Elections and immigration raise concerns about cybersecurity

On Valentine’s Day, Congressional Democrats introduced legislation to provide more than $1 billion to improve cybersecurity around US elections. This follows warnings from US intelligence officials (including National Intelligence Director Dan Coats) that midterm elections in November will likely be targeted by Russia and other foreign rivals.

At a news conference held at the US Capitol in Washington, House Minority Leader Nancy Pelosi said, “We cannot let the Russians laugh about and take joy in the success they had in the last election. Their goal is to undermine democracy.” In addition to the 2016 election hacks, the US Department of Homeland Security (DHS) said that 21 states suffered initial probing of their systems in 2017 by Russian criminal hackers, compromising a limited number of networks.

Since the November 2016 elections, lawmakers have tried to introduce bills – a number with bipartisan support – calling for improved election security, but none have passed into law. This Democrat election cybersecurity bill is the most comprehensive to date, but since the Republicans control the House, it is unlikely to succeed.

Immigration receives some funding but needs more

In February 2017, DHS employees lost access to computer networks in Washington and Philadelphia. The DHS is accountable for federal immigration, border security and cyber defense initiatives. The DHS confirmed an outage – due to an “expired DHS certificate” – that temporarily affected four US Citizenship and Immigration Services centers in Washington.

According to sources cited by Reuters, the outage resulted from “benign information technology missteps and a failure to ensure network redundancy.” Although there was no evidence of foul play, the outage indicates a failure to appropriately address cybersecurity.

This is not the first time the DHS has come under scrutiny for its lax information security practices. An audit conducted by the DHS Office of the Inspector General in 2015 revealed vulnerabilities on Immigration and Customs Enforcement and Secret Service internal websites. These weaknesses might have allowed unauthorized access to sensitive data. The report also revealed how the agencies lacked adequate department-wide cybersecurity training programs for incident response and investigation.

In the 2019 fiscal year budget proposal, President Trump requested $25 million for the Department of Justice for IT modernization and to streamline immigration IT. This is a step in the right direction, but more is needed, such as improving IT for agencies directly involved with immigration.

Protect your organization from cyber crime and data breaches

Rather than wait for a data breach to occur, organizations should already have an information risk mitigation and data breach management strategy in place. Implementing an information security management system (ISMS) can ensure private and personal data is protected from unauthorized access or theft. ISO 27001 is the international standard describing best practices for an effective ISMS.

Obtaining ISMS certification from a body that is accredited by the International Organization for Standardization indicates that your organization has taken all precautions necessary to protect personal data. IT Governance is offering an accredited, online, practitioner-led course to help you achieve an ISO 27001-compliant ISMS, and provide an understanding of information security risk mitigation and data breach event response.

Register for the ISO 27001 Certified ISMS Foundation Classroom Course