At a glance.
- Election Day arrives in the US; CISA coordinates whole-of-government security response.
- EU begins to think that Ireland isn't up to the task of regulating Big Tech.
US braces for election threats, but with confidence in the integrity of the vote.
Yahoo says CISA is coordinating a whole-of-government election protection initiative supported by hundreds of people from the National Security Agency, FBI, State Department, Facebook, Twitter, Verizon, AT&T, and US Cyber Command along with other federal, state, local, and business groups. Three command centers—two in D.C. and one in Virginia—will track developments. Meanwhile Congress has allotted states close to $1 billion for voting security measures, and companies have sponsored anti-malware software for election use.
The New York Times recommends citizens take these seven steps to preserve US institutions: cast a ballot, trust that it’s secure, watch for misinformation, don’t spread misinformation, report crimes to the proper authorities, prepare for some chaos, and stay calm. We've been on the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency's media calls today, and that's substantially the advice senior CISA officials have been giving. They've been emphasizing that the chaos they're expecting is the normal noise of glitches and mistakes that always accompany voting. They also commend their rumor control center as a good, continuously updated, reliable source of information.
Security Week contends ransomware attacks on state and local networks present the biggest concern, saying there could be concealed “malware bombs” ready to detonate. Over the past several weeks SecurityScorecard identified 30 thousand Trickbot infections on official networks, and Awake Security located seemingly vulnerable equipment in forty-eight states using open source information. Threat actors might also target official websites and social profiles for maximum disruption. So far, as we’ve seen, President Trump’s website has been hacked, Energetic Bear has accessed scads of networks, Iran has obtained voter rolls and spoofed emails, Georgia’s Hall County has suffered a ransomware attack, and officials have encountered phishing entreaties, but experts remain confident in general election security. (And, before jumping to conclusions of the usual the-Martians-have-landed-and-the-man-is-out-to-get-you variety, do take a look at CISA's rumor control center.)
EU begins to doubt that Dublin’s up to regulating Big Tech.
Security Week reports that “there are signs Ireland is faltering in its outsized role as regulator of many of the most powerful digital giants,” including Apple, Facebook, Google, and Twitter. Charged by the GDPR with overseeing locally-based transnationals, Dublin’s Data Protection Commission (DPC) hasn’t delivered a single ruling against these goliaths, and the EU’s tolerance is waning. Some hint at an indirect financial conflict of interest, since Ireland rakes in many millions in taxes from these companies, and others point to insufficient funding of the Commission. This month might mark the DPC’s inaugural Big Tech ruling in a case against Twitter that’s ground on for nearly two years. $140 million is on the line, an amount that might satiate the European Union.