Inside Microsoft's effort to secure the vote - Politico

clicks | 6 months ago | Google AI sentiment 0.50 | comments: discuss | tags: cryptocurrency

Article preview (bot search)

(Original link:

With help from Eric Geller and Martin Matishak Editor's
Quick Fix Story Continued Below
— In the first part of a two-part interview, the senior director of Microsoft’s Defending Democracy Program talked about the company’s work with political campaigns and organizations.
— The DHS vulnerability disclosure policy directive and Commerce Department supply chain rule got some fresh reaction over the holiday break.
— Get used to “smishing” in 2020. Experian forecasts it will be one of the top five threats next year.
HAPPY MONDAY and welcome to Morning Cybersecurity! Just in case you haven’t gotten enough of the cybertruck yet .
Election Security I’LL BE THERE FOR YOU — Microsoft’s multifaceted election security program has trained more than 1,300 campaign staffers and consultants worldwide since launching a year and a half ago, and its leader says the tech giant wants to be a long-term ally in the fight against hackers. Campaigns “need a trusted partner that can help them throughout their life cycle,” Jan Neutze, the senior director of Microsoft’s Defending Democracy Program , told Eric in an interview. “That’s really what we’re trying to do.”
Neutze, whose team’s AccountGuard service currently monitors more than 65,000 political accounts in 26 countries, talked about the company’s pitch to candidates and party committees, the threat landscape facing democracies, how Microsoft decides when to disclose election cyberattacks and how the company has changed its program in response to user feedback. Part one of the interview is available now for Pros and part two will run Tuesday morning.
A TALE OF TWO FEDERAL CYBER PROPOSALS — A DHS Cybersecurity and Infrastructure Security Agency draft binding operational directive that would require agencies to establish vulnerability disclosures got some good reviews after its release last week. “This is a banner day for federal agency cybersecurity,” Rhode Island Democratic Rep. Jim Langevin , co-chairman of the Congressional Cybersecurity Caucus and a member of the Cyberspace Solarium Commission, said Wednesday. “CISA’s decision to require every agency to have a vulnerability disclosure policy is a major step forward in both increasing security and extending an open hand to a community that is on the front lines of securing our nation in cyberspace.”
Vulnerability disclosure pioneer Katie Moussouris and Luta Security CEO Katie Moussouris praised several aspects of the CISA draft, while Rep. Dutch Ruppersberger (D-Md.) tweeted, “ We will have a more secure and responsive fed govt because of this .” The public has until Dec. 27 to offer feedback, and Langevin pledged congressional scrutiny of how it’s implemented.
There may be more work ahead for feds on supply chain proposals, however . The Commerce Department published its regulation for identifying and countering national security risks in information and communications technology transactions on Wednesday, and while some industry groups have welcomed it , a former FCC security chief graded it poorly . And the Trump administration is reportedly pondering methods of expanding its power to tighten its restrictions on Huawei. One of them is, clearly, public pressure: Secretary of State Mike Pompeo has an op-ed out today via our POLITICO Europe colleagues, cautioning against using Huawei.
SMISH MOUTH — Text-based phishing, theft of consumer data via drone, deepfake videos used for disruption, hacktivism against emerging industries and identity theft at large venues targeting mobile payment systems will be the top 2020 data breach trends , Experian predicts in a report out today. Hackers will use “smishing” — a portmanteau of “SMS” and “phishing” — to solicit fake donations to presidential campaigns as more and more people use text messages to communicate, the company warned.
And hackers will use drones to steal information from free public Wi-Fi systems, as well as go after hot industries like cannabis and cryptocurrencies. They’ll also use deepfakes to cause havoc in politics and financial markets. Lastly, Experian predicts, hackers will take advantage of less secure mobile payment options, often at events like concerts or sporting events.
ONCE MORE INTO THE SUPPLY CHAIN, AND DRONES — A Justice Department update of its drone policy mandates an emphasis on evaluating supply chain and cybersecurity risks when DOJ components purchase unmanned aerial systems. Additionally, the update released Wednesday requires the department to make sure grant recipients purchasing drones have cybersecurity and privacy safeguards in place. And the updated policy requires annual privacy reviews and places limits on sensitive data retention, with some conditions allowing DOJ to hold onto data longer than 180 days.
TAKE THAT, ‘IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS…’ — A DHS-managed list of the 25 most common software errors got its first update in eight years last week. The new No. 1 on the “Common Weakness Enumeration”? Why it’...