New tools to secure democracy | Microsoft On The Issues

New tools to secure democracy | Microsoft On The Issues

In recent months, we’ve worked closely with political campaigns and parties who are protected by our AccountGuard threat notification service and conducted hundreds of security trainings ahead of the 2020 elections. We’ve heard one repeated request throughout these engagements: Those involved in the democratic process want more protection for what we call identity management, or the ability for their staff to securely log into their accounts and access their email and files while preventing unwanted intrusions. Greater security in this area would help prevent the “hack-and-dump” scenario where cybercriminals or foreign governments steal a campaign official’s emails and release them online.

Starting today, we’re bringing Microsoft’s enterprise-grade identity and access management protections to AccountGuard members in the U.S. at no cost to further help secure them ahead of the 2020 elections. We’re also announcing a new partnership with Yubico to provide phishing-resistant security keys to AccountGuard customers. For political campaigns and committees, these services will be offered through Defending Digital Campaigns, a non-profit and non-partisan organization that has been authorized by the Federal Elections Commission to provide campaigns with free or low-cost technology from a variety of companies. Our Defending Democracy Program will also work directly with democracy-focused non-profit organizations and think tanks enrolled in AccountGuard to help them use these protections.

There are a range of identity and access management protections we’ll offer as part of this, but five examples, which we believe are protections that benefit all campaigns, include:

Multi-factor authentication: While all Microsoft business and consumer email services support multi-factor authentication, what we’re announcing today contains extra protection against phishing for those using this important feature. Customers can now use the Authenticator app on their phones or hardware keys from Yubico as another factor for identity protection.

Single sign-on: This feature enables one set of credentials to be used securely across hundreds of cloud apps, making it easier for a staffer or campaign official to access the apps they need with a high level of security but also more quickly and easily.

Conditional access policies: This is the ability for a campaign to help ensure only the right people are logging into their network by setting conditions such as the behavior people can use to navigate to their accounts, where they are physically located, what kinds of devices they might be using and what applications they might be using.

Privileged identity management (PIM): This includes security features enabling campaigns to manage, control and monitor access to important resources in the organization. PIM will provide time-based and approval-based authorization to access certain resources and lessen the risk of excessive, unnecessary and misused access permissions to sensitive resources.

Access governance: Campaigns have vendors, staffers and volunteers who come and go, and this set of features helps automatically terminate access when they depart an organization or complete a project, shrinking the number of entry points for a hacker.

Our new partnership with Yubico, the recognized industry leader in physical security keys, will provide YubiKeys to AccountGuard customers for defense against phishing and other cyberattacks. Yubico will provide 10 YubiKey 5 Series security keys, to be used on compatible computers or phones, to any AccountGuard-covered organizations for free, for a limited time, plus up to an additional 40 keys at a 50% discount.

We know that many political campaigns do not have dedicated IT support staff, and today’s news comes with hands-on help for those that need it. Deployment assistance for the technologies in today’s news will be provided to AccountGuard customers as an included benefit through our FastTrack program or through our FastTrack-ready partners. A dedicated team of deployment engineers will be available to help provide remote assistance and guidance, and Microsoft partner Patriot Consulting Technology Group will offer additional onboarding support, integration and trainings.

Any AccountGuard-eligible customer can learn more about enrolling in AccountGuard or taking advantage of the tools announced today by contacting AccountGuard@microsoft.com. While we’re offering this to U.S.-based AccountGuard customers ahead of the 2020 U.S. election, we will explore offering it in other geographies in the future.

The post New tools to secure democracy appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/3ddGERF
via IFTTT

Protecting democracy, especially in a time of crisis | Microsoft On The Issues

Protecting democracy, especially in a time of crisis | Microsoft On The Issues

It’s critical when we’re facing crises that we protect our core values, including democracy. Democracies were already facing adversaries intent on using cyberattacks to disrupt our elections and democratic processes. Now, as the world battles the COVID-19 pandemic, we have seen, and others have reported, that nation states and cybercriminals are taking advantage of the crisis by using virus-themed phishing attacks and other techniques to attack critical institutions. We must assume they will use these techniques to target our elections as well.

Today, we are announcing several steps our Defending Democracy program is taking to help our democratic processes become more resilient in light of all these threats. First, starting today, we’re expanding our Defending Democracy Program to include a new service, Election Security Advisors, which will give political campaigns and election officials hands-on help securing their systems and recovering from cyberattacks. Second, we are expanding our AccountGuard threat notification service to cover the offices of U.S. election officials and the U.S. Congress as many are working remotely. Third, we are extending Microsoft 365 for Campaigns to state-level campaigns and parties. And, finally, we are publishing our public policy recommendations for securing elections, including ways to secure them while confronting the COVID-19 public health crisis.

Introducing Election Security Advisors

Today, as part of Microsoft’s Defending Democracy Program, we’re announcing a new service called Election Security Advisors, bringing Microsoft’s cybersecurity preparedness and remediation expertise to election officials and political campaigns. Through Election Security Advisors, campaigns and election officials will be able to choose from two offerings from Microsoft’s Detection and Response Team (DART). The first is an assessment of an organization’s systems and then providing expert help in configuring them securely to close any security gaps. The second is an incident response service helping these organizations find the cause of an attack, root it out and provide the direction required to restore their systems…

AccountGuard expansion

Since we announced our AccountGuard threat notification service in August 2018, we’ve expanded it to political campaigns, parties and democracy-focused non-profits in 29 countries around the world. It now protects more than 90,000 accounts. Starting today, AccountGuard is now also available to members of U.S. Congress and their staff as well as state election officials across the country, and sign up is available here. As many of these officials and their staff are engaging in their duties while working remotely, we hope this extra layer of security will help…

Microsoft 365 for Campaigns expansion

As we’ve continued to engage with those involved in the democratic process, one thing we hear routinely is that enterprise-grade email and filesharing services with world-class security are often too expensive for campaigns or are too difficult to set up and manage. Based on this feedback, last summer, we announced Microsoft 365 for Campaigns, bringing our best and most secure email services to political campaigns at the federal level…

Policy recommendations

Today, we also published a set of policy recommendations and suggested actions government can take to secure the election system, including recommendations for conducting secure elections while addressing the need for social distancing to fight COVID-19…

In closing, there’s one important note about today’s AccountGuard and Microsoft 365 for Campaigns news. Due to local regulations, we are currently unable to offer AccountGuard to state election departments or M365 for Campaigns in the following states at this time: Colorado, Delaware, Illinois, Oklahoma, Wisconsin and Wyoming. We encourage customers in those states to explore additional offerings here. In many cases, it’s law or regulation – not technical capability – that is preventing us from helping to secure democratic institutions as much as possible. We’ve been pleased that so many government officials around the world have worked collaboratively with us to break down existing barriers, and we’ll continue to work with government officials to find solutions.

The rest of the post Protecting democracy, especially in a time of crisis appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/3bN7YWE
via IFTTT

ElectionGuard available today to enable secure, verifiable voting | Microsoft on the Issues

ElectionGuard available today to enable secure, verifiable voting | Microsoft on the Issues

What I find coincidental about this posting on the same day history-making news was announced surrounding national political events. The announcement of impeachment inquiries has in part been a result of insecure voting. As the great national security philosopher, Malcolm Nance, once stated: Coincidences take a lot of planning.

In May, Microsoft CEO Satya Nadella announced ElectionGuard, a free open-source software development kit (SDK) from our Defending Democracy Program. ElectionGuard is accessible by design and will make voting more secure, verifiable and efficient anywhere it’s used in the United States or in democratic nations around the world. Today we’re announcing that ElectionGuard is now available on GitHub so that major election technology suppliers can begin integrating ElectionGuard into their voting systems.

The ElectionGuard resources available on GitHub today extend across four GitHub repositories, or storage spaces, each described below.

ElectionGuard specification. The ElectionGuard specification includes both “informal” and “formal” road maps for how ElectionGuard works. The informal spec is authored by Dr. Josh Benaloh of Microsoft Research and provides the conceptual and mathematical basis for end-to-end verifiable elections with ElectionGuard. The formal spec contains detailed guidance manufacturers will need to incorporate ElectionGuard into their systems, including a full description of the API – which is the way voting systems communicate with the ElectionGuard software – and the stages of an end-to-end verifiable election.

Software code. This repository contains the actual source code vendors will use to build their ElectionGuard implementations. It is written in C, a standard language commonly used by open-source software developers and includes a buildable version of the API. This documentation is also viewable here. This code was built together with our development partner Galois.

Reference verifier and specification. As we announced in May, ElectionGuard enables government entities, news organizations, human rights organizations, or anyone else to build additional verifiers that independently can certify election results have been accurately counted and have not been altered. The resources available on GitHub today include a working verifier as well as the specifications necessary to build your own independent verifier.

 

The rest of the post ElectionGuard available today to enable secure, verifiable voting appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/2kUqDel via IFTTT

Continue reading