Cynthia Brumfield / Metacurity  
Friday Report: Election Security Summer Theater is All the Rage

By Cynthia Brumfield,

Welcome to Metacurity’s Friday Report, where we aim to deliver the week’s biggest infosec takeaways from the never-ending flow of cybersecurity-related news.

Without a doubt, this week’s top takeaway is that a whole lot of election security theater went down in DC over the past seven days, along with a major roadshow performance in New York City thrown in for good measure. The performances really began last Friday when Donald Trump met with members of the National Security Council about threats to U.S. elections, reportedly spending less than an hour discussing the topic as Democrats demanded a plan of action.

This meeting was Trump’s first formal effort to grapple with the problems of Russian election hacking, a move that may be too late. U.S. intel officials have concluded that Russia is shifting its main focus away from interfering with the efforts of major American political figures or breaching state voter registration systems and toward disrupting the American electric utility grid.

Still, the fears of a Russian repeat of the 2016 election debacle are still very real given that Democratic Senator Jeanne Shaheen of Vermont said that her office had been a target of a phishing attempt. She says she has heard that such attempts have been widespread against both the Democratic and Republican parties.

The performances hit a high note though when the Department of Homeland Security held a quickly planned, star-studded cybersecurity summit in New York City in order to make sure the world knows that despite the country’s growing reputation for turning a blind eye to security threats, the U.S. government is on the ball. The biggest piece of news flowing from the summit is the announcement that DHS will create yet another working group, among the already-existing dozens of such groups in DC, aimed at tackling critical infrastructure security threats.

To add another layer of credibility to the big summit show, Mike Pence, along with most other officials at the event, clearly said (as his boss repeatedly fails to do) that Russia is responsible for the hacking and disinformation campaigns that undercut the credibility of the 2016 election. Pence’s remarks to the private sector grandees and journalists in attendance might have carried more weight if he hadn’t also blamed President Obama for the Russian interference effort.

On top of that misstep, Pence spoke too soon. On the same day that Administration officials gathered in New York to broadcast their cybersecurity concerns, Facebook dropped a bombshell saying it had uncovered a coordinated political influence campaign aimed at the 2018 midterm elections which bore some similarities to the kind of massive disinformation effort mounted by Russia’s Internet Research Agency (IRA) during the 2016 presidential election.

Wrapping up the week’s performances was the surprise appearance of five top national security officials at the start of an increasingly rare White House press briefing. The assembled officials fought hard to authentically portray the administration as taking action against Russian efforts to interfere in the midterm elections.

The message of the heavyweights’ briefing would have carried greater weight if Senate Republicans hadn’t the day before shot down an amendment that would have given states an additional $250 million to shore up their election defenses. (And, of course, Donald Trump completely shredded the “we are serious about election security” message that night when he once again claimed that Russian hacking and interference during the 2016 election is a “hoax.”)

Some midterm election candidates might take solace in a private sector stealth effort by Microsoft to help them gain better cybersecurity protection. The Redmond giant has a program called AccountGuard which is available to participating US campaigns, political committees, campaign tech vendors, and their staff, who are likely to be at a higher risk in the lead up to elections.

A lot more happened this week in cybersecurity, so check out our home page and take a look back at each day of the week using our search tool at the top of the page. While you’re at it, gain access to each day’s top news developments by signing up for our email newsletter, which we mail to a growing list of your colleagues every night.

That’s it for the week. In honor of next week’s big hacking conference, DEF CON, we leave you with this educational tweet about, well, DEFCON:

Stay safe and stay sane out there!