The latest Senate report on Russian interference in the 2016 election, released Feb. 6, contained several broad recommendations for how the government can improve effectiveness in securing American elections.

While the Senate Select Committee on Intelligences third volume lists seven recommendations for correcting shortfalls made by the Obama administration in responding to Russian election interference, the federal government has already made progress in several of the recommended areas since the committee started its report.

The committee recommends that the executive branch bolster partnerships with countries considered near abroad to Russia. The bipartisan report states that Russia has been using these countries as a laboratory for perfecting information and cyber warfare. For example, in the military conflict between Ukraine and Russian, Russian-backed hackers have targeted the government and shut down the countrys power grid.

Expanding partnerships with such countries will help to prepare defenses for the eventual expansion of interference techniques targeting the West," the report read.

U.S. Cyber Command has taken similar measures in recent years, partnering with the Montenegrin government for the last two years to search for malicious actors in networks in the lead up to both nations elections in 2020. The U.S. Secret Service also engages with foreign states on cybersecurity issues, like in 2017 when it trained local officials in Estonia.

Having U.S. cyber personnel near the Russian cyber hot spots will help the United States learn more about Russian behavior. Tom Kellermann, a former commissioner on the Commission on Cyber Security for the 44th President of the United States, said that partnerships will help the United States determine the root cause of Russian intrusions.

How did they get in in the first place and how did they stay in? How did they maintain persistence?" said Kellermann, now head of cybersecurity strategy at VMware. These are the critical lessons we should learn from assisting our allies in order to protect our democracy."

The committee also recommended that the United States lead the way on establishing international cyber norms, writing that U.S. leadership is needed to balance any formalized international agreement on acceptable uses of cyber capabilities.

Get the top Cyber headlines in your inbox every weekday morning.

(please select a country) United States United Kingdom Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, The Democratic Republic of The Cook Islands Costa Rica Cote D'ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guinea-bissau Guyana Haiti Heard Island and Mcdonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russian Federation Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe

Subscribe

By giving us your email, you are opting in to the Daily Brief.

This is another area where the U.S. government has already made progress. At the United Nations, the United States has worked to establish international cyber norms and proposed creating a group to study how to enforce cyber norms, all while butting heads with the Russian and Chinese representatives.

According to Chris Painter, a former top cyber official at the Department of State, while the United States has led on establishing some norms, like critical infrastructure shouldnt be targeted outside of wartime, there is still outstanding work to be done on enforcing those norms.

We have to make sure that those norms are just not paper tigers, Painter said. They have to be accepted by countries around the world and there has to be accountability when people break them."

Another recommendation from the committee suggests that credible information about foreign information or cyber operations be shared as broadly as appropriate within government, Congress and, when appropriate, private-sector partners. The committee also adds that the federal government must have substantive and timely outreach with state and local governments when election infrastructure is targeted.

The federal government has made strides in this area, particularly with its outreach to state and local governments, an effort spearheaded by the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. Top election officials in states have security clearances to gain access to more threat intelligence and CISA frequently holds phone calls with state operators of critical infrastructure, which includes election officials.

Within the intelligence community, NSAs new Cybersecurity Directorate is also making an effort to share contextualized threat intelligence with the defense industrial base.

As part of the recommendation, the committee also said that feds needed to create a mechanism for notifying the public of operations.

Delaying the release of information allows inaccurate narratives to spread, which makes the task of informing the public significantly harder, the committee wrote.

Both the IC and civilian government have partnered together to establish a process for public notification of cyberthreats. Back in November, the Office of the Director of National Intelligence, NSA, DHS, State, CIA, NSA and FBI agreed to a framework in which they would discuss potentially exposing an interference operation after convening leaders from all the agencies.

The committees other recommendations were that the executive branch prepare for the next attack, integrate responses to cyber incidents, prioritize collection on information warfare, and clarification of roles and authorities within the IC.

View original post here:

The progress the government has made on election security - fifthdomain.com