The Florida Election Hack Shows We Need Advanced Threat Intelligence
Alarming news confirmed last week by Florida Governor Ron DeSantis acknowledges Russian hackers successfully tapped into the voter registration files of two undisclosed Florida counties. However, some officials in Florida remain unfazed. Since there was no breach tied to the announcement, some wonder if this news is simply more political hype than substance.
Weighing Cyber Protection Costs Against Election Meddling: Albert Sensors
The larger question is: what can a county do to protect its voter registration systems or any other resources which are internet-facing? Many counties around the country deployed the Department of Homeland Security’s intrusion detection sensors to protect voter registration websites for the 2018 midterm elections. These intrusion detection sensors, known as Albert sensors, have been in use at state and local levels since 2010 and the sensors run traffic against a library of about 25,000 malware signatures. and reported to the Security Operations Center (SOC) at the Multi-State Information Sharing and Analysis Center (MS-ISAC).
The Pushback Against Albert Sensors
Albert sensors were installed in all but 14 states ahead of the 2018 midterm elections. The solution costs about $5,000 which, in the scope of democracy, is chump change. However, to many counties, that $5,000 represents only a single layer of defense against known attackers.
The fact remains: government and election systems are still vulnerable to cyberattacks and the biggest problem seems to be money. Spending cash on cyber tools, whose successful deployment results in a non-event, isn’t always recognized or rewarded. Yet nobody disputes threats exist, and their origins are not just Russia. Cybersecurity officials say other countries, including China, Iran, and North Korea have shown their ability to meddle in U.S. elections as well. Importantly, at the end of the day, everyone knows we can’t do it alone and that a collective defense approach is required (see: How We Collectively Can Improve Cyber Resilience in DarkReading).
Collective Defense: Threat Sharing as a Tool Against Spear-Phishing
County officials acknowledge that many of the attacks they see today are similar to the Russian campaign that utilized e-mail spear-phishing. This is when a hacker sends a target email meant to look like an official one in an attempt to gain access to passwords or other sensitive information. If election officials operate under the assumption that they can be targets of such attacks, they are less likely to click on the dangerous links.
However, even the keenest-eyed among us may not be able to catch all phishing attempts in this way. This means that additional cybersecurity protections that provide prevention are required to guard against the human vulnerabilities to phishing by blocking spear-phishing attempts from even reaching a person. One example of a prevention focus that can thwart these attacks is information sharing through advanced threat intelligence such as MS-ISAC, EI-ISAC, or from companies such as Symantec, Domain Tools, and Webroot. By sourcing threat information from a variety of industry, commercial, government, and third-party sources, counties and governmental agencies have another layer of resilience, resistance, and remediation to phishing vulnerabilities.
However, accessing this alone is insufficient this intelligence must be integrated into the security stack to provide automated protection. The challenge is that existing security controls like next-generation firewalls do not provide or enable the integration of third-party threat intelligence at the scale you need to protect your network. And for the threat intelligence that can be integrated, managing it is cumbersome—like mentioned above, counties are worried about the effort needed to maintain and manage advanced threat intelligence-based defense. Fortunately, an emerging cyber protection technology called Threat Intelligence Gateways (TIGs) is solving this problem. TIGs provide an easy to deploy, turnkey, threat intelligence protection solution that enables even the smallest counties to up their security game.
So Florida’s Elections Were Hacked…Now What?
While there was no evidence (thankfully) presented in the recent Florida breach that Russia went beyond its primary effort of disinformation to actual manipulation of election systems and data, that doesn’t mean they—or other threat actors and unfriendly nation-states—can’t or won’t in 2020. Therefore, forward-thinking state and local governments assume that Russia and other adversaries will develop strategies for targeting election systems…and are preparing for it now. The votes are in and election security matters.
In order to prepare for 2020 from a security perspective, what can be done beyond Albert sensors, firewalls, and SIEMs? Threater offers a compelling solution to the election protection conundrum with the Threat Intelligence Gateway (TIG), which is sits in front of the firewall and offers both ingress and egress protection against phishing and ransomware attacks.
Read more about governmental cybersecurity and threat intelligence on the Threater blog or download our whitepaper, Phishing in State and Local Governments, and Education Environments here. Or reach out!
Lisa Rhodes, Head of Sales, State & Local Government, Education (SLED), Threater
Phone: 719-332-7558
Additional Reading:
- The votes are in and election security matters (DarkReading)
- How We Collectively Can Improve Cyber Resilience (DarkReading)