“Much of the conversation about election cybersecurity has imagined attackers in distant lands reaching our election infrastructure through the internet. But some of the most effective cyberattacks of recent years have involved insiders. To mitigate these risks, vendors should demonstrate during certification that they have sound personnel policies and practices in place,” the Brennan Center for Justice says in its report on oversight of election vendors
“Vulnerability to attacks by insiders is a threat separate and apart from a hack over the internet, demanding entirely different controls and defensive measures. Without adequate personnel screening and other safeguards, vendors that provide critical election services could be exposed to malfeasance from within. The FBI’s thorough background checks for Justice Department attorneys and other law enforcement personnel provide a good model for aggressively vetting personnel. In the event election vendors require access to formally classified information, examples abound in the defense, nuclear, and other sectors of how to handle security clearances,” the report says. (Emphasis added)
The threat is so overlooked that the Brennan report highlighted the concern in red.
Source:
1.Our-work/policy-solutions/framework-election
1. The Brennan Center gives a careful and unequivocal warning about insider threats to election voting systems in the United States, in the context that includes foreign vendors. What has been done in the past 5 years to safeguard against insider threats?
Comments are closed.