Friday Five: 3/15 Edition
Building a better voting machine, a government tool to secure critical infrastructure, and the Facebook outage heard around the world - catch up on the week's news with this roundup!
1. DARPA Is Building a $10 Million, Open Source, Secure Voting System by Kim Zetter
If there was a big election security story and it wasn’t broken by Kim Zetter, wouldn’t you be surprised? She's been covering election security for more than a decade and has really ramped up her reporting over the last couple of years. That's why this Motherboard piece, which landed Thursday, isn't a huge surprise but it is a pleasant one: DARPA, the Defense Advanced Research Projects Agency, is building its own open source voting system. One of the best parts of this news: The way it’ll be created – thanks to a cryptographic value, printed on a receipt – will have fully verifiable and transparent results, something that should help alleviate the stress around whether or not a machine is giving you the correct results. According to Zetter, the prototypes will be available for existing voting machine vendors to adopt or customize.
2. Voting machines I recommend by Andrew Appel/Freedom to Tinker
In keeping with the voting security theme, this is a good, quick, insightful read via Andrew Appel, Eugene Higgins Professor of computer science at Princeton University, on what specific machines he recommends. While it may not apply to you - not everyone is an election authority afterall - it doesn't make it any less interesting. Appel has been blogging about election security for more than a decade over at Freedom to Tinker, Princeton’s excellent Center for Information Technology Policy blog. He gets real down in the weeds about machines here, discussing how many voters per minute machines can take, how to make machines more accessible, and his recommendations for in-person voting machines vs. mail-in ballots.
3. Mozilla releases Firefox Send, a free encrypted file transfer service by Zeljka Zorz
4. DOE cyber arm preps risk management tool by Mark Rockwell
We lament here sometimes how infrequent it is to actually see actual good news come out of each week's cybersecurity churn. The relentless drumbeat of data breaches, malware, and ransomware does give way to positivity from time to time, like this news via FCW on how the Department of Energy is prepping a tool that can help commercial electric critical infrastructure quantify cybersecurity risk. The DOE's Office of Cybersecurity, Energy Security, and Emergency Response is apparently working with the DOE's National Labs on a formula for the tool. While it's unclear how far away it is from being a reality but judging from the voices in the piece, when it's ready, it will benefit from ease of use.
5. When Facebook Goes Down, Don't Blame Hackers by Brian Barrett
It's likely you heard, if you didn't experience it first hand, that Facebook, Instagram, and WhatsApp were all offline this week. For what it's worth Facebook said it was a server configuration change:
Yesterday, as a result of a server configuration change, many people had trouble accessing our apps and services. We've now resolved the issues and our systems are recovering. We’re very sorry for the inconvenience and appreciate everyone’s patience.
— Facebook (@facebook) March 14, 2019
WIRED had a good article on Wednesday however that we may have to bring up again the next time Facebook is offline: Just because the site's down, doesn't automatically mean it was the work of hackers or a sinister DDoS campaign. For one, it's highly unlikely an attacker could want to target a site like Facebook, as connected as it is. Second, speculating like this just spreads misinformation. According to WIRED, thinking hackers have taken down Facebook is akin to a conspiracy theory and “only muddles an already confusing issue. Hackers will continue to target Facebook. DDoS attacks will continue to take down sites. But those two truths are much further from intersecting than the more paranoid corners of the internet would have you believe.”