Connect with us

Cyber Security

Activists complain of weakened voting security standard

FILE – In this Oct. 6, 2020, file photo voters fill out their ballot during early voting at the Cuyahoga County Board of Elections in Cleveland. The Cybersecurity and Infrastructure Agency, which President Donald Trump signed into existence in 2018, is working with other parts of the government to safeguard an election in the middle […]

Published

on

FILE – In this Oct. 6, 2020, file photo voters fill out their ballot during early voting at the Cuyahoga County Board of Elections in Cleveland. The Cybersecurity and Infrastructure Agency, which President Donald Trump signed into existence in 2018, is working with other parts of the government to safeguard an election in the middle of a pandemic. (AP Photo/Tony Dejak, File)

BOSTON (AP) — Leaders of the federal agency overseeing election administration have quietly weakened a key element of proposed security standards for voting systems, raising concern among voting-integrity experts that many such systems will remain vulnerable to hacking.

The Election Assistance Commission is poised to approve its first new security standards in 15 years after an arduous process involving multiple technical and elections community bodies and open hearings. But ahead of a scheduled Feb. 10 ratification vote by commissioners, the EAC leadership tweaked the draft standards to remove language that stakeholders interpreted as banning wireless modems and chips from voting machines as a condition for federal certification.

The mere presence of such wireless hardware poses unnecessary risks for tampering that could alter data or programs on election systems, say computer security specialists and activists, some of whom have long complained than the EAC bends too easily to industry pressure.

Agency leaders argue that overall, the revised guidelines represent a major security improvement. They stress that the rules require manufacturers to disable wireless functions present in any machines, although the wireless hardware can remain.

In a Feb. 3 letter to the agency, computer scientists and voting integrity activists say the change “profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems.” They demand the wireless hardware ban be restored.

“They’re trying to do an end run to avoid scrutiny by the public and Congress,” said Susan Greenhalgh, senior advisor on election security for Free Speech for People, a nonpartisan nonprofit, accusing agency leaders of bowing to industry pressure.

Seven members of the commission’s 35-member advisory board including its chair, Michael Yaki, wrote EAC leadership on Thursday to express dismay that the standards were “substantially altered” from what they approved in June. At the very least, the wrote, they deserve an explanation why the draft standards “backtracked so drastically on a critical security issue.”

Yaki said he was puzzled by the commission’s move because “the mantra adopted by pretty much the entire cyber community has been to take radios or things that can be communicated via wireless out of the equation.”

Yaki asked in the letter that the commissioners postpone the Feb. 10 vote, but he withdrew that request on Friday after hearing their explanation for the changes. But he said his concerns remain.

A modem ban is especially important because millions of Americans continue to believe former President Donald Trump’s unfounded claims that voting equipment was somehow manipulated to rob him of re-election in November, said Yaki. “You don’t want to give QAnon enthusiasts or the ‘Stop the Steal’ people any reason to think that our our voting infrastructure is less than perfect.”

EAC Chair Benjamin Hovland noted that the agency relied on experts with the National Institute of Standards and Technology to help draft the guidelines. He said objections to the change should not be allowed to hold up the new rules’ significant cybersecurity improvements.

The ban on wireless hardware in voting machines would force vendors who currently build systems with off-the-shelf components to rely on more expensive custom-built hardware, Hovland said, which could hurt competition in an industry already dominated by a trio of companies. He also argued that the guidelines are voluntary, although many state laws are predicated on them.

“You have people putting their own personal agenda, putting themselves before the health of our democracy,” Hovland said, adding that elections officials are among those supporting the change. “It’s so small-sighted the way some people have been approaching this.”

Hovland stressed that the amended guidelines say all wireless capability must be disabled in voting equipment. But computer experts say that if the hardware is present, the software that activates it can be introduced. And the threat is not just from malign actors but also from the vendors and their clients, who could enable the wireless capability for maintenance purposes then forget to turn it off, leaving machines vulnerable.

Still, one member of the NIST-led technical committee, Rice University computer scientist Dan Wallach, said that while the changes came as a surprise, they don’t seem “catastrophic.” Objections shouldn’t hold up adoption of the new guidelines, he said.

California, Colorado, New York and Texas already ban wireless modems in their voting equipment. The standards being updated, known as the Voluntary Voting System Guidelines, are used by 38 states either as a benchmark or to define some aspect of equipment testing and certification. In 12 states, voting equipment certification is fully governed by the guidelines.

In 2015, Virginia decertified and scrapped a voting machine called the WINVote after determining that it could be wirelessly accessed and manipulated.

Created to modernize voting technology following the “hanging chad” debacle in the 2000 presidential election, the Election Assistance Committee has never had much authority. That’s partly because voting administration is run individually by the 50 states and territories.

But after Russian military hackers meddled in the 2016 election in Trump’s favor, the nation’s voting equipment was declared critical infrastructure and Democrats in Congress have attempted to exert greater federal control to improve security.

Republicans, however, have stymied attempts at election security reform in the Senate. While the most unreliable voting machines — touchscreens with no paper ballots to recount — have largely been scrapped, privately held equipment vendors continues to sell proprietary systems that computer scientists say remains vulnerable to hacking. Experts are pushing for universal use of hand-marked paper ballots and better audits to bolster confidence in election results.

—-

Associated Press writer Christina A. Cassidy contributed from Atlanta.

Copyright 2020 Associated Press. All rights reserved.

Source: https://apnews.com/article/business-voting-machines-voting-hacking-elections-13c64df55961dac87b417608818655a6

The mere presence of such wireless hardware poses unnecessary risks for tampering that could alter data or programs on election systems, say computer security specialists and activists, some of whom have long complained than the EAC bends too easily to industry pressure.

Source: https://newsworthy-news.com/2021/02/06/activists-complain-of-weakened-voting-security-standard/

Cyber Security

Cybersecurity space may have about 3.5 million unfilled jobs: Report

The report has predicted that the Indian cybersecurity services industry would grow at a CAGR of about 21% to touch $13.6 billion by 2025

Published

on

The report has predicted that the Indian cybersecurity services industry would grow at a CAGR of about 21% to touch $13.6 billion by 2025

Cybersecurity space may have about 3.5 million unfilled jobs: Report

The market for hacking, also a part of cybersecurity, is expected to create 3.5 million jobs globally by 2025, according to a report by Cybersecurity Ventures.

About 3.5 million jobs in the Indian cybersecurity space will remain unfilled by year-end even as the sector is growing by leaps and bounds, according to a study by Nasscom and Data Security Council of India (DSCI).

Growing industry

The report has predicted that the Indian cybersecurity services industry would grow at a compound annual growth rate (CAGR) of about 21% to touch $13.6 billion by 2025, the Business Standard reported quoting the study ‘India Cybersecurity Services Land.’’

By 2022, the industry, which generated a cumulative revenue of about $4.3 billion in 2019, is expected to grow to $7.6 billion, the report said, adding that around 3.5 million jobs in the cybersecurity space will, however, remain unfilled by the end of 2021.

Burnout cases

Meanwhile, a global study of cybersecurity professionals has warned of burnout among cybersecurity professionals. The cybersecurity space is facing a serious shortage of investment and this, coupled with extra work pressure, is resulting in skill shortage. This study was conducted by Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG).

Quality manpower is a challenge

It is a tall order to fill the vacant positions with quality manpower even as data breach poses a real threat to organisations. The market for hacking, also a part of cybersecurity, is expected to create 3.5 million jobs globally by 2025, according to a report by Cybersecurity Ventures.

“The focus needs to be on proactively detecting and avoiding attacks. Security training experts should also increasingly work towards developing skills in the same area,” the Business Standard quoted Govindraj Basatwar, head of Global Business for INKA Entworks, as saying.

Earlier this year, jobs search firm Indeed had said that cybersecurity job postings are more than the number of people searching for a job in the domain.

The report has predicted that the Indian cybersecurity services industry would grow at a compound annual growth rate (CAGR) of about 21% to touch $13.6 billion by 2025, the Business Standard reported quoting the study ‘India Cybersecurity Services Land.’’

Source: https://www.money9.com/news/trending/cybersecurity-space-may-have-about-3-5-million-unfilled-jobs-report-64799.html

Continue Reading

Cyber Security

New cybersecurity tech protects computer networks in vehicles

DESOLATOR is not limited to identifying the optimal IP shuffling frequency and bandwidth allocation.

Published

on

Representational Image

Representational Image

New York: A team of US researchers has developed a new machine learning-based framework to enhance the security of computer networks inside vehicles without undermining performance.

In collaboration with experts from Virginia Tech, the University of Queensland and Gwangju Institute of Science and Technology, researchers at the US Army Research Laboratory devised a technique called ‘DESOLATOR’ to help optimise a well-known cybersecurity strategy known as the moving target defense.

DESOLATOR, which stands for deep reinforcement learning-based resource allocation and moving target defense deployment framework, helps the in-vehicle network identify the optimal IP shuffling frequency and bandwidth allocation to deliver effective, long-term moving target defense.

“The idea is that it’s hard to hit a moving target,” said Dr Terrence Moore, a US Army mathematician.

“If everything is static, the adversary can take their time looking at everything and choosing their targets. But if you shuffle the IP addresses fast enough, then the information assigned to the IP quickly becomes lost, and the adversary has to look for it again,” he explained in a statement.

The research team used deep reinforcement learning to gradually shape the behaviour of the algorithm based on various reward functions, such as exposure time and the number of dropped packets, to ensure that DESOLATOR took both security and efficiency into equal consideration.

“Existing legacy in-vehicle networks are very efficient, but they weren’t really designed with security in mind,” Moore said. “Nowadays, there’s a lot of research out there that looks solely at either enhancing performance or enhancing security. Looking at both performance and security is in itself a little rare, especially for in-vehicle networks.”

In addition, DESOLATOR is not limited to identifying the optimal IP shuffling frequency and bandwidth allocation.

Since this approach exists as a machine learning-based framework, other researchers can modify the technique to pursue different goals within the problem space.

According to Army computer scientist and programme lead Dr Frederica Free-Nelson, this level of fortification of prioritised assets on a network is an integral component for any kind of network protection.

“This ability to retool the technology is very valuable not only for extending the research but also marrying the capability to other cyber capabilities for optimal cybersecurity protection,” Nelson said.

For the latest Tech news, camera reviews, laptop games news, and Gadget Reviews on TimesNow

Source: https://www.timesnownews.com/technology-science/article/new-cybersecurity-tech-protects-computer-networks-in-vehicles/793233

Continue Reading

Cyber Security

Tether To Conduct An Audit To Negate Claims Concerning Transparency

The Tether general counsel has declared an official audit in few months. USDT is a popular stablecoin occupying the third position in global digital assets. Tether To Conduct An Audit To Negate Claims Concerning Transparency

Published

on

The Tether general counsel has declared an official audit in few months. USDT is a popular stablecoin occupying the third position in global digital assets. As it’s on blockchain that cybersecurity experts deem unhackable, the majority today trusts its security.

Related Reading | Cardano Aims To Facilitate Users With Smart Contracts

However, many people in the crypto community have been waiting for a financial audit of the stablecoin. Now, it seems that the ongoing regulatory issues in the crypto industry have galvanized the Tether team into action. As a result, they’re declaring that an audit will take place soon.

Tether Executives Grants Media Interview

Another rare incident is an interview in which the Tether CTO Paolo Arduino and Stu Hoegner, the general counsel, participated on CNBC.

During the interview, the hosts asked the duo some questions about USDT’s transparency and backing. In response, the general counsel stated that the team is working to be the first in their sector to get financial audits.

Tether To Conduct An Audit In Upcoming Months To Negate Claims Concerning Transparency

The crypto market has just turned bullish as the USDT trades in the green zone | Source: USDTUSD on TradingView.com

He also mentioned that the audits would come in months and not years. As for backing, he stated that the stablecoin is backed with reserves.

But Hoegner mentioned that some of the reserves are not US dollars. But the reserves are more US dollars plus other cash equivalents, secured loans, crypto assets, bonds, and others.

Related Reading | Anthony Di Lorio To Leave Cryptocurrency Space For Philanthropic Initiatives

However, in the Transparency report which Tether published, the market cap for USDT stands at $62 billion. Even though the number has increased by 195% since 2021 started, it is still behind competitors such as BUSD and USDC.

When Circle released a reserve report yesterday, July 21, it showed that 61% of the USDC reserves are cash & cash equivalent. The remaining 39% are in treasuries, bonds, and commercial paper accounts.

Taxes Decides To Attack

Paxos is a rival to Tether and recently attacked the stablecoin and Circle through its blog post on July 21, 2021. In the post, Paxos claims that the duo is not operating under financial regulators. In his words, both USDC and Tether are simply Stablecoins in name only.

Paxos disclosed that its stablecoin reserves are a combination of cash or cash equivalents to support its claims.

Related Reading | Ether EFT Gets Approval From Brazilian Securities Regulator

But in May, Tether disclosed the total backing that USDT has, which were cash 3.87%, fiduciary deposits 24.20%, treasury bills 2.94%, cash equivalents, commercial papers, which make up 65.39% plus others. This action was because the US lawmakers are closely scrutinizing its operations.

Also, Tether started submitting reports about its reserves after it reached a settlement agreement with the NY Attorney General’s Office 5 months ago. The firm has continued to send these reports since then.

Featured image from Pexels, chart from TradingView.com

Another rare incident is an interview in which the Tether CTO Paolo Arduino and Stu Hoegner, the general counsel, participated on CNBC.

Source: https://www.bitcoininsider.org/article/121153/tether-conduct-audit-negate-claims-concerning-transparency

Continue Reading

Trending