Page:Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 1.pdf/57

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.

   
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY

  • (U) Identify the weak points in their networks, like under-resourced localities. State 7 said they are not worried about locations like larger counties when it comes to network security, but they are worried about "the part-time registrar who is also the town attorney and the town accountant and is working out of a 17th century jail."[1]
  • (U) Undertake security audits of state and local voter registration systems, ideally utilizing private sector entities capable of providing such assistance. State and local officials should pay particular attention to the presence of high severity vulnerabilities in relevant web applications, as well as highly exploitable vulnerabilities such as cross-site scripting and SQL injection.
  • (U) Institute two-factor authentication for user access to state databases.
  • (U) Install monitoring sensors on state systems. As of mid-2018, DHS's ALBERT sensors covered up to 98% of voting infrastructure nationwide, according to Undersecretary Krebs.[2]
  • (U) Include voter registration database recovery in state continuity of operations plans.
  • (U) Update software in voter registration systems. One state mentioned that its voter registration system is more than ten years old, and its employees will "start to look for shortcuts" as it gets older and slower, further imperiling cybersecurity.
  • (U) Create backups, including paper copies, of state voter registration databases.
  • (U) Consider a voter education program to ensure voters check registration information well prior to an election.

(U) DHS in the past year has stepped up its ability to assist the states with some of these activities, but DHS needs to continue its focus on election infrastructure and pushing resources to the states.

(U) The Committee recommends DHS take the following steps:

  • (U) Create an advisory panel to give DHS expert-level advice on how states and localities run elections. The Government Coordinating Council, created as part of the critical infrastructure designation, could serve as a venue for educating DHS on what states do and what they need.
  1. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 7], January 25, 2018.
  2. (U) DTS 2018-3275, Summary of 8/22/2018 All Senators Election Security Briefing, August 28, 2018.

57
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY
   

Retrieved from "https://en.wikisource.org/w/index.php?title=Page:Report_of_the_Select_Committee_on_Intelligence_United_States_Senate_on_Russian_Active_Measures_Campaigns_and_Interference_in_the_2016_U.S._Election_Volume_1.pdf/57&oldid=10947541"