Center for Internet Security

Category

Posts

As we get closer to the 2020 elections, it is important for industry stakeholders to continue to offer solutions to enhance the security of our voting process. Megan Stifel, our Executive Director, Americas, wrote about different actions we can take in order to ensure that election officials are provided with the tools they need and that the credibility of our electoral process is strengthened. You can find her article on pages 16 and 17 of the Center for Internet Security‘s Spring Cybersecurity Quarterly.

2019 was a record year for cyberattacks and breaches – and the effects were felt across a wide range of businesses and industries.  Aimée Larsen Kirkpatrick, our Global Communications Officer, wrote about ways for organizations to step up their cybersecurity practices and “start 2020 off in the driver’s seat” with good cyber hygiene. You can find her article on pages 10 and 11 of the Winter Cybersecurity Quarterly, published by the Center for Internet Security (CIS), a GCA founder.

“In cyberspace, the bad guys have the upper hand: speed, anonymity, and leverage – essentially unbounded by space and time.”


Phil Reitinger, President & CEO of GCA, and Tony Sager, Senior Vice President & Chief Evangelist of CIS, published The State of the Operational Ecosystem. Their piece touched on the cybersecurity ecosystem and explained the risks some individuals and companies still face. “Our people are chasing their robots” as Rich Struse, Chief Strategist for Cyber Threat Intelligence at MITRE, described it.

Reitinger and Sager explain that a majority of our defenses are “pinned down” by huge problems such as:

  • Poorly engineered software
  • Missing patches
  • Unenforceable policies
  • Poor configuration choices
  • Inconsistent and sometimes conflicting security controls.

To read the full article, please click on the picture below.

The State of the Operational Ecosystem

GCA Press Release

Developed with Funding from Craig Newmark Philanthropies, Toolkit Focuses on Mitigating Most Common and Addressable Cyber Risks


NEW YORK, June 25, 2019 – Today, the Global Cyber Alliance (GCA), in partnership with Craig Newmark Philanthropies and the Center for Internet Security,® Inc. (CIS®), announces a FREE toolkit aimed at providing election authorities with additional easy-to-use solutions that will help mitigate the most common risks to free and fair elections. This toolkit will help government entities responsible for securing local, state and national elections handle daunting security challenges posed by today’s digital world.  Election offices are already working overtime against increasing threats, and the toolkit provides more resources for them to consider. Earlier this year, Craig Newmark Philanthropies contributed a $1.068 million gift to help GCA provide critical cybersecurity protections for media, journalists, election offices and community organizations, and this toolkit is a step in that effort.

“Election infrastructure is critical infrastructure – as vital to daily lives as nuclear power plants or water-filtration facilities,” said Philip Reitinger, President and CEO of GCA. “Election security must be a national and global priority, especially as securing elections is one of the most difficult tasks for a democracy, and the shortage of resources available to many election offices exacerbates the challenge.”

The toolkit is intended to help election offices add to their security program with free operational tools and guidance and has been assembled to help implement the recommendations in A Handbook for Elections Infrastructure Security. In this document, the Center for Internet Security, Inc., working with election offices, election associations and vendors, as well as academia, has established a set of best practices for securing the systems that comprise our election infrastructure.

“The fabric of American democratic society relies on citizen trust in a fair, equitable and secure elections process,” said Craig Newmark. “The GCA Cybersecurity Toolkit offers election officials with proven cybersecurity policies and protections to help prevent elections from being hijacked by those who want to inflict damage on free and open societies.”

Elections are local, but the threats to their integrity are global. More than 99 percent of votes in the U.S. are cast or counted by computer, and the U.S. Department of Homeland Security has designated election systems as critical infrastructure.

Today’s cyber risks to elections are multiple and alarming. These risks include the compromise of voter registration data, election infrastructure hacking to alter vote counts, denial-of-service attacks against election offices, phishing campaigns directed at election officials, impersonation of emails from election offices and others, and the viral spread of false information through websites and social media.

“GCA has compiled a number of valuable free resources that will help election officials implement the security best practices outlined in A Handbook for Elections Infrastructure Security,” said John Gilligan, CIS President and CEO. “CIS appreciated the opportunity to collaborate with GCA on the Cybersecurity Toolkit for Elections.”

Election officials now confront an onslaught of cyber threats that inflict serious risks to the integrity of elections and the democratic process. Although these officials work hard to secure election infrastructure, there are thousands of election offices across the country with disparate security resources that will benefit from the GCA Cybersecurity Toolkit.

For more information and to access the toolkit, visit https://gcatoolkit.org/elections.

###

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

About Craig Newmark Philanthropies

Craig Newmark Philanthropies was created by craigslist founder Craig Newmark to support and connect people and drive broad civic engagement. The organization works to advance people and grassroots organizations that are getting stuff done in areas that include trustworthy journalism, voter protection, gender diversity in technology, and veterans and military families. For more information, please visit: CraigNewmarkPhilanthropies.org.

About the Center for Internet Security

CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center ® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit www.cisecurity.org or follow us on Twitter: @CISecurity.