SlideShare a Scribd company logo

#Protect2020: Securing the Heart of Our Election Systems

DevOps.com
DevOps.com

It’s a pivotal moment in US history. We’re coming together on long-overdue civil reforms, battling injustice and a deadly pandemic, while restarting our economy. Soon we’ll come together to decide our nation’s future leaders. At a time when truth is called into question, it’s vital to secure our election so we trust its outcomes. Cyberattacks on election systems could undermine confidence just when we need it the most. The voter registration database (VRDB) is the heart of most election systems, and MITRE recently published the most important security steps to protect them. Join our lively discussion to learn: The nature of election systems and why they’re difficult to secure MITRE’s focus on VRDBs and five key cyber recommendations How Cisco Security can help you take action on MITRE’s advice today

Technology
1 of 64
Download to read offline
Steve Caimi, Cisco Security July 2020 Securing the Heart of our Election Systems #Protect2020
Abstract It’s a pivotal moment in US history. We’re coming together on long-overdue civil reforms, battling injustice and a deadly pandemic, while restarting our economy. Soon we’ll come together to decide our nation’s future leaders. At a time when truth is called into question, it’s vital to secure our election so we trust its outcomes. Cyberattacks on election systems could undermine confidence just when we need it the most. The voter registration database (VRDB) is the heart of most election systems, and MITRE recently published the most important security steps to protect them. Today we’ll explore: ‣ The nature of election systems and why they’re difficult to secure ‣ MITRE’s focus on VRDBs and five key cybersecurity recommendations ‣ How Cisco Security can help you take action on MITRE’s advice today
Poll 1Your time is valuable. Why did you join our webinar today? 1. I am responsible for election security in my role 2. I am not responsible for election security, but interested in the topic
Agenda 1. The most important things 2. The system and the pieces 3. What makes security so hard 4. MITRE’s recommendations 5. Solutions to start using now
Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
Back in 1933 FDR took the US off the gold standard
7© 2020 Cisco and/or its affiliates. All rights reserved. The most important things Faith Confidence Trust
Many things can undermine our elections Foreign Interference Unproven Allegations Voter Fraud Conspiracy Theories Information Operations Cyber Breaches
Which brings us to cisa.gov/protect2020 • Cybersecurity & Infrastructure Security Agency (CISA) • Lead federal agency for election security • National call to action to bolster election security • Resources and outreach to state & local government
Example: Understanding foreign interference From random cyberspace to the real world https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
Step 1: Start with a divisive issue https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
Step 2: Mobilize social media https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
Step 3: Begin the misinformation operation https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
Step 4: Get noticed by mainstream media https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
Step 5: Influence legitimate voters https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
As cyber defenders, let’s control what we can Foreign Interference Unproven Allegations Voter Fraud Conspiracy Theories Information Operations Cyber Breaches
17© 2020 Cisco and/or its affiliates. All rights reserved. Let’s make sure voters know about our progress • “States should be open about their investments, timelines and policies.” • “Success and progress in security should be aggressively communicated.”
And let’s start now with the things we can do today At MITRE, we solve problems for a safer world. Through our federally funded R&D centers and public-private partnerships, we work across government to tackle challenges to the safety, stability, and well-being of our nation.
Poll 2Which cybersecurity best practice do you use the most? 1. NIST Cybersecurity Framework 2. CIS Controls 3. ISO 27000 Series 4. MITRE ATT&CK 5. None of the above
Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
21© 2020 Cisco and/or its affiliates. All rights reserved. Technology components • Election Management System • Voter Registration Database (VRDB)* • Election Night Reporting Systems • Electronic Pollbooks • Voting Machines • Ballot Counting Machines * North Dakota doesn’t require voter registration
22© 2020 Cisco and/or its affiliates. All rights reserved. Voter Registration Database (VRDB)
Voter Registration Systems in the spotlight Source: https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf
24© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Not just about stealing data • Attempts to delete or manipulate voter information • Undermines confidence in the election process • Impacts perceptions about election legitimacy • Fuels conspiracy theories • More attacks expected this year Voter Registration Systems in the spotlight
25© 2020 Cisco and/or its affiliates. All rights reserved. MITRE General Voter Registration System Architecture Source: MITRE Recommended Controls for Voter Registration Systems (Nov 2019)
Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
27© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
28© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
29© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
30© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
31© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
32© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
33© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
Matthew Olney, Cisco Talos Director, Threat Intelligenceand Interdiction Election security can not be solved just by looking at individual components of the system.
Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
36© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential https://www.mitre.org/publications/technical-papers/recommended- security-controls-for-voter-registration-systems 1 Secure External Connections 2 Strengthen External and Internal Network Defenses 3 Enhance Access Management 4 ImproveSystem Management and Monitoring 5 Facilitate Recovery and Ensure Continuity of Operations As evidenced by the widespread attacks during the 2016 election cycle, in which numerous states were targeted for compromise by nation-state actors, voter registration databases are of particular interest to sophisticated adversaries... -- MITRE
37© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential https://www.mitre.org/publications/technical-papers/recommended- security-controls-for-voter-registration-systems 1 Secure External Connections 2 Strengthen External and Internal Network Defenses 3 Enhance Access Management 4 ImproveSystem Management and Monitoring 5 Facilitate Recovery and Ensure Continuity of Operations
38© 2020 Cisco and/or its affiliates. All rights reserved. Secure External Connections “Evaluate, protect, and authenticate communications with the external systems that share and validate voter information to ensure that connections are secure and do not offer a point of entry for external attack.” 1 Secure External Connections Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data Overview
39© 2020 Cisco and/or its affiliates. All rights reserved. Strengthen External and Internal Network Defenses “Deploy network segmentation, additional firewall and intrusion detection layers, and email and web content filtering to detect and halt attacks made through network connections.” 2 Strengthen External and Internal Network Defenses Network Segmentation and Isolation Firewalls Intrusion Detection Systems Device Access Control Email, Web, and Content Filtering Overview
40© 2020 Cisco and/or its affiliates. All rights reserved. Enhance Access Management “Implement role-based access, multifactor authentication, device access control, and centralized and federated identity management, and perform supply chain risk assessment.” 3 Enhance Access Management Role-Based Access Multifactor Authentication Centralized/Federated Identity Mgmt Supply Chain Risk Overview
41© 2020 Cisco and/or its affiliates. All rights reserved. Improve System Management and Monitoring Improve System Management and Monitoring Logging, Aggregation, and Analysis Vulnerability Scanning Asset Management Patch Management “Implement logging and vulnerability management to improve visibility. Perform regular audits to ensure validity of the database and compliance to policies and procedures, and to verify and validate file authenticity.” 4 Audits Privileged Endpoint Security Services Overview
42© 2020 Cisco and/or its affiliates. All rights reserved. Facilitate Recovery and Ensure Continuity of Operations Facilitate Recovery and Ensure Continuity of Operations Recovery Strategy Backups Continuity of Operations “Perform regular backups, frequent system audits, and institute clear recovery plans to mitigate damage to election systems. Identify and test failover methodology to ensure that operations can continue if a system fails.” 5 Overview
Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data Network Segmentation Firewalls Intrusion Detection Systems Device Access Control Email, Web Content Filtering Role-Based Access Multifactor Authentication Identity Management Supply Chain Risk Logging and Analysis Vulnerability Scanning Asset Management Patch Management Audits Endpoint Security Services Recovery Strategy Backups Continuity of Operations 1 2 2 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 20 21 22 19 1 Secure External Connections 2 Strengthen External and Internal Network Defenses 3 Enhance Access Management 4 ImproveSystem Management and Monitoring 5 Facilitate Recovery and Ensure Continuity of Operations
Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data Network Segmentation Firewalls Intrusion Detection Systems Device Access Control Email, Web Content Filtering Role-Based Access Multifactor Authentication Identity Management Supply Chain Risk Logging and Analysis Vulnerability Scanning Asset Management Patch Management Audits Endpoint Security Services Recovery Strategy Backups Continuity of Operations 1 2 2 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 20 21 22 19 Actually there’s 22 things...
Stephen R. Covey “Most of us spend too much time on what is urgent... and not enough time on what is important.”
Poll 3Which of these is most vital for election integrity? 1. Secure External Connections 2. Strengthen Network Defenses 3. Enhance Access Management 4. Improve System Management and Monitoring 5. Facilitate Recovery and Ensure Continuity of Operations
Risk UnacceptableAcceptable What’s important? Focus immediate action on: • Highest risk areas • What you can do right now • What your budget supports • What’s aligned with cyber best practices
48© 2020 Cisco and/or its affiliates. All rights reserved. Secure External Connections 1 Secure External Connections Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data CIS Control 12 Boundary Defense
49© 2020 Cisco and/or its affiliates. All rights reserved. Strengthen External and Internal Network Defenses 2 Strengthen External and Internal Network Defenses Network Segmentation and Isolation Firewalls Intrusion Detection Systems Device Access Control Email, Web, and Content Filtering CIS Control 7 Email and Web Browser Protections
50© 2020 Cisco and/or its affiliates. All rights reserved. Enhance Access Management 3 Enhance Access Management Role-Based Access Multifactor Authentication Centralized/Federated Identity Mgmt Supply Chain Risk CIS Control 16 Account Monitoring and Control
51© 2020 Cisco and/or its affiliates. All rights reserved. Improve System Management and Monitoring Improve System Management and Monitoring Logging, Aggregation, and Analysis Vulnerability Scanning Asset Management Patch Management 4 Audits Privileged Endpoint Security Services CIS Control 8 Malware Defenses
52© 2020 Cisco and/or its affiliates. All rights reserved. Facilitate Recovery and Ensure Continuity of Operations Facilitate Recovery and Ensure Continuity of Operations Recovery Strategy Backups Continuity of Operations. 5 CIS Control 19 Incident Response and Management
Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
1 Secure External Connections Patterns of Communication Stealthwatch Cloud Network Traffic Analysis Comprehensive visibility and analytics Agentless deployment with automated tuning Network detection and response
2 Strengthen External and Internal Network Defenses Email, Web, and Content Filtering Umbrella and Email Security Content Filtering Protect users everywhere with DNS-layer security Multiple security services delivered from the cloud Layered email defenses for complete protection
3 Enhance Access Management Multifactor Authentication Duo Security Zero Trust Access Modern, effective multifactor authentication Protect any application on any device Deploy easily in any environment
4 Improve System Management and Monitoring Privileged Endpoint Security Services Advanced Malware Protection Endpoint Security Block Threats Before Compromise Continuous Detection and Response Secure and Trusted Access
5 Facilitate Recovery and Ensure Continuity of Operations Recovery Strategy Talos Incident Response Proactive and Reactive IR Services IR Readiness Assessments IR Plans and Playbooks Emergency Incident Response
There’s so much more
60© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco SecureX A cloud-native, built-in platform experience within our portfolio Your Infrastructure SIEM/SOARIdentity 3rd Party/ITSM Intelligence Cisco Secure ApplicationsCloud Network Endpoint Your teams ITOpsSecOps NetOps Investigation Remediation Managed Policy Orchestration Automation Detection Analytics Unified Visibility
61© 2020 Cisco and/or its affiliates. All rights reserved. Learn from Matt at Black Hat What to expect when you'reelecting: What Talos learned after 4 years of research and hands-on experience https://www.blackhat.com/us-20/ “The voter registration database is the foundation of almost every state election system in the United States,” said Matt Olney, Director of Talos Threat Intelligence. “It’s a center-piece of our discussions with election officials and a key target for our adversaries. “MITRE's controls are well-aligned with Talos' own analysis and recommendations for defending these vital systems.” Wednesday,August 5 3:30-4:10pm ET 12:30-1:10pm PT Matt Olney Director, Threat Intelligence and Interdiction
And read up on election security MITREElectionIntegrity https://www.mitre.org/news/focal-points/election-integrity CISA #Protect2020 https://www.cisa.gov/protect2020 CiscoCybersecurityForGovernment https://www.cisco.com/c/en/us/products/security/cisco-cybersecurity-for- government.html CiscoCybersecurityFrameworkGuidance https://www.cisco.com/c/en/us/products/security/cybersecurity-framework- guidance.html
CIS Control12 Boundary Defense CIS Control7 Email and Web Browser Protections CIS Control16 Account Monitoring and Control CIS Control8 Malware Defenses CIS Control19 Incident Response and Management 1 2 3 4 5 FilterNetworkTraffic M1037 RestrictWeb-BasedContent M1021 Multi-factorAuthentication M1032 Antivirus/Antimalware M1049 Data Backup M1053 Mitigations

Recommended

Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?Brian K. Dickard
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)James Neo
 
How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!
How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!
How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!Dottie Schindlinger
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
Cyber Risk Assessment to Empower Cyber Insurance Markets
Cyber Risk Assessment to Empower Cyber Insurance MarketsCyber Risk Assessment to Empower Cyber Insurance Markets
Cyber Risk Assessment to Empower Cyber Insurance MarketsJay Kesan
 

Recommended

Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?Brian K. Dickard
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)James Neo
 
How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!
How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!
How Boards Can Learn to Stop Avoiding & Start Loving Cyber Risk!Dottie Schindlinger
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
Cyber Risk Assessment to Empower Cyber Insurance Markets
Cyber Risk Assessment to Empower Cyber Insurance MarketsCyber Risk Assessment to Empower Cyber Insurance Markets
Cyber Risk Assessment to Empower Cyber Insurance MarketsJay Kesan
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devicesJ A Bhavsar
 
Improve Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingImprove Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingTriskele Labs
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber riskG Prachi
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Bangladesh Network Operators Group
 
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Resilient Systems
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickMAXfocus
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie MAXfocus
 
CA_Module_1.pptx
CA_Module_1.pptxCA_Module_1.pptx
CA_Module_1.pptxYazanSalileh
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
CA_Module_1.pdf
CA_Module_1.pdfCA_Module_1.pdf
CA_Module_1.pdfEhabRushdy1
 

More Related Content

What's hot

Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devicesJ A Bhavsar
 
Improve Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingImprove Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingTriskele Labs
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber riskG Prachi
 
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Resilient Systems
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickMAXfocus
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie MAXfocus
 

What's hot (19)

Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devices
 
Improve Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingImprove Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness Training
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber risk
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
Data breach
Data breachData breach
Data breach
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie
 

Similar to #Protect2020: Securing the Heart of Our Election Systems

How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceGwanhoo Lee
 
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government Insights
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government InsightsVirtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government Insights
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government InsightsSplunk
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To IgnoreGross, Mendelsohn & Associates
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxRambilashTudu
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksBlancco
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
 
Open Text Content World - Executive Summit presentation
Open Text Content World - Executive Summit presentationOpen Text Content World - Executive Summit presentation
Open Text Content World - Executive Summit presentationJohn Mancini
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 

Similar to #Protect2020: Securing the Heart of Our Election Systems (20)

CA_Module_1.pptx
CA_Module_1.pptxCA_Module_1.pptx
CA_Module_1.pptx
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
CA_Module_1.pdf
CA_Module_1.pdfCA_Module_1.pdf
CA_Module_1.pdf
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
 
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government Insights
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government InsightsVirtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government Insights
Virtual Gov Day - Introduction & Keynote - Alan Webber, IDC Government Insights
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Cybersecurity Day for Parliament
Cybersecurity Day for ParliamentCybersecurity Day for Parliament
Cybersecurity Day for Parliament
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacks
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
Open Text Content World - Executive Summit presentation
Open Text Content World - Executive Summit presentationOpen Text Content World - Executive Summit presentation
Open Text Content World - Executive Summit presentation
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

#Protect2020: Securing the Heart of Our Election Systems

  • 1. Steve Caimi, Cisco Security July 2020 Securing the Heart of our Election Systems #Protect2020
  • 2. Abstract It’s a pivotal moment in US history. We’re coming together on long-overdue civil reforms, battling injustice and a deadly pandemic, while restarting our economy. Soon we’ll come together to decide our nation’s future leaders. At a time when truth is called into question, it’s vital to secure our election so we trust its outcomes. Cyberattacks on election systems could undermine confidence just when we need it the most. The voter registration database (VRDB) is the heart of most election systems, and MITRE recently published the most important security steps to protect them. Today we’ll explore: ‣ The nature of election systems and why they’re difficult to secure ‣ MITRE’s focus on VRDBs and five key cybersecurity recommendations ‣ How Cisco Security can help you take action on MITRE’s advice today
  • 3. Poll 1Your time is valuable. Why did you join our webinar today? 1. I am responsible for election security in my role 2. I am not responsible for election security, but interested in the topic
  • 4. Agenda 1. The most important things 2. The system and the pieces 3. What makes security so hard 4. MITRE’s recommendations 5. Solutions to start using now
  • 5. Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
  • 6. Back in 1933 FDR took the US off the gold standard
  • 7. 7© 2020 Cisco and/or its affiliates. All rights reserved. The most important things Faith Confidence Trust
  • 8. Many things can undermine our elections Foreign Interference Unproven Allegations Voter Fraud Conspiracy Theories Information Operations Cyber Breaches
  • 9. Which brings us to cisa.gov/protect2020 • Cybersecurity & Infrastructure Security Agency (CISA) • Lead federal agency for election security • National call to action to bolster election security • Resources and outreach to state & local government
  • 10. Example: Understanding foreign interference From random cyberspace to the real world https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
  • 11. Step 1: Start with a divisive issue https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
  • 12. Step 2: Mobilize social media https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
  • 13. Step 3: Begin the misinformation operation https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
  • 14. Step 4: Get noticed by mainstream media https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
  • 15. Step 5: Influence legitimate voters https://www.cisa.gov/sites/default/files/publications/19_1008_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps.pdf
  • 16. As cyber defenders, let’s control what we can Foreign Interference Unproven Allegations Voter Fraud Conspiracy Theories Information Operations Cyber Breaches
  • 17. 17© 2020 Cisco and/or its affiliates. All rights reserved. Let’s make sure voters know about our progress • “States should be open about their investments, timelines and policies.” • “Success and progress in security should be aggressively communicated.”
  • 18. And let’s start now with the things we can do today At MITRE, we solve problems for a safer world. Through our federally funded R&D centers and public-private partnerships, we work across government to tackle challenges to the safety, stability, and well-being of our nation.
  • 19. Poll 2Which cybersecurity best practice do you use the most? 1. NIST Cybersecurity Framework 2. CIS Controls 3. ISO 27000 Series 4. MITRE ATT&CK 5. None of the above
  • 20. Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
  • 21. 21© 2020 Cisco and/or its affiliates. All rights reserved. Technology components • Election Management System • Voter Registration Database (VRDB)* • Election Night Reporting Systems • Electronic Pollbooks • Voting Machines • Ballot Counting Machines * North Dakota doesn’t require voter registration
  • 22. 22© 2020 Cisco and/or its affiliates. All rights reserved. Voter Registration Database (VRDB)
  • 23. Voter Registration Systems in the spotlight Source: https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf
  • 24. 24© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Not just about stealing data • Attempts to delete or manipulate voter information • Undermines confidence in the election process • Impacts perceptions about election legitimacy • Fuels conspiracy theories • More attacks expected this year Voter Registration Systems in the spotlight
  • 25. 25© 2020 Cisco and/or its affiliates. All rights reserved. MITRE General Voter Registration System Architecture Source: MITRE Recommended Controls for Voter Registration Systems (Nov 2019)
  • 26. Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
  • 27. 27© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
  • 28. 28© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
  • 29. 29© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
  • 30. 30© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
  • 31. 31© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
  • 32. 32© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
  • 33. 33© 2020 Cisco and/or its affiliates. All rights reserved. Election security challenges • Each state runs their own election systems • Design and architecture varies from state to state • Many integrations both on and off the state’s network • Election officials’ workstations serve multiple purposes • No nationwide security standards • Limited resources If you’ve seen one election system, you’ve seen one election system.
  • 34. Matthew Olney, Cisco Talos Director, Threat Intelligenceand Interdiction Election security can not be solved just by looking at individual components of the system.
  • 35. Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
  • 36. 36© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential https://www.mitre.org/publications/technical-papers/recommended- security-controls-for-voter-registration-systems 1 Secure External Connections 2 Strengthen External and Internal Network Defenses 3 Enhance Access Management 4 ImproveSystem Management and Monitoring 5 Facilitate Recovery and Ensure Continuity of Operations As evidenced by the widespread attacks during the 2016 election cycle, in which numerous states were targeted for compromise by nation-state actors, voter registration databases are of particular interest to sophisticated adversaries... -- MITRE
  • 37. 37© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential https://www.mitre.org/publications/technical-papers/recommended- security-controls-for-voter-registration-systems 1 Secure External Connections 2 Strengthen External and Internal Network Defenses 3 Enhance Access Management 4 ImproveSystem Management and Monitoring 5 Facilitate Recovery and Ensure Continuity of Operations
  • 38. 38© 2020 Cisco and/or its affiliates. All rights reserved. Secure External Connections “Evaluate, protect, and authenticate communications with the external systems that share and validate voter information to ensure that connections are secure and do not offer a point of entry for external attack.” 1 Secure External Connections Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data Overview
  • 39. 39© 2020 Cisco and/or its affiliates. All rights reserved. Strengthen External and Internal Network Defenses “Deploy network segmentation, additional firewall and intrusion detection layers, and email and web content filtering to detect and halt attacks made through network connections.” 2 Strengthen External and Internal Network Defenses Network Segmentation and Isolation Firewalls Intrusion Detection Systems Device Access Control Email, Web, and Content Filtering Overview
  • 40. 40© 2020 Cisco and/or its affiliates. All rights reserved. Enhance Access Management “Implement role-based access, multifactor authentication, device access control, and centralized and federated identity management, and perform supply chain risk assessment.” 3 Enhance Access Management Role-Based Access Multifactor Authentication Centralized/Federated Identity Mgmt Supply Chain Risk Overview
  • 41. 41© 2020 Cisco and/or its affiliates. All rights reserved. Improve System Management and Monitoring Improve System Management and Monitoring Logging, Aggregation, and Analysis Vulnerability Scanning Asset Management Patch Management “Implement logging and vulnerability management to improve visibility. Perform regular audits to ensure validity of the database and compliance to policies and procedures, and to verify and validate file authenticity.” 4 Audits Privileged Endpoint Security Services Overview
  • 42. 42© 2020 Cisco and/or its affiliates. All rights reserved. Facilitate Recovery and Ensure Continuity of Operations Facilitate Recovery and Ensure Continuity of Operations Recovery Strategy Backups Continuity of Operations “Perform regular backups, frequent system audits, and institute clear recovery plans to mitigate damage to election systems. Identify and test failover methodology to ensure that operations can continue if a system fails.” 5 Overview
  • 43. Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data Network Segmentation Firewalls Intrusion Detection Systems Device Access Control Email, Web Content Filtering Role-Based Access Multifactor Authentication Identity Management Supply Chain Risk Logging and Analysis Vulnerability Scanning Asset Management Patch Management Audits Endpoint Security Services Recovery Strategy Backups Continuity of Operations 1 2 2 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 20 21 22 19 1 Secure External Connections 2 Strengthen External and Internal Network Defenses 3 Enhance Access Management 4 ImproveSystem Management and Monitoring 5 Facilitate Recovery and Ensure Continuity of Operations
  • 44. Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data Network Segmentation Firewalls Intrusion Detection Systems Device Access Control Email, Web Content Filtering Role-Based Access Multifactor Authentication Identity Management Supply Chain Risk Logging and Analysis Vulnerability Scanning Asset Management Patch Management Audits Endpoint Security Services Recovery Strategy Backups Continuity of Operations 1 2 2 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 20 21 22 19 Actually there’s 22 things...
  • 45. Stephen R. Covey “Most of us spend too much time on what is urgent... and not enough time on what is important.”
  • 46. Poll 3Which of these is most vital for election integrity? 1. Secure External Connections 2. Strengthen Network Defenses 3. Enhance Access Management 4. Improve System Management and Monitoring 5. Facilitate Recovery and Ensure Continuity of Operations
  • 47. Risk UnacceptableAcceptable What’s important? Focus immediate action on: • Highest risk areas • What you can do right now • What your budget supports • What’s aligned with cyber best practices
  • 48. 48© 2020 Cisco and/or its affiliates. All rights reserved. Secure External Connections 1 Secure External Connections Patterns of Communication Protecting Connections Authenticating Endpoints Verifying Data CIS Control 12 Boundary Defense
  • 49. 49© 2020 Cisco and/or its affiliates. All rights reserved. Strengthen External and Internal Network Defenses 2 Strengthen External and Internal Network Defenses Network Segmentation and Isolation Firewalls Intrusion Detection Systems Device Access Control Email, Web, and Content Filtering CIS Control 7 Email and Web Browser Protections
  • 50. 50© 2020 Cisco and/or its affiliates. All rights reserved. Enhance Access Management 3 Enhance Access Management Role-Based Access Multifactor Authentication Centralized/Federated Identity Mgmt Supply Chain Risk CIS Control 16 Account Monitoring and Control
  • 51. 51© 2020 Cisco and/or its affiliates. All rights reserved. Improve System Management and Monitoring Improve System Management and Monitoring Logging, Aggregation, and Analysis Vulnerability Scanning Asset Management Patch Management 4 Audits Privileged Endpoint Security Services CIS Control 8 Malware Defenses
  • 52. 52© 2020 Cisco and/or its affiliates. All rights reserved. Facilitate Recovery and Ensure Continuity of Operations Facilitate Recovery and Ensure Continuity of Operations Recovery Strategy Backups Continuity of Operations. 5 CIS Control 19 Incident Response and Management
  • 53. Agenda 1. The most important things 2. The system and the pieces 3. What makes securing it so hard 4. MITRE’s recommendations 5. Solutions to start using now
  • 54. 1 Secure External Connections Patterns of Communication Stealthwatch Cloud Network Traffic Analysis Comprehensive visibility and analytics Agentless deployment with automated tuning Network detection and response
  • 55. 2 Strengthen External and Internal Network Defenses Email, Web, and Content Filtering Umbrella and Email Security Content Filtering Protect users everywhere with DNS-layer security Multiple security services delivered from the cloud Layered email defenses for complete protection
  • 56. 3 Enhance Access Management Multifactor Authentication Duo Security Zero Trust Access Modern, effective multifactor authentication Protect any application on any device Deploy easily in any environment
  • 57. 4 Improve System Management and Monitoring Privileged Endpoint Security Services Advanced Malware Protection Endpoint Security Block Threats Before Compromise Continuous Detection and Response Secure and Trusted Access
  • 58. 5 Facilitate Recovery and Ensure Continuity of Operations Recovery Strategy Talos Incident Response Proactive and Reactive IR Services IR Readiness Assessments IR Plans and Playbooks Emergency Incident Response
  • 60. 60© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco SecureX A cloud-native, built-in platform experience within our portfolio Your Infrastructure SIEM/SOARIdentity 3rd Party/ITSM Intelligence Cisco Secure ApplicationsCloud Network Endpoint Your teams ITOpsSecOps NetOps Investigation Remediation Managed Policy Orchestration Automation Detection Analytics Unified Visibility
  • 61. 61© 2020 Cisco and/or its affiliates. All rights reserved. Learn from Matt at Black Hat What to expect when you'reelecting: What Talos learned after 4 years of research and hands-on experience https://www.blackhat.com/us-20/ “The voter registration database is the foundation of almost every state election system in the United States,” said Matt Olney, Director of Talos Threat Intelligence. “It’s a center-piece of our discussions with election officials and a key target for our adversaries. “MITRE's controls are well-aligned with Talos' own analysis and recommendations for defending these vital systems.” Wednesday,August 5 3:30-4:10pm ET 12:30-1:10pm PT Matt Olney Director, Threat Intelligence and Interdiction
  • 62. And read up on election security MITREElectionIntegrity https://www.mitre.org/news/focal-points/election-integrity CISA #Protect2020 https://www.cisa.gov/protect2020 CiscoCybersecurityForGovernment https://www.cisco.com/c/en/us/products/security/cisco-cybersecurity-for- government.html CiscoCybersecurityFrameworkGuidance https://www.cisco.com/c/en/us/products/security/cybersecurity-framework- guidance.html
  • 63.
  • 64. CIS Control12 Boundary Defense CIS Control7 Email and Web Browser Protections CIS Control16 Account Monitoring and Control CIS Control8 Malware Defenses CIS Control19 Incident Response and Management 1 2 3 4 5 FilterNetworkTraffic M1037 RestrictWeb-BasedContent M1021 Multi-factorAuthentication M1032 Antivirus/Antimalware M1049 Data Backup M1053 Mitigations