KelvinSkye
New Member
Hello,
Today I discovered this blog, and this thread discussing the voting machine situation in PA as I was searching for some information.
I don't even know if this is an active thread anymore, but the discussions got my attention. I'll go back to read the thread again in more detail when I have more time - but I wanted to mention a few things that caught my attention.....some of these are probably very well known to those of you who have been posting on this topic.
One of the biggest issues, if not the biggest issue/concern in the Cybersecurity world these days (for quite a few years in fact) is the issue of the 'insider threat'....the possibility that a trusted insider can cause damage, steal data/information, sabotage a system, etc, etc. This risk potential is very real, and I've personally been involved in investigating more than a few situations involving insider threat and mission critical systems. In quite a few of those situations I was the person leading the investigation. Electronic voting systems are defined as mission critical systems.
There are a few things that jumped out at me when I read Gregory Stenstrom's affidavit. The situation he's describing has insider threat potential written all over it.
First, removable USB devices (vDrives, USB cards, memory sticks, whatever you want to call them) were being moved/transported without at least two people being involved. This is unacceptable in this application scenario.
Second, the transportation of the removable USB devices appears to have taken place without using control mechanisms including placing the USB device(s) in a dedicated, secure transport container. Again, this is unacceptable in this type of application scenario.
Given the importance of the function performed by the voting systems, both of these activities present an immediate high concern for insider threat risk potential. Since I don't know what the defined process is in either PA or any of the counties in the state, I don't know what the 'rules' are for this activity. If the defined process(es) allows this to happen, then that is a separate problem.
Third, allowing one person to connect a removable USB device to an operational system of this significance, by themselves, and without following a strict written verifiable checklist process, is a huge problem. This is immensely unacceptable in this type of scenario.
Based on my experience in a wide range of application areas, without using 2 person integrity when it comes to USB based removable devices/media in this specific type of application scenario, the entire process/operation used here is considered invalid, unreliable, and not secure. In other words, it presents unacceptable risk and the integrity of the operation(s)/task(s) being performed can not be trusted.
Most importantly, the lack of diligent use of chain of custody forms and processes associated with the use of removable media is a huge no-no in a system/application such as this one. This means the entire process and any data associated with it can not be trusted. No exceptions.
Without the use of rigorous, industry best practices when it comes to using removable USB devices on a mission critical system means there is no way to verify data integrity, nor is there any way to perform a forensically sound audit (which must include chain of custody forms and documented processes). This can't be over-emphasized.
Based on Mr. Stenstrom's affidavit, none of the data associated with these voting machines can be trusted, and all of it needs to be discarded.
Also, regarding the comments/discussion about making a hard drive image - unless the law enforcement authorities on the scene were provided the authority (and the appropriate training) to make a decision as to whether a potential crime had been committed and were also empowered to make a decision to 'seize' the machines which would then allow a specially trained team come in to perform the forensic data acquisition, then there's nothing they were really able to do under the circumstances.
The generalized term Mr. Stentstrom didn't use in his discussion is 'forensic write blocker', commonly referred to as just a 'write blocker'. There are both software and hardware based write blockers. For situations 'in the field' such as this scenario with voting machines, a hardware write blocker device is typically what I would expect be used if someone were to perform an acquisition and analysis on the scene. These days, it is not unusual for computer systems to remain powered up during some part of the forensic process, because the operating system or other application software will often change data, settings, or software configuration information when a system is shut down. It all depends on the scenario.
One thing I haven't seen reported in the news media (any media, mainstream or otherwise) is mention of the fact there are currently no mandatory national standards for the voting process, and no mandatory national (cybersecurity) standards for electronic voting machines. This means each state is responsible for making their own laws regarding how voting will be performed, and defining their own standards regarding whether they will accept the 'suitability' of an electronic voting machine and allow it to be used in their state.
In my personal opinion if the U.S. Congress were doing their collective job, they would have addressed this years ago....because it has come up before, more than once.
Today I discovered this blog, and this thread discussing the voting machine situation in PA as I was searching for some information.
I don't even know if this is an active thread anymore, but the discussions got my attention. I'll go back to read the thread again in more detail when I have more time - but I wanted to mention a few things that caught my attention.....some of these are probably very well known to those of you who have been posting on this topic.
One of the biggest issues, if not the biggest issue/concern in the Cybersecurity world these days (for quite a few years in fact) is the issue of the 'insider threat'....the possibility that a trusted insider can cause damage, steal data/information, sabotage a system, etc, etc. This risk potential is very real, and I've personally been involved in investigating more than a few situations involving insider threat and mission critical systems. In quite a few of those situations I was the person leading the investigation. Electronic voting systems are defined as mission critical systems.
There are a few things that jumped out at me when I read Gregory Stenstrom's affidavit. The situation he's describing has insider threat potential written all over it.
First, removable USB devices (vDrives, USB cards, memory sticks, whatever you want to call them) were being moved/transported without at least two people being involved. This is unacceptable in this application scenario.
Second, the transportation of the removable USB devices appears to have taken place without using control mechanisms including placing the USB device(s) in a dedicated, secure transport container. Again, this is unacceptable in this type of application scenario.
Given the importance of the function performed by the voting systems, both of these activities present an immediate high concern for insider threat risk potential. Since I don't know what the defined process is in either PA or any of the counties in the state, I don't know what the 'rules' are for this activity. If the defined process(es) allows this to happen, then that is a separate problem.
Third, allowing one person to connect a removable USB device to an operational system of this significance, by themselves, and without following a strict written verifiable checklist process, is a huge problem. This is immensely unacceptable in this type of scenario.
Based on my experience in a wide range of application areas, without using 2 person integrity when it comes to USB based removable devices/media in this specific type of application scenario, the entire process/operation used here is considered invalid, unreliable, and not secure. In other words, it presents unacceptable risk and the integrity of the operation(s)/task(s) being performed can not be trusted.
Most importantly, the lack of diligent use of chain of custody forms and processes associated with the use of removable media is a huge no-no in a system/application such as this one. This means the entire process and any data associated with it can not be trusted. No exceptions.
Without the use of rigorous, industry best practices when it comes to using removable USB devices on a mission critical system means there is no way to verify data integrity, nor is there any way to perform a forensically sound audit (which must include chain of custody forms and documented processes). This can't be over-emphasized.
Based on Mr. Stenstrom's affidavit, none of the data associated with these voting machines can be trusted, and all of it needs to be discarded.
Also, regarding the comments/discussion about making a hard drive image - unless the law enforcement authorities on the scene were provided the authority (and the appropriate training) to make a decision as to whether a potential crime had been committed and were also empowered to make a decision to 'seize' the machines which would then allow a specially trained team come in to perform the forensic data acquisition, then there's nothing they were really able to do under the circumstances.
The generalized term Mr. Stentstrom didn't use in his discussion is 'forensic write blocker', commonly referred to as just a 'write blocker'. There are both software and hardware based write blockers. For situations 'in the field' such as this scenario with voting machines, a hardware write blocker device is typically what I would expect be used if someone were to perform an acquisition and analysis on the scene. These days, it is not unusual for computer systems to remain powered up during some part of the forensic process, because the operating system or other application software will often change data, settings, or software configuration information when a system is shut down. It all depends on the scenario.
One thing I haven't seen reported in the news media (any media, mainstream or otherwise) is mention of the fact there are currently no mandatory national standards for the voting process, and no mandatory national (cybersecurity) standards for electronic voting machines. This means each state is responsible for making their own laws regarding how voting will be performed, and defining their own standards regarding whether they will accept the 'suitability' of an electronic voting machine and allow it to be used in their state.
In my personal opinion if the U.S. Congress were doing their collective job, they would have addressed this years ago....because it has come up before, more than once.