As the U.S. heads into the 2020 presidential election, cyber security experts anticipate a rise in attacks targeting election systems and political campaigns, both from individual hackers and nation-state attackers. The need for cyber security experts who understand the potential entry points attackers can exploit to access and disrupt the nation's election infrastructure is critical to support election officials.
Election infrastructure was designated as part of the nation's critical infrastructure in 2017. The Department of Homeland Security (DHS), through its Cybersecurity and Infrastructure Security Agency (CISA), provides a catalog of services that state and local election officials can utilize to reduce both cyber and physical risk to their election systems and facilities. At a minimum, this election infrastructure includes securing:
- Voter registration databases and associated IT systems
- IT infrastructure and systems used to manage elections, including the counting, auditing and displaying of election results, and post-election reporting to certify and validate results
- Voting systems and associated infrastructure, including equipment storage facilities
- Polling places and early voting locations
State and local information security managers must ensure that their cyber security teams have practitioners who know how to defend election systems from cyber threats and attacks. They need assurance that the cyber teams hired have the necessary skills and knowledge to secure their organization's election systems. Cyber security professionals who have a combination of discipline-specific certifications with real-world practical testing are well-equipped to defend election infrastructure from all forms of threats and attacks.
Hands-on Testing - A Critical Component of Election Security
Over the past three years, organizers of DEF CON, one of the world's largest and most notable hacker conventions, have hosted a "Voting Machine Hacking Village" to highlight election security vulnerabilities. In 2017, the Voting Village acquired and made available to participants over 25 pieces of election equipment including voting machines and electronic poll books. By the end of the conference, every piece of equipment in the Voting Village was effectively breached in some manner. DEF CON 2018 and 2019 featured an even greater variety of voting machines and other election systems, none of which held up well against the event's attendees.
This is a prime example of the inherent vulnerabilities of the election process, and the need for trained cyber practitioners to help in the fight.
GIAC, providing the highest standard in cyber security certification for more than two decades, launched CyberLive - hands-on, real-world-testing - to fill the gaps in the market. GIAC currently features CyberLive in five certifications - GXPN, GCIA, GCIH, GCFA, and GPEN - and will be adding more in the near future. These certifications focus on exploit researching, penetration testing, intrusion analysis, digital forensics, and incident handling - skills that are needed to protect and secure the election infrastructure.
Knowing how things are attacked and what attack vectors are used helps security operations teams understand how to defend their organizations. The GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certification, for example, validates a practitioner's ability to find and mitigate significant security flaws in systems and networks, including the infrastructure that supports election systems. GXPN certification holders have the skills to determine how systems and networks are penetrated. They can model the behavior of attackers and demonstrate the business risk associated with these behaviors.
Jason Nickola, GSE and GXPN cert holder, says "If a hiring manager is trying to structure desired experience paired with relevant certs, then the practical component of the exam makes them more sure that someone could step in and do the things that their job entails from day one."
GXPN candidates taking cyber security certification exams with a CyberLive component interact with actual programs, actual code, live virtual-machines, and actual networks; these questions are presented in an environment in which they must prove their knowledge, understanding, and abilities in their specific skill category.
Hands-on, real-world, scenario-based testing must be a critical component of cyber security certifications given the current threat environment in which attacks on election infrastructure pose major challenges for those responsible for protecting the integrity of the election process.
As these attacks intensify and the cyber security skills gap broadens, election officials need the best qualified candidates on the front lines. GIAC's CyberLive testing is one approach that can set these candidates apart, showcasing their real-world abilities to help maintain election security.