Tag Archives: security

Exploring and Ensuring Election Security

Last week, Dr. Neal Kelly, authoring committee member for our report Securing the Vote: Protecting American Democracy, spoke to the U.S. House of Representatives Committee on Science, Space, and Technology regarding voting technology vulnerabilities. Dr. Kelly is the registrar of voters for Orange County, CA and discussed the key findings of our consensus study report.

During his speech, Dr. Kelly presented observations from his position as registrar of voters for Orange County and the takeaways from our report. He identified the best voting practices used in Orange Country, discussed barriers in election security enhancement, and described the role of congress in guiding states and counties towards secure election processes. As one of the largest voting jurisdictions in the United States, Dr. Kelly notes that Orange County has been an ideal location to implement and evaluate pilot programs. He has been able to identify areas for improvement and apply actions towards correcting the holes in election security systems. He plays a critical role in promoting sound election security procedures.

Securing the Vote: Protecting American Democracy assesses the security of the U.S. election system. This report elaborates on the Russian government’s role in the 2016 election, discusses how specific heightened security measures can prevent similar threats, and offers insight to further develop secure election procedures for the future. To learn more, read the report online or download the PDF for free.

Securing the Vote: Protecting American Democracy

During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, …

[more]

Privacy vs. Security

Source: CNN

Privacy is a growing concern in the United States and around the world. The vast reaches of the Internet and the seemingly infinite options for collecting, saving, sharing, and comparing information trigger legitimate apprehension. The recent FBI request of custom access to an iPhone used by one of the two terrorists who killed 14 people in San Bernardino brought the debate surrounding privacy vs. security to the forefront. Our reports examine the state of privacy in the information age and the policies that currently exist to protect personal user privacy.

Privacy Research and Best Practices: Summary of a Workshop for the Intelligence Community

Recent disclosures about the bulk collection of domestic phone call records and other signals intelligence programs have stimulated widespread debate about the implications of such practices for the civil liberties and privacy of Americans. In …

[more]

Bulk Collection of Signals Intelligence: Technical Options

The Bulk Collection of Signals Intelligence: Technical Options study is a result of an activity called for in Presidential Policy Directive 28 (PPD-28), issued by President Obama in January 2014, to evaluate U.S. signals intelligence …

[more]

Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment

All U.S. agencies with counterterrorism programs that collect or “mine” personal data — such as phone records or Web sites visited — should be required to evaluate the programs’ effectiveness, lawfulness, and impacts on privacy. A framework is …

[more]

Engaging Privacy and Information Technology in a Digital Age

Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of …

[more]

Getting Personal: Balancing Privacy and Security in the Fight Against Terrorism

Recent debate over full-body scanners at airport security checkpoints once again highlights the issues we face in balancing security with privacy. We are observed at work, in stores, and on the street by security systems. By our own choice, we use online resources to bank, shop, contact friends and family, and apply for loans. In countless other ways we may unknowingly reveal personal information. Technological advances in biometric recognition, data mining, e-commerce and behavioral surveillance all raise questions about exactly how personal our personal information is.

Protecting Individual Privacy in the Struggle Against Terrorists examines existing privacy laws to assess how privacy can be protected in current and future programs. Law-abiding citizens leave extensive digital tracks, and so do criminals and terrorists. Gathering and analyzing electronic, behavioral, biological, and other information can play major roles in the prevention, detection, and mitigation of terrorist attacks, just as they do against other criminal threats. This book provides a framework for making decisions about deploying and evaluating information-based programs on the basis of their effectiveness and associated risks to personal privacy.

Released this year, Biometric Recognition: Challenges and Opportunities deals with unresolved questions about the effectiveness and management of systems for biometric recognition, as well as the appropriateness and societal impact of their use. These books and other titles from the Computer Science and Telecommunications Board can inform and guide discussion of this important issue.

	Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment All U.S. agencies with counterterrorism programs that collect or “mine” personal data — such as phone records or Web sites visited — should be required to evaluate the programs’ effectiveness, lawfulness, and impacts on privacy. A framework is…
	Biometric Recognition: Challenges and Opportunities Biometric recognition–the automated recognition of individuals based on their behavioral and biological characteristic–is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and…
	Toward a Safer and More Secure Cyberspace Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
	Engaging Privacy and Information Technology in a Digital Age Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and…

Herb Lin Speaks About Cyberattack and Stuxnet

Stuxnet is a quickly mutating computer worm that has been infiltrating computers in Iran. Discovered in June, Stuxnet has been found in over 45,000 computers in various countries, but the vast majority of infected systems are in Iran.

The 2009 title Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities provides insight and a context with which to view the Stuxnet situation. We asked Herb Lin, the Study Director and one of the editors of the book, for his perspective.

“Stuxnet is the first reported incident of malware aimed at computerized industrial control systems that (allegedly) seeks to cause actual damage to these systems, rather than just extracting information from them. That is, it appears to be an instrument of cyberATTACK and not just one of cyberEXPLOITATION. (The difference between cyberattack and cyberexploitation is addressed in the 2009 report on cyberattack.)

The 2009 report also provides the necessary background to understand many aspects of the Stuxnet incident, including the difficulty of attributing the source of a cyberattack, the intelligence support needed for a successful cyberattack to occur, the significance of nation state involvement, and the potential utility of cyberattack as an instrument of clandestine national policy.”

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities is available to download at no charge online at the NAP website. Links to this title and other National Academies reports that may also interest you are listed below.

	Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal…
	Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
	Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,…
	Toward a Safer and More Secure Cyberspace Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…