Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/26/2019
04:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Global Cyber Alliance And Center For Internet Security Launch Free Cybersecurity Toolkit for States And Local Election Offices

Developed with Funding from Craig Newmark Philanthropies, Toolkit Focuses on Mitigating Most Common and Addressable Cyber Risks

EW YORK, June 25, 2019 – Today, the Global Cyber Alliance (GCA), in partnership with Craig Newmark Philanthropies and the Center for Internet Security,® Inc. (CIS®), announces a FREE toolkit aimed at providing election authorities with additional easy-to-use solutions that will help mitigate the most common risks to free and fair elections. This toolkit will help government entities responsible for securing local, state and national elections handle daunting security challenges posed by today’s digital world.  Election offices are already working overtime against increasing threats, and the toolkit provides more resources for them to consider. Earlier this year, Craig Newmark Philanthropies contributed a $1.068 million gift to help GCA provide critical cybersecurity protections for media, journalists, election offices and community organizations, and this toolkit is a step in that effort.

“Election infrastructure is critical infrastructure – as vital to daily lives as nuclear power plants or water-filtration facilities,” said Philip Reitinger, President and CEO of GCA. “Election security must be a national and global priority, especially as securing elections is one of the most difficult tasks for a democracy, and the shortage of resources available to many election offices exacerbates the challenge.”

The toolkit is intended to help election offices add to their security program with free operational tools and guidance and has been assembled to help implement the recommendations in A Handbook for Elections Infrastructure Security. In this document, the Center for Internet Security, Inc., working with election offices, election associations and vendors, as well as academia, has established a set of best practices for securing the systems that comprise our election infrastructure. 

“The fabric of American democratic society relies on citizen trust in a fair, equitable and secure elections process,” said Craig Newmark. “The GCA Cybersecurity Toolkit offers election officials with proven cybersecurity policies and protections to help prevent elections from being hijacked by those who want to inflict damage on free and open societies.”

Elections are local, but the threats to their integrity are global. More than 99 percent of votes in the U.S. are cast or counted by computer, and the U.S. Department of Homeland Security has designated election systems as critical infrastructure.

Today’s cyber risks to elections are multiple and alarming. These risks include the compromise of voter registration data, election infrastructure hacking to alter vote counts, denial-of-service attacks against election offices, phishing campaigns directed at election officials, impersonation of emails from election offices and others, and the viral spread of false information through websites and social media.

“GCA has compiled a number of valuable free resources that will help election officials implement the security best practices outlined in A Handbook for Elections Infrastructure Security,” said John Gilligan, CIS President and CEO. “CIS appreciated the opportunity to collaborate with GCA on the Cybersecurity Toolkit for Elections.”

Election officials now confront an onslaught of cyber threats that inflict serious risks to the integrity of elections and the democratic process. Although these officials work hard to secure election infrastructure, there are thousands of election offices across the country with disparate security resources that will benefit from the GCA Cybersecurity Toolkit.

For more information and to access the toolkit, visit https://gcatoolkit.org/elections.

 

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

About Craig Newmark Philanthropies

Craig Newmark Philanthropies was created by craigslist founder Craig Newmark to support and connect people and drive broad civic engagement. The organization works to advance people and grassroots organizations that are getting stuff done in areas that include trustworthy journalism, voter protection, gender diversity in technology, and veterans and military families. For more information, please visit: CraigNewmarkPhilanthropies.org.

 

About CIS

CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center ® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit www.cisecurity.org or follow us on Twitter: @CISecurity.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.