Oh, lovely, a bipartisan election hack alert law bill for Mitch McConnell to feed into the shredder

Proposed legislation would force Homeland Security to sound alarm on voting system intrusions


Two US lawmakers are pushing a bipartisan bill that would force the Department of Homeland Security (DHS) to alert the public of hacking attempts on election computer systems.

House reps Mike Waltz (R-FL) and Stephanie Murphy (D-FL) agreed to reach across the aisle to sponsor HR 3259, the Achieving Lasting Electoral Reforms on Transparency and Security (ALERTS Act).

The bill, right now resting in the hands of the House Administration Committee, would require Homeland Security officials issue a notification to Congress, state governments, and local officials whenever they, or any other federal agency, "have credible evidence of an unauthorized intrusion into an election system and a basis to believe that such intrusion could have resulted in voter information being altered or otherwise affected."

It seems incredible that this wouldn't already happen, but then we remembered we're living in America in 2019.

In addition to state and local authorities, the bill would require individual members of the public be notified when any of their personal information – such as information on voter rolls – is thought to have been pilfered by hackers.

That the bill would come from a pair of Florida reps is no accident. The state has been a pivotal battleground in presidential elections for decades and in 2016 multiple Florida counties were targeted by hackers.

"The one thing that is indisputable in the Mueller report is the fact that Russia interfered in our election. In Florida, it is unacceptable that the Russians know which systems were hacked but not the American voters who are the true victims of this intrusion,” Rep Murphy said on Wednesday.

Donald Trump and Vlad Putin

We've read the Mueller report. Here's what you need to know: ██ ██ ███ ███████ █████ ███ ██ █████ ████████ █████

READ MORE

"Just like consumers expect credit card or social media companies to disclose when their personal data has been compromised, voters also expect their government to notify them when their voting information is improperly accessed."

Having a bipartisan backing is an important step for the bill, as Democrats and Republicans have been at odds over how exactly to go about implementing election security in the aftermath of the 2016 election.

"Voters in these counties still don’t know if Russians have accessed their personal data,” Rep Waltz said yesterday.

"Our elections system is perhaps the most critical of all infrastructure to our democracy – and it is constantly under attack from foreign powers who do not share our values. After we adequately harden our infrastructure, the federal government needs to have an honest conversation about deterrent strategy."

Even with the backing of lawmakers from both sides, the bill will face an uphill battle to get to the White House and be signed into law.

Congress has passed multiple bills aimed at stopping foreign hacking in elections, only to have the measures discarded in the Senate by the chamber's majority leader Mitch McConnell (R-KY), with the reasoning that today's election computer security defenses – despite objections from experts – are sufficient to protect future elections from foreign hackers. ®

Similar topics


Other stories you might like

  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading

Biting the hand that feeds IT © 1998–2022