The URL can be used to link to this page

Home My WebLink About11.10.20 Staff Report for Item 4.02A - FW_ Report on 2020 Elections Cyber Security From:Schuman, Amy To:Alpert, Bruce;Bennett, Robin;Clerk of the Board;Connelly, Bill;Cook, Holly;Lambert, Steve;Lucero, Debra; McCracken, Shari;Paulsen, Shaina;Pickett, Andy;Ring, Brian;Ritter, Tami;Rodas, Amalia;Sweeney, Kathleen; Teeter, Doug Cc:Grubbs, Candace;Jessee, Meegan;Pickett, Andy Subject:Staff Report for 11/10/20 Item 4.02A - FW: Report on 2020 Elections Cyber Security Date:Tuesday, November 10, 2020 8:59:32 AM Attachments:Cybersecurity Report of the November 3 2020 Presidential General Election.pdf Election Summary Report - Butte County General Election November 3 2020.pdf Good morning Supervisors, Please see the attached staff report documents for today’s Board Meeting Item 4.02A. FYI – These are not yet available on Granicus/the website, however will be uploaded after the Board Meeting. Amy Schuman Associate Clerk of the Board Butte County Administration 25 County Center Drive, Suite 200, Oroville, CA 95965 O: 530.552.3300 |D: 530.552.3308 | F: 530.538.7120 Twitter | Facebook | YouTube | Pinterest From: Snyder, Ashley Sent: Tuesday, November 10, 2020 8:53 AM To: Schuman, Amy <ASchuman@buttecounty.net> Subject: FW: Report on 2020 Elections Cyber Security Ashley N. Snyder Assistant Clerk of the Board Butte County Administration 25 County Center Drive, Suite 200, Oroville, CA 95965 T: 530.538.2867 | F: 530.538.7120 Twitter | Facebook | YouTube | Pinterest From: Wright, Mike <MWright@buttecounty.net> Sent: Tuesday, November 10, 2020 7:54 AM To: Snyder, Ashley <ansnyder@buttecounty.net> Subject: Report on 2020 Elections Cyber Security Good morning Ashley, I will be presenting today with Candace Grubbs on the 2020 election. I have prepared a report (attached) and plan to bring hard copies today, but I also realize that not everyone will be physically in attendance. Mike Wright, MSIT Information Systems Analyst, Principal Butte County Department of Information Systems 308 Nelson Avenue, Oroville, CA 95965 Telephone: 530.552.3281 Help Desk: 530.552.3222 Cybersecurity Report of the November 3, 2020 Presidential General Election Report Date: November 10, 2020 Prepared by: Mike Wright, Information Systems Analyst, Principal Butte County Department of Information Systems Elections Cybersecurity Cybersecurity is the protection of internet-connected systems from attack, damage, defacement and unauthorized access. The County Department of Information Systems manage and maintain network access, firewalls, authentication mechanisms, secure remote access (VPN), anti-malware software, vulnerability assessment, email security and threat response. County Information Systems also provides training for all County employees on cybersecurity topics such as Phishing and general cybersecurity awareness. Elections Information Systems staff work closely with County Information Systems and manage and maintain systems within the elections department, portable computing systems and the non- internet-connected voting systems. In compliance with California Elections Code §1920516, which requires that no part of the voting system shall be connected to the internet at any time, voting systems cannot receive or transmit election data by way of hardwired or wireless means. Elections Information Systems Staff maintain voting systems and ensures that this Elections Code requirement is enforced. ments. One such resource is the Multistate Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). MS-ISAC/EI-ISAC focus on cyber threat prevention, protection, response, and recovery for federal, state, and local governmental agency members. Butte County Information Systems Staff and Elections Information Systems Staff have been active members of both MS-ISAC and EI- Elections Cybersecurity Planning and Preparation The implementation of an effective Cybersecurity Program is an always evolving process that does not stop or start with an important event, such as an election. All Information Systems Staff continuously work to be as prepared as possible for any event. Elections Information Systems Staff are no exception. Some notable cybersecurity improvements have been made in the recent years. Vulnerability Assessments and Penetration Testing: All network connected computing systems are tested on a regular basis. The results of these assessments are provided to and remediations are performed by Departmental Information Systems Staff, including Elections. These tests are performed by County Information Systems Staff regularly and by external partners, such as the California Cybersecurity Integration Center (Cal-CSIC) upon request. The most recent Cal-CSIC assessment was performed on October 21, 2020. Phishing Email Awareness: All County staff are subject to regular simulated Phishing Email attacks. Any failure of those simulated attacks requires mandatory Cybersecurity Awareness Training. Cybersecurity Awareness Training: All County staff have access to on-demand cybersecurity awareness training. Staff are also provided with occasional cybersecurity tips and other training via email, in-person training and online resources. System Upgrades and Patching: All County systems are regularly upgraded and patched to ensure that any known security vulnerability is mitigated. Next-Generation Anti-Malware: County and Elections computing systems utilize next-generation anti-malware solutions. These solutions provide a higher level of protection then that of traditional anti-virus software. COVID-19 COVID-19 has had no negative impacts on the cybersecurity operations of the County or Elections. Cybersecurity of the 2020 Presidential Election In the weeks leading up to the November 3, 2020 Presidential Election, both County and Elections Information Systems Staff began to take additional cybersecurity measures specific and unique to the 2020 election. Elections Security Dashboard: County Information Systems Staff created security dashboards that allowed for the monitoring of election web servers in real-time (Exhibit A). These web servers host the Elections website. This security dashboard was shared with Elections Information Systems Staff allowing authorized individuals the ability to monitor threat activity in real-time. EI-ISAC Cyber Situational Awareness Room: Our cooperators at the Department of Homeland Security (DHS) provided all Elections Cybersecurity Staff access to their Elections Security Operations Center (SOC) (Exhibit B). This SOC provided for live, real-time information sharing, where Elections Cybersecurity staff from many government organizations throughout the Country, could communicate observances with each other. Access to this SOC was continuously monitored by both County and Elections Information Systems Staff. County and Elections Staff were able to use the information provided in this SOC to search for, mitigate and/or prevent threats from sources being shared within that SOC. Using the EI-ISAC SOC, staff were able to identify: Phishing Attacks: Nine (9) targeted attacks were reported to the SOC. Of those, County was able to identify two (2) attempts to five (5) County employees. Malicious Web Activity: Sixty-three (63) Malicious attacks from specific Internet Protocol (IP) addresses were reported to the SOC. Of those, County was able to identify thirty-five (35) attempts on internet-connected Elections systems. Misinformation Activity: Multiple reports were made to the SOC concerning telephone calls and emails that contain misinformation concerning the 2020 election. County received no reports of such activity. County sent a Countywide Email regarding these increase attacks. Notable Incidents: County and Elections Information Systems staff observed multiple occurrences of suspected malicious activity against internet-connected Elections systems. HTTP Directory Traversal Attack Attempt: On October 29, 2020 County Staff observed an attempted HTTP Directory Traversal Attack on the Elections web server. This type of attack is designed to discover files on web servers that may contain login credential information. The source was blacklisted and reported to the DHS SOC and DHS shared this information with all participating agencies. Phishing Attack Attempts: On October 16, 2020 and October 27, 2020 (Exhibit C) County Staff observed two (2) attempted Phishing Attacks targeting five (5) County staff members that were previously reported to the DHS SOC. Additionally, County security systems identified and blocked over: 405,000 malicious emails. 2,000 attempted Phishing Attacks with malicious attachments or links. 159 of those were directly targeted to Elections Staff. Internet Connectivity Issues at Voter Assistance Centers: On October 31, 2020 staff at the voter assistance centers reported issues with connecting computers to the County Information Systems Staff were contacted and determined immediately that this was a connectivity issue and not a malicious incident. County and Elections Staff worked together to resolve the issue and return the portable computers to their respective voter assistance centers as quickly as possible. Unusual Web Server Activity: On November 2, 2020 Elections Staff observed unusual download activity on their webserver. Concerned of a possible insider threat or malware infection, Elections Staff contacted County staff for investigative assistance. It was determined that the activity was not malicious and was in fact an authorized user within the Elections Department. General Reconnaissance: On November 3, 2020 County Staff observed general reconnaissance activity on the Elections web server. This type of activity is designed to discover general information about a web server that can later be used in an attack. The source was blacklisted and reported to the DHS SOC and DHS shared this information with all involved agencies. Conclusion The Butte County Department of Information Systems Staff, Butte County Elections Information Systems Staff and our cooperators at the Department of Homeland Security, are committed to the cybersecurity operations of the County and Elections. While there is no way to guarantee that all threats will be prevented, staff are diligent in their efforts to protect the cyber assets of the County. It is through these ongoing efforts that staff were able to mitigate cybersecurity threats during the 2020 Presidential Election. Exhibit A: Exhibit B: Exhibit C: