The threat of the upcoming midterm election being hacked is serious, but the problem is only going to get worse according to cyber security expert Erik Knight.
Erik joins us on JimHeath.TV to answer questions about cyber security in our 10 for 10 questions column.
Jim Heath: Erik, you’ve been working in the cyber security field for two decades. For people at home, who only pay a little attention to the cyber world, how confident are you that our 50 individual states are safe from outside hackers in the upcoming midterm election?
Erik Knight: I have a zero percent faith the states are safe. The most effective hacking is people hacking. We have seen this already through Facebook manipulation. Its the cheapest and lowest skill set required to manipulate election results. The second being of course hacking the actual technology. At Defcon a few months ago, an 11 year old was able to hack duplicated websites of Florida’s election website in under ten minutes. You better believe that the people we have to worry about are much more skilled than that.
Jim: Is it a simple question of tossing money at it? In other words, can money fix this threat?
Erik: I’m not a huge believer throwing money at broken things will fix it. Where it starts is taking it seriously. Hackings are silent. They are tough to detect even when a breach occurs. Everyone has the attitude of “It’s not going to happen to me”. The attitude towards this silent threat has to change, then we have to be willing to put people with the right skill sets in the right roles and actually listen to them.
Jim: On a scale from 1 to 10, how strong are our government firewalls to protect us from the threat of hacking?
Erik: Government is a 3. Corporate firewalls are even worse. The problem is comprehensive security creates difficulty in use for the average user. Many of these technologies are decent technologies, but then “people” poke holes in these things for ease of use, thats when the problems occur. Government controls are much better than enterprise, the problem is all the technologies are made by enterprises and become the weakest link and pathway in.
Jim: A Russian woman was just indicted for interfering in our elections this year, and we’ve seen multiple Russian indictments by special counsel Robert Mueller from the 2016 election. Why is Russia, in particular, so bold in backing hackers to do this?
Erik: Hacking is really a police absent business, there is almost no enforcement especially on foreign soil. Most of the courts and lawmakers don’t really understand what’s going on.
Jim: That’s very true, some lawmakers seem to pride themselves with being technologically illiterate. Russia has been a big concern, I image China is another adversary bombarding us with cyber attacks all the time?
Erik: Everyday, all of the time. We have a website that will show you an attack map of all the attempted cyber attacks in real time trying to hit everyday businesses in America.
Jim: What kind of advancements are we seeing in the strategies used by hackers? Is this something always advancing?
Erik: Hacking is an arms race. There are some pretty elaborate impressive attacks going on. At the end of the day they are just growing numbers of computer to computer attacks going on and automation of just blunt force. Any person from anywhere can join in with little consequence.
Jim: With that in mind, are hackers from foreign nations, or simple malfeasance of our own election equipment and officials, the bigger issue for voters to worry about?
Erik: We should be worried over the foreign hacker. Local access to a pieces of equipment or small areas of data manipulation are a smaller impact than what can be done on such a global scale by manipulating large groups of data from abroad.
Jim: Government stores a lot of personal information in various databases. How vulnerable is this info to attack?
Erik: Because of the amount of data in one place, these are highly targeted databases. They have much more money and resources devoted to trying to break into. Facebook data breach, Home Depot, Target, Equifax. There is enough data out there for sale on anyone to create a digital fingerprint of that person, yet no one is sounding the alarm, at what point does that alarm go off? People just don’t seem to be scared enough.
Jim: We put so much personal information on social media today. Hackers can find out our backgrounds with little effort. How do you balance privacy concerns with the reality that we are much more connected to each other today?
Erik: We continue to connect technology and devices to the Internet at an incredible rate. Each one stores more and more information. We choose convenience over security or privacy every day.
Jim: If we’re still discussing cyber attacks on our elections in ten years, will it be better or worse?
Erik: This is the new world. Cybersecurity isn’t going to go away, it is an arms race of cat and mouse. This discussion is here to stay, I only hope everyone wakes up soon and takes it seriously. It’s an everybody thing, not just a government thing, not just a corporate thing. We have to demand more and have some accountability. Ten years ago, if you got hacked, they took some emails, maybe used your credit card to buy some things on eBay. Today, they can take your entire life away.
Jim: Thank you for your time Erik.
