1(520) 261-1728

info@threatintel-solutions.net

Threat Intel Solutions

Let’s Talk

Black Hat USA 2024: All eyes on election security

Critical InfrastructureBlack Hat USA 2024: All eyes on election security=================================================In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated [![Tony Anscombe](https://web-assets.esetstatic.com/tn/-x45/wls/2017/05/MFE_5108-BW.png)](/en/our-experts/tony-anscombe/ ‘Tony Anscombe’) [**Tony Anscombe**](/en/our-experts/tony-anscombe/ ‘Tony Anscombe’)09 Aug 2024 • , 3 min. read ![Black Hat USA 2024: All eyes on election security](https://web-assets.esetstatic.com/tn/-x700/wls/2024/8-2024/black-hat-usa-2024-election-security.jpeg) The mention of election security, especially in a year where the majority of the world is destined to vote, brings to mind images of a voting machine or even some form of subversion of online voting or counting processes. So it was not a huge surprise when the opening keynote of this year’s Black Hat USA conference was titled ‘[Democracy’s Biggest Year: The Fight for Secure Elections Around the World](https://www.blackhat.com/us-24/briefings/schedule/#keynote-democracys-biggest-year-the-fight-for-secure-elections-around-the-world-41960)’.The aftermath of the CrowdStrike outage—————————————But ahead of the conference itself, the cybersecurity ecosystem was [rocked by the recent CrowdStrike incident](https://www.welivesecurity.com/en/cybersecurity/building-cyber-resilience-lessons-learned-crowdstrike-incident/) that caused major global disruption — and a panel of government agency leaders from around the globe clearly needed to address this first.One of the panelists, Hans de Vries, COO of the European Union Agency for Cybersecurity, offered an interesting observation: ‘It was an interesting lesson for the bad guys’. This perspective may not be immediately obvious, as the incident in question was not malicious.However, if a nation-state or a cybercriminal wanted a real-world simulation of how a cyberattack could unfold and cause global disruption, the CrowdStrike incident just delivered a full proof-of-concept, complete with insights into recovery times and how society as a whole dealt with the damage left in the incident’s wake.Protecting the ballot box————————-Also on the stage was Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, and Felicity Oswald OBE, CEO of the UK’s National Cyber Security Centre, and all three panelists did address the topic of [election security](https://www.welivesecurity.com/en/critical-infrastructure/election-cybersecurity-protecting-ballot-box-building-trust-election-integrity/).The consensus seemed to suggest that other than attempts to disrupt elections, such as denial-of-service attacks, the risk to an election result being manipulated due to an attack on the infrastructure technology was nearly non-existent. Processes are in place to ensure each vote, cast on paper or electronically, has numerous failsafe mechanisms built-in to guarantee that it’s counted as intended. This is reassuring news.The discussion then shifted to the spread of misinformation surrounding the election process. The panel suggested that adversaries aiming to manipulate the result focus more on creating the perception that the election process is broken, rather than on directly hacking it. In other words, they aim to make voters feel that their votes are not secure, spending more effort on sowing fear about the process than on attacking the process itself.National cybersecurity frameworks under the microscope——————————————————Later in the day, [another presentation](https://www.blackhat.com/us-24/briefings/schedule/#a-framework-for-evaluating-national-cybersecurity-strategies-40879) took on the topic of evaluating national cybersecurity frameworks. Presented by Fred Heiding from Harvard, the research examined how different governments approach the protection of their national cybersecurity. The research team evaluated 12 countries using a 67-point rubric, ranking them as innovators, leaders or under-performers based on their cybersecurity posture.The scorecard approach encompassed several interesting categories, including protecting people, institutions and systems, building partnerships and communicating clear policies. Even the length of each country’s strategy document had a bearing on the score, and these varied widely, from 133 and 130 pages for Germany and the UK, respectively, down to just 24 for South Korea, and 39 pages for the USA.Some countries, such as Australia and Singapore, stood out as leaders in more areas of the scorecard than others, either leading or meeting the bar across all categories. The UK occupied a middle ground with six leading scores and four that met the bar. The USA, meanwhile, had the opposite, with four leading scores and six that met the bar.Only two countries received lagging scores in some areas — Germany and Japan. It’s important to note that the scorecards presented only covered seven of the twelve countries. Additionally, this is, of course, an academic research paper that looked at policy rather than its execution — some countries might do a great job of drafting strategies while falling short in implementation, or vice versa.As a parting thought, it’s important that we hold our governments to account for their cybersecurity policies and their preparedness to protect our society and citizens. *** ** * ** ***Let us keep youup to date—————————–Sign up for our newsletters Ukraine Crisis newsletter Regular weekly newsletter Subscribe #### Related Articles*** ** * ** ***[Business Security, Critical InfrastructureHacktivism is evolving — and that could be bad news for organizations everywhere![Hacktivism is evolving – and that could be bad news for organizations everywhere](https://web-assets.esetstatic.com/tn/-x145/wls/2024/6-2024/hacktivism-state-backed-threat-actors.jpeg)Business Security, Critical InfrastructureHacktivism is evolving — and that could be bad news for organizations everywhere](/en/business-security/hacktivism-evolving-bad-news-organizations-everywhere/ ‘Hacktivism is evolving – and that could be bad news for organizations everywhere’) *** ** * ** ***[Critical InfrastructureElection cybersecurity: Protecting the ballot box and building trust in election integrity![Election cybersecurity: Protecting the ballot box and building trust in election integrity](https://web-assets.esetstatic.com/tn/-x145/wls/2024/3-2024/election-cybersecurity-threats.jpeg)Critical InfrastructureElection cybersecurity: Protecting the ballot box and building trust in election integrity](/en/critical-infrastructure/election-cybersecurity-protecting-ballot-box-building-trust-election-integrity/ ‘Election cybersecurity: Protecting the ballot box and building trust in election integrity’) *** ** * ** ***[Critical InfrastructureBlack Hat Europe 2023: The past could return to haunt you![Black Hat Europe 2023: The past could return to haunt you](https://web-assets.esetstatic.com/tn/-x145/wls/2022/03/cybersecurity-healthcare-ukraine-russia-invasion.jpg)Critical InfrastructureBlack Hat Europe 2023: The past could return to haunt you](/en/critical-infrastructure/black-hat-europe-2023-the-past-could-return-to-haunt-you/ ‘Black Hat Europe 2023: The past could return to haunt you’) ### Similar Articles[Digital SecurityDeepfakes in the global election year of 2024: A weapon of mass deception?![Deepfakes in the global election year of 2024: A weapon of mass deception?](https://web-assets.esetstatic.com/tn/-x82/wls/2024/2-2024/deepfakes-elections.jpeg)](/en/cybersecurity/deepfakes-election-year-2024-weapon-mass-deception/ ‘Deepfakes in the global election year of 2024: A weapon of mass deception?’)*** ** * ** ***[Critical InfrastructureElection cybersecurity: Protecting the ballot box and building trust in election integrity![Election cybersecurity: Protecting the ballot box and building trust in election integrity](https://web-assets.esetstatic.com/tn/-x82/wls/2024/3-2024/election-cybersecurity-threats.jpeg)](/en/critical-infrastructure/election-cybersecurity-protecting-ballot-box-building-trust-election-integrity/ ‘Election cybersecurity: Protecting the ballot box and building trust in election integrity’)*** ** * ** ***[Business SecurityBlack Hat USA 2024: How cyber insurance is shaping cybersecurity strategies![Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies](https://web-assets.esetstatic.com/tn/-x82/wls/2024/8-2024/black-hat-usa-2024-cyber-insurance.jpeg)](/en/business-security/black-hat-usa-2024-cyber-insurance-shaping-cybersecurity-strategies/ ‘Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies’)*** ** * ** ***### Share Article[](https://www.facebook.com/sharer/sharer.php?u=https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2024-election-security/ ‘Facebook’) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2024-election-security/ ‘LinkedIn’) [](https://twitter.com/intent/tweet?url=https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2024-election-security/ ‘Twitter’) [](mailto:?&subject=I wanted you to see this site&body=https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2024-election-security/ ‘mail’) [](https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2024-election-security/ ‘copy’) ![Apt Activity Report](https://www.welivesecurity.com/build/assets/apt-activity-report-4523d00f.webp) ### Discussion

Related Tags:
NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

NAICS: 51 – Information

NAICS: 924 – Administration Of Environmental Quality Programs

Blog: ESET We Live Security

Associated Indicators:

Search

Popular Posts

Categories

Archives

Tags

Follow Us