The front line of election security in Connecticut has about 169 weak points

Excellent op-ed in the Courant today, explaining the risks of ransomeware. Cities Must Pay For Cybersecurity, Not Ransoms <read>

Last week, West Haven paid a $2,000 ransom to hackers to unlock its computer systems. In a statement from the city, the ransom was characterized as a “one-time fee.” The word-choice here reveals an oversimplified view of the reality of ransomware, a cyberattack in which hackers lock data and demand payment.

First, West Haven was lucky to regain access to its systems after paying the ransom. Fewer than a quarter of ransomware victims actually get their files back after paying up. More often, hackers pocket the money and leave the data scrambled.

The notion of a “one-time fee” also fails to account for reputation damage and loss of trust. A city like West Haven — which is already navigating difficult financial straights — needs to rally community support. A blunder like this undermines the momentum it was building…

However, the fact is that remediating a cyberattack comes at a much greater cost than preventing one in the first place. While the $2,000 ransom may seem relatively low, tracking how the attack happened, assessing the damage and shoring up defenses quickly is an expensive proposition. Just ask Lansing, Mich., which, even with insurance, paid $500,000 out of pocket for remediation after a 2016 ransomware attack (total cost: $2.4 million).

The best way to bounce back from ransomware is to have a strong backup system, something every organization needs for a number of reasons. The fact that West Haven paid the ransom suggests that there was no effective backup system in place. If that is the case, the city truly did not have a lot of options once the ransomware attack occurred.

Our Editorial

When it comes to elections the problem starts with cybersecurity, yet also requires physical security of voting equipment and voted paper ballots. In most towns in Connecticut ballots and voting equipment are “protected” by a single key, often accessible by multiple single individuals, keys often associated with weak locks and storage closets, all providing access available single individuals for hours, undetected.

The solution is strong security of equipment and especially voted paper ballots, with strong, sufficient recount and audit laws, well followed, with transparency and public verifiability.


Leave a Reply

You must be logged in to post a comment.