Embed Size (px)
Citation preview
The Human Element of CybersecurityChr i s Wlasch in
Vice President, Systems Security
Election Systems & Software Better Elections, Every day
The Threat
Election Systems & Software Better Elections, Every day
Agenda• Basic cyber-hygiene
• At home and at work
• Passwords
• Phishing
• Social engineering
• Resources
• Q&A
Simple Social Engineering Trick
Video
Election Systems & Software Better Elections, Every day
Basic Cyber-HygieneS imp le T ips & Tr i cks
Election Systems & Software Better Elections, Every day
Basic Cyber-HygieneS imp le T ips & Tr i cks
Election Systems & Software Better Elections, Every day
Basic Cyber-HygieneS imp le T ips & Tr i cks
Election Systems & Software Better Elections, Every day
At Home and at Work
Election Systems & Software Better Elections, Every day
Passwords
Election Systems & Software Better Elections, Every day
Passwords
123456
Election Systems & Software Better Elections, Every day
Passwords
123456
I can’t be bothered to take even the most basic step to protect my personal information. Seriously, just go ahead and take it.
Election Systems & Software Better Elections, Every day
Passwords
password
Election Systems & Software Better Elections, Every day
Passwords
password
I failed to understand the question.
Election Systems & Software Better Elections, Every day
Passwords
12345678
Election Systems & Software Better Elections, Every day
Passwords
12345678
I tried “123456,” but the computer said I had to use at least eight characters.
Election Systems & Software Better Elections, Every day
Passwords
Cal!m3I$Ma3l
Call me Ishmael
Election Systems & Software Better Elections, Every day
Passwords
Pass phrases, 4 words together
Hu$krT3am!sGr8
$he!0vesMeN0t
I$thi$GuyD0n3?
Election Systems & Software Better Elections, Every day
Passwords
Password Organizer Video
PhishingPhishing is a social engineering technique
where cyber attackers attempt to fool you
into taking an action in response to an
email.
Social EngineeringThe art of manipulating, influencing or
deceiving you to get you to take some
action that isn’t in your own best interest or
in the best interest of your organization.
Spear PhishingSpear phishing describes a type of phishing
attack that targets specific victims, so instead of
sending out an email to millions of email
addresses, cyber attackers send out a very small
number of crafted emails to very specific
individuals, usually all at the same organization.
SQL InjectionA way for attackers to read and/or
alter the contents of a user’s
database by manipulating forms that
are publicly available or exposed.
Denial of
Service Attacks
Prevent legitimate users from accessing
information (e.g. databases, websites) or
services by disrupting access.
Man in the Middle
(MTM) Attacks When attackers insert themselves
between two or more parties and
gain access to any information in
transit between those parties.
Election Systems & Software Better Elections, Every day
Social Engineering
Social Engineering Video
Levels of Security
Physical ControlsRestricted access to equipment, locks and seals
System HardeningLimiting potential attack surfaces by locking systems down
User AuthenticationPassword protection and least privilege access
EncryptionUsing secret keys to prevent data access / manipulation
Data Integrity ValidationDigital signature and hash checks to ensure data integrity
Audit Logs & TrailsSystem logs, chain of custody documents and audits of
results
Levels of Security
$4 BILL IONS
$9 BILL IONS
$900,000
$6 BILL IONS
Physical Controls
System Hardening
User Authentication
EncryptionData Integrity Validation
Audit
Logs
ES&S Voting System
Security Overview
Hash Validations
Digital Signatures
Encryption Keys
Certified USB Media
User Access Control
EQC
Poll
Media
Unofficial Results
Results Media
Unofficial (Election Night)
Results
Secure
Connection
Firewall
DMZ
Electionware (EMS)
Election Systems & Software Better Elections, Every day
Resources
https://www.stopthinkconnect.org/
Center for Internet Security
Election Systems & Software Better Elections, Every day
Q&AMake a Password
