“You can keep the Office of Personnel Management records, I don't need Electronic Health Records, give me the metadata, big data analytics and a custom tailored algorithm and a budget and during election time, I can cut to the psychological core of any population, period!” ElectionAnalyticsJames ScottBig DataMetadataEhrOpmElectronic Health Records Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“What do you mean “Should we worry about cyber adversaries getting into state voter registration databases?” They’re already in and selling exfiltrated voter registration data on the dark web! Next election cycle black hats will be selling ‘access as service’.” ElectionElectionsHackingCybersecurityAdversaryDark WebBlack HatAdversaries Voting Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“Hacking a national election is simple. Exploit a vulnerability in the manufacturer's network, poison the tabulation software update with self-deleting malware and let the manufacturer send to their field reps and election consultants who update the election systems.” ElectionHackingJames ScottMalwareElections 2016E VoteElection SystemsElectronic Voting Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“The security theater we are witnessing in our election system boasting the illusion of security via ‘clunky as heck’ and air gap defense will do nothing against the real and sophisticated adversarial landscape that is zeroing in on our democracy” AmericaDemocracySecurityVoteElectionVotingDefenceCybersecurityJames ScottIcitCyberattacks Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“Many members of Isis are not sophisticated attackers. The majority of members do not have a technical background. The UCC is predominately capable of hacking soft targets, such as Twitter accounts, and spreading propaganda or defacing websites” AmericaDemocracySecurityVoteElectionVotingCybersecurityJames ScottIcitCyberattacks Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“Every conceivable layer of the election process is completely riddled with vulnerabilities, so yes, hacking elections is easy!” SecurityElectionVotingElectionsHackingCybersecurityElection 2016MalwarePhishing Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“Consider all tabulation systems infected by bad actors until a third party, not affiliated with the manufacturer or election officials, proves they are secure.” ElectionVotingElectionsHackingCybersecurityElection 2016MalwarePhishingCyber Threats Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“You think an Air Gap is a defense? Sofacy, Stuxnet, Uroburos, AirHopper, BitWhisperer and ProjectSauron…enough said!” DemocracyVoteElectionDefenseAmericanCybersecurityVoterIcitCyberattackSecurity DailyApts Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“The collaboration between secretaries of state, election officials and the voting system manufacturers on the matter of enforcing this black box proprietary code secrecy with election systems, is nothing less than the commoditization and monetization of American Democracy” DemocracyVoteElectionDefenseAmericanCybersecurityStealthVoterIcitCyberattackSecurity DailyApts Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“As we’ve already seen with exfiltrated voter registration databases and the endless methods of poisoning manufacturer updates, manipulating DRE and optical scan machines and bypassing air gap defense, the state election official’s illusion of security is being pummeled by the reality of cyberattack.” VoteElectionDefenseCybersecurityStealthVoterIcitCyberattackSecurity DailyApts Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“Between the black box proprietary code, barebones computers we call voting machines and a mass of completely unqualified election officials, our election system is up for grabs to anybody with even a modest interest and some script kiddie capability. The cyber-kinetic attack surface here is wide open.” DemocracyVoteElectionDefenseVotingAmericanCybersecurityVoterIcitCyberattackSecurity DailyApts Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“Look at the stealth and sophistication of foreign nation state APTs who break through even the most sophisticated layers of security daily and tell me why they would just give our completely unprotected election systems a pass” VoteElectionStealthIcitSecurity DailyApts Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
“A Nation State or Cyber-Mercenary won’t hack e-voting machines one by one. This takes too long and will have minimal impact. Instead, they’ll take an easier approach like spear phishing the manufacturer with malware and poison the voting machine update pre-election and allow the manufacturer to update each individual machine with a self-deleting payload that will target the tabulation process.” ElectionVotingElectionsHackingCybersecurityMercenaryMercenariesMalwarePhishing Author:James Scott, Senior Fellow, Institute for Critical Infrastructure Technology