Cyber Security, Hacking, and Electoral Integrity


Well Hello, French Fries!
   
  It's Monday morning, which normally means that I'm sluggish, in need of coffee, and figuring out my calendar for the work week. This week I'm actually quite optimistic. Hanukah starts tomorrow night, but more importantly, A NEW STAR WARS MOVIE IS BEING RELEASED THIS WEEK!!! Sorry to geek out there, but Star Wars was quite a formative film franchise in my youth development, and is part of the reason why I was inspired to go into the tech industry. I apologize that I did not release a blog post over the weekend. I was quite busy with important but mundane chores and didn't get a chance to open my computer screen.

     Now, for my first rant of the week: There is a special election happening tomorrow in Alabama for the vacant senator seat there, and that means there will be a lot of registered voters heading to the polls. (Side note, if you are a US Citizen, residing in Alabama, over the age of 18, and registered to vote, do your civic duty and vote! It doesn't matter for whom; just vote). The past year or so, the concept of electoral integrity has been a major news story, and this is directly related to the tech industry. Many polling districts use electronic voting machines. Unfortunately, like almost any computing device, these machines can be hacked.
      Hacking is a very strong, yet misunderstood term. There are several different forms of hacking, from the original usage of finding workarounds to a problem or complexity, to the more common perception of gaining unauthorized access to a system for illicit gain or purpose. The latter reason, which in the cybersecurity world is known as Black Hat hacking, is why many technology and software companies employ what are called White Hat hackers, who try and hack the technology in question in order to document the vulnerabilities and patch them up to prevent anyone else from gaining access. There is also another category of hackers called Grey Hat hackers who operate in that shadowy grey area in between of illegal and legal, often doing something illegal but without seeking personal profit or gain. If you've illegally downloaded a song or used a cracked software, then you have done a Grey Hat hack.
    Now, there has been a lot of concern with regards to electoral machines being manipulated by black hat hackers in order to influence the outcome of elections. Whether it be allegations of foreign influences, or domestic groups with a vested political interest, how can we be certain that are votes are properly being counted and tabulated as we intend them to be? This is where good computer security comes in hand. The best way to counter a hack is to be careful and secure with our passwords and authentication, while also being vigilant in our system security. Unfortunately, voting machines are not normally at the same level of development as PCs, which is something that needs to be addressed. We need to invest heavily in upgrading our voting machines, and in security for said machines. 
  However, more than voting machines, what terrifies me as a tech professional is proposed changes to how voter rolls are being stored. There is a plan being floated by the White House's Commission on Electoral Integrity to warehouse all voter data, including sensitive information like social security numbers, on one potentially unsecure server in the White House. This scares me for several reasons. First, if a database is stored in the White House, which is the symbol of American partisan politics, then the voter database is in the hands and beholden to the whims of a political politician who may not be well versed in cyber security or computer technology better practices. What is to stop him or her from using the data contained to punish opposition voters or to purge everyone he or she doesn't like from the list. Secondly, the servers of the White House are generally not as secure as those of the NSA, FBI or CIA. These agencies are more in the forefront of cyber security and technology, and are motivated by security concerns while generally being apolitical. Thirdly, putting all this information in once place creates a one stop shop for would be Black Hat hackers. The way the system is set up presently, each state (and territory) is in control of it's own separate database with it's own security and encryption. If a hacker wanted all of America's voting data, they have to hack into 57 separate systems, each with separate forms of security, encryption, and a separate set of eyeballs watching it's integrity. Inherently this means there are more chances of getting caught. It's much easier to hack all of this data when you only have attack one system. Consequently, I feel the need to speak out against this particular plan because it is poor security architecture.
    I am not an expert on voting machines or security therein, nor do I have a solution on how to secure the data of voter rolls while weighing the considerations some may have of the legitimacy of the voters enrolled, but I do intend to get a conversation started on it so we can as a society come up with a plan to protect our democracy while still enabling it to thrive.

 
   Now, keeping with the theme of security and integrity, my tech tip of the day is about better practices with keeping your personal computer secure. If you use a Windows or Mac machine, Microsoft and Apple will periodically send updates to your machine. Make sure that your machine is set to automatically run updates. Most of them are fixes to address discovered flaws or new innovations created by hackers.
   Ensure that you have antimalware AND antivirus installed on your machine, and make sure that their parameters are regularly updated. If you are cheap like me, Sophos is a good free anti-virus program. It is created and maintained by the Massachusetts Institute of Technology, so it's got a pretty good reputation.
     Make sure you are regularly using strong passwords. My rule of thumb on passwords is at least 8 characters, minimum of one upper case letter, one lower case letter, one numeric character and one special punctuation character. Also, make sure you update it regularly. I update my passwords every 30 days, but the industry standard is generally 90 days.
    Make sure that your machine is only accessed by those who you let access it. This means you have it password protected, and that when you are not using your machine, or not attending to it, you have it locked so nobody else can access it. I addressed how to lock your machine in my first post.
    Make sure that you are not unwittingly inviting a worm or virus onto your machine. Do not go to websites that are suspicious. Also, do not open emails, especially attachments or links in emails, that are suspicious. I addressed how to identify a spam email of this caliber in my second post.
    Lastly, make sure you back your machine up regularly. If you do fall victim to an infection or hack, the best way to secure it is to revert to a backup from before you were hacked, and then put better security measures into place.

    Well French Fries, I hope you all have an amazing start to your week, and your machines are now tightly secure. Tune in tomorrow, where you will be enlightened with another amazing tech tip! Until then...

... the ketchup is in the sauce!

    

Comments

Post a Comment

Popular posts from this blog

Fridays, Football, Fast Computers, French Fries and More!

Image
Hello French Fries!     It's Friday, which means I'm full of anticipation for the weekend, where I'll probably be completely unproductive, ignore my to do list, and sleep until Monday when I'll wake up and say 'What happened to my weekend?!?!' Does anyone else get as excited for the weekend as I do? I am one of those people who mentally turns off at or before noon on Fridays, and sneaks out of work a tad earlier then I probably should in order to get a jump start (It helps that my office encourages us to leave early on Fridays). The downside of this Friday is it's really too cold to do much outside, but not cold enough to hit the ski slopes up I-70, and I have a long list of things to do which I will probably not do... Regardless, I promised you french fries a daily blog post, so at least this will be accomplished because, dedication!      And now, for your reading pleasure, it's my rant of the day. Seeing as it's Friday, and I haven
Read more

Hello World (I want French Fries)

Image
Heeelllloooo Wooorrlldd!   The Sesame Bun:   This is the first great and amazing post on my new blog. Since this is my first blogpost, I will cut straight to the cheese and outline my mission. My (obviously not real) name is Ham Burger. I am a Web Developer and Cyber Security Administrator working for a Denver based marketing organization, and I aim to use my platform here to address my views of the world through my professional technological lens, with a comic twist to it. Now, to you, my readers, who I shall now lovingly dub my "French Fries", why oh why should you read my blog? Well, below is a well thought out, prepared, rationale (i.e. half-assed list I randomly decided upon over the last 10 minutes of my lunch) 1.) I will give you a technology tidbit, tip, or how to in each of my posts 2.) I'm hilarious 3.) I will provide a fresh and interesting perspective on the events or thoughts of the day 4.) Because you guys love me 5.) I'll come up
Read more