Good morning. Welcome to this week’s Future of Security newsletter. Let’s get started.
RSA 2020, one of the world’s largest cybersecurity conferences, took place in San Francisco the week of Feb 24, with the word “virus” on everybody’s lips. Normally, digital viruses are a popular subject, but this year the coronavirus cast a pall over an event that attracts as many as 40,000 participants. The major players attended, including cyber experts, CISOs, large federal agencies like the National Security Agency, FBI and Department of Homeland Security, as well as big industry names like Microsoft, Google and McAfee.
But Government Technology’s cybersecurity reporter Lucas Ropek, who covered the event, found there were notable absences too, with last-minute cancellations by Facebook, IBM and Verizon. Some six companies based in China also dropped out, some due to travel restrictions.
While covering RSA, Ropek reported on the rise of the cybersecurity researcher. These cyber pros are trained to “track, identify and combat bad cyber actors. They use a combination of intelligence gathering and threat analysis to understand the types of individuals and groups that attack and harass companies and governments.”
Adversaries and the tools to fight them have changed immensely in just the last ten years and researchers and hunters need to continuously update their thinking and methods to stay competitive with hackers, according to Timothy Gallo, a solutions architect for FireEye.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also figured prominently at RSA. Increasingly, CISA has become an adviser and a benefactor to state and local governments. “Newly introduced legislation would, if passed, broaden and solidify that mission — creating CISA liaisons to work together with state governments, for instance, or standing up a $400 million, CISA-administered fund from which state and local entities could apply for cyber-related grants,” Ropek explained.
CISA’s director Chris Krebs directly addressed his agency’s role with state and local governments and how election security has moved front and center in the geopolitical battle between the U. S. and Russia. “The state and local folks, they didn’t understand in 2016 that they were on the frontlines of this geopolitical conflict, and they now are all on board,” he said. “We have a dedicated information sharing and analysis center for state and locals — all 50 states and about 2,500 jurisdictions are engaged. So again, the American people need to understand that we are engaged on this.”
Los Angeles County’s custom-built election system ran into problems during Super Tuesday. Technical problems generated long lines at polling stations, leading to what The Washington Post described as an “ugly debut” for the county’s $280 million digital voting platform. The system was built to create a highly secure and accessible voting system that did not rely on technology from the companies that control more than 90 percent of the voting machine market. “The idea was to provide an alternative to mass-produced machines that experts fear are too vulnerable to Russian hacking,” according to The Post.
Among the problems on Super Tuesday: One-fifth of voting machines failed to work and network problems interfered with electronic poll books used by election workers to verify voters’ eligibility.
Voter advocates, election observers and candidates criticized the county, saying the technical problems probably disenfranchised voters who couldn’t wait for hours in line. They also questioned why the county used a new system for the first time during such a crucial election.