Below are conferences, meetings, or other events that GCA team members will be participating in or attending during the coming months. We invite you to bookmark this page to stay updated on the latest schedule of activities.
Phishing: A Global Pandemic?
Shehzad Mirza– GCA Director of Operations (moderating)
Defend and Deliver: Secure Email for Better Brand Protection
Shehzad Mirza– GCA Director of Operations (presenting)
Continuing our efforts to accelerate DMARC adoption, the Global Cyber Alliance is pleased to offer a second round of its 2020 DMARC Bootcamp beginning September 15th. To learn more and sign up to be notified when registration opens later this month, please click here.
By Krista Montie
Recently Shawn Henry, president of CrowdStrike Services, GCA board member, and globally-recognized cybersecurity expert, spoke with reporter Miles Parks of NPR’s Washington Desk about election security. What have we learned from 2016? What are the current threats especially in light of the pandemic — and how can election organizations, campaigns, and citizens mitigate risks?
Shawn points out that while 2016 put a spotlight on election security, the issue is not new. Foreign access to campaigns was identified as far back as the 2008 U.S. presidential election while Shawn was with the FBI. What is new since 2016 is the increased level of attention on the issue. He cautions, however, that awareness is not enough: “There is absolutely a greater awareness, but that awareness needs to translate into action,” he says. Actions include taking advantage of the free cybersecurity resources offered through GCA, including the GCA Cybersecurity Toolkit for Elections. Shawn outlines four major components of the election infrastructure — voter registration, vote casting, tabulation, and reporting — and stresses that each element must be secured. “You can’t look at one of those independently; you have to look at the totality of the infrastructure,” he notes. “The toolkit that GCA has put out really looks at how do you secure that broad infrastructure regardless of what the components are? The reason I joined GCA is the opportunity to give back and to offer capabilities and services and tools to those who typically don’t have the resources.” Phishing attacks, which were a key vector in the 2016 election cycle, still remain a concern, and Shawn specifically recommends the GCA toolkit for its DMARC email security resources to help election officials. “Having the appropriate filters to minimize attacks that do get through is important,” Shawn says.
As COVID-19 and the work from home movement have increased risks across cybersecurity overall, so too will it affect the 2020 elections. “You have many folks working from home…that’s another vector of attack for adversaries,” Shawn says. “People have got to be aware and monitoring their systems.”
Shawn also discusses the impact of disinformation and its potential to be as damaging as manipulation of actual data. “DHS has been very forward leaning in this space in terms of collaborating with election systems around the country and ensuring they are sharing intelligence.” Consumers also have a tremendously important role to get their information from reliable sources. “Trust but verify,” he cautions.
Watch the full video interview with Shawn and Miles Parks, including Shawn’s identification of other potential bad actors beyond nation states who may pose risks this election season.
By Aimée Larsen Kirkpatrick, Global Communications Officer
The election community gathered on June 29 with GCA and several esteemed election experts, including two former secretaries of state, to discuss the 2020 state of election security.
A key theme from the session is that election officials are doing a tremendous job dealing with unprecedented challenges this election cycle, and there are many organizations and resources focused on supporting those efforts. And while the clock is ticking and the elections are drawing near, there are still many steps that can be taken to shore up defenses. Collaboration between the government and private sector was also examined, with discussions on several ongoing efforts, and a call for volunteering at polling places as an important contribution that can be made.
Craig Newmark, founder of Craigslist and Craig Newmark Philanthropies, welcomed the audience with opening remarks, stressing that we are in this together and need “all hands on deck,” with each of us playing a role in election security.
Megan Stifel, GCA’s Executive Director of the Americas, introduced the first panel, moderated by Trey Grayson, former Kentucky Secretary of State. The discussion focused on developments since the 2016 election, including policy guidance and legislative recommendations, and how those efforts impacted election security. Trey was joined by panelists Matt Masterson, Senior Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security and former Election Assistance Commissioner; Ben Spear, Director, Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), Center for Internet Security; and Liz Howard, Counsel, Democracy Program, Brennan Center for Justice and former Deputy Commissioner, Virginia Department of Elections.
The second panel, led by moderator Wayne Williams, Colorado Spring City Councilman and former Colorado Secretary of State, explored some key challenges to election preparedness and which specific actions could be taken between now and November. Wayne was joined by panelists Jennifer Morrell, Partner, The Elections Group and former Deputy of Elections, Arapahoe County, Colorado; David Levine, Elections Integrity Fellow, Alliance for Securing Democracy and former election official for several localities; and Emily Frye, Director, Cyber Integration, MITRE Corp.
At the conclusion of the webinar, Megan put out a call to action for all attendees, encouraging them to:
➔ Use the tools and resources (see below)
➔ Share them with your state and local election offices
➔ Give us feedback on how we can help you
We are grateful to the moderators and panelists for volunteering their time, tackling the issues at hand, and engaging in candid discussions. We thank the audience as well for their insightful questions.
We invite everyone to check out the webinar recording, as well as links to resources below.
Please join us on Monday, June 29, 1:30 PM – 3:15 PM EDT, as we will be hosting an interactive online event featuring panels with leaders in cybersecurity, elections, and government tackling the issues at hand and engaging in candid discussions.
The panelists will discuss improvements in the cybersecurity of elections and specific actions that can be taken now, in the midst of the COVID-19 pandemic. You can view the agenda below to learn more about the event and register.
Russian interference in the 2016 U.S. election targeted both our election infrastructure and our confidence in the voting process. Now, amid the backdrop of the COVID-19 pandemic, securing the upcoming 2020 election includes concerns about mail-in ballots in addition to cyberattacks. Megan Stifel, GCA’s Executive Director, Americas, offered insight into these issues in an article in Voice of America’s Russian Service. You can read the full article here — and if you’re reading it in English, an option for Google Translate should pop up.
As we get closer to the 2020 elections, it is important for industry stakeholders to continue to offer solutions to enhance the security of our voting process. Megan Stifel, our Executive Director, Americas, wrote about different actions we can take in order to ensure that election officials are provided with the tools they need and that the credibility of our electoral process is strengthened. You can find her article on pages 16 and 17 of the Center for Internet Security‘s Spring Cybersecurity Quarterly.
The COVID-19 pandemic has forced many people to work remotely, and as a result the risk of cyberattacks has risen. GCA President and CEO Phil Reitinger was interviewed by Tom Field, the Senior Vice President of Information Security Media Group. Check out the full interview here, which includes an overview of potential cyber vulnerabilities and tips for how to deal with them.
It’s been just over a year since GCA released its Cybersecurity Toolkit for Small Business, and a French version was recently launched as well. At this year’s RSA Conference, GCA President and CEO Phil Reitinger sat down with Tom Field, the Senior Vice President of Information Security Media Group, to discuss the toolkit’s progress. They also discuss the state of election security, concerns about connected devices, and more. You can watch the interview here.
Election security is perhaps the most critical issue for the United States and other democracies around the world. Improving the security and trustworthiness of elections has been a major focus for state and federal election officials. To further this effort, this week United States secretaries of state, state election directors, federal executive and legislative branch officials and staff, and Federal Election Commissioners, together with a range of supporting stakeholders, will convene in Washington, DC for the annual National Association of Secretaries of State (NASS) and National Association of State Election Directors (NASED) winter conferences. Protecting elections will require continued leadership from secretaries of state and state election directors, with unstinting support from others who can share some of the burden.
The Global Cyber Alliance (GCA), a nonprofit, is attending these conferences and seeks to be a responsible partner supporting the efforts of election officials. GCA has built a free cybersecurity toolkit that election officials can use as a resource to supplement and enhance what they are doing – not by giving them repetitive guidance, but by identifying capabilities that can be used to implement established guidance and that can assist with the security challenges these officials are already working to address.
GCA’s mission is to eradicate cyber risk by uniting global communities, scaling practical cybersecurity solutions, and measuring the impact of solutions. We engage and unite communities by collaborating with our 200+ public and private sector partners throughout more than 30 countries. Together, we identify scalable solutions to implement best practices that globally recognized expert organizations such as the Center for Internet Security (CIS), a GCA founder, recommend. To drive implementation of the solutions, we develop training materials, bootcamps and workshops, and toolkits and then test their effectiveness in mitigating the identified risk. Finally, we measure the overall impact of the identified solution and publish the results. Our work to date has proven effective in enhancing email security and web browsing.
GCA is working to build trust with election officials, in part by attending conferences such as these. Trust must be earned through actions that build confidence between and among stakeholders. Among the actions GCA has taken is making the toolkit freely available, and we do not urge that it be used exclusively. Transparency is also a central element in establishing trust. In addition to using a multistakeholder-developed document to guide the toolkit’s content, GCA’s tool selection process and change control board provide routinized, regular oversight of the toolbox’s content. We also developed a Community Forum to support toolkit users and obtain their feedback. We invite you to check out the toolkit and learn more about how to effectively, and at no cost, implement proven solutions to help protect election infrastructure security.
GCA welcomes opportunities such as the NASS and NASED conferences to better understand the needs of the election community, identify opportunities for further collaboration, and build greater trust to help secure elections and protect the foundations of democracy. Please contact us at email@example.com to learn more about the toolkit and share your experience with it.