Tag Archives: Russian hacking

Amidst Reports of Russian Election Hacking, Cuomo Unveils Steps to Strengthen NYS CyberSecurity

New York State Governor Andrew Cuomo takes new steps to further secure New York State’s elections infrastructure and protect against foreign interference © Karen Rubin/news-photos-features.com

In the wake of Donald Trump’s apparent indifference to the continued threat of Russia and other actors against elections, Governor Andrew M. Cuomo today announced a comprehensive initiative with the State Board of Elections to further secure New York State’s elections infrastructure and protect against foreign interference. The initiative will help County Boards of Elections strengthen their election cyber security in the face of foreign threats after the Department of Justice released an indictment of 12 Russian intelligence officers accused of hacking during the 2016 elections, which also alleged that Russian intelligence officers hacked into the website of a yet-unidentified state board of elections.

In the FY 2019 budget, Governor Cuomo secured $5 million to expand and further support statewide election cyber security infrastructure. The State will solicit contracts in the next few days for three independent services for County Boards of Elections, including: 1) cyber security risk assessments; 2) enhanced intrusion detection devices; and 3) managed security services. The State’s Secure Election Center, managed by the State Board of Elections, will also provide statewide, uniform cybersecurity training to all state and county election officials and staff prior to the Midterm Elections.

“While President Trump stands by those who seek to undermine our democracy, New York is taking aggressive action to protect our elections from foreign interference,” Governor Cuomo said. “There is nothing more sacred than democracy, and New Yorkers should know that when they cast their ballot that their vote is safe. The groundbreaking cyber security initiative we launch today will harden and protect our election infrastructure from the very real threat of foreign meddling. While the President has abdicated his responsibility to defend this country and left our electoral system open to sabotage by foreign adversaries, New York is fighting back and leading the way.”

“The integrity of our Elections system is our number one priority,” Co-Executive Director of the State Board of Elections Robert A. Brehmsaid. “The State Board has and will continue to diligently work and collaborate with our federal, state and county partners to strengthen and protect our elections infrastructure from any interference.”

“We have been working diligently since the 2016 election to improve security at the State Board, including our statewide voter registration database and networks with our counties,” Co-Executive Director of the State Board of Elections Todd D. Valentine said. “These additional services will ensure publicly facing applications and infrastructure for the county boards of elections will be more secure and better position the entire state elections system to respond to cyber incidents.  These new revelations only serve to confirm that the measures we have taken so far to protect our elections are necessary and we have to remain vigilant as we move into the mid-term elections.”

This initiative builds on Governor Cuomo’s commitment to ensuring the integrity of elections in New York State. The State will execute contractsbeginning the first week of August through the Office of General Services on behalf of the State Board of Elections.

Comprehensive Risk Assessment for all County Boards of Election

The State Board of Elections will contract for professional services to conduct a comprehensive, uniform and verified risk assessment at every County Board of Elections. The State Board of Elections has conducted a County Board of Elections risk survey to gain an understanding of the security posture of each county board. This risk assessment will build off the county risk survey.  This contract will provide a uniform and verified third party risk assessment which is critical in ascertaining a security baseline for our statewide elections infrastructure.

Enhanced Intrusion Detection Systems and Managed Security Services for County Boards of Election 

Additionally, the State Board of Elections will contract for a vendor to provide enhanced intrusion detection systems and managed security services for all the County Boards of Elections. An intrusion detection system is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. Managed Security Services correlate logs/traffic and creates actionable reports on malicious cyber activity. Quote solicitations will seek to identify qualified companies on backdrop contracts that can fulfill the request for these services.

Cyber Security Training Program

The Secure Elections Center, housed in NYSBOE, will provide uniform online technical training courses and security awareness programs to all state and county election officials and staff. These web-based trainings will be provided prior to the 2018 Midterm Elections. As part of these trainings, officials and staff will learn cyber-hygiene, best email practices and how to identify phishing campaigns, among other topics.

This initiative will build upon Governor Cuomo’s efforts to safeguard New York State elections including:

  • The State Board of Elections recently concluded a first-of-its-kind series of six regional tabletop exercises to identify risks and safeguard the election process against a cyber-attack.  The State Board is coordinating with the federal Department of Homeland Security (DHS) to provide three on-line tabletop exercises in August 2018 for county election and IT professionals.
  • Following the Governor’s 2018 State of the State proposals in January, New York was recognized as having one of the most secure elections systems in the nation in the Center for American Progress’ recent report.

Lieutenant Governor Kathy Hochul said, “With the Trump administration putting our country at risk and continuing to ignore the reality of Russian election interference, it’s up to New York to lead the way once again to protect the integrity of our elections. Sadly, we can’t count on the current federal government to protect us from threats of foreign election meddling. Our new cyber security initiative will give New Yorkers peace of mind as they go to the ballot box and will protect our democracy from those who seek to cause harm.”

William Pelgrin, Co-Chair of Governor Cuomo’s Cyber Security Advisory Board, Founder of the Multi-State Information Sharing and Analysis Center (MS-ISAC), CEO of CyberWA, Inc., and Board Director and Global Strategic Advisor for Global Cyber Alliance, said, “This announcement again demonstrates Governor Cuomo’s and New York’s strong commitment toward an enhanced cyber security posture. This initiative will greatly assist County Board of Elections by facilitating the process to identify and deploy key essential layers of cyber security. Cyber security risk assessments and intrusion detection devices are critical layers of preparedness to understand one’s computing infrastructure and what is required to address any associated risks as well as continuously monitoring that environment for malicious activities.”

Richard Clarke, Governor Cuomo’s Cyber Security Advisory Board Member, Chairman and CEO, Good Harbor Consulting, LLC and Former White House Counter-Terrorism and Cyber Security Advisor, said, “Given the Intelligence Community’s assessment that Russian efforts to interfere in our democracy continue, Governor Cuomo’s steps to protect the election infrastructure are commendable and should be immediately copied by other states.”

New York State Division of Homeland Security and Emergency Services Commissioner Roger Parrino said, “Security of our election process is paramount. These initiatives support our state and local partners to strengthen our election cyber infrastructure from those who seek to manipulate our election process.”

New York State Office of General Service Commissioner RoAnnDestito said, “Governor Cuomo has been clear that secure elections are fundamental to democracy and these steps by the Board of Elections will help further protect this process in New York State.”

After Trump tried to undo the damage of his statements in Helsinki by claiming that he “misspoke” when he left out “not” regarding whether Russia was to blame for hacking the 2016 election, Cuomo took him to task.

“Mr. President: Do you think the American people are stupid? You’re the leader of the free world – you don’t misspeak when it comes to our foreign enemies. You shamefully defended those who tried to sabotage our democracy, and now Congress must decide if your remarks or actions were in fact treasonous.

“While it’s clear we cannot rely on this federal government to protect the sanctity of our elections, New York will do everything in its power to.  In light of this potential foreign interference, today we announced a groundbreaking cyber security initiative to strengthen our election infrastructure.  I urge Congress to step up and do the same.”

In Helsinki, Trump had said, “I have President Putin; he just said it’s not Russia. I will say this: I don’t see any reason why it would be. But I really do want to see the server.” The next day, in a room full of Republican Congressmembers, Trump claimed that he should have said, “would not be”.

 

Obama: ‘Cybersecurity is One of the Greatest Challenges We Face as a Nation’

What role did Russia play in affecting the outcome of the 2016 Presidential Election?  President Obama is launching an investigation © 2016 Karen Rubin/news-photos-features.com
What role did Russia play in affecting the outcome of the 2016 Presidential Election? President Obama is launching an investigation © 2016 Karen Rubin/news-photos-features.com

President Barack Obama has just ordered intelligence agencies to review cyber attacks and foreign intervention into the 2016 election and deliver a report before he leaves office on Jan. 20, homeland security adviser Lisa Monaco said on Friday. Monaco told reporters the results of the report would be shared with lawmakers and others.

National intelligence agencies have indicated strong evidence that Russian state-actors, already implicated in the hacking of the Democratic National Committee and in election rolls in some states, intruded into the presidential election – a horrifying attack on American independence and democracy. Donald Trump, the beneficiary of the interference, has dismissed any notion that Russia was involved – particularly since it would have acknowledged that Russia preferred Trump to win – saying in one of the debates that it could just have easily have been a fat lady sitting on her bed. Trump has also refused to sit in on national security briefings. Cybersecurity has been a concern for this administration. Obama issued this statement on the Report of the Commission on Enhancing National Cybersecurity – Karen Rubin, News & Photo Features

In February of this year, I directed the creation of a nonpartisan Commission on Enhancing National Cybersecurity, charging it with assessing the current state of cybersecurity in our country and recommending bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world.  Yesterday, the members of the Commission – leaders from industry and academia, many with experience in government – provided their findings and recommendations to me.  And earlier today I met with the Commission’s Chair, Tom Donilon, to discuss how we as a country can build on the Commission’s work and enhance our cybersecurity over the coming years.  I want to thank the Commission members for their hard work and for their thoughtful and detailed recommendations.  I am confident that if we implement the Commission’s recommendations, our economy, critical infrastructure, and national security will be better equipped to thrive in the coming years.

The Commission’s report makes clear that cybersecurity is one of the greatest challenges we face as a nation.  That is why I have consistently made cybersecurity a top national security and economic security priority, reflected most recently by the Cybersecurity National Action Plan I announced in February and my 2017 Budget, which called for a more than 35 percent  increase in Federal cybersecurity resources.

During my Administration, we have executed a consistent strategy focused on three priorities:

  1. Raising the level of cybersecurity defenses in the public and private sectors;
  2. Deterring and disrupting malicious cyber activity aimed at the United States or its allies; and
  3. Effectively responding to and recovering from cybersecurity incidents when they occur.

To strengthen our cybersecurity defenses across the country, in 2013 we convened experts from industry, academia and civil society to create the National Institute of Standards and Technology (NIST) Cybersecurity Framework.  As the Commission notes, the Framework has become the gold standard for cybersecurity risk management, and I wholeheartedly support the Commission’s recommendations to expand its usage in the Federal government, the private sector, and abroad.  We encouraged the formation of information sharing and analysis organizations, worked with Congress to enact tailored liability protections for private sector entities that share threat information with the government, and took steps to automate information sharing.  As the Commission calls for, we launched public campaigns to promote cybersecurity awareness among consumers, including the “Lock Down Your Login” campaign encouraging consumers to better secure their identities online.  We have given consumers more tools to secure their financial future by assisting victims of identity theft, improved the government’s payment security, and accelerated the transition to next-generation payment security.  We have invested in cybersecurity research and development to lay the groundwork for stronger cyber defenses in the future.  And I have clarified the roles and responsibilities of Federal agencies in responding to significant cyber incidents by issuing a new directive codifying eight years of lessons learned from incident response.

To strengthen government cybersecurity, we created the first-ever federal Chief Information Security Officer and drove dramatic improvements in Federal agencies’ use of strong authentication and in critical vulnerability patching.  We have pushed to reduce the Federal government’s reliance on legacy technologies, proposing an innovative $3.1 billion fund to modernize costly and vulnerable information technology (IT) systems – a fund that the Commission proposes to expand.  We updated the guidance for Federal agency IT management, cybersecurity, and privacy, introducing the kind of coordination that the Commission calls for.  Agencies are increasingly centralizing their cybersecurity efforts and relying on the Department of Homeland Security (DHS) for shared services like vulnerability detection, network discovery and monitoring, intrusion detection and prevention, and cybersecurity assessments of high priority IT systems.  Consolidating DHS’ cybersecurity and infrastructure protection missions within a single DHS line agency – as my Administration has proposed, and as the Commission recommends – would further strengthen DHS’ ability to support Federal and critical infrastructure cybersecurity.  Finally, consistent with the Commission’s emphasis on improving the Nation’s cybersecurity workforce, my Administration has issued a comprehensive workforce strategy and has hired more than 6,000 new cybersecurity professionals in the Federal government in 2016 alone.

As the Commission recognizes, we have championed the application of international law to cyberspace; promoted voluntary international norms of state behavior during peacetime, securing over 30 countries’ commitment to these norms in the G20 and other international fora; and committed to confidence building measures to reduce escalation risk.  We have secured commitments from China and other nations to oppose cyber-enabled theft of intellectual property and business secrets for commercial gain, sought to modernize the Mutual Legal Assistance process, and submitted legislation to enable greater cross-border data sharing between law enforcement agencies – another effort the Commission strongly supports.  We have developed additional tools and cyber capabilities to deter and disrupt malicious cyber activity aimed at the United States.  Finally, we created the Cyber Threat Intelligence Integration Center to ensure that there is a single government-wide source for integrated intelligence assessments on cyber threats.

In total, the Commission’s recommendations affirm the course that this Administration has laid out, but make clear that there is much more to do and the next Administration, Congress, the private sector, and the general public need to build on this progress.  Deepening public-private cooperation will help us better protect critical infrastructure and respond to cyber incidents when they occur.  Expanding the use of strong authentication to improve identity management will make all of us more secure online.  Increasing investments in research and development will improve the security of products and technologies.  Investing in human capital, education, and the productivity of the cybersecurity workforce will ensure that this country’s best and brightest are helping us stay ahead of the cybersecurity curve.  Continuing to prioritize and coordinate cybersecurity efforts across the Federal government will ensure that this critical challenge remains a top national security priority.  And furthering the promotion of international norms of responsible state behavior will ensure that the global community is able to confront the ever-evolving threats we face.

The Commission’s recommendations are thoughtful and pragmatic. Accordingly, my Administration strongly supports the Commission’s work, and we will take additional action wherever possible to build on the work my Administration has already undertaken and to make progress on its new recommendations before the end of my term.  Importantly though, I believe that the next Administration and the next Congress can benefit from the Commission’s insights and should use the Commission’s recommendations as a guide.  I have asked the Commission to brief the President-Elect’s Transition Team at their earliest opportunity.  Further, we must provide sufficient resources to meet the critical cybersecurity challenges called out in the Commission’s report.  Before Congress adjourns for the year, it must act to fully fund the urgent cybersecurity needs that my Administration has identified in my 2017 Budget and elsewhere, investing in areas such as securing Federal information technology systems, protecting critical infrastructure, and investing in our cybersecurity workforce.

As the Commission’s report counsels, we have the opportunity to change the balance further in our favor in cyberspace – but only if we take additional bold action to do so.  My Administration has made considerable progress in this regard over the last eight years.  Now it is time for the next Administration to take up this charge and ensure that cyberspace can continue to be the driver for prosperity, innovation, and change – both in the United States and around the world.