1400x-1

Ohio State Defense Force Cyber Security Team Featured in Bloomberg Article

The national news outlet, Bloomberg, recently featured an article on the Ohio Cyber Reserve, one of the departments within the Ohio State Defense Force. The Cyber Reserve is made up of 80 troops who are experts in the IT field volunteering to serve the State of Ohio to ensure its internet infrastructure is protected from attack. The unit is also tasked with protecting and safeguarding Ohio’s Electoral system if it encounters attacks from nation states. In the two years since its formation the unit has been activated twice, both involving attacks on government agencies.

Many other State Defense Forces, such as the Maryland Defense Force, California State Guard, etc., have a Cyber Security unit. They work hand in hand with their National Guard.

Here is the article:

Ohio Raises a Volunteer Army to Fight Election Hacking

The state turns to private-sector professionals to fend off cyberattacks on voting systems.

Chris Riling, a systems architect at Cisco Systems Inc., is a volunteer for the Ohio Cyber Reserve.
Chris Riling, a systems architect at Cisco Systems Inc., is a volunteer for the Ohio Cyber Reserve.Photographer: Sarah Rice for Bloomberg Businessweek
relates to Ohio Raises a Volunteer Army to Fight Election Hacking

 

Created just before the pandemic, the Ohio Cyber Reserve has assembled 80 members who can be called up under the command of Major General John Harris of the National Guard. They work mostly in cybersecurity by day and moonlight as crime-fighting reservists on weekends and Tuesday evenings from 6 p.m. to 9 p.m. The program already has state funding to expand to 200 people and could ultimately grow to 500, organizers say. Most members take leave from work to fulfill their reserve duties and receive travel expenses for training.

The idea that election security could be bolstered by unpaid militia members is an indication of just how much strain local officials face. In the US, states and smaller jurisdictions run elections—including federal ones—often with few resources, limited know-how, and divergent approaches. Ohio alone has 88 county election boards, and Michigan has 1,603 local election officials. Cyber protection levels across the US range from advanced threat detection and remediation all the way down to nonexistent IT departments.

 

“There are 50 different ways of running elections throughout this country,” says Frank LaRose, Ohio’s Republican secretary of state. He and other experts say the separate systems help prevent large-scale attacks, but the approach can mean some jurisdictions are more vulnerable. As a state senator, LaRose supported the creation of the reserve as a flexible response team and sometimes calls it the “Geek Squad.” Jen Easterly, director of the federal Cybersecurity and Infrastructure Security Agency, recently said that Ohio is “a model for what the rest of country needs to be doing to keep their elections safe and secure.”

Ohio’s electronic militia is a rare point of bipartisan agreement in a political landscape riven by disagreements over real and imagined threats to the ballot box. Even as some Republican leaders in states and in Congress focus on former President Donald Trump’s baseless claims about 2020 fraud, there are real challenges facing the country’s election systems. Cybersecurity officials say the outcome of a vote has never been compromised, but the specter of digital tampering looms large. New US guidelines advise against enabling wireless connectivity and connecting voting and tabulation machines to the internet—however, cybersecurity experts say those machines could still theoretically be “hackable” through sophisticated attacks or specialized malware. Online voter registration databases and other aspects of polling are more vulnerable, and have been breached in the past.

In Ohio, a critical swing state, the stakes of election security are particularly high. “It is clear that any little thing that happens in an election is going to be used to drive narratives of distrust and doubt,” says Matthew Masterson, a former Ohio election official and previous chairman of the US Election Assistance Commission. But throughout the US, election officials “still can’t get the level of support that they need,” he says.

 

In May, the Massachusetts Institute of Technology Election Data and Science Lab said voting administration remains underfunded in much of the country, describing even federal funding as “infrequent and reactive.” Washington agencies offer some free tools and services to local authorities, but those efforts have been criticized for being insufficient in the past, and federal support has sometimes run up against local suspicion.

relates to Ohio Raises a Volunteer Army to Fight Election Hacking

FBI Director Christopher Wray at a Senate Judiciary Committee hearing in Washington on Aug. 4.
Photographer: Alex Wong/Getty Images

Meanwhile, the threats are increasing. A Senate panel report said Russia likely targeted election systems in all 50 states in the 2016 election, and experts believe Russia successfully accessed the systems of multiple state and local electoral boards (though there was no evidence of ballot tampering). The US intelligence community says Russia and Iran ran influence campaigns in 2018 and 2020. And officials worry about the dangers of state-sponsored attacks from China and North Korea, increasingly active global ransomware groups, and new perils posed by aggrieved insiders. FBI Director Christopher Wray recently warned that Russia “can walk and chew gum” at the same time—meaning that the Kremlin could both wage war in Ukraine and meddle with American elections.

US Cyber Command and the National Security Agency have reestablished a voting security group ahead of the midterms to detect such threats, but individual states still run the operations on the ground. It’s a risky approach, says David Levine, a former elections director for Ada County, Idaho, who’s now a fellow at the Alliance for Securing Democracy. “Asking state and local election officials to single-handedly hold the line against sophisticated adversaries like Russia, China, and Iran is simply a bad bet,” he says.

The country’s voting infrastructure also faces internal challenges. Harassment and threats in the wake of Trump’s unfounded fraud claims have seen some election workers quit. Levine and others have mourned what he calls “an exodus” of talent.

The backers of Ohio’s volunteer militia, which was created with unanimous support by state legislators, believe it will help solve some of these problems. It’s relatively cheap, with standards that are still exacting. About one-third of applicants don’t end up joining. And once they sign on, they’re tasked not just with responding to crises but conducting training and security assessments to reduce vulnerabilities.

Several states are following suit. California, Texas, Oklahoma, South Carolina, and Maryland are all establishing civilian cyber volunteer response teams. Michigan and Wisconsin already have such groups, though unlike Ohio they can’t be called up under National Guard authorities. Virginia and Indiana are trying to set up similar programs, and Colorado, Montana, Washington, and West Virginia are all interested, according to a June paper from the National Governors Association

 

“The phone’s been ringing off the hook,” says Major General Harris, who’s responsible for the command of Ohio’s National Guard. “There’s a lot of interest in standing up this kind of cyber reserve.” Chip Daniels, of the South Carolina National Guard, is among the emissaries from other states who recently traveled to Ohio to observe the volunteers’ work. “We’re light-years behind these guys,” he says. In mid-July, 19 members of the Ohio reserve attended a three-day exercise in Cincinnati dedicated to thwarting cyberattacks against the state. They hunted for digital breadcrumbs left by a fictional disgruntled employee who defaced state websites, tracked down theoretical thieves who mined a municipal online data trove, and battled malware that a foreign country had secreted onto county computer networks. The exercise was “wildly successful,” says Richard Harknett, a University of Cincinnati professor who was a key thinker behind the reserve and whose work has helped inform US Cyber Command’s more aggressive stance in recent years.

 

Harris has already called on the civilian reserve at least twice. In February 2021, a volunteer spent four days helping respond to a ransomware attack on an Ohio government agency. And earlier this year, six volunteers put in time over the course of several weeks after a separate attack. “It was incredible,” says Aaron Bleile, a 31-year-old state employee with a background in cyber forensics, who was called in to help on one of the responses.

Harris is braced for more such events in the future. “We Americans tend to think we’re at war or we’re at peace,” he says. Instead, there’s a kind of simmering struggle taking place as cyberattacks against the US increase in scale and scope. Says Harris: “The truth of the matter is we’re in competition now.”


Source: Ohio Military ReserveBloomberg

Tags: No tags

Add a Comment

Your email address will not be published. Required fields are marked *