Ohio is taking the right approach to information security by using the National Guard’s cyber unit to protect the state’s election system from attacks. As this election season has proven with hacks targeting the Democratic National Committee and Democratic presidential nominee Hillary Clinton, cyber security touches nearly all facets of our lives, including how people select their leaders.
The new battlefield is online
With cyberwarfare being the new battlefield, as Ohio Secretary of State John Husted noted in an interview with CNN, using the military to safeguard elections makes complete sense. After all, the armed forces’ mission is to protect the U.S. from attacks and launch offensive operations. That mission now includes defending frontlines that are on the Internet.
I’m also encouraged by the news that, according to CNN, 46 states have asked the Department of Homeland Security to help them protect their election systems from cyber attacks. State governments (and private business, for that matter) with limited budgets and security resources can’t be expected to defend themselves against an attack launched by a nation-state or well-financed criminal gang that’s intent on hacking an election. Eventually, the bad guys will succeed. The federal government must play some role in helping state governments fend off sophisticated adversaries.
With threat hunting, Ohio takes a mature approach to infosec
What’s even more encouraging is that the National Guard cyber unit is going to review the state’s election system for signs of malicious activity. In other words, the National Guard is threat hunting. Searching an environment for adversaries who may have already compromised the network is a very mature approach to information security. Asking questions like what would the adversary do to remain undetected in a network, maintain persistence or move laterally to other machines is a much more effective way to discover threats.
Unlike methods that use indicators of compromise, which an attacker can easily change, to discover a security incident, the approach the National Guard is taking relies on behavioral analysis to unearth the bad guys’ tactics, techniques and procedures, which are very difficult to modify. Behavioral-based detection turns an adversary’s most important assets into weak spots that can expose an entire hacking operation if they are discovered.
Don’t forget about behavioral detection
My only suggestion to Ohio and other states that are taking a proactive approach to securing their election systems is to not be overly reliant on penetration testing to detect attacks. While scanning networks for known vulnerabilities that can be easily fixed by applying patches is important, penetration testing focuses on ensuring that system can face known threats.
But this method doesn’t detect many of the other techniques hackers use to exploit networks. Some of the tactics penetration testing misses include phishing emails with malicious links, attacks that use stolen credentials and fileless malware attacks. Additionally, penetration testing can’t defend against the unknown, never-before-seen techniques that attackers are constantly developing to evade detection. This is where a detection strategy based on behavioral analysis is much more effective since this approach looks for the attacker’s tactics, techniques and procedures.
Overall, though, seeing Ohio’s leaders not only talk about the importance of information security to next week’s election but actually take steps to protect people’s votes is impressive and deserves praise.