Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры
3:52PM Jul 30, 2020
Aim. We hope you're having lots of fun, and we now have a great snack speaker for you. Allie melon is here from cybereason to talk to you about the elections, and maybe a little bit about Russia.
Thank you so much.
Hi everyone, welcome to my talk trust but verify. Maintaining democracy in spite of misinformation. I'm Allie melon. Hope you guys have been enjoying the whole conference so far. So a little bit about me I'm a security strategist in the office of the seaso at cyber reason I've been with the company for a little bit over a year. In that time I've been working with federal and local law enforcement. On election security related topics, so that's what we're going to be talking about today. But I want to start off by talking about what's truly critical to our daily life, because this actually plays into the voter conversation, a lot more than people think. And the way that I like to think about this is through Maslow's hierarchy of needs you. At the start, you have the physiological needs these are things like air, water, food, shelter, very critical important things. Second, you have safety, these are things like personal security employment resources that you might need. Next up comes belonging. This is things like friendship intimacy, your sense of connection. These are all critical things to an individual's existence. Next is esteem things like respect self esteem status, your recognition. Then finally, the desire to become what you the most that you can be true self actualization
question is where does voting fit into this is a
whole Hierarchy of Needs is critical when you're thinking about voting
and explain a little bit of the background on this and we will talk about operation blackout protective vote, which was a series of tabletop exercises that I, alongside several people from cyber reason, held in order to help local and federal law enforcement in making our elections, more secure, so their tabletop exercises where attackers versus law enforcement. There's no actual hacking being done, but it's the generating of the ideas, and it's a turn based type of game where you the hackers take a move, and then law enforcement has to react and we're basically testing the processes that law enforcement is prepared to use in these situations and trying to introduce aspects that they may not have thought of, but they should for the future. So what we're going to talk about is the defender perspective, the daily life of a voter, and then getting into the attacker perspective, talking about what someone could do to stop an election and finally ending by taking all of that information and thinking about how we can use it to protect our elections. And I want, as I go through this presentation I want you guys to really be thinking about ways that you, as a citizen or as someone in the government could defend an election, and also attack it, because that's the only way that we can really be as prepared as possible is by taking that non attacker perspective. Before we can actually take the defender perspective. So, all that said, we're going to start with a little background, by looking at the state of play today from the defender perspective. Election infrastructure is defined by the DHS to include things like voter registration databases IP infrastructure voting systems, but what I really think about is, is this all and given Maslow's hierarchy of needs, which we just saw. I don't think that this is all I think that there's much more to election security than just that. And the way that I've come to think about this is through a voter hierarchy of needs. This establishes the things that voters need to have security in for they're actually willing to go out and vote, like to get logical needs. If you're afraid for your life. Most likely not going to be as worried about going out and voting, because it's critical that you make sure that you have that level of safety before you're actually able to go out and vote. Similarly, safety, across all things. If you don't have a job and you're looking for a job, you may be more inclined to spend that time looking for a job than you are to going out and flipping belonging is actually a very interesting, psychological critical element of this. If you don't feel like you're a part of the society you're in, you have no motivation to go out and vote for something to make it better. And then esteem. This comes from feeling like your vote matters, feeling like your work matters if you don't have these things, then, again, the motivation just won't be there. And then of course, not only being the best person that you can be, but trying to make your country the best that it can be as well. If you don't feel motivated to do that, then you're going to really struggle to want to contribute to a democracy. And that is the voter hierarchy of needs, which is why it makes me question is election infrastructure, really limited to the things that calculate our votes. The things that support the calculation of our posts. Because all of these. Now systems that we need to protect in order to make sure that citizens feel safe going to vote, and feel motivated to go vote.
And by that same hand, they all become systems that can be a target.
And it's especially true given that 40% of eligible US citizens don't vote at all in a nation where that many people don't vote, any kind of voter suppression is going to have an impact. So, there are other elements of election infrastructure that I think are really important. Please come down to maintaining faith in democracy, or whatever type of government structure you have, preventing things like voter suppression, and then also ensuring national security. So let's jump into the attacker perspective and I want to make clear here, one, please do be thinking about the attacker perspective and how you would approach this as I go through this, but also as I think a lot of us on this call know this isn't an evil thing to do, it's not evil to be thinking about what an attacker would do in a given situation and it's not meant to be in up the wounded. It's. This is why we read team, this is meant to make us better and to make us more secure. So as you go through this Don't be thinking, aha or thinking about how we're going to have an election, think oh
my god this is an avenue I don't think anyone's thought of, and we need to now think about how to defend against that.
So attacker motivation comes down to three core things, gaining power, spreading a particular ideology. And, of course, maintaining global recognition and support, which comes alongside gaining power. I like to think of the layers of a cyberattack in three different places. So, you have the ethos plane. That is the, the core belief system. We follow the information plane, which is the information that we actually take in, and then the infrastructure plane which is someone consider the most difficult to connect to cyber attacks because it's really about those physical things in our environment that can be changed by a cyberattack. So we're going to start with the ethos plane there because we're going to start with the ethos plane and we're going to look at a few examples of attacks on the ethos plane. But I want to make sure that you guys have a full perspective on the history of this as well, because cyber attacks attacks on elections are a new vehicle to an old concept. And I want to give you that basis from previous examples that work weren't involved with cyber attacks at all, but we're still moving towards disrupting democracy disrupting an election disrupting a, the governance of a specific group of people. And we'll start with the Italian elections of 1948. So, in 1948, the Italian government had an election, and the US government was very intent on psychological warfare at this time. This was democracy versus totalitarianism Christianity versus versus atheism. America versus the Soviet Union, and what they tried to push with abundance versus starvation. They gave millions of dollars to Christian Democratic and right wing socialist parties. They being the US government and held a massive propaganda campaign against communist socialist Coalition's. This was all to change that perception. They succeeded.
And so they repeated this process in places like Guatemala. In South Vietnam in Afghanistan, Indonesia, as well as more, because this was something that worked. And while again I'll stress that this wasn't a.
The vehicle for this was not a cyber attack.
Very easily could be, and tax cybersecurity threats are very easy vector for this type of attack. So another example was from Moscow. They founded the communist international party in 1919, and they urge the American Communist Party to pursue revolutionary change in the United States, and this was pushing towards that idea of communism in the United States. And then, of course, we have the funneling of $300,000 from a Chinese general interested in influencing the US elections to the Clinton campaign in 1996, and this really is an attack, not only on directly because we see candidates potentially taking money from foreign governments, but also attack on democracy itself because it makes people lose faith in their government lose faith in their elections. And now we're gonna look at an example from the 2016 election, that is more cyber focused, which comes from of course our good friend. With this information, social media. These are two examples of social media attacks the first on the left is a advertisement that says save time avoid the line by voting from home, of course, voting from home is not an option. But if you think, especially during everything that's going on with COVID that you can vote from home. It's a lot easier than having to go to a polling place, and it's a lot more peace of mind to just be able to send a text and vote for the candidate of choice. Similarly, on the right, we have an example of an advertisement that is meant to sow division in the country, and continues that divisive message where you feel that person is most likely an American, these are most likely American sentiments, even if you are an American, and do or don't agree with this type of activity.
And one of the things that I want to talk about is
the people, the companies that are actually enabling this behavior, because it's a huge topic of conversation. And I think it's worth noting, and you're going to see later in this talk, that election security is not just a government issue. Also an issue that we as citizens have to take seriously. And we, as organizations have to take seriously. When we have pieces that control or companies that control, a lot of information that people are in taking. They have a responsibility for our way of life, help try and make that the best that it can be and to try to prevent manipulation by other countries. So next we're going to look at the information plane. And this one is particularly interesting and has particularly interesting roots, especially in the United States. And I'm sorry to pick on the United States so much but I am an American citizen. So, you know. We'll start with the foundations of America with Sam Adams at disinformation and, you know, America was founded on the premise of a conspiracy theory, where Sam Adams was arguing that the British were trying to enslave us. He argued that Britain's taxations were part of an elaborate conspiracy to eventually enslave the entirety of American colonists, and he spread that disinformation through pamphlets and speeches that he handed out and gave that contained information that he knew wasn't true. And then he used the Boston Massacre to further that argument. When you think about disinformation and you think about the fear and concern that we have about disinformation, you have to put it in perspective of. You are a United States citizen, America was founded on this America was founded on disinformation, it is something that we know, and that is ingrained in us. And so as we look to the future we need to think about how we can prevent it, and contribute to more well rounded conversations to get better not to return to something that we never actually had. Now, we're going to talk about the CIA and their propaganda asset inventory in the 1950s and 1960s the Cold War era. The CIA had a very large propaganda asset inventory, the balloons. So, one of the interesting stories that they have is Radio Free Asia, which was controlled by the CIA, and they realized that they wanted to get information to Taiwan, but not many private citizens actually had a radio that they could use to access Radio Free Asia. So they tied radios to balloons and tried to send them to Taiwan, which I think is just crazy. It didn't work. The wind blew them the wrong way, but the sentiment was there. Then also interesting to note that there were several magazines that the CIA was putting propaganda in that actually ended up gaining so much recognition that they were also being sent additions to the United States, so the CIA had to be very careful to only put the fake news in certain magazines that weren't going to be united states, some interesting tidbits there.
Then we see in the 50s 60s and 70s.
European newspapers were often financed directly from Moscow. And, again, not related to cyber security, except now everything is online. And so we're seeing that from a attacker perspective can use the internet to do this much easier and much cheaper than before. It's not a new concept, it's just a new way, a new vehicle to the concept of us radio in Moscow, where the US would play rock music on a specific radio station, followed by quote unquote editorial content, which the Soviet authorities considered disinformation back on the cyber front, you have the 2014 elections in Ukraine. A few days before the 2014 election, the CEC network and Ukraine, which was responsible for vote counting was compromised, and disabled for several hours, so that feeds back into losing faith in your government. And then a few days later on election day on the CDC website was constantly was under a constant stream of denial of service attacks and 12 minutes before the polls closed attackers posted a picture on that website which was a legitimate government website of one of the former leaders of the Right Sector claiming he won the election which was then immediately shared on Russian media. Even though he had not officially won. So, that can both sway people's opinions, because you see that 12 minutes before the polls close maybe you're on your way to the polls, you're running late. And that makes you decide to not vote for example, or to vote a certain way. So now, again in the information playing. Let's look at some communication attacks that yes we saw during the US presidential elections in 2016. First, on the left, we have a text that's supposedly coming from President Trump, talking about how your ballot has not been submitted trying to shame this person into voting for President Trump. And then, I'm sorry that was not on the 2016 elections that was the 2018 midterm elections. And then on the right, you have an example of a helpful text from the government telling you your polling location. Needless to say, this is not a legitimate polling location, just trying to get people to go somewhere that they can't actually vote. And if you go somewhere and you see it's not actually a polling station and that you think the government has led you astray. Are you going to continue to try and find where to vote, or are you just going to be annoyed and go along with the rest of the things that you had to do that day. And lastly, very interestingly, we're going to look at the infrastructure playing these are the physical attacks. As a reminder, and we'll start with the assassination of Lumumba this, he was the prime minister of the Democratic Republic of the Congo, and he was assassinated in 1961. Now, makes this interesting and related to election security is that he was elected in 1960. And that is the same year, for those of you that don't know that the DRC established independence. So this assassination was incredibly politically fracturing for this brand new independent nation. And of course it would really start to make people lose faith in their government, their brand new government in the processes, and the most horrifying part is that it was perpetrated by the American and Belgian governments who were afraid that Lumumba was not going to be good for Western interests. Another example is the Indonesian elections and subsequent massacre. In 1965, the Communist Party finished fourth in an Indonesian election, and they were offered a proportional representation in the government. The US was not a fan and secretly supported the purge of suspected communists. This led to thousands, potentially millions, dying, over the course of several months, they're not exactly sure of the numbers, and the military took over as the most powerful institution. This is the type of thing that leads to death, of course, but it also terrifies the public who is voting freely after something like this happens in their country. It's been influenced by an outside country. And while
this does not have, again, that cyber component. You can imagine that these communications, where the US is secretly supporting the purge of the suspected communists would have been made much easier. With today's communication channels, and today's ways of
And they're not an election day attack. This is a good representation of what could happen, and is related to a cyber attack. Here we have a bronze night in Estonia. This is a combination simultaneously of an infrastructure and information attack, where Estonia decided to move a Red Army soldier to a Soviet cemetery. Because, needless to say the citizens were not super thrilled about having a Red Army soldier, soldier in the middle of their capital. Fake News began to spread immediately as this soldier was moved, claiming the statue and Soviet war graves were being destroyed. Immediately spread to Russian news reports and resulted in two nights of riots and looting, 156 people were injured. One person was killed, and 1000 people were detained. But simultaneously saw a huge denial of service attack on banks media outlets and the government cash machines and online banking were put out of service, government employees were unable to communicate via email, and newspapers and broadcasters were unable to deliver the news. The only ones delivering the news, were the Russian news reports with that fake news claiming the statue and Soviet workers were being destroyed. And I think this quote does a good job expressing what I've been trying to convey here which is that cyber attacks are unique for this purpose, because you can say, well below the radar and still perpetrate these attacks. So you can make them appear as we've seen, much more legitimate than you'd originally thought.
And now we're going to look at an example of something that could happen to the electric grid.
In 2003, a four day power outage left at least 100 people in the United States and Canada. That. Now imagine this taking place. This. He placed during an election day, and targeting specific areas of a county specific counties that are swing counties swing districts. That's the type of thing that can have a real impact on the, on an election. We'll also look at transit 2016 San Francisco's transit system was infected with ransomware now imagine it's Election Day on a normal non COPPA day, you go to work. You work in the office, no one's wearing masks, it's a wonderful day. And you've worked throughout the day you go on social media, check out how the voting is going by the end of the day, you go to hop on the train to go to the polling station and go home and the train is shut down or top priority has shifted from getting to the polls, getting home because you can't actually use the public transit that you expect it. You're probably frustrated, a little bit annoyed. And inevitably. You may even forget about voting at all.
We can see that these attacks across all layers, and also across all portions of the pyramid.
And let's jump into the defender perspective. Now that we have a more well rounded view of attacker perspective, where does this leave us election security is defined in this very narrow view currently of voter registration databases IT infrastructure all of that, we know that, and it has led to things like this, where top spokespeople from the government are saying that we will most likely have to confront distortions and fake stories. Similarly, we have tweets going out by top world leaders, saying that it's all a scam it's all rigged. We continue to break down our own democracy. And we're even seeing, also from top congressional Democrats. A few weeks ago, that they're openly admitting that they are being actively interfered with, and that information is being amplified around the presidential election in November, but they're not offering solutions.
So where should we be going
more holistic view of election security that encompasses things like communication transit electric grid social media, things that could be used on election day or around Election Day to attack democracy.
So now I want to do a little exercise with you guys in the live stream q&a chat.
I want you to think about what your election day looks like what do you do before you vote before work do you mail in your ballot. How do modern events change what you plan on doing to go vote. Are you on Twitter Do you even vote. Do you fact check before you repost things.
The question is,
So, how would you attack. Would you target. If you had the opportunity in some of these exercises we saw really interesting work with deep fakes, where the hacker group would create a deep fake of a candidate saying something very rude and or potentially abusive something like that, publishing it online on election day because that's the type of thing that you don't really have time to react to. We also saw interesting things happen where they would try to redirect traffic to cause traffic jams make it really difficult for people to actually get to the polls. There are lots of different ways that you could take this and it's important just think about like a trunk and go from there.
Just looking at the comments.
Then also think about what can you do defend.
How do you choose to defend what can you do, what can you give back as a citizen as an organization or as a government official. The best thing that you can do is a calling out misinformation online. Is it if you work for a social media company fighting for change in the organization to make it so that you take misinformation more seriously. That security securing your systems better, because I think that what we should all take away from this is that there are three things three core things you need to do. The first is across any industry it's of course critical to secure your systems. I can't say this enough, things can be used by attackers in ways we don't even realize, and the best way to defend against that is to just keep testing, keep improving our security posture. Second is to work with the government there are great government organizations like infragard that allow you to actually work very closely with the FBI and other law enforcement agencies to promote security both in government and in the private sector. And then the last is to fight misinformation, however you are able to that fact checking is critical. I'm taking the opportunity to fight misinformation wherever possible, it, it's not going to be a one person or one government issue. And that's what's really important here. So, Um, I wrote a white paper on this and it is free to download, no email required, nothing, just visit that link and you can download the white paper and learn more about this and give more examples and and go into these topics a little bit further. So thank you all so much for having me. Um, if you have any questions feel free to reach out and I'll also monitor the chat, more.
So I've already started submitting some questions in the zoom chat for you.
Oh, great. Thank you.
I'll try to fill them as they come in.
A lot of the factors here depend on faith and institutions which seems to be at an all time low agreed. Do you have any suggestions on how to restore faith in institutions or reshape the institutions, so people will have faith in them again.
I'm pretty question.
I think it's a very difficult issue.
I highly recommend transparency. And also,
something that's really critical is communication. So, something that we saw in all of these election security exercises is the,
the real need to communicate early and often with the public in the event of any type of cyber attack during election day. If you don't talk to the public, people start coming up with their own ideas and panicking. And if you are transparent about it, even if you're not necessarily able to do all of the right things. People can better understand the issues better understand where you're coming from, and have better faith that you are working towards the best outcome. So trust is really hard to rebuild. Faith is really hard to rebuild, but I highly recommend that the best thing that you can do is be transparent about the situation and communicate as much as possible. And also On a related note, things like creating legitimate websites that give factual information, information you can trust starting small and creating something that you can give to the community, give back to the community that will make them feel like, Okay, this is the source. This is where I can go for information.
Another question has been posted. I don't know anything about your organization but there are opportunities for people with possibly relevant skill sets, such as malware analysis incident intelligence, whatever, to volunteer those skills to either organizations to seek to counter this issue or even other to local and state election boards or whatever the state municipality orgs that are actually run the elections.
Good question. Um, I don't actually know about any volunteer programs to help with that. So the work that my company or cybereason does with a federal and local law enforcement is volunteer work. But we do it as an organization together. And so I'd be happy to give you more information on what we work on with them, but with regards to like a volunteer organization to use those types of skills for election security, I would have to do some research and get
another question that was posted. How can we defend when the people at the highest position in the government are trying to interfere with the elections by sowing distrust sowing distrust.
Yeah. Um, this is a really tough one because
we don't have a unified support for.
It basically for unifying the government we don't have anything like that available right now. I think that, in reality, we are all individuals and we can all do this in our own way and create our own systems, and at some point we just have to have a, a more deep conversation about what changes we can make when there is a group of people in office who don't prioritize this, it's just a reality that the struggle right now, but that's why we have election so often.
We have a next question, what elements from your analysis and historical research need to come together for several warfare to escalate to kinetic warfare.
I so i i don't think that there's a lot that needs to come together at this point.
I think that
it's interesting with election security issues. Is that a lot of it is about subversion, and about hiding who the real perpetrator is because you don't want to be able to say, directly pinpoint that was Russia, that was the US, unless it's years and years later under heavy analysis but in the moment you don't want to say, Oh, this is something that Americans are doing to this culture, because then it would not seem as legitimate and it wouldn't break down the government and the government's power as much. So the real limiting factor with converting cyber attacks into these more kinetic attacks, is just making sure that you're able to hide the identity of the attacker, which we can really do at this point. And then also to make sure that it appears to be an attack. That was perpetrated by someone else or that it was an attack at all. And they don't actually know what happened. Because then in that case, you can blame it on any number of things.
Another question that was raised is do you think free and fair will succeed in solving some of the technical issues.
I'm free. They're
free and fair looks like looking at the GitHub for it, it's a open source high assurance electric technology for all that it looks like a project to make you know voting systems and other information technologies for protecting elections.
Thank you. Yeah, um, I clearly don't know very much about it, I'll have to look into it. I think that that's great. Honestly we need more people supporting that effort and doing more things to help improve the system that we have in place, so I'm all for it.
Any other questions from chat. I'm currently reading it right now.
A lot of good discussions that are going on in the livestream q&a. Cool.
So I think that's about it for now unless something comes in.
I mean elections are hard.
I don't think the system's gonna mentally change until we change how the votes, have been counted. Right, yeah the whole voting system change, doing even something along the lines of past about or something along those lines. Yeah. That way we start kind of getting out of this two party system that we're stuck in. So it looks like that's all the questions for now Dave anything else. I
know I think that that's it I think another thing could be really good and help us is mailing voting think supporter of mail and voting
yeah I'm the same I've had that same problem, it's just, it's a pain to try to go to the polls, I half the time I even miss it. I don't even realize it's happening because it's no holiday. And a lot of times I just it's like what actually happened that was a week ago. Yeah, I don't watch TV, what is this.
No, it's very true, and male encoding could have been to the present its own issues but could
I hear it's really the only thing I can think of specifically that would be detrimental to the male in voting would be somebody who doesn't have a good address or otherwise only has a peel box wouldn't be able to vote very well. And there's a lot of situation where that comes up, either you know underprivileged or otherwise homeless populations. But I know they traditionally don't tend to vote anyway very much
about that good.
Yeah. And what's interesting. So what I really like about mail and voting is that it takes away a lot of these time based attacks.
So like, even if it's, you just use mail and voting but you can go and pick up your, your ballot a few days before or something like that, so that you don't need an address but you can still get it get access to it somehow I think that would be really
what I thought would be interesting is that most Americans file taxes in some ways, in some way, shape or form, and be able to actually submit your vote whenever you do your state taxes,
wouldn't be a bad idea in my opinion.
And you have that long period of time to kind of submit your vote maybe that's the you know kind of submitting your vote early. But if they had a similar system to that, being able to say, you know, so submit you submit it with your taxes or something along those lines but we have similar problems with our tax system where it's all kinds of screwed anyway. We got another question coming in question can we implement more education and primary schools to educate on false narratives. Example giving kids the same talk you just said.
Yeah, I think that that's cool. Um, so my one fear of doing these things in not fear but concerned with doing these things in
organized events, is that you of course run into the issue of the government actually perpetrating the propaganda. So I wary of it I think that if done well or specifically if done.
Directing towards things like
ways to spot misinformation, or ways to look at a narrative and say I don't think that there's something not right about this and I should read more about this teaching people to always verify. I think that that's fantastic. I think that when it comes to resources to establish the validity of particular statements that might have to be done by an independent group that can be really trusted.
Another question that came in was given the President's statements today. Oh, let's scroll up given the President's statement today, what are your thoughts on precedent for dividing a major election on account of security issues.
this is tricky because you have given the president Siemens today, and then delaying a major election on account of security issues and I kind of think of them as two different things. With regards to the President's statements today, I don't. So I, of course, President does not have the ability to delay an election. And I think that that's appropriate. I also think that this is not, not a reason to delay the election i think that we have alternatives and things like
voting, which we were just talking about will support that.
Delaying a major election on account of security issues i think that that portion of the sentence has some merit, we actually had that happen over the course of some of these tabletop exercises where, inevitably, the law enforcement had to postpone the election to a later date. But that was because there was actual, real immediate and, as I said, time based threats to these fake individuals in this country that we made. So I think it's situation dependent. But in the case of the President's statements today, I, I don't think that we should allow that type of precedent to be established.
I agree that's a slippery slope to go down. Another question that came in, do you feel the serious challenges. These serious challenges have imminent danger to our nation.
And, um, I think I think they're a danger to our nation. I don't necessarily think that they're imminent. This is a slow burn. This is the river going through the Boulder, as it were, where it's going to end has been slowly wearing us down. But, um, we have the opportunity to change course with that, by promoting things like education and things that like security and really starting to take care of cybersecurity as a nation and as individual organizations, I think we're on the right path with that
cybersecurity front I know there's a recent regulation coming down for the Department of Defense, the cyber maturity model that's going to be enforced through VOD subcontractors. And that I think that's going to really kind of start helping with the manufacturing sector getting them sugar because it's going to force them to do it, which is the first time that's kind of happened before, forever for all of it so totally maybe with that when we have more of a game kind of going on where even small mom and pop shops are having to become secure now to even do work with the government at all that, that will start to spread throughout the industry right. We thought that would happen with you know HIPAA or PCI and it's kind of not completely there but now with the certification programs are coming out with that may help with. With that I know I've worked. I do cybersecurity audits and I know I've done work with some of the election board stuff that for some counties in the past and they're they are really putting it down, you know, air gapped election networks that are being forced down. One of the things is that they're still not giving counties a whole lot of funding to do this. They just have to do it. Yeah, but it is, it is coming down behind the scenes that they there's. They're not giving them a security standard to do it with so that's the problem. If you say this is how do you just need to do it. Yeah, you go to this level and I know in New York State. Nash National Guard guard during cyber security audits against counties and stuff and submitting them a report but the reports a parable there yeah
thousand page documents that they can't read. Totally, yeah they hire they hire me and go with and we give them a report that they can actually read and it's all the same stuff they found previously and I sat on it for a year.
And that's what's really interesting too is, it's good that they are starting to establish standards for God contractors because what's been really interesting in this research is that a lot of these attacks are not actually on government organizations, they're on the private sector. And that means that it really isn't just a government problem you know it's much more important to have these individual organizations in addition to the government considering election security and being prepared so
there is there is a there is a standardized marking system that's been implemented as a part of the, this came about in the Obama administration, and it's called controlled unclassified information so you I. It's supposed to fall under NIST 801 71 security standards. And I think it's a marked election voting information like internal stuff and their systems as see why it enforced 801 71. I think they'd been a lot better spot. At least internally with with their security right treated the actual vote data as the UI, because it's supposed to be all levels of government are supposed to have CGI handling capabilities because it's supposed to be used for like since the data coming out of the FBI VOD anybody right. Yeah, it was supposed to be a standard they made it as a standardized document marking system. So another question that came in and given the US at least getting a taste of it though medicine, with, you know, like the election of installation, can we get any hope for international agreement to cease this activity.
I doubt it. Like, I gotta be honest like. I think it would be great if we could have
an international agreement that did that but in reality I think that even if there was such an agreement, it would just be
countries would just do it anyway
and corporate elections any research into that.
No I haven't done any research into hacking corporate elections, that's interesting. Yeah, they do that.
Port elections and stuff I imagine yeah manipulation that happens there as well, probably, I get those weird mailers in the mail for whatever CEOs change that out and stuff. Alrighty, well that that kind of concludes the end here for today, it's great having a great discussions going on in the livestream QA here. Another is will be a recording of this available to watch for the rest of time of sorts, if you want to spread out among others you can. Well, it's great to have it in and have a good day.
Thank you guys follow, keep answering questions in the chat. Bye. Bye.