across EU Mobilizing EU communities COMMUNITY EXPERTISE Recommendations Independent Advice

Security of Network and Information systems Many ‘unfair’ actions can influence an election or a referendum. Vote buying, fake news, false promises, etc. Cybersecurity experts have a limited focus Cybersecurity experts can help to secure IT systems Practical scope definition: If it started with a ‘cyber security incident’ and could impact an election or referendum Actual outcome, Voter privacy, Verifiability, transparency The trust in the process and the outcome Cyber security incident: Incident with a (negative) impact on the security of a network or information system. Not only attacks: Bug causing downtime of voting systems. Not only central systems: Personal email account of politician is hacked. Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

Brief history of cyber security In the 90s and 2000s security was largely a compliance exercise Fire-and-forget viruses and computer worms Security was compliance checklists focussed on prevention Antivirus software Firewalls Passwords Logging, monitoring, detection and response in name only Since 2010 the game changed: ‘Advanced persistent threats’ (evading antivirus software, stealthy) Very hard to detect (keep looking) Still a lot of ‘vintage’ PCs and software (from the 90s) Lots of ‘vintage’ security advice Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

Technology in the election lifecycle Setup of the referendum or election Electoral roll (sponsors/signatures) Voter lists and voter registration Campaigning Campaign organizations, political parties, government Media (traditional media, social media) Voting Casting ballot (e.g. physical, mail, online) Counting (e.g. physical, automated) Transmission and publication of results (e.g. phone, electronic) Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

Cyber attacks on democratic processes Step Assets Attacks 1. Setup Electoral roll Tampering with the electoral roll DoS party/campaign registration Fake signatures Voter lists Leak voter lists Identity fraud DoS voter registration 2. Campaign Campaign IT Hacking PCs or email accounts Hacking campaign websites (deface, DDoS) Government IT Hacking government PCs Hacking government websites 3. Voting Election technology Tampering or DoS of voting/counting Tampering with logs/journals Blocking monitoring (jamming surveillance cameras) DoS counting or results publication Breaching voter privacy Media/press Hacking, DoS, defacement Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

Securing election technology for EMBs You are on your own: this is not normal (no market, strange tech, high stakes) IT Security: Preventive measures and reactive measures Prevention is very important, but expect it to fail. Preventive measures Industry good practices, cyber hygiene and then some more. Audit individual systems (penetration testing, code auditing, load testing) Audit also the general organization and the IT suppliers Reactive measures (last line of defence) Monitor, detect, respond (round the clock during the elections). Anomaly detection (statistics?). Know how to get help from a CERT or CSIRT. Playbooks for all scenarios, failover plans, backup plans. Prepare communication with public and press. Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

IT managed by others EMB knows what is at stake but does not control all IT systems Government IT is a target also (but usually well-managed, secured) Easy target is the IT outside government/EMB, used by politicians, campaigns, parties. Awareness raising about cyber attacks User-friendly devices (smartphones and tablets, secure out of the box) IT of family and friends Phishing emails (with links or malware) Get DDoS protection for the websites (https://projectshield.withgoogle.com/) Secure social media accounts Make sure they can reach a CERT for support (https://www.accessnow.org/) Trust is an issue. EMB can act as a neutral intermediary Don’t expect political parties to openly discuss their security issues. Maybe proactively audit everyone Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

Thank you