Cybereason Preps For The ‘Unthinkable’ With Election Hacking Exercise
‘I think what happened in Iowa reminded us of how fragile our trust is in the validity of the election process,’ says Cybereason CISO Israel Barak.
Boston-based cybersecurity vendor Cybereason recently held its fifth election hacking exercise in Manchester, New Hampshire, inviting federal, state and local officials to participate.
Operation Black Out New Hampshire is built around the fictitious city of Adversaria, and its election day. There are two teams, Red and Blue, looking at different possibilities where hackers could disrupt a vote during an election.
“We have a Red Team of ethical hackers and both public and private security professionals coming up with a number of scenarios to try to disrupt critical infrastructure on an actual election day, and what I mean by ‘critical infrastructure’ would be transportation, telecommunications and electricity,” said Cybereason spokesman Bill Keeler about last Friday’s exercise.
For example, he questioned: Could you prevent people from using the subway to get to a voting center to cast their vote by disrupting that subway system? If you were a hacker, that could be a possibility.
That’s where the Blue Team comes in, Keeler told CRN, “The ‘defenders’ are trying to minimize the disruptions in the the city on that day to ensure that people can get to the voting centers to vote and that their vote count.”
A Look At The Impact On The Channel Ecosystem
“I think what happened in Iowa reminded us of how fragile our trust is in the validity of the election process,” said Cybereason CISO Israel Barak.
So when it comes to cybersecurity, Barak told CRN, Cybereason looks to its channel partners, both at the national and local level, to help identify who will benefit from these simulations, like election officials, local law enforcement and federal agencies.
“Our channel partners often have these relationships and understand who those people are in their communities that can really best benefit from these experiences,” said Barak. “So we’re working together to bring them into these tabletop exercises to make sure we’re able to deliver on that promise.”
At the event, federal, state and local law enforcement share their concerns around cybersecurity within their communities, saying exercises like ‘Operation Black Out’ are important to prepare for even the worst case scenarios.
“The credibility of our election system is at stake here,” said Ed Davis, former police commissioner of the Boston Police Department and current president and CEO of security consultancy Edward Davis LCC. “And so when we see what happened in Iowa and we look back at the 2016 election we can tell this is a very real threat that we need real time response to… We respond the way we train and this gives [officials] the opportunity to think the unthinkable.”
The Future Generations
Also in attendance, 14-year-old Laird Sullivan of New Hampshire told CRN that everyone nowadays has a cellphone and it’s scary to imagine how much destruction and distraction a hacker can create with a simple push of button.
“I’m kind of scared if this were to happen to me because I can’t tell what’s true and what’s not in this day and age. If I were a police person I’d have to respond to that I wouldn’t just pass it by, and that wastes time and and resources if if it’s fake. But if it’s real [and] we don’t [respond the worst could] happen without us reacting to it,” said Sullivan.
Sullivan enters high school next fall and said he hopes to join the school’s ROTC program focused on cybersecurity.
Watch CRNtv to learn more about these simulations.