On September 22, 2017 the US government disclosed information to the officials of 21 states that hackers attempted to break into their systems. The US Department of Homeland Security (DHS) did not publicly announce which states were targeted, however, and were unclear about the brevity of the cyber attack.
The alternative press reached out to each state election office to determine those that were impacted. Several key battleground states were included in the cyber attack, including Florida, Ohio, Pennsylvania, Virginia, and Wisconsin. The data of tens of thousands of Illinois voters was compromised; in Arizona, hackers stole the login credentials for an election official. The other states that were targeted but not breached included Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Illinois, Iowa, Maryland, Minnesota, North Dakota, Oklahoma, Oregon, Texas, and Washington.
State officials criticize the DHS for its lack of response
For months, state election officials and US Congress members have demanded that the federal government comes forward with information about any 2016 election-related cyber attacks. But Friday’s calls to affected state officials signify its first official confirmation.
It’s been nearly a year since the DHS and the Office of the Director of National Intelligence on Election Security jointly announced that servers operated by a Russian company were discovered scanning and probing election-related technical systems. Election officials in three states recently said that Russia may be linked to the attack.
The fact that it’s taken almost a year for the federal government to inform state officials is concerning state officials, and with good cause. “We need Congress and the president to help states with their security systems for elections and ensure funding for more secure equipment where needed, and we need it to happen now,” said Connecticut Secretary of State Denise Merrill.
The DHS acknowledged in a statement that it could certainly do better in keeping state government officials aware of any cybersecurity issues: “We are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners.”
Protect your organization’s data from cyber crime
Although the hackers may have had political reasons for targeting the US election system, cyber criminals largely don’t discriminate when it comes to their victims. Protect the data in your possession and take measures to stronghold your information system before you are faced with a debilitating cyber attack.
One way to safeguard is to implement an ISO 27001-compliant information security management system (ISMS). ISO 27001 is the international standard that prescribes the requirements for a best-practice ISMS. It outlines a data security management strategy that incorporates policies, procedures, and technologies to ensure your organization is actively protected.
Get practical implementation know-how
Learn from security expert Alan Calder live and in person this October in Washington, DC. Attend our accelerated two-day ISO27001 Certified ISMS Lead Implementer Training Course, which covers all nine of the key steps involved in planning, implementing, and maintaining an ISO 27001-compliant ISMS. Those who pass the included examination will obtain an industry-recognized ISO 27001 qualification.