,

Cylance® Proves Voting Machine Vulnerabilities

Cylance® Inc, a CyberTECH member, has announced the successful exploitation of critical vulnerabilities in a common model of voting machine. The exploitation of these vulnerabilities was previously thought to only be theoretical in nature prior to this revelation by Cylance researchers

The compromise techniques are relatively simple to undertake, but do require physical access to the voting machine.

To help understand the risk to election integrity, Cylance produced a demonstration video of the techniques used to compromise the Sequoia AVC Edge Mk1 voting machine.

The video shows how Cylance researchers were able to re-flash the firmware with a PCMCIA card, directly manipulate the voting tallies in memory, and cause a vote for one candidate to be credited to another by altering elements of the device’s screen display.

For mitigation in the long term, Cylance recommends phasing out and replacing deprecated, insecure machines — namely those without robust, hardware-based firmware and data verification mechanisms.

Also, additional due diligence of polling place volunteers, workers, officers may help mitigate possible collusion for tampering by these groups.

The units in question were known to be in use in hundreds of thousands of polling locations across the country in the recent election.

SOURCE: CYLANCE INC.

,

What if the Internet crashed for one day … or longer?

During a one-day outage we would see dramatic slowdown – possibly a total breakdown – of our ability to communicate with one another.

Many of us will be trapped in our homes without the ability to operate our electronic devices and so many other conveniences we take for granted.

What if? We’d be virtually helpless.

If the cyber attack is aimed at power supplies, many of us won’t be able to open our garage doors. Smart phones will be dead, iPads useless. Phone lines will be down. No media coverage. Accurate information about what has happened – and why — will be extremely limited at this point.

If people did manage toget out of their homes and into their cars,traffic control systems will be dark. First responders will start to mobilize, with law enforcement becoming increasingly visible as the day progresses.

Businesses of all kinds –banks, supermarkets, gas stations, the stock market — with cease. Everything will be “cash only” — but ATMs will be inoperable. Supply chains of all sorts will be disrupted. Most companies wouldn’t be able to remain open.

In a word, chaos.

Bottom line: In a society where disenfranchised members begin betting against the regime, cyber strikes to disrupt the political system and infrastructure are a powerful 1-2 punch to create widespread panic and civil unrest.

The “fallout” from one day will last for months, likely years. Cracks in our everyday lives – indeed, our very way of life — will be severely threatened.

Armageddon? Maybe.

Those are my thoughts. I welcome yours.

By Darin Andersen

,

China Approves Cybersecurity Law

Lawmakers described the law as necessary to bolster its online security at a time of multiplying threats

BEIJING—China’s government approved a broad new cybersecurity law aimed at further tightening and centralizing state control over the internet, including the role foreign companies play in Chinese cyberspace.

The law, passed by the standing committee of China’s legislature and issued publicly on Nov. 5, tasks agencies and enterprises with improving their ability to defend against network intrusions while demanding security reviews for equipment and data in strategic sectors.

The law includes provisions such as a requirement that internet operators provide unspecified “technical assistance” to authorities in cases involving national security. It also requires security checks for equipment used for “critical infrastructure,” which is defined as including information services, energy, transportation, finance and other important sectors.

During the drafting, the law was criticized by some foreign business groups and technology experts as a blueprint for further walling off China’s already isolated internet. China’s lawmakers described the law as necessary to bolster its online security at a time of multiplying threats.

China, which is often accused of supporting cyberattacks on other countries but which says it is a frequent victim of hacking, has moved aggressively to bolster cybersecurity since Chinese President Xi Jinping took office four years ago.

SOURCE: THE WALL STREET JOURNAL, Nov. 6, 2016