The Whitehouse Releases 60 Day Cyber Security Review


Early after President Obama was nominated I wrote an open letter to President Obama for actions that I believed the administration would need to take in the first 90-days “Open Letter to Barack Obama: Securing Critical Infrastructure – The First 90 Days” These included a policy review and some suggestions on methods the administration would need to implement to secure our digital infrastructure. President Obama appointed Melissa Hathaway to lead the review, which has now been completed. Continue reading

Hacktivism: Offensive Computing and the Rise of the Political Hacker

As I am sure most have heard Sarah Palin’s yahoo account was recently hacked and the contents posted online.¬† There has been a lot of debate about the legality of such action (by both the hacker misguided youth – who couldn’t care less, although his father is probably pissed (here) – and by Palin for using a private email account for government business) neither are terribly interesting in the context of cyber security and from a political perspective it isn’t like Obama is immune to email hacking either (here). But again the mainstream media is missing the most important point – aside from the raucous cries of partisanship, which reverberate through every election, the reality is that malicious hackers may have a material impact on a US presidential election if not in 2008 then certainly within my lifetime.

The current state of cyber security is abysmal, the lack of confidence in the US political process has been strained and this election has played the social *ism cards, such as terrorism, racism, sexism, ageism, and lipstick on a pigism, more than any other in recent history. You know it is getting ugly when a Republican political strategist like Karl Rove states that the Republicans have “gone too far” (here), this is like Ted Bundy telling Joseph Francis, the creator of “Girls Gone Wild”, that he mistreats women.

The conditions are ripe for digital election manipulation in multiple forms, this is not to say that voter manipulation is new, nor is hactivism (here), what is new is the impact it may have on a US presidential election. So what has changed and why now?

1. Information integrity: First and foremost there has been a sea change in how information is shared, manipulated, and redirected. Traditional media is now facing extinction against a flood of new media outlets, from blogs to social media to social networking, information flow is fast and pervasive. The problem with an information rich environment is the quality of the information is dramatically reduced. In the frenzy to quickly post a story fact-checking may be haphazard, if done at all, and something may propagate from rumor on a blog to discussion on chat rooms to the front page of a global media’s online edition in a matter of hours. Imagine this “information” sharing during the critical moments of a campaign – it would have a material impact on when, how, and even if some citizens vote.

2. Counterfeit reality: Photoshop and similar technologies have dramatically expanded the ability for people to manipulate images, in many cases to the point that it becomes nearly impossible, without sophisticated methods, to determine the validity of such images. Just like in years past there has been no shortage of political Photoshop, for the most part these have been more for humorous purposes, but it wouldn’t be difficult to imagine counterfeit reality being used to demean a candidate, misrepresent a situation, or create an international incident (here)

3. Vote manipulation: The most significant  impact hackers may have on a political election is manipulation of the actual votes themselves. There have been many stories of security problems related to electronic voting machines and at the end of 2007 California Secretary of State, Debra Bowen, withdrew approval for multiple electronic voting machines citing significant security concerns (here). Although some may argue that the impact would be isolated since the theory is that these voting systems would only be deployed in an air-gap network, the reality is that electronic media is generally transferred, correlated and eventually archived and throughout this process additional attack vectors become available.

None of this is new; propaganda, voter fraud, data modification, counterfeit reality, and all manner of manipulation have been used for centuries, what has changed is that the electronic medium introduces levels of speed, pervasiveness and quality of fraudulent material that is very difficult to replicate in traditional mediums. I have no doubt that we will see a significant electronic “incident” occur during either this or an upcoming presidential election.

<update 9/19/2008: Although not terribly relevant, apparently Bill “Papa Bear” O’Reilly, the Fox News savior of the downtrodden and misaligned conservative right and Stephen Colbert inspiration, has been hacked for making disparaging comments about Palin being hacked (here) – ha!>

I Support Barack Obama for President

<political commentary below – if you are not interested stop reading>

I generally try to avoid discussing politics, religion or operating system preference, as these issues tend to drive highly charged emotions. For the most part this is a security industry blog, but it is also a representation of my thoughts and feelings, and after thinking through the options I feel like supporting Barack Obama for President (here)

Prior to the 2004 Democratic Convention I wasn’t familiar with Senator Obama, but I was captivated as he gave the Keynote. I remember turning to some friends and saying “that guy is going to be President one day”, honestly I barely remember who the Democrat’s were endorsing, but I will never forget Senator Obama’s speech.

Sitting on the sidelines and lamenting the loss of our freedoms, the loss of four-thousand dedicated men and women of the US military, watching the collapse of the housing industry, record oil prices, and a looming economic disaster is no longer an option. As citizens of the United States we have the ultimate  resposibility to do everything in our power to ensure the freedoms our founding fathers fought for, and every generation since has bled for, remain ours to pass on to our children.

This freedom starts with a voice, yours and mine. A single voice, a single vote combined with others to create the winds of change – regardless of your political beliefs, whether they be republican, democratic or somewhere in between, just remember that it is not only your right to vote, it is your responsibility.