/
CISA Election SECURITY 101 CISA Election SECURITY 101

CISA Election SECURITY 101 - PowerPoint Presentation

katrgolden
katrgolden . @katrgolden
Follow
345 views
Uploaded On 2020-08-28

CISA Election SECURITY 101 - PPT Presentation

Change Noah Praetz In Slide Master DHS Color Palette Per OPA RGB Colors Use Arial Font For All Text 2 Noah Praetz Former Director of Elections Cook County IL CoChair Federal Response Efforts ID: 809886

security election infrastructure amp election security amp infrastructure dhs assess information risks resilience state local protect2020 share locals 2018

Share:

Link:

Embed:

Download Presentation from below link

Download The PPT/PDF document "CISA Election SECURITY 101" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Slide2

CISA Election SECURITY 101

Change Noah Praetz

In Slide Master

DHS Color Palette Per OPA RGB Colors

Use Arial Font For All Text

2

Slide3

Noah Praetz

Former Director of Elections, Cook County, IL

Co-Chair Federal Response Efforts

Senior Election Security Advisor, Cybersecurity & Infrastructure Security Agency (CISA), within DHS

Argonne National Labs & University of Chicago Cyber Policy Institute

Teach Election Law Course at DePaul University College of Law as Adjunct Professor

Advisory Board Member, Cyber Policy Initiative, University of Chicago

Election Security

Managing Risks & Building Resilience

#Protect2020

Slide4

Election Inflection Points

2000 & 2016

Foreign Activities – Hybrid Threats – “Sweeping and systematic”

Information & Infrastructure

Federal, State, Local

Cook & Illinois

“2020 Vision” White paper – Key’s – “Defend, Detect, Recover”

Cyber Navigators

Election Security

Risks & Resilience

#Protect2020

Slide5

“Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

16 Sectors: Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Financial Services; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors, Materials and Waste; Transportation Systems; and Water and Wastewater Systems. Authorities: Patriot Act, (Sec. 1016(e)); Department of Homeland Security, National Infrastructure Protection Plan (NIPP) 2013: Partnering for Critical Infrastructure Security and Resilience; Presidential Decision Directive 63, 199; Homeland Security Act of 2002, 6 U.S.C. § 131.See https://www.eac.gov/assets/1/6/starting_point_us_election_systems_as_Critical_Infrastructure.pdfElections Systems: Designated Critical Infrastructure

5

Slide6

The 2017 designation of election infrastructure as critical infrastructure provides a basis for the Department of Homeland Security and other federal agencies to:

Recognize the importance of these systems;Prioritize services and support to enhancing security for election infrastructure;Provide the elections community with the opportunity to work with each other, the Federal Government, and through the Coordinating Councils; Hold anyone who attacks these systems responsible for violating international norms.Elections Systems: Designated Critical Infrastructure

6

Slide7

Federal, state, and local government partners formed the Election Infrastructure Subsector GCC (EIS-GCC) and met for the first time in Atlanta in October 2017

The formation of the EIS-GCC was a milestone in multi-level government cooperation that bolstered election infrastructure security and resilience. The EIS-GCC: Enables partners to leverage information sharing, cybersecurity and physical security products, resources, capabilities, and collective expertise.Consists of 27 members, 24 of which are state and local election officials. Is led by a five-member Executive Committee which meets biweekly (DHS/CISA; EAC; a Secretary of State; a state Election Director; and a local Election Director).Adopted a Subsector Specific Plan in 2018. Subsector priorities for 2019-2020 were approved on February 1, 2019.Election Infrastructure Subsector Government Coordinating Council

7

Slide8

Private sector stakeholders formed the Election Infrastructure Subsector Coordinating Council (EISCC) and met for the first time in February 2018

The EISCC:Is led by a five-member Executive Committee.Serves as the primary liaison between the private sector and government on election infrastructure security. Facilitates information and intelligence sharing. Coordinates with DHS and the EIS-GCC to develop, recommend, and review subsector-wide plans and procedures.Established an action plan complete with goals and priorities in February 2019.Election Infrastructure Subsector Coordinating Council

8

Slide9

Adversaries:

Nation-state actorsNon-state actorsCyber criminals motivated by financial gainTargets:Voter registration databasesVoting systemsElection reporting systemsStorage facilities and polling places Public confidence in the integrity of the electionElection officials and their familiesThreats to Election Infrastructure

9

Slide10

The EI-ISAC is a dedicated resource that gathers, analyzes, and shares information on critical infrastructure and facilitates two-way cybersecurity threat information sharing between the public and the private sectors.

The EI-ISAC supports the election community through: 24 x 7 x 365 network monitoringElection-specific threat intelligenceThreat and vulnerability monitoringIncident response and remediationTraining sessions and webinarsPromotion of security best practicesJoin the Election Infrastructure ISAC

10

Slide11

Positive Relationships – By the Numbers

11EI-ISAC Membership - 155450 states and 4 territories1476 local election offices7 associations

14 election vendors Albert Sensors - 14047 states and 1 territory 92 local election offices

States with a High Level of Local EI-ISAC Membership

Slide12

Election Infrastructure Security – Adoption of Services

43 States have utilized at least one DHS cybersecurity service 30 States have utilized at least two DHS cybersecurity services 14 states have utilized three or more DHS cybersecurity services 6 states have leveraged five or more DHS cybersecurity services 12

SERVICE

Total

Cyber Resilience Review (CRR)

24

External Dependencies Management Assessment

18

Cyber Infrastructure Survey (CIS)

19Cyber Hygiene Scanning (CyHy)

150

Hunt

25

Risk and Vulnerability Assessment (RVA)

40

Remote Penetration Testing (RPT)

25

Phishing Campaign Assessment (PCA)

10

Election-related

Exercises

32

Services updated 4/2/2019

Slide13

Establishment of the EI-ISAC

In February 2018, the EIS-GCC established the EI-ISAC, which is now the fastest growing ISAC ever.Funding Consideration DocumentIn May 2018, the EIS-GCC released a guidance document with potential short- and long-term funding considerations to support elections officials making decisions on how they could use newly available funding to help secure election infrastructure.Communications ProtocolsIn July 2018, the EIS-GCC issued a set of voluntary Communications Protocols to improve the efficiency and effectiveness of information sharing between election stakeholders.Progress in the 2018 Election Cycle

13

New Trainings and Assessments

Driven by feedback from election officials, DHS now offers Remote Penetration Testing as well as “The Election Official as IT Manager” online course. National-level Election Security Tabletop ExerciseIn August 2018, DHS hosted a three day tabletop exercise with 44 states, the District of Columbia, and 10 Federal agencies.Classified BriefingsDHS partnered with the Intelligence Community to share classified information on several occasions, pushing more threat information to this subsector than ever before. The most recent classified briefing was in February 2019.Election Day Situation RoomOn Election Day, DHS hosted the National Cybersecurity Situational Awareness Room. This online portal for election officials and vendors facilitated rapid information sharing and provided election officials with virtual access to the 24/7 operational watch floor of the NCCIC.

Slide14

The Cybersecurity and Infrastructure Security Agency (CISA), part of DHS, is working with EAC, NASS, NASED, Election Center, iGO, and others, to support with preparation for the 2020 presidential election year.

DHS Election Security Mission: To support the election community with information and resources necessary to secure the infrastructure and America’s confidence in it.

We focus on three broad issue areas that need addressing in face of hybrid efforts from adversaries.

1

Provide election officials with risk information & services to aid risk management decisions.

2

Provide the public and election partners with information to help counter foreign influence.

3

Provide political parties with risk information & services to aid risk management.

Election Security

Risks & Resilience

#Protect2020

Slide15

DHS’s priorities are bucketed into six main categories and they align with those of the GCC:

P1: Increase local support and engagement

P2: Increase awareness about risks associated with failing to invest in elections

P3: Continue difficult risk conversations

P4: Enhance and expand communications

P5: Promote risk management practices for political parties and campaigns

P6: Further the discussion around recognizing and countering foreign influence efforts

Election Security

Risks & Risilience

#Protect2020

Slide16

For our election infrastructure priorities we are leaning in at the

local

level with three prong message leading into 2020 and beyond.

Share

Assess

Improve

Election Security

Risks & Risilience

#Protect2020

Slide17

Share

Assess

Mature

Share Information

Within the Election Sector

Get locals into the ISAC & build direct communication channels *

Inform states/locals on available federal, state, NGO, and private resources *

Distribute & practice information sharing according to protocols *

Engage on checklists, recommendations and other “Last Mile Products”

*

Election Security

Risks & Resilience

#Protect2020

Slide18

Share

Assess

Mature

Share Information

With External Stakeholders

Engage state and local government support groups like NGA, NCSL, and NaCO (P1)

Promote cyber-security awareness and future support by engaging candidates and parties (future leaders) through outreach & sharing of information on available services focused on risk management practices (P2, P5, P6)

Prepare the public and campaigns to help defend elections from disinformation attacks – Countering Foreign Influence (P1, P4)

Election Security

Risks & Resilience

#Protect2020

Slide19

Share

Assess

Mature

Share Resources & Support

Optimize Governance

Consider state level standing working groups of security, law enforcement, and election officials at all levels (P1, P2, P3, P4, P5, P6)

Assist locals in acquiring human and financial support from available federal, state, NGO, and private entities (P1, P2)

Supply training to states/locals with focus on security measured by defenses, breach techniques (audits) and recovery (resilience) (P1, P2, P3, P4, P5, P6)

Election Security

Risks & Resilience

#Protect2020

Slide20

Share

Assess

Mature

Share Information

Share Intelligence

Assist locals in gathering & sharing network traffic data from Albert Sensors or log files (P1, P2, P3)

Assist locals in developing some behavioral analysis norms, developing or instituting measurements, and then sharing those and intel (P1, P2, P3)

Ensure locals are all sharing information up to the state level on phishing-type attacks as well as complying with the sharing protocols (P3, P4)

Election Security

Risks & Resilience

#Protect2020

Slide21

We are leaning in at the

local

level with three prong message leading into 2020 and beyond.

Share

Assess

Improve

Election Security

Risks & Resilience

#Protect2020

Slide22

Assess

Assess

Mature

Assess

Assess infrastructure security to determine the state and local posture and priorities

Considering adopting an accepted cyber-security management framework like the CIS20 Controls or the NIST Framework (CIS has a handbook to consider, GCC working on NIST)

Identify specific security gaps and remediation needs (DHS services like Cyber Hygiene & Remote Pen Testing can help)

Identify the resources necessary to fund remediation efforts and close security gaps (Specifics help funders understand the specific risks that are in play)

Help locals formulate a security progress plan (Post assessment its important to map out progress)

Election Security

Risks & Resilience

#Protect2020

Slide23

Assess

Assess

Mature

Election Security

Risks & Resilience

#Protect2020

Assess

Assess the legal and policy frameworks

Work with standing security committee to determine if alterations to state law and/or policy could result in a more sustainable election security environment (P1, P2, P3, P6)

Help locals review their own policy decisions and compliance efforts to determine whether any alterations could result in a more sustainable election security environment (P1, P2, P3, P6)

Slide24

Assess

Assess

Mature

Election Security

Risks & Resilience

#Protect2020

Assess

Assess the vulnerability disclosure policies and remediation requirements

Work with standing security committee to determine if state might develop a policy to help close the gap between identification and mitigation (P1, P2, P3, P6)

Help locals engage on vulnerabilities and remediation to help move the market towards quick mitigation (P1, P2, P3, P6)

Slide25

Vulnerability Scanning

A scanning of internet-accessible systems for known vulnerabilities on a continual basis. As potential issues are identified, DHS notifies impacted customers so they may proactively mitigate risks to their systems prior to exploitation. Conducted remotely and fully automated. Remote Penetration Testing Utilizes a dedicated remote team to assess and identify vulnerabilities and work with customers to eliminate exploitable pathways. The assessment simulates the tactics and techniques of malicious adversaries and tests centralized data repositories, externally accessible assets, and web applications. Phishing Campaign AssessmentMeasures the susceptibility of an organization’s staff to social engineering attacks, specifically email phishing attacks. The assessment takes place during a six-week period. An assessment report is provided two weeks after its conclusion. The assessment report provides guidance, measures effectiveness, and justifies resources needed to defend against and increase staff training and awareness of generic phishing and spear-phishing attacks.DHS Resources for State and Local Election Officials

25

Slide26

We are leaning in at the

local

level with three prong message leading into 2020 and beyond.

Share

Assess

improve

Election Security

Risks & Resilience

#Protect2020

Slide27

Election Security

Risks & Resilience #Protect2020

Improve

Assess

Mature

Mature

Manage election infrastructure with sustainable security as a fundamental requirement

Evaluate state & local election policy and purchasing decisions with infrastructure security implications at top of mind (P3, P6)

Help locals drive industry innovation and security compliance by assisting with procurement requirements focusing on “security by design” (CIS released a procurement guide)

Consider building a list of trusted service providers so locals can avoid the work or mistakes that can come in this low regulation area (P3, P6)

Slide28

Election Security

Risks & Resilience #Protect2020

Improve

Assess

Mature

Improve

Move external communications with Candidate and Voter Behavior top of mind

Ensure stakeholders and future and current leaders using election services are aware of the effects of spreading “disinformation” & that they understand Foreign Influence Efforts (P1, P2, P5, P6)

Ensure stakeholders and future and current leaders are aware of the risks to election infrastructure, an importantly of the fall back procedures that ensure resiliency (P1, P2, P5, P6)

Slide29

Election Security

Risks & Resilience #Protect2020

Improve

Assess

Mature

Improve

Advocate for resources needed to improve election security

Engage federal, state & local government stakeholders about current state of security and the resources and changes necessary to ensure a more sustainable and more secure future (P1, P2, P3, P6)

Engage public stakeholders and candidates and political parties (future leaders) about the current state of security and the resources and changes necessary to ensure a more sustainable, more secure future (P1, P2, P5, P6)

Slide30

Election Security

Risks & Resilience #Protect2020

Improve

Assess

Mature

Mature

Help locals deploy a security progress plan

After completing the assessments ensure that locals are planning and budgeting for the progress on the next round of risk assessments (P1, P2, P3, P6)

Slide31

The Security Loop

Share

Assess

Mature

Election Security

Risks & Resilience

#Protect2020

Slide32

Establishment of the EI-ISAC

In February 2018, the EIS-GCC established the EI-ISAC, which is now the fastest growing ISAC ever.Funding Consideration DocumentIn May 2018, the EIS-GCC released a guidance document with potential short- and long-term funding considerations to support elections officials making decisions on how they could use newly available funding to help secure election infrastructure.Communications ProtocolsIn July 2018, the EIS-GCC issued a set of voluntary Communications Protocols to improve the efficiency and effectiveness of information sharing between election stakeholders.Progress in the 2018 Election Cycle

32

New Trainings and Assessments

Driven by feedback from election officials, DHS now offers Remote Penetration Testing as well as “The Election Official as IT Manager” online course. National-level Election Security Tabletop ExerciseIn August 2018, DHS hosted a three day tabletop exercise with 44 states, the District of Columbia, and 10 Federal agencies.Classified BriefingsDHS partnered with the Intelligence Community to share classified information on several occasions, pushing more threat information to this subsector than ever before. The most recent classified briefing was in February 2019.Election Day Situation RoomOn Election Day, DHS hosted the National Cybersecurity Situational Awareness Room. This online portal for election officials and vendors facilitated rapid information sharing and provided election officials with virtual access to the 24/7 operational watch floor of the NCCIC.

Slide33

Top Recommendations Provided Across All EI Assessments

Mitigate Internet Vulnerabilities in a timely manner Recommend that EI Subsector entity managers mitigate all internet-accessible high and critical severity level vulnerabilities within 30 days. Vulnerabilities with lower severity levels should be reviewed and either mitigated, or the associated risk formally accepted, within 60 days. Strengthen Password Policy and Auditing Processes Recommend the use of multi-factor password technology. Entities should perform regular audits of their password policy. Password best practices include ensuring that default passwords are never used in production, that strong passwords are required and used, and that administrators use encrypted password vaults. Implement Network Segmentation

Internal network architecture should protect and control access to the entity’s most sensitive systems. Recommend that user workstations should be less trusted and connections to external networks should be isolated, controlled, and monitored. Follow Cybersecurity Best Practices EI Subsector entities should follow established enterprise network best practices for IT infrastructure, including the implementation of a strong patching methodology for operating systems and third-party products. Replace Unmaintainable Equipment All EI Subsector equipment should be maintainable with current security patching. Exceptions should be minimized and isolated.

33

Slide34

34

Noah Praetz

Senior Election Security Advisor

Department of Homeland Securitynoah@praetzconsulting.com

CISA Election Security 101

Slide35

DHS Countering foreign interference overview

Change Presenter’s Name

In Slide Master

DHS Color Palette Per OPA RGB Colors

Use Arial Font For All Text

35

Slide36

What is Foreign Interference

Case StudiesWhat Can DHS Do?Agenda

36

Slide37

What is Foreign Interference?

37

Slide38

Goals of Election Interference

38

Source: “Cyber Threats to Canada’s Democratic Process,” Canada Centre for Cyber Security

Slide39

Spreading Disinfo Before and After Social Media

39

Source: “A View from the Digital Trenches: Lessons from Year One of Hamilton 68,” Bret Schafer, 2018

Slide40

Case studies

40

Slide41

Breaking Down Information Operations

41

Slide42

Case Study: Louisiana Chemical Attack -- Russia

42

Goal

: Undetermined. Breadth of techniques used on a limited scale could indicate testing in U.S. Access to cell phone numbers in local area

Established social media accounts and botsDeveloped targeted media and key influencers listContent developed includes:Fake surveillance camera footageDoctored images of flames engulfing plantFake YouTube video showing ISIS claiming responsibility

Wikipedia page contentDoctored CNN webpage showing disaster had made national newsText messages and social media messagingText messages to local residentsHundreds of Twitter accounts posting about “disaster” using hashtag #

ColumbianChemicals and doctored images/videosTweets targeting reporters at local and national media – New Orleans Times-Picayune, CNN, and NYTTweets targeting political commentators

Source: “The Agency,” Adrian Chen, New York Times Magazine

Slide43

Case Study: U.S. Energy Markets -- Russia

43

Goal

: Disrupt U.S. energy markets to reduce competition to Russian energy

Clear understanding of U.S. and global energy markets.Knowledge of U.S. energy companies and environmental groups.Understanding of Dakota Access Pipeline and related controversy.

Developed memes to stoke passions around issue.Targeted US energy companies, particularly with messaging around profits.Messaging advocated abandonment of specific fuel sources.Exaggerated claims of impact of renewable energy sources (e.g. Iowa clean energy effort).Took both sides of climate change and drilling issues.

RT ran anti-Fracking stories that highlighted environmental and health issues.Pushed messaging through unwitting US environmental groups and activists.Pushed people to sign petitions aimed at stopping Dakota Access, Sabal Trail, and Enbridge Line 5 pipelines.

Source: “US House of Representatives Committee on Science, Space and Technology Majority Staff Report on “Russian Attempts to Influence US Domestic Energy Markets by Exploiting Social Media”

Slide44

Case Study: New Zealand -- China

44

Goal

: Promote China friendly policy.

Established state agencies focused on managing overseas agenda, to include influence. Integrated approach.

Establish and support community organizations in New Zealand – generally organized along place of origin, professional lines of work, or special interest type groupsWork done through embassies and consulatesChinese state media.Content cooperation agreements with local media outletsFormed China-centered economic and strategic bloc

Monitor local Chinese community via community organizations

Monitor ethnic Chinese political figuresSupport and monitor Chinese language news and schoolsCensor ethnic Chinese discussion of political issues in New Zealand

Work with “patriotic” business people, also known as ‘Red Capitalists’Use Chinese Student and Scholar Association to “guide” students and scholars.Leverage business and economic organizations to influence NZ policyEncourage political activism in New Zealand

Push messaging through community organizations, such as the “Peaceful Reunification of China Association of New Zealand,” which engages in a range of activities including block-voting and fund raising for ethnic Chinese political candidates

Ethnic Chinese political leaders in New Zealand come under pressure from China to support China’s goals, not many do not get cooptedLeverage former political leaders to push policy, often receiving positions in Chinese businessesSeek to prevent criticism of China policy from being published in media and academic journalsOrganize protests against Chinese criticsOrganize meeting of New Zealand politicians and Chinese community issues to discuss issues of importance to China, such as reunification.

Encouraging political donations to major parties, a large number of donors are affiliated with Chinese organizations

Source: Brady, Anne-Marie, “Magic Weapons: China’s Political Influence Activities Under Xi Jinping,” Wilson Center

Slide45

What Can DHS Do?

45

Slide46

DHS Role in Countering Foreign Influence

46

Build National Resilience to Foreign Influence OperationsPartner engagementPublic awareness and educationOperational SupportIncident Reporting

Slide47

What Should Owners and Operators Know?

47

Understand the RiskSecure SystemsSecure Social Media AccountsDon’t Amplify DisinformationThink Before You Link

Know Your SourceKeep Emotions in CheckPositive, Factual Messages OnlyReport IncidentsTalk to Employees

Slide48

CFITF Can Help

48

Let Us Know What You NeedProducts and BriefingsIncident Response Reporting

Slide49

49

DHS Countering Foreign Influence Task Force

Brian ScullyCFITF DirectorDepartment of Homeland SecurityBrian.Scully1@hq.dhs.govPhone: 202-450-8046

Slide50

Source: “Russian Attempts to Influence U.S. Domestic Energy Markets by Exploiting Social Media,” House Committee on Science, Space, and Tech, 2018

50