Podcasts about cyber security project

We catch up with Christos Makridis to talk about music, blockchain, Nashville, and how he sees Living Opera as a positive way to help artists and musicians in particular. Bio: Christos A. Makridis is a research affiliate at Columbia Business School, Stanford University and the University of Nicosia. He is COO of Living Opera, and CEO/founder of Dainamic, a startup that aims to democratize access to AI for mid and small sized banks. Christos serves as a Research Professor at the W. P. Carey School of Business and Research Affiliate at the Global Security Initiative (both in Arizona State University), an Adjunct Associate Research Scholar at the Chazen Institute in Columbia Business School, a Digital Fellow at the Digital Economy Lab in Stanford University, a Non-resident Fellow at the Institute for Religious Studies at Baylor University, an Adjunct Scholar at the Manhattan Institute, a Senior Adviser at Gallup, a policy adviser, and an entrepreneur. He is the CEO/co-founder of Dainamic, a technology startup working to democratize the use and application of data science and AI techniques for small and mid sized organizations, and CTO/co-founder of Living Opera, a web3 startup working to bridge classical music and blockchain technologies. Christos previously served on the White House Council of Economic Advisers managing the cybersecurity, technology, and space activities, as a Non-resident Fellow at the Cyber Security Project in the Harvard Kennedy School of Government, as a Digital Fellow at the Initiative at the Digital Economy in the MIT Sloan School of Management, a a Non-resident Research Scientist at Datacamp, and as a Visiting Fellow at the Foundation for Defense of Democracies. Christos' primary academic research focuses on labor economics, the digital economy, and personal finance and well-being. He also writes frequently for syndicated outlets in the press and serves on the Council of Advisers for the National Center on Sexual Exploitation. Christos earned a Bachelor's in Economics and Minor in Mathematics at Arizona State University, as well a dual Masters and PhDs in Economics and Management Science & Engineering at Stanford University. About Living Opera Founded by two opera singers and an economist, Living Opera is a multimedia art-technology company that unites the classical music and blockchain communities to produce transformative content. Living Opera takes a holistic approach to life, work, and education: “living” means “full of life and vigor,” and “opera” means (in Latin) “labor, effort, attention, or work.” Living Opera NFT collections, such as Magic Mozart, are designed to bring the art and tech worlds together by expanding the audience of people who traditionally engage with classical music and fine art.

Why don't we have a Federal Privacy law and how can we just knock it out?Lauren Zabierek and Tatyana Bolton have a plan and are pushing for THIS to be the year the US takes the Data Privacy leap!_______________________GuestsLauren ZabierekDirector, Cyber Security Project at Harvard's Belfer Center [@BelferCenter | @belfercyber] (Policy Research) [@Harvard | @Kennedy_School] and co-founder of #ShareTheMicInCyber [@ShareInCyber]On LinkedIn | https://www.linkedin.com/in/laurenz1010/On Twitter | https://twitter.com/lzxdcTatyana BoltonPolicy Director at R Street Institute [@RSI]On LinkedIn | https://www.linkedin.com/in/tatyana-b-58358021/On Twitter | https://twitter.com/TechnoTats______________________HostKeenan SkellyOn ITSPmagazine  

Our guest this week is Lauren Zabierek, Director of the Cyber Security Project at Harvard's Belfer Center. She's co-author of a recently published report on the Belfer Center's Russia Matters website titled, “US-Russian Contention in Cyberspace: Are Rules of the Road Necessary or Possible?” It's a compelling look into the state of Russo-American relations in cyberspace, why progress in this area is challenging, and what steps might be taken to help both nations work toward improved understanding and, someday, cooperation.

Our guest this week is Lauren Zabierek, Director of the Cyber Security Project at Harvard's Belfer Center. She's co-author of a recently published report on the Belfer Center's Russia Matters website titled, “US-Russian Contention in Cyberspace: Are Rules of the Road Necessary or Possible?” It's a compelling look into the state of Russo-American relations in cyberspace, why progress in this area is challenging, and what steps might be taken to help both nations work toward improved understanding and, someday, cooperation.

Join us as we interview Maura, a cybersecurity project manager in the pharmaceutical industry. Maura discovered at a young age how important relating to people was and has been harnessing her relationship-building skills throughout her career. She studied psychology and organizational behavior and used that knowledge to transition into project management. Maura discusses the importance of building a strong network of advocates in one's career.

Australia and India will work together on several projects to enhance cyber security capabilities in the Indo-Pacific region. Sydney Malayalee Jacob Malana plays a key role in one of the projects. Listen to Jacob Malana about the project. - ഇൻഡോ പസിഫിക് മേഖലയിലെ സൈബർ സുരക്ഷ ശക്തമാക്കുന്നതിന് ഓസ് ട്രേലിയയും ഇന്ത്യയും സംയുക്തമായി നിരവധി പദ്ധതികളാണ് നടപ്പാക്കാൻ ഉദ്ദേശിക്കുന്നത്. അടുത്തിടെ ഇതുമായി ബന്ധപ്പെട്ട് ഓസ്‌ട്രേലിയൻ സർക്കാർ പല ഗ്രാന്റുകളും പ്രഖ്യാപിച്ചിരുന്നു. ഇതിൽ ഒരു ഗ്രാന്റ് ലഭിച്ചിരിക്കുന്നത് സിഡ്‌നി മലയാളിയായ ജേക്കബ് മലാന പ്രധാന പങ്കു വഹിക്കുന്ന പദ്ധതിക്കാണ്. ഇതേക്കുറിച്ച് കേൾക്കാം മുകളിലെ പ്ലെയറിൽ നിന്ന്.

For our first episode we sit down with co-leads for the SGAC space & cyber security project group to learn about developments in space law, cyber security, and the future of the international space industry.

Today's show focuses on answering the question: Assuming that Cybersecurity IS National Security: How do we get our house in order? We have a great lineup including:Sam Visner is the Director, National Cybersecurity Federally Funded Research and Development Center at MITRE and a Board Member at the Space ISAC. He's also a Professor at Georgetown University and he worked at the NSA as well!Lauren Zabierek is the Executive Director of the Cyber Security Project at Harvard University's Belfer Center. She is a Recorded Future Alum. National Geospacial Intelligence Alum. United States Air Force Veteran and a Former DoD civilian intelligence analyst with multiple deployments.Retired Brigadier General Greg Touhill was the first Federal Chief Information Security Officer of the United States government. Now President of AppGate Federal, he serves as a faculty member at Carnegie Mellon University's Heinz College and on the ISACA board of directors. General Touhill also serves on the Federal Advisory Boards of Splunk and Intel corporations. We'll learn about the central role that cybersecurity plays across the social, economic and political aspects of life in a highly-connected digital universe.What are the strengths and weaknesses of our current defense postures across the DHS Critical Infrastructure sectors.What are the best practices to understand the motivations and techniques that hackers including criminal gangs, nation states and lone wolfs.We'll learn first-hand about the challenges of becoming the FIRST federal government CISO?All that and MORE on today's show!Here is the contact information for our guests:Sam Visnersvisner@mitre.orghttps://www.mitre.org/centers/national-cybersecurity-ffrdc/who-we-arehttps://www.georgetownjournalofinternationalaffairs.org/online-edition/spotlight-on-cyber-vi-the-cybersecurity-storm-front-forces-shaping-the-cybersecurity-landscape-a-framework-for-analysishttps://www.mitre.org/sites/default/files/publications/pr-19-3594-recommended-security-controls-for-voter-registration-systems.pdfhttps://collaborate.nist.gov/voting/pub/Voting/VVSG20DraftRequirements/vvsg-2.0-2019-10-29-DRAFT-requirements.pdfhttps://squint.mitre.org/  Lauren Zabierekhttps://www.belfercenter.org/person/lauren-zabierekGreg Touhillwww.appgate.comgary@cyberheroescomics.com

Cybersecurity expert Bruce Schneier (@schneierblog), author of the “Schneier on Security” blog and a Research Fellow with the Belfer Center’s Cyber Security Project, sits down with with Aroop Mukharji (@aroopmukharji) to talk about cybersecurity and tech, his book "Click Here to Kill Everybody," and the hacker mentality. Subscribe to the podcast: http://hvrd.me/K2K330e5mfD More about Bruce Schneier: https://www.belfercenter.org/person/bruce-schneier Belfer Center website: http://www.belfercenter.org

Since the 2016 election, our country has been questioning whether our elections are secure, fair, and accurate. In this episode, we examine the threats to our election administration, both real and overblown. Please Support Congressional Dish - Quick Links Click here to contribute a lump sum or set up a monthly contribution via PayPal Click here to support Congressional Dish for each episode via Patreon Send Zelle payments to: Donation@congressionaldish.com Send Venmo payments to: @Jennifer-Briney Use your bank’s online bill pay function to mail contributions to: 5753 Hwy 85 North Number 4576 Crestview, FL 32536 Please make checks payable to Congressional Dish Thank you for supporting truly independent media! Recommended Congressional Dish Episodes CD175: State of War CD172: The Illegal Bombing of Syria CD167: Combating Russia (NDAA 2018) LIVE CD108: Regime Change CD041: Why Attack Syria? Additional Reading Report: Dramatic increase in voters purged from voter rolls between 2014 and 2016 by Adia Robinson, ABC News, July 24, 2018. Article: Mueller's latest indictment suggests Russia's infiltration of U.S. election systems could get worse by Lawrence Norden, Slate, July 26, 2018. Article: State election officials didn't know about Russian hacking threat until the read it in the news, emails show by Sam Biddle, The Intercept, June 20, 2018. Article: Supreme court upholds Ohio's purge of voting rolls by Adam Liptak, The New York Times, June 11, 2018. Article: What we know and don't know about election hacking by Clare Malone, FiveThirtyEight, April 10, 2018. Report: America's voting machines at risk - An update by Lawrence Norden and Wilfred U. Codrington III, Brennan Center for Justice, March 8, 2018. Article: The dark roots of AIPAC: America's Pro-Israel Lobby by Doug Rossinow, The Washington Post, March 6, 2018. Article: Wyden presses leading US voting machine manufacturer on potential hacking vulnerabilities by Olivia Beavers, The Hill, March 6, 2018. Article: They myth of the hacker-proof voting machine by Kim Zetter, The New York Times, February 21, 2018. Article: No instant profits in US electronic voting machines, Financial Times, 2018. Article: Virginia is replacing some of its electronic voting machines over security concerns by Andrew Liptak, The Verge, September 10, 2017. Report: It took DEF CON hackers minutes to pwn these US voting machines by Iain Thomson, The Register, July 29, 2017. Article: Russian hackers broke into elections company used in Miami-Dade, Broward by Tim Elfrink, Miami New Times, June 6, 2017. Report: Exclusive: Trump says Clinton policy on Syria would lead to world war three by Steve Holland, Reuters, October 25, 2016. Article: The best Congress AIPAC can buy by L. Michael Hager, Foreign Policy Journal, March 22, 2016. Article: AIPAC-linked group launches $5 million ad campaign against nuke deal by Adam Kredo, The Washington Free Beacon, July 17, 2015. Article: The non-pliticians who profit from Election Day by Megan McCarthy, Fortune, November 4, 2014. Report: Diebold indicted: Its spectre still haunts Ohio election by Bob Fitrakis, Columbus Free Press, October 31, 2013. Article: The mysterious case of Ohio's voting machines by Kim Zetter, Wired, March 26, 2008. Letter: Elections: Federal efforts to improve security and reliability of electronic voting systems are under way, but key activities need to be completed, GAO, September 2005. Article: Ohio's odd numbers by Christopher Hitchens, Vanity Fair, March 2005. Article: Diebold's political machine by Bob Fitrakis and Harvey Wasserman, Mother Jones, March 5, 2004. Resources Brennan Center for Justice: The Help America Vote Act Congress.gov: S.2261 - Secure Elections Act GovTrack: H.R. 3295 (107th): Help America Vote Act of 2002 Internet Research Agency Indictment: Mueller John Husted, Secretary of State of Ohio Report: President/Vice President Voting Report: November 2, 2004 Justice.gov: New Indictment of Mueller Source Watch: Ashcroft Group Info Sound Clip Sources Hearing: Election Security Preparedness, Senate Rules and Administration Committee, C-SPAN, June 20, 2018. Witnesses: Matthew Masterson - National Protection and Programs Directorate at the Department of Homeland Security Jim Condos - Vermont Secretary of State Jay Ashcroft - Missouri Secretary of State Steve Simon - Minnesota Secretary of State Connie Lawson - Indiana Secretary of State Shane Schoeller - Clerk for Greene County, Missouri Noah Praetz - Director of Elections for Cook County, Illinois 2:40 Senator Roy Blunt (MO): January of 2017, the Department of Homeland Security designated our country’s election infrastructure to be critical infrastructure. This designation began the formalization of information sharing and collaboration among state, local, and federal governments through the creation of a Government Coordinating Council, some of our witness this day are already sitting on that newly formed council. More recently, in the 2018 omnibus, Congress appropriated right at $380 million to the U.S. Election Assistance Commission to help states enhance their election infrastructure. As of this week, 38 states have requested $250 million of that money, and about 150 million of it has already been disbursed to the states. 6:45 Senator Amy Klobuchar (MN): So, we have a bill, Senator Lankford and I along with Senator Harris and Graham and Warner and Burr, Heinrich, and Collins. It’s a bipartisan bill called the Secure Elections Act, and we have been working to make changes to it along the way and introduce it as amendment, but it really does four things. First of all, improves information sharing between local election officials, cyber-security experts, and national-security personnel. Second, providing for development and maintenance of cyber-security best practices. We all know, I think there’s five states that don’t have backup paper ballots, and then there's something like nine more that have partial backup paper ballots. And while we’re not mandating what each state does, and we do not want each state to have the exact same election equipment—we think that would be a problem and could potentially lend itself to more break-ins—we think it’s really important that we have some floor and standards that we set that given what we know, I don’t think we’d be doing our democracy any good if we didn’t share that and we didn’t put in some floors. Third, the bill will promote better auditing our election’s use of paper backup systems, which I mentioned, and finally, it’s focused on providing election officials with much-needed resources. As you all know, we were able to get $380 million to be immediately distributed to the state, not play money, money that’s going out right now to states across the country, based on populations. We didn’t have some complicated grant process that would have slowed things down. The money went directly to state election officials as long as the state legislature authorizes it to get accepted and get to work to update their systems. 11:50 Jay Ashcroft: But before we move forward, we should briefly look back to the impetus of why we are all here today: allegations that outside actors threaten the integrity of our elections during the 2016 election cycle. While these are serious allegations, it is vitally important to understand that after two years of investigation, there is no credible—and I could strike “credible” and just put “evidence”—there is no evidence that these incidents caused a single vote or a single voter registration to be improperly altered during the 2016 election cycle. It was not our votes or our election systems that were hacked; it was the people’s perception of our elections. 30:50 Matthew Masterson: For those voters who have questions or concerns regarding the security or integrity of the process, I implore you to get involved. Become a poll worker; watch pre-election testing of the systems, or post-election audits; check your registration information before elections; engage with your state- and local-election officials; and most importantly, go vote. The best response to those who wish to undermine faith in our democracy is to participate and to vote. 1:08:00 Senator Roy Blunt (MO): Should the federal government make an audit trail, a paper audit trail, a requirement to have federal assistance? Jay Ashcroft: I don’t think so. Jim Condos: I do think so. Steve Simon: I think there is a federal interest in making sure that there's some audit process. Sen. Blunt: Well, now, what I’m asking about is, should there be a way to recreate the actual election itself? And I don’t know quite how to do that without paper, even if you had a machine that was not accessible to the web. Jay Ashcroft: I believe states are moving to do that, without federal legislation. So that’s why I don’t think that federal legislation needs to be done to that. 1:23:30 Shane Schoeller: I do want to address one area that concerns Secure Elections Act, that is on page 23, lines three, four, and five. It says, “Each election result is determined by tabulating marked ballots, hand or device.” I strongly recommend for post-election auditing purposes that a state-marked paper ballots, because I believe the opportunity for fraud in electronic ballot-casting system that does not have a paper trail’s too great. *1:32:00 Shane Schoeller: Even if you do a post audit with the machine, how would you know if something’s been compromised if you can’t at least compare the results of the paper ballot. And I think that’s the assurance it gives. Clearly, the machine, when you have an accurate election, does do a better job of counting the ballots. I’m talking about in the case where clearly fraud has occurred, then the paper ballot is going to be the evidence you need in terms of if your system inside that machine is compromised. 1:32:30 Senator Amy Klobuchar (MN): I think for a while people were talking about, well, why doesn’t everyone just vote from home, which is great when you can mail in a ballot, we know that, but vote from home just from your computer, and that would mean no paper records of anything. Could you comment about that? Noah Praetz: I think that’s 100% inappropriate for civil elections. Sen. Klobuchar: Got it. Shane Schoeller: I find it ironic because this is my first term, although I ran for this office in 2014, that was actually a common theme that I heard. Sen. Klobuchar: Right. I was hearing it, and I was—I kept thinking— Schoeller: Mm-hmm. Sen. Klobuchar: —about our state with, they’re not going to keep dwelling on it, with that high voter turnout. But, you know, that involved a paper ballot— voice off-mic: incredible integrity. Sen. Klobuchar: —and incredible integrity. But it involved people—they could vote by mail, and we’ve made that even easier, but they had actual paper ballots that they did, and then they were fed into this machine to count, with auditing. But you’re right. That’s what people were talking about. Why can’t you just do it from your home computer and have no backup, right? Schoeller: Right. And that was one of the things I actually had to disagree when that viewpoint was put forth, particularly in one city that I remember. And even after I became elected, I went to a conference of other elected officials, and there was a group of speakers, and they all were talking about this, and there was actually one speaker— Sen. Klobuchar: Like voting from Facebook. Schoeller: Correct. Sen. Klobuchar: Just kidding... Schoeller: But they actually disagreed, and I went up, and I think I was the only election official that day—this was prior to 2016—that didn’t think that it was a good idea. But I think we have evidence now from 2016 that clearly—that’s a convenience that we just can’t afford. 1:35:05 Noah Praetz: We’ve got a piece of paper that every voter looked at. Senator Amy Klobuchar: Mm-hmm. Praetz: So worst-case scenario, a Sony-type attack with full meltdown of all systems, we can recreate an election that’s trusted and true. Hearing: Election Security, Senate Judiciary Committee, C-SPAN, June 12, 2018. Witnesses: Adam Hickey - Deputy Assistant Attorney General for the National Security Division at the Department of Justice Matthew Masterson - National Protection and Programs Directorate at the Department of Homeland Security Kenneth Wainstein - Partner at Davis Polk & Wardwell, LLP Prof. Ryan Goodman - New York University School of Law Nina Jankowicz - Global Fellow at the Wilson Center 9:00 Senator Dianne Feinstein (CA): We know that Russia orchestrated a sustained and coordinated attack that interfered in our last presidential election. And we also know that there’s a serious threat of more attacks in our future elections, including this November. As the United States Intelligence Community unanimously concluded, the Russian government’s interference in our election—and I quote—“blended covert intelligence operations, such as cyber activity, with overt efforts by the Russian government agencies, state-funded media, third-party intermediaries, and paid social-media users or trolls.” Over the course of the past year and a half, we’ve come to better understand how pernicious these attacks were. Particularly unsettling is that we were so unaware. We were unaware that Russia was sowing division through mass propaganda, cyber warfare, and working with malicious actors to tip scales of the election. Thirteen Russian nationals and three organizations, including the Russian-backed Internet Research Agency, have now been indicted for their role in Russia’s vast conspiracy to defraud the United States. 39:40 Senator Mike Lee (UT): First, let’s talk a little bit about the integrity of our election infrastructure. We’ll start with you, Mr. Masterson. Were there any known breaches of our election infrastructure in the 2016 election? Matthew Masterson: Thank you, Senator. Yes, there was some publicly discussed known breaches of election infrastructure specifically involving voter-registration databases. Sen. Lee: Are there any confirmed instances of votes being changed from one candidate to another? Masterson: There are no confirmed instances of that. Sen. Lee: And were any individual voting machines hacked? Masterson: No, not that I know of. 42:55 ** Senator Mike Lee**: One approach to some of this, to the threat, the possibility of election infrastructure or voting machines being hacked from the outside is to go low-tech. Some states have gravitated toward that. For example, some states have started making moves back toward paper ballots so that they can’t be hacked. Is this something that’s helpful? Is it something that’s necessary that you think more states ought to consider? Matthew Masterson: Yeah. Senator, the auditability and having an auditable voting system, in this case, auditable paper records, is critical to the security of the systems. In those states that have moved in that direction have implemented means by which to audit the vote in order to give confidence to the public on the results of the election. In those states that have non-paper systems have indicated a desire—for instance, Pennsylvania—to more to auditable systems. And so at this point, resources are necessary to help them move that direction. Sen. Lee: By that, you mean either a paper-ballot system or a system that simultaneously creates a paper trail. Masterson: An auditable paper record. Correct, sir. 1:22:08 Senator Kamala Harris (CA): Will you talk a bit about what you have seen in terms of the risk assessments you’ve been doing around the country? I believe 14 states have been completed. Is that correct, 14? Matthew Masterson: I believe it’s 17 states have been completed— Sen. Harris: Right. Masterson: —thus far, as well as 10 localities. Sen. Harris: And what generally have you seen as being the vulnerabilities— Masterson: Sure. Sen. Harris: —in those assessments? Masterson: Thank you, Senator. Generally speaking, within the election’s infrastructure sector, we’re seeing the same typical vulnerabilities you’d see across IT systems, so managing software updates, outdated equipment or hardware, as well as general upgrades that need to take place as far as what configuration management within systems to limit the damage that could be done if something were to take place. And so— Sen. Harris: Resilience. Masterson: What’s that? Sen. Harris: Their resilience. Masterson: Yeah, their resilience. Sen. Harris: Mm-hmm. Masterson: Exactly. Thank you, Senator. And so this sector is no different in what we see in the work we’re doing with them. 2:15:00 Senator Sheldon Whitehouse (RI): But what I want to talk about in my time is the problem of shell corporations, because for all of the emphasis that the witnesses have put on policing and prosecuting foreign influence in our elections, you can neither police or prosecute what you cannot find. And at the moment, we have both a shell-corporation problem, which was emphasized by Mark Zuckerberg in his testimony when he said their political advertisement-authentication program would only go to the first shell corporation and not seek any information about who was actually behind it. I don’t think Putin is stupid enough to call it Boris and Natasha, LLC. It’s going to sound more like Americans for Puppies and Peace and Prosperity. But it’s a front group, and it’s got Putin or whomever else behind it, and until we can know that, we cannot enforce effectively, period, end of story. Similarly, when our election system has these colossal channels for dark money, anonymized funding, if you can’t find out what special interest is behind anonymous money, you can’t find out if there’s a foreign interest behind that money. Darkness is darkness is darkness, and it hides malign activity, both foreign and domestic. And I’d like to ask each of you to comment on that. We’re concerned about trolling. Obviously, that’s facilitated by shell corporations. You talked about general propaganda campaigns. Obviously, facilitated by shell corporations. Campaign finance laws, you’ve called out for a need for effective disclosure. You can’t have effective disclosure if the only thing you’re disclosing is a front corporation and you don’t know who’s really behind it. So, if I could ask each of you three on that, then that’ll be the end of my time. Kenneth Wainstein: Sure, I’ll go first, Senator Whitehouse. And thank you for kind words, and good to work with you again. Always is. Sen. Whitehouse: We were good adversaries. Wainstein: We were. Adversaries who were working for the same goal. Sen. Whitehouse: Yes. Wainstein: Look, as a prosecutor, former prosecutor, looking at this issue, of course you want to know more about the corporations than less. There are obviously First Amendment issues and other concerns out there in the election context, but absolutely, there’s no way to sort of resist your logic, which is we’ve seen the use of corporations in a variety of contexts, whether it’s money laundering or otherwise, but we’ve seen here in the election interference and disinformation context, and a lot of that— Sen. Whitehouse: In fact, they’re widely used in the criminal context for money-laundering purposes and to hide the proceeds of criminal activities, correct? Wainstein: Absolutely. Sen. Whitehouse: So to the extent that what Putin is running is essentially a criminal enterprise of himself and his oligarchs. Why would they not look to what criminal enterprises do as a model? Wainstein: Yeah, it’s meat-and-potatoes criminal conduct. Sen. Whitehouse: Yeah. Wainstein: No question. And all intended to hide the fact of the source of this malign activity. Hearing: Election Security, Senate Armed Services Subcommittee on Cybersecurity, C-SPAN, February 13, 2018. Witnesses: Robert Butler - Co-Founder and Managing Director, Cyber Strategies LLC Heather Conley - Director of the Europe Program Center for Strategic and International Studies Former Dep. Asst. Sec. of State for EU & Eurasian Affairs in GWB admin, 2001-2005 Richard Harknett - Professor of Political Science and Head of Political Science Department, University of Cincinnati Michael Sulmeyer - Director, Cyber Security Project, Belfer Center for Science and International Affairs, Harvard University 7:15 Senator Ben Nelson: First, the department has cyber forces designed and trained to thwart attacks on our country through cyberspace, and that’s why we created the Cyber Command’s National Mission Teams. A member of this subcommittee, Senator Blumenthal, Senator Shaheen, we all wrote the secretary of defense last week that they, the department, ought to be assigned to identify Russian operators responsible for the hacking, stealing information, planting misinformation, and spreading it through all the botnets and fake accounts on social media. They ought to do that. That’s—the Cyber Command knows who that is. And then, we ought to use our cyber forces to disrupt this activity. We aren’t. We should also be informing the social-media companies of Russia’s fake accounts and other activities that violate those companies’ terms of service so that they can be shut down. 18:20 Heather Conley: You asked us what role DOD could play to protect the U.S. elections, and I think, simply, DOD working with Congress has got to demand a hold of government strategy to fight against this enduring disinformation and influence operation. We don’t have a national strategy. Unfortunately, modernizing our nuclear forces will not stop a Russian influence operation. That’s where we are missing a grave threat that exists in the American people’s palm of their hand and on their computer screens. 19:05 Heather Conley: As one of the most trusted institutions in the United States, the Department of Defense must leverage that trust with the American people to mitigate Russian influence. Simply put, the Department of Defense has to model the bipartisan and fact-based action, behavior, and awareness that will help reduce societal division. This is about leadership, it’s about protecting the United States, and as far as I can see, that is in the Department of Defense job description. Hearing: Cybersecurity of Voting Machines, House Oversight Subcommittee and Government Reform Subcommittee on Intergovernmental Affairs, C-SPAN, November 29, 2017. Witnesses: Christopher Krebs - Senior Official Performing the Duties of the Under Secretary National Protection & Programs Directorate, Department of Homeland Security Tom Schedler - Secretary of State of Louisiana Edgardo Cortes - Commissioner of the Virginia Department of Elections Matthew Blaze - Associate Professor, Computer and Information Science at the University of Pennsylvania 4:24 Representative Robin Kelly (IL): In September of this year, DHS notified 21 states that hackers affiliated with the Russian government breached or attempted to breach their election infrastructure. In my home state of Illinois, the hackers illegally downloaded the personal information of 90,000 voters and attempted to change and delete data. Fortunately, they were unsuccessful. 5:05 Representative Robin Kelly (IL): Earlier this year, researchers at the DEF CON conference successfully hacked five different direct-recording electronic voting machines, or DREs, in a day. The first vulnerabilities were discovered in just 90 minutes. Even voting machines not connected to the Internet still contained physical vulnerabilities like USB ports that can be used to upload malware. Alarmingly, many DREs lack the ability to allow experts to determine that they have been hacked. Despite these flaws, DREs are still commonly used. In 2016, 42 states used them. They were more than a decade old, with some running outdate software that is no longer supported by the manufacturer. 20:30 Tom Schedler: In terms of voting-machine security, remember that with the passage of the Help America Vote Act in 2002, states were required to purchase at least one piece of accessible voting equipment for each polling place. 23:55 Edgardo Cortes: Virginia has twice has been put in the unfortunate position of having to decertify voting equipment and transition to new equipment in a condensed timeframe, based on security concerns of previously used DREs. These steps outlined in detail in my written testimony were not taken lightly. They place a financial and administrative stress on the electoral system. They were, however, essential to maintain the public’s trust and the integrity of Virginia elections. The November 2017 general election was effectively administered without any reported voting-equipment issues. Thanks to the ongoing partnership between the state, our hardworking local election officials, and our dedicated voting-equipment vendors, the transition to paper-based voting systems on a truncated time line was incredibly successful and significantly increased the security of the election. 25:45 Edgardo Cortes: To ensure the use of secure voting equipment in the future, Congress should require federal certification of all voting systems used in federal elections. This is currently a voluntary process. Federal certification should also be required for electronic poll books, which currently are not subject to any federal guidelines. 28:20 Matthew Blaze: Virtually every aspect of our election process, from voter registration to ballot creation to casting ballots and then to counting and reporting election results, is today controlled in some way by software. And unfortunately, software is notoriously difficult to secure, especially in large-scale systems such as those used in voting. And the software used in elections is really no exception to this. It’s difficult to overstate how vulnerable our voting infrastructure that’s in use in many states today is, particularly to compromise by a determined and well-funded adversary. For example, in 2007 our teams discovered exploitable vulnerabilities in virtually every voting-system component that we examined, including backend election-management software as well as particularly DRE voting terminals themselves. At this year’s DEF CON event, we saw that many of the weaknesses discovered in 2007, and known since then, not only are still present in these systems but can be exploited quickly and easily by non-specialists who lack access to proprietary information such as source code. 38:40 Matthew Blaze: The design of DRE systems makes their security dependent not just on the software in the systems but the hardware’s ability to run that software correctly and to protect against malicious software being loaded. So an unfortunate property of the design of DRE systems is that we’ve basically given them the hardest possible security task. Any flaw in a DRE machine’s software or hardware can become an avenue of attack that potentially can be exploited. And this is a very difficult thing to protect. Representative Gary Palmer: Do we need to go to, even if we have some electronic components to back it up with paper ballots because your fallback position is always to open the machine and count the ballots? Blaze: That’s right. So, precinct-counted optical-scan systems also depend on software, but they have the particular safeguard, but there is a paper artifact of the voter’s true vote that can be used to determine the true election results. DRE, paperless DRE systems don’t have that property, and so we’re completely at the mercy of the software and hardware. 47:00 Christopher Krebs: When you characterize these things as attacks, I think that is perhaps overstating what may have happened in the 21 states, as was mentioned, over the course of the summer. The majority of the activity was simple scanning. Scanning happens all the time. It’s happening right now to a number of probably your websites. Scanning is a regular activity across the web. I would not characterize that as an attack. It’s a preparatory step. 58:15 Matthew Blaze: There is no fully reliable way to audit these kinds of systems. We may get lucky and detect some forensic evidence, but ultimately the design of these systems precludes our ability to do a conclusive audit of the voter’s true intent. That’s why paperless systems really need to be phased out in favor of things like optical-scan paper ballots that are counted at the precinct but backed by an artifact of the voter’s true intent. 1:02:42 Tom Schedler: The system that we’re looking at, we’re not out for bid yet, would be one that would produce, even though you would vote on an electronic machine, it would produce an actual paper ballot that you could hold in your hand—Representative Paul Mitchell (MI): My concern with that— Schedler: —and then cast ballot only with that point when you put it into a secure box. Rep. Mitchell: My concern with that, and Dr. Blaze makes the point, is that if you produce a paper result after you put something into the machine, if in fact the machine is tampered with, you could in fact end up with just confirming the tampered information. Schedler: Yes, sir. Speech: Hillary Clinton on National Security and the Islamic State, Council on Foreign Relations, November 19, 2015. 12:35 Hillary Clinton: So we need to move simultaneously toward a political solution to the civil war that paves the way for a new government with new leadership and to encourage more Syrians to take on ISIS as well. To support them, we should immediately deploy the special operations force President Obama has already authorized and be prepared to deploy more as more Syrians get into the fight, and we should retool and ramp up our efforts to support and equip viable Syrian opposition units. Our increased support should go hand in hand with increased support from our Arab and European partners, including Special Forces who can contribute to the fight on the ground. We should also work with the coalition and the neighbors to impose no-fly zones that will stop Assad from slaughtering civilians and the opposition from the air.   Hearing: Electronic Voting Machines, House Administration Committee, C-SPAN, September 28, 2006. Witnesses: Edward Felton - Computer Science Professor at Princeton University Keith Cunningham - Board of Elections Director of Allen County, Ohio Barbara Simons - Association for Computer Machinery, Public Policy Committee Co-Chair 19:54 Edward Felten: Two weeks ago my colleagues, Ari Feldman and Alex Halderman, and I released a detailed security analysis of this machine, the Diebold AccuVote-TS, which is used in Maryland, Georgia, and elsewhere. My written testimony summarizes the findings of our study. One main finding is that the machines are susceptible to computer viruses that spread from machine to machine and silently transfer votes from one candidate to another. Such a virus requires moderate computer-programming skills to construct. Launching it requires access to a single voting machine for as little as one minute. 1:45:23 Keith Cunningham: Can they be improved? Absolutely, and I think throughout my comments I was very definite to say that these machines, as they currently sit, are not reliable. My question back to you, though, in that regard is, who’s going to pay to fix it, because one of the problems we have right now is in the last 24 months every election jurisdiction in this country has spent the $3 billion we spoke about earlier on new election equipment, and that’s what’s in place. So without somebody stepping forward to fund that enterprise, I don’t know how we’re going to improve them ourselves. 1:51:00 Barbara Simons: I wanted to remind the panelists of what happened in Carteret County, North Carolina, in, I believe it was, ’04, where paperless DREs were used and over 4,000 votes were lost. I mean, there's this concern about being able to reprint paper ballots or paper VVPATs. When you lose votes in a DRE, which has no paper, there is nothing you can do, and in fact, there was an election for—the statewide election—for agricultural commissioner, where the separation between the two candidates was such that the results could have been reversed by those missing votes. And it went to court, it went to two different courts, where they first tried to hold a recount just for the county itself. That was thrown out. Then it went for a statewide recount, and that was thrown out because we had no laws to deal with what happens when DREs fail. And finally, there were a number of people who submitted subpoenas or petitions say they had voted for one of the candidates, and based on those submissions, it looked like the judge was going to declare that candidate the winner, and so that was how the election was decided. This is not a way to hold elections in this country. Community Suggestions See more Community Suggestions HERE. Cover Art Design by Only Child Imaginations Music Presented in This Episode Intro & Exit: Tired of Being Lied To by David Ippolito (found on Music Alley by mevio)  

In today's podcast, we hear that BadRabbit, still quiet, looks like a TeleBots product. Reaper is still locked and loaded, but is also still quiet. Maritime SATCOM system found to be buggy, and the worse news is that it's beyond its end-of-life. A look back at the annual ICS Cybersecurity Summit that wrapped yesterday in Atlanta. Moscow tells Twitter buying ads is a free speech issue. Justin Harvey from Accenture on monitoring cloud infrastructure. Guest is Michael Sulmeyer, Director of the Cyber Security Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs. Anonymous is back and poking at the Spanish government. 

Friday morning, the White House announced it will elevate Cyber Command to a full unified combatant command. Within 60 days, the Secretary of Defense will recommend whether Cyber Command should also split from the National Security Agency. On Thursday, as rumors of the announcement surfaced, Susan Hennessey spoke to Bobby Chesney, a law professor at the University of Texas at Austin and co-founder of Lawfare, and Michael Sulmeyer, Director of the Cyber Security Project at the Belfer Center, about the organizational and operational consequences of elevating and splitting Cyber Command.

In our 169th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Benjamin Wittes, Maury Shenk, and Brian Egan discuss: Comey and Trump: the upshot; clarity on 702, with DiFi, the Valley, and Tom Bossert plus all the R’s on SSCI laying out their positions; Qatar flap created by cyberattack?; China will use its cybersecurity law to investigate, naturally, Apple; Speaking of which, native Chinese company Rafotech has something a whole lot more sinister on 250 million machines; Ukraine’s unusual sanctions targeting Russian social media companies. Our guest interview is with Ben Buchanan, Postdoctoral Fellow of the Cyber Security Project at the Harvard Kennedy School and author of The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Michael Sulmeyer (@sultanofcyber), Director of the Cyber Security Project at the Belfer Center and former Director for Plans and Operations for Cyber Policy in the Office of the Secretary of Defense, talks with Aroop Mukharji (@aroopmukharji) about protecting yourself online, running for office in the age of social media, and cyber security’s “sex appeal.” Watch highlights on YouTube: https://www.youtube.com/watch?v=SvEFAggwTGY&list=PLp1QSxtgPnf5jtL09yzdIlpSuNMOijtm9&index=46 More about Michael Sulmeyer: http://belfercenter.ksg.harvard.edu/experts/3279/michael_sulmeyer.html Original Release Date: June 1, 2016

As our dependence on cyberspace increases, so too will the urgency of crafting good cybersecurity policy—but the combination of knotty problems in the realms of both technology and law often makes these issues particularly difficult to iron out. In this episode of the podcast, Susan Hennessey sits down with Trey Herr, Fellow with the Belfer Center's Cyber Security Project at the Harvard Kennedy School; Jane Chong, Deputy Managing Editor of Lawfare and National Security and Law Associate at the Hoover Institution; and Robert M. Lee, nonresident national cybersecurity fellow at New America, to chat about a new book on the subject: Cyber Insecurity: Navigating the Perils of the Next Information Age. Co-edited by Trey and Richard Harrison, Director of Operations and Defense Technology Programs at the American Foreign Policy Council, and with chapters by Jane and Robert, the book seeks provides a practitioner's roadmap to cybersecurity policy.

Michael Sulmeyer, Director of the Belfer Center’s Cyber Security Project, discusses the US government’s efforts to defend against cyber threats in the context of the legal battle between the FBI and Apple over its encryption methods.

In this latest episode of the Net Politics podcast, I sit down with Michael Sulmeyer, director of the Cyber Security Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs.