爱荷华州党团会议在这里举行, 这意味着正式进入选举季节, 所以你可能会想:如果我能在网上买车, 在网上看所有我喜欢的电视节目, 上网雇个遛狗人, 为什么我不能在网上投票? 好吧,这取决于你在哪里,这是有可能的. 如果你住在金郡, 华盛顿, 例如, 你可以在今年的地区选举中在线投票. So while the concept is starting to take shape for some smaller ballot votes, let’s take a look at how the model designed to guide policies for information security within an organization, 传说中的中情局三合会(保密), 完整性, 可用性), 会影响网上投票.
分布式拒绝bet9平台游戏攻击
在DDoS攻击中, 威胁行为者试图使网站的流量过载, with the intent to disrupt the availability of the website and prevent access to valid users. As these types of attacks typically require minimal effort and cost to perform for a sophisticated threat actor – to the point where NetScout reported that there were approximately 3.8 million DDoS attacks in first half of 2019 alone – a single threat actor could attempt to bring down the availability of a website during critical voting times to prevent constituents from casting their ballots. This could significantly impact the results of the election since it would also discourage voting in general, 因为人们不太可能继续尝试投票.
选民设备上的恶意软件
这取决于选民使用的设备, 是否电话, 家用电脑或工作电脑, 有可能它已经被威胁行为者破坏了. With voters having such a variety of technologies at their disposal and with varying voter technical sophistication, there’s likelihood that many devices may not be properly secured to ensure that malware is not already present. 如果是这样的话, a threat actor could perform malicious activity using the voter’s device without the voter’s knowledge. It would also be exceedingly difficult from an oversight perspective to verify the security of each user’s device prior to them casting a ballot.
中路进攻
A Man in the Middle attack occurs when a threat actor secretly relays – and possibly alters –communications between two parties who believe they’re directly communicating with each other. 假设你去投票的时候你的设备上没有恶意软件, there’s still a possibility that a threat actor may intercept or redirect your vote as it’s transmitted over an open internet. 而复杂, it is possible that an attacker could compromise a relay point in the transmission process and stop or manipulate your vote, which could then be submitted by the attacker without the voter even being aware that his or her vote was intercepted.
身份验证的完整性
Then there’s the issue of understanding how the voter authenticates to the system in order to vote. Is it through a combination of personal information such as their address, 生日或社会安全号码? Or would each voter be provided a unique sign-in authenticator in order to access the voting system? 这里的问题变成了验证选民的完整性, 简而言之, 证明他们就是他们所说的那个人.
Using personal information of the voter always presents a chance that the information is known by a threat actor or is for sale on the dark web. 通过为每个人提供唯一的身份验证器, 比如通过邮件, 总有机会的, 虽然, 标识符在途中被拦截或泄露. 除了, the election board may need to verify the 完整性 of the voter when validating his or her vote by reviewing personal information, 这样就消除了选民所期望的一些保密性.
Web应用程序/bet9平台游戏器安全
即使假设上述四个风险以某种形式得到解决, placing a system externally on the internet leaves it prone to be attacked by threat actors, who from anywhere in the world could target a voting system for both Web application coding misconfigurations and vulnerabilities along with the servers themselves. Any oversight board would need to ensure the application is written with security in mind and servers are properly patched and hardened to ensure the confidentiality of information, 投票的完整性和投票平台的可用性.
While the above are just some of the risks involved with the implementation of online voting, 这并不是说这些风险无法解决. 网上投票肯定有很多好处, including the potential for increased voter turnout due to the process being more efficient, 可及及方便, so it’s entirely possible that in the future voting online may be the primary way an election is held.
To learn more about the bet9游戏平台 cybersecurity team and service visit o12w.freoreport.net/cybersecurity 或透过电邮联络我们 cybersecurity@freoreport.net.