New cyberattacks targeting U.S. elections  | Microsoft On The Issues

New cyberattacks targeting U.S. elections  | Microsoft On The Issues

In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below. We have and will continue to defend our democracy against these attacks through notifications of such activity to impacted customers, security features in our products and services, and legal and technical disruptions. The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported. We also report here on attacks against other institutions and enterprises worldwide that reflect similar adversary activity.

We have observed that:

  • Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants
  • Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community
  • Phosphorus, operating from Iran, has continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign

The majority of these attacks were detected and stopped by security tools built into our products. We have directly notified those who were targeted or compromised so they can take action to protect themselves. We are sharing more about the details of these attacks today, and where we’ve named impacted customers, we’re doing so with their support….

We also believe more federal funding is needed in the U.S. so states can better protect their election infrastructure. While the political organizations targeted in attacks from these actors are not those that maintain or operate voting systems, this increased activity related to the U.S. electoral process is concerning for the whole ecosystem. We continue to encourage state and local election authorities in the U.S. to harden their operations and prepare for potential attacks. But as election security experts have noted, additional funding is still needed, especially as resources are stretched to accommodate the shift in COVID-19-related voting. We encourage Congress to move forward with additional funding to the states and provide them with what they need to protect the vote and ultimately our democracy.

The post New cyberattacks targeting U.S. elections  appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/2GPqofa
via IFTTT

Increasing election security monitoring in cloud computing | Microsoft On The Issues

Increasing election security monitoring in cloud computing | Microsoft On The Issues

Today, we have an exciting announcement we believe will help increase election security while enabling election officials to take advantage of the advanced capabilities of cloud computing.

For years, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and state and local governments throughout the United States have worked with the non-profit Center for Internet Security, Inc. (CIS) to monitor the security of election-related data. This is enabled by Albert Network Monitoring, which examines internet traffic and connection attempts on networks owned and run by election officials – including voter registration systems, voter information portals and back-office networks.

Albert provides network security alerts for both basic and advanced network threats, helping organizations identify malicious activity such as attempted intrusions by foreign adversaries or cybercriminals. Data from these sensors is sent in near-real-time to the CIS Security Operations Center, which is monitored around the clock every day by expert cybersecurity analysts.

To date, cloud computing providers, such as Microsoft Azure, have not been compatible with Albert sensors. This presented election officials with the difficult choice of selecting powerful, secure and cost-effective cloud computing options, or hosting the data on local servers if they wanted to take advantage of the added security of Albert. Today, through a partnership with CIS, we’re providing a new choice by making Microsoft Azure compatible with Albert for the first time.

We’re starting this journey through a pilot, which will begin this week, with 14 county Supervisors of Elections in Florida. Moving forward, Microsoft and CIS will look to open the capability to states and jurisdictions across the United States.

Today’s announcement is the result of collaborative work between Microsoft’s Azure Global engineering team and CIS’s engineering team, in partnership with Microsoft’s Defending Democracy Program. In the coming months, we look forward to sharing more details about our work to help secure the 2020 elections and future elections in the U.S. and around the world.

The post Increasing election security monitoring in cloud computing appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/3dvMazm
via IFTTT

My city represents… | AJ+

My city represents… | AJ+

Another Step in Testing ElectionGuard | Microsoft on the Issues

Another Step in Testing ElectionGuard | Microsoft on the Issues

After the debacle in the Iowa Caucuses early this month (though not directly related due to other circumstances) trust in the voting and election process continues to be under attack both internally and externally. The goal is to get it right, and Microsoft is doing it’s part to make it work for everyone.

Microsoft On the Issues Photo Credit

Feb 17, 2020   |   Tom Burt – Corporate Vice President, Customer Security & Trust

Tomorrow I’ll be in Fulton, Wisconsin, with a team of people from Microsoft taking one of many steps needed to prepare our ElectionGuard technology for broad adoption. Together with election officials from the state of Wisconsin and the election technology company VotingWorks, we will be piloting ElectionGuard in an actual election for the first time.

As voters in Fulton go to their polling place tomorrow to cast ballots in a primary election for Wisconsin Supreme Court candidates, the official count will be tallied using paper ballots as usual. However, ElectionGuard will also provide an encrypted digital tally of the vote that will enable voters to confirm their votes have been counted and not altered. Tomorrow’s pilot is one step in a deliberate and careful process to get ElectionGuard right before it’s used more broadly across the country.

Preparing technology for wide adoption is accomplished through incremental steps that enable iteration and improvement. We first demonstrated an implementation of ElectionGuard to cybersecurity experts and others at the annual Aspen Security Forum last summer. Then, in September, we shared the code for ElectionGuard as an open source project on GitHub so voting machine manufacturers, security researchers and others could begin testing it. We announced a bug bounty program, offering up to $15,000 to people who report security vulnerabilities with ElectionGuard so they can be fixed. The code was also tested for security vulnerabilities by NCC Group. Tomorrow’s pilot gives us the first chance to see ElectionGuard in action in a real election, to assess its performance and observe voter reaction. We hope to learn from this so we can continue to work with election officials in Wisconsin and other states – and with technology partners such as VotingWorks – to improve ElectionGuard. This is by no means the last step in our preparation; we anticipate many more pilots of ElectionGuard technology as we get it ready for prime time.

To be clear, the biggest credit for tomorrow’s pilot goes to the Wisconsin Election Commission and its Administrator Meagan Wolfe, as well as Rock County Clerk Lisa Tollefson for making the decision to try ElectionGuard so they can evaluate it for future use, and to VotingWorks, which designed and built much of the physical voting experience used in Fulton tomorrow. We’ve worked closely with the Commission and VotingWorks in recent months to test the system and voting machines for pilot use tomorrow, to conduct a public test of the machines even before the pilot, and to train polling place workers. We are also grateful to Connie Zimmerman, the Fulton Town Clerk, for enabling and supporting this pilot in the polling place she’s run for years, and to the Fulton Town Board, which voted to approve the pilot…

The rest of the post Another Step in Testing ElectionGuard appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/32amGn2
via IFTTT

Listen up North Carolina | NowThis

Listen up North Carolina | NowThis

The main issue is funding. It seems to me that the collective we can fund whatever we feel is important. However, in North Carolina, most of the collective we aren’t important. And this spans both political parties in this state. It’s almost as North Carolina has “Alabama” level aspirations in their interaction with minorities in general.

NowThis tweet.

Open government data – more critical than ever. | Microsoft on the Issues

Open government data – more critical than ever. | Microsoft on the Issues

What strikes me as interesting that there was no mention of former CEO Steve Ballmer’s USAFacts website, that is one of his first post-MS initiatives.

Today, in Washington, D.C., Microsoft was pleased to participate in an event hosted by  the Business Software Alliance, focused on Data Innovation Policy:  Enabling Access and Promoting Use. We were honored to have U.S. Rep. Derek Kilmer (D-WA) provide introductory remarks. Rep. Kilmer is a strong advocate for open data, having served as sponsor of the OPEN Government Data Act, which was signed into law in January 2019. As Rep. Kilmer noted, Congress and the administration have recognized that the availability of useful government data is essential for the U.S. to lead a digital economy powered by AI and data analytics. The OPEN Government Data Act’s mandate – to encourage every federal agency to publish information as open data – is fundamental to achieving this goal. This mandate is ambitious and presents a range of policy, structural and technical challenges. Multiple agencies need to develop and implement effective approaches to identify, maintain and publish relevant data inventories, in a standardized, machine-readable format. Important progress has been made toward these ambitions.

And yet, there is more that can be done to achieve this vision. One idea I mentioned at the event is the idea of creating a Federal Chief Data Officer role to help spearhead the goals of the OPEN Government Data Act. The creation of such a role would help agencies coordinate and prioritize the work to unlock high value government data.

At the event today, we heard about many compelling examples where open government data has been used to advance research in important areas. For example, our speaker from the Fred Hutchinson Cancer Research Center spoke about how government data was being used by a scientist to help look at new ways to identify and treat endometriosis. We also heard from Rep. Kilmer about how environmental data was being used to help forecast weather and transportation trends.

The rest of the post Open government data – more critical than ever. appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/2QlmuNU
via IFTTT

Happening now 90 mi NE of here.

Happening now 90 mi NE of here.

It should be noted that the US Congresswoman mentioned in this story, @Alma Adams, is originally from High Point. When NC-12 was re-drawn, it became essentially Charlotte only, so now she lives here and represents me in Congress.

Sometimes the truth hurts, but the hope is that a collective we is grown enough to hear and understand.

Sometimes the truth hurts, but the hope is that a collective we is grown enough to hear and understand.

Featured image screenshot courtesy of @NowThisNews via @Twitter

Why Microsoft won’t unplug government agencies despite opposition to Trump policies | GeekWire

2019-10-01 01.23.12 www.bing.com 70b6c3d59021

From Wikipedia, who left out the other author in the main credit place, Carol Anne Browne

Why Microsoft won’t unplug government agencies despite opposition to Trump policies:

Microsoft has been known to go against the grain when it sees fit to do so. Actually, I’m kind of glad they are here. Easier said than done when you are a distant 2nd in the cloud space, but I still admire their stance on this, though part of me wouldn’t want to deal with anything this administration does.

https://ift.tt/2mvUpqD via Tumblr and IFTTT

ElectionGuard available today to enable secure, verifiable voting | Microsoft on the Issues

ElectionGuard available today to enable secure, verifiable voting | Microsoft on the Issues

What I find coincidental about this posting on the same day history-making news was announced surrounding national political events. The announcement of impeachment inquiries has in part been a result of insecure voting. As the great national security philosopher, Malcolm Nance, once stated: Coincidences take a lot of planning.

In May, Microsoft CEO Satya Nadella announced ElectionGuard, a free open-source software development kit (SDK) from our Defending Democracy Program. ElectionGuard is accessible by design and will make voting more secure, verifiable and efficient anywhere it’s used in the United States or in democratic nations around the world. Today we’re announcing that ElectionGuard is now available on GitHub so that major election technology suppliers can begin integrating ElectionGuard into their voting systems.

The ElectionGuard resources available on GitHub today extend across four GitHub repositories, or storage spaces, each described below.

ElectionGuard specification. The ElectionGuard specification includes both “informal” and “formal” road maps for how ElectionGuard works. The informal spec is authored by Dr. Josh Benaloh of Microsoft Research and provides the conceptual and mathematical basis for end-to-end verifiable elections with ElectionGuard. The formal spec contains detailed guidance manufacturers will need to incorporate ElectionGuard into their systems, including a full description of the API – which is the way voting systems communicate with the ElectionGuard software – and the stages of an end-to-end verifiable election.

Software code. This repository contains the actual source code vendors will use to build their ElectionGuard implementations. It is written in C, a standard language commonly used by open-source software developers and includes a buildable version of the API. This documentation is also viewable here. This code was built together with our development partner Galois.

Reference verifier and specification. As we announced in May, ElectionGuard enables government entities, news organizations, human rights organizations, or anyone else to build additional verifiers that independently can certify election results have been accurately counted and have not been altered. The resources available on GitHub today include a working verifier as well as the specifications necessary to build your own independent verifier.

 

The rest of the post ElectionGuard available today to enable secure, verifiable voting appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/2kUqDel via IFTTT

Continue reading

Extending free Windows 7 security updates to voting systems | Microsoft on the Issues

Extending free Windows 7 security updates to voting systems | Microsoft on the Issues

Today, as part of Microsoft’s Defending Democracy Program, we are announcing that we will provide free security updates for federally certified voting systems running Windows 7 through the 2020 elections, even after Microsoft ends Windows 7 support. I would like to share more on why we help customers move away from older operating systems and why we’re making this unusual exception.

We launched Windows 7 in 2009, the same year the Palm Pre launched, Twitter took off, mobile phone navigation was just coming to market, and floppy disks were still selling by the millions. Software built for that era cannot provide the same level of security as a modern operating system like Windows 10. When we released Windows 7, we committed to supporting it for 10 years, and we’ve honored that commitment. We’ve also reminded customers about this along the way including, most recently, in January and again in March. This process is similar to how we’ve ended support for other operating systems in the past, and the majority of our customers have already made the move to Windows 10.

As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting machines in operation running on Windows 7. We also know that transitioning to machines running newer operating systems in time for the 2020 election may not be possible for a number of reasons, including the lengthy voting machine certification process – a process we are working with government officials to update and make more agile.

Since we announced our Defending Democracy Program, we’ve focused on bringing the best of Microsoft’s security products and expertise to political campaigns, parties, the election community, and democracy-focused nongovernmental organizations. This includes our AccountGuard service, which we offer at no additional cost, and ElectionGuard, which we’re making available for free and open-source…

The post Extending free Windows 7 security updates to voting systems appeared first on Microsoft on the Issues. from Microsoft on the Issues https://ift.tt/357QQbE

via IFTTT

Also, here is ZDNet’s version of the same story.

NC Governor Vetoes Medicaid Telehealth Bill in Feud With Lawmakers

Politics as usual. North Carolina is not immune.

North Carolina Governor Roy Cooper has vetoed a bill that would have expanded Medicaid coverage for telehealth and telemental health as he battles with the Legislature over budget priorities.

Source: NC Governor Vetoes Medicaid Telehealth Bill in Feud With Lawmakers

The Green New Deal from AJ+

Though I’ve been to Detroit in my younger years and still have family in the area, this also applies to the greater Charlotte area, where I live, and other communities throughout North America and beyond. I’m heartened to see a group address this, though getting through to some will be next to impossible. H/T AJ+, who does great work in their storytelling.

ACA Medicaid Expansion Reduces Mortality Rates, Study Shows

North and South Carolina: How many more studies do it take to convince your respective General Assemblies to expand Medicaid when the federal government is paying for most of it.

While you are at it, North Carolina, get rid of vehicle inspections; add the state’s portion to existing fees, like South Carolina did.

The Affordable Care Act’s expansion of Medicaid seems to reduce mortality rates, increase enrollment and coverage, and decrease the uninsured rates.

Source: ACA Medicaid Expansion Reduces Mortality Rates, Study Shows

New cyberthreats require new ways to protect democracy

New cyberthreats require new ways to protect democracy
Man and woman look at Microsoft ElectionGuard demos
Microsoft ElectionGuard demos on July 17, 2019 at the Aspen Security Forum in Aspen, Colorado. 

With the elections coming up, regardless of who you support, this is vital. I haven’t seen any other major tech company coming up with solutions, though it’s mentioned inside the full blog post.

Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security. Finding new ways to ensure that voters can trust the election process has never been more important. The world’s democracies remain under attack as new data we are sharing today makes clear. ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia,  are needed more than ever to help defend democracy.

 

So the problem is real and unabated. It is time to find solutions. Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy. As part of our contribution at Microsoft, we believe ElectionGuard will be an important tool to protect the voting process and to ensure that all voters can trust the outcome of free democratic elections.

 

Our ElectionGuard demo will showcase three core features.

 

First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility. We hope this will help show the community how accessibility hardware can be built securely and inexpensively into primary voting systems and no longer requires separate voting machines to meet the needs of those with disabilities – ultimately making it easier for more people to vote.

 

Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. The use of homomorphic encryption in election systems was pioneered by Microsoft Research under the leadership of Senior Cryptographer Josh Benaloh. This tracking code is a key feature of the ElectionGuard technology. For the first time, voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form, the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.

 

Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.

 

ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.

 

No one solution alone can address cyberattacks from nation-states. As we’ve seen, attackers will take any avenue to gain intelligence and disrupt the democratic process. That’s why Microsoft’s Defending Democracy Program has also offered Microsoft 365 for Campaigns and AccountGuard to protect political campaigns, parties and democracy-focused NGOs, and it’s why we’ve partnered with NewsGuard to defend against disinformation.

 

The post New cyberthreats require new ways to protect democracy appeared first on Microsoft on the Issues.

 

from Microsoft on the Issues https://ift.tt/2xVkjWA via IFTTT 

Protecting political campaigns from hacking | Microsoft on the Issues

Protecting political campaigns from hacking | Microsoft on the Issues

This is very much a step in the right direction. A challenge to open-source advocates to do something similar (LibreOffice are you listening!)

Today, at Microsoft’s Build Developer Conference, Microsoft CEO Satya Nadella announced a new service from our Defending Democracy Program called Microsoft 365 for Campaigns, which brings the high-end security capabilities of our Microsoft 365 Business offering to political parties and campaigns.

 

The majority of security breaches faced by political campaigns originate from malicious phishing attacks and target email and filesharing systems. But many campaigns are ill-equipped to deal with these threats from nation-states and criminal scammers. We talked with campaign staffers and leaders in campaign technology and heard repeatedly that security solutions for email often were too hard to configure and too expensive. M365 for Campaigns addresses both issues by making it easy to deploy advanced security features at a much lower price.

 

Starting today, campaigns can sign up to be notified when the service becomes available in June by visiting https://m365forcampaigns.microsoft.com.

 

M365 for Campaigns will be available in June to all federal election campaigns, federal candidate committees, and national party committees in the United States, and we are exploring ways to bring the service to other countries in the future.

 

As we said when we announced the Defending Democracy Program, threats to our democratic processes from cyber-enabled interference have become a critical concern. We must all partner and do more to protect free and fair elections, and securing campaigns is an important part of this work.

 

The post Protecting political campaigns from hacking appeared first on Microsoft on the Issues.

from Microsoft on the Issues http://bit.ly/2V1COln via IFTTT

Will 5G be the answer for underserved rural America? | Android Central

This is the main reason behind the purchase of Sprint by T-Mobile, it’s their spectrum holdings, not necessarily their customer base. Disclosure: A current T-Mobile customer, a former customer of Sprint in the 3G data only when I was an OTR trucker.

Also interesting, as much as the story itself is the comments. Mostly on topic, but demonstrates a wide gap between perceived coverage and actual coverage, even in some cases one county removed from a major or mid-sized city.

It’s been touted that 5G is the answer to get broadband internet service to rural parts of the U.S., but like everything else, it isn’t that simple. 5G has the potential to cover everyone in the United States because it’s deployed so differently to current broadband solutions like cable and satellite (and fiber, but that’s still a pipe dream for most of the world), and the equipment used for a cell “tower” is much smaller and cheaper to build and deploy than running wire.

 

This will allow for planning a 5G network not only in places like Chicago or Los Angeles but Western Washington and Appalachia, too. Narrowband 5G can also connect up to 100-times more clients than existing tech and has 10-times the range. It sounds like the answer.

 

To become the answer, though, a few other things need to be discussed. The biggest hurdle, according to industry partners ready to profit by providing 5G access, is spectrum licensing. While the narrowband 5G mentioned above does have 10-times more range than existing services can provide, a more realistic look using the spectrum available and messy standards we have now mean you would need a small-site 5G station spaced only a few hundred feet apart according to NTCA Senior VP of Industry Affairs Michael Romano.

 

via Will 5G be the answer for underserved rural America? | Android Central

Top 5 things to know about voting and blockchain – TechRepublic

20181001-blockchainvote-tom

blockchainvote-tom via Tech Republic

West Virginia is trying this out. Imagine this state being a leader in Blockchain technology for political purposes. Hard to so do, but here we are. BTW Ojeda YES!

via Top 5 things to know about voting and blockchain – TechRepublic

Oklahoma Government in Row Over Alleged HIPAA Violation

Oklahoma Government in Row Over Alleged HIPAA Violation

 

Thinkstock via HealthITSecurity.com

 

As I read this article while attempting to keep up with interesting HIPAA articles, I did some quick research on Wikipedia, Bing search engines, and the Federal agency that covers this topic. I couldn’t find any reference to caching and storage, which is central to attaining the truth on which political position is correct on the subject. Long story short, a planned maintenance Internet outage occurred; some staffers used their smartphones loaded with an app to access Personal Health Information; no agreement on the correctness of this action bordering on partisanship.

I believed that it is the job of journalists and editors to gather facts on the subject in question and present them in the article, or at least the updated version online after a printed story. Disclaimer, I did not go to journalism school at Auburn University.

Two branches of Oklahoma’s government are embroiled in a controversy over whether the Oklahoma Department of Veterans Affairs committed a HIPAA violation.

Source: Oklahoma Government in Row Over Alleged HIPAA Violation