SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Expert: Farce involving Russia’s US elections breach needs resolving
Mon, 5th Mar 2018
FYI, this story is more than a year old

For quite some time there has been scandal surrounding the 2016 US Presidential election, with many believing Russia was maliciously involved.

And now multiple US officials have announced the US intelligence community had substantial evidence that state websites or voter registration systems in seven states were compromised by Russian-backed cybercriminals prior to the 2016 election – and they never told the affected states.

These states as of January 2017 were reported to have been Alaska, Arizona, California, Florida, Illinois, Texas, and Wisconsin.

Some of the breaches were more serious than others and ranged from entry into state websites to penetration of actual voter registration databases.

Washington officials were reported to have informed several of those states leading up to the election that there were foreign parties delving into their systems, but none were told that it was the Russian government.

The debate about whether or not the states were notified is ongoing with the Department of Homeland Security's acting press secretary Tyler Houlton reporting the news to be ‘inaccurate' and ‘misleading' in a series of tweets.

Regardless, it's clear that there is a relationship that needs strengthening between the federal government and state governments in the electoral area to improve cybersecurity, and the same is probably true around the world.

High-Tech Bridge CEO Ilia Kolochenko says the whole farce needs to be resolved sooner rather than later.

"If these allegations are true, we are likely dealing with an unprecedented scale of attack that deserves the most rigorous technical investigation and a proportional response. However, so far we are mainly dealing with a number of isolated, often contradictory facts and testimonies from various conflicting sources,” says Kolochenko.

“For example, the breach of a state website will unlikely have any direct consequences on the election outcomes. Many adduced facts - are excerpts from secret reports and thus can hardly be used to derive a reliable conclusion without reading the entire report.

Kolochenko says for obvious reasons, or even technically impossible, to know who is pulling the strings of the attacks. But otherwise, such news stories may just give valuable hints to the attackers to destroy some unexpected evidence and hinder the investigation.

"The alleged interference with the elections - is a matter of public interest and society deserves to know the truth about it,” Kolochenko says.

“I think a close cooperation between federal agencies can shed some light on the scope and material consequences (if any) of the alleged attacks. In the meantime, Federal and State governments should enhance their cybersecurity strategy and urgently allocate additional budget for national defense against cyber-attacks."