The meaning of deeming elections ‘critical infrastructure’

With help from Eric Geller and Martin Matishak

PONDERING A NEW DESIGNATION — Homeland Security Secretary Jeh Johnson said Wednesday that the department was looking at designating elections as critical infrastructure, on par with the electricity grid or banking system. It’s a subject the Obama administration, as a whole, is exploring. “I know this is an idea that other members of the president’s national security team have also discussed,” White House spokesman Josh Earnest added Wednesday.


If DHS decides it’s the right call, the next move would be to consult with the president’s assistant for homeland security and counterterrorism about making it official. Bumping up elections to that level would raise “several implications” that makes the election system “very much a part of our focus,” Johnson said. In real terms, under Presidential Decision Directive 21 , that means designating one lead agency to serve as a federal liaison with election officials and offer them a range of assistance. That agency would also stay in touch with DHS (assuming DHS doesn’t take the “sector-specific agency” label for itself), which would offer broad strategic guidance and vulnerability assessments.

In a way, though, elections already are covered under other categories of critical infrastructure, according to a DHS official. “Election infrastructure is a complex system of assets managed at the state and local level,” said the official. “While not officially designated as a separate critical infrastructure sector under PPD-21, it is an important aspect of state and local infrastructure and is critical to the functioning of our democracy.”

— WHAT DHS SHOULD SAY: Johnson also suggested that he could send guidance to election officials on the best security practices. Bruce McConnell, a former deputy undersecretary for cybersecurity at DHS, had some notions of what it should look like:

“It should say, No. 1, that election officials, who tend to be the secretaries of state of the states, should be aware of the risks to their systems and ensure that they have paper backup to any electronic voting results, and, second, that they should pay particular attention to close races, looking for anomalous results,” McConnell, now at EastWest Institute’s Global Cooperation in Cyberspace Initiative, told MC. Next, he continued, “the vendors of electronic systems connected with voting should publish the results of independent security audits voluntarily.” Finally, McConnell concluded, “NIST should come up, working with industry, with standards for electronic systems connected with elections.”

HAPPY THURSDAY and welcome to Morning Cybersecurity! This is a revealing look at how winning a “lifetime supply” of something can be a curse and a blessing. Send thoughts, feedback and especially your tips to [email protected] , and be sure to follow @timstarks , @POLITICOPro and @MorningCybersec. Full team info below.

SEND ’EM PACKING — If Russia is found responsible for the DNC hack, Rep. Will Hurd, who chairs the House Oversight Subcommittee on Information Technology, offered a solution in an interview with MC: Send home their top spy and ambassador and make them persona non grata. “Typically when you have some kind of intelligence operation running in a country, you [persona non grata] the senior intelligence officer or even the ambassador,” Hurd said. “I think that is a tool we should be looking at. The host country will generally know who that senior intelligence officer is.” First, though, the United States would need to attribute the attack.

— A GLIMPSE AT RUSSIAN HACK-TICS: Russian hacking groups like the ones suspected of infiltrating the DNC tend to target Microsoft products like Office, according to a new analysis out today. Researchers from the security firm Recorded Future found that 55 percent of the software vulnerabilities that these “advanced persistent threat” Russian groups exploited were in Office, Windows and Internet Explorer. “Heavy Russian APT use of Office and Adobe PDF exploits may be in line with the more targeted nature of state-sponsored attacks,” the Recorded Future researchers wrote. “Criminal campaigns such as ransomware play a numbers game, while state-sponsored attacks focus on specific organizations and information.”

— HOW’S THAT HACK INVITATION PLAYING?: Americans aren’t happy with Republican presidential candidate Donald Trump for inviting the Russian government to hack Democratic rival Hillary Clinton’s deleted private emails. Nearly a third of independent voters are less likely to vote for Trump because of the controversial remark, according to a new Morning Consult survey . And 40 percent of all Americans also view Trump less favorably because of it. Meanwhile, 47 percent of Republicans said the remark made them more likely to vote for Trump, and 53 percent of Americans don’t think that Trump broke any laws by asking a foreign government to hack a political rival.

THE DMZ IS GETTING AN UPGRADE — The Air Force awarded Telos a $26.9 million contract to upgrade the cybersecurity of the computer networks monitoring the Demilitarized Zone — the infamous strip of real estate that separates North and South Korea. Telos will modify and replace the DMZ’s aging networking equipment by, among other things, installing a firewall, intrusion prevention and intrusion detection systems, along with anti-virus software. The firm will carry out the work at Air Force bases in Georgia, California, Virginia, Germany and a site in Kansas with plans to finish the revamp by 2019, according to a news release .

BEAUTIFUL CYBER HARMONY — The DHS cyber-focused wing, known as the National Protection and Programs Directorate, will cooperate more closely in cyberspace with the Singapore Cyber Security Agency thanks to the new memorandum of understanding the two countries signed this week. The MOU, first mentioned in a joint statement by the two countries’ leaders on Tuesday, is more of a blueprint for future cooperative work than anything specific, but the department seems excited about the partnership. “Signing this agreement is an important step but it is the enhanced cybersecurity collaboration it heralds that will truly benefit both our nations,” Suzanne Spaulding, the undersecretary for the National Protection and Programs Directorate, told MC in a statement.

GHOST IN THE MACHINE — FireEye iSIGHT Intelligence on Wednesday documented at least five industrial control system vulnerabilities that have been exploited in the real world through spring of this year, according to a new report . And there’s another problem: Of the 1,552 vulnerabilities FireEye found, a full third don’t have patches offered by the vendors. That’s because most of the systems are very old, purchased at a time when the plan was for them to last 15 to 30 years, according to Tony Cole, FireEye vice president and global government chief technology officer. And what’s most dangerous about that fact is many of those industrial control systems are responsible for operating the most vulnerable infrastructure within the power grid and elsewhere. “If we don’t focus on this very, very quickly, we could potentially lose a lot of lives,” Cole told MC.

RECENTLY ON PRO CYBERSECURITY — A pair of Senate Democrats asked Donald Trump’s old friend Ted Cruz to investigate the legality of the Republican presidential nominee calling on Russia to hack Hillary Clinton’s private email server. … Banner Health said it’s contacting 3.7 million customers whose personal information might have been exposed by a breach.

QUICK BYTES

— Telegram denied any big Iranian breach. BBC .

— “Researchers at the Joint Quantum Institute at the University of Maryland unveiled a first-of-its-kind fully programmable and reconfigurable quantum computer.” Motherboard .

— Tracking you by your battery status? The Next Web .

— DARPA is funding a malware detection project for the Internet of Things. Nextgov .

— Dan Kaminsky challenged researchers at Black Hat to figure out how to combine speed and simplicity. FedScoop .

— Malware. IN YOUR MIND. Motherboard .

— More evidence that ransomware is on the rise. The Guardian .

That’s all for today. If only we could win a lifetime supply of YOU, dear readers …

Stay in touch with the whole team: Cory Bennett ( [email protected] , @Cory_Bennett ); Bryan Bender ( [email protected] , @BryanDBender ); Eric Geller ( [email protected] , @ericgeller ); Martin Matishak ( [email protected] , @martinmatishak ) and Tim Starks ( [email protected] , @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks