Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/26/2019
04:00 PM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Global Cyber Alliance And Center For Internet Security Launch Free Cybersecurity Toolkit for States And Local Election Offices

Developed with Funding from Craig Newmark Philanthropies, Toolkit Focuses on Mitigating Most Common and Addressable Cyber Risks

EW YORK, June 25, 2019 – Today, the Global Cyber Alliance (GCA), in partnership with Craig Newmark Philanthropies and the Center for Internet Security,® Inc. (CIS®), announces a FREE toolkit aimed at providing election authorities with additional easy-to-use solutions that will help mitigate the most common risks to free and fair elections. This toolkit will help government entities responsible for securing local, state and national elections handle daunting security challenges posed by today’s digital world.  Election offices are already working overtime against increasing threats, and the toolkit provides more resources for them to consider. Earlier this year, Craig Newmark Philanthropies contributed a $1.068 million gift to help GCA provide critical cybersecurity protections for media, journalists, election offices and community organizations, and this toolkit is a step in that effort.

“Election infrastructure is critical infrastructure – as vital to daily lives as nuclear power plants or water-filtration facilities,” said Philip Reitinger, President and CEO of GCA. “Election security must be a national and global priority, especially as securing elections is one of the most difficult tasks for a democracy, and the shortage of resources available to many election offices exacerbates the challenge.”

The toolkit is intended to help election offices add to their security program with free operational tools and guidance and has been assembled to help implement the recommendations in A Handbook for Elections Infrastructure Security. In this document, the Center for Internet Security, Inc., working with election offices, election associations and vendors, as well as academia, has established a set of best practices for securing the systems that comprise our election infrastructure. 

“The fabric of American democratic society relies on citizen trust in a fair, equitable and secure elections process,” said Craig Newmark. “The GCA Cybersecurity Toolkit offers election officials with proven cybersecurity policies and protections to help prevent elections from being hijacked by those who want to inflict damage on free and open societies.”

Elections are local, but the threats to their integrity are global. More than 99 percent of votes in the U.S. are cast or counted by computer, and the U.S. Department of Homeland Security has designated election systems as critical infrastructure.

Today’s cyber risks to elections are multiple and alarming. These risks include the compromise of voter registration data, election infrastructure hacking to alter vote counts, denial-of-service attacks against election offices, phishing campaigns directed at election officials, impersonation of emails from election offices and others, and the viral spread of false information through websites and social media.

“GCA has compiled a number of valuable free resources that will help election officials implement the security best practices outlined in A Handbook for Elections Infrastructure Security,” said John Gilligan, CIS President and CEO. “CIS appreciated the opportunity to collaborate with GCA on the Cybersecurity Toolkit for Elections.”

Election officials now confront an onslaught of cyber threats that inflict serious risks to the integrity of elections and the democratic process. Although these officials work hard to secure election infrastructure, there are thousands of election offices across the country with disparate security resources that will benefit from the GCA Cybersecurity Toolkit.

For more information and to access the toolkit, visit https://gcatoolkit.org/elections.

 

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

About Craig Newmark Philanthropies

Craig Newmark Philanthropies was created by craigslist founder Craig Newmark to support and connect people and drive broad civic engagement. The organization works to advance people and grassroots organizations that are getting stuff done in areas that include trustworthy journalism, voter protection, gender diversity in technology, and veterans and military families. For more information, please visit: CraigNewmarkPhilanthropies.org.

 

About CIS

CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center ® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit www.cisecurity.org or follow us on Twitter: @CISecurity.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.