Research

Our research centers primarily on our educational programs and our efforts to support small and medium sized businesses in the implementation of cyber security programs.

Online Resource Series

In addition to our Blog series CRI provides occasional online training resources to the community on intelligence tradecraft and best practices. See our Intelligence Analysis Frameworks training module.

Elections2020 Resources

Articles of Interest

Election Cyber Surge To Deploy Hacker Army For 2020 Vote—Here’s Why (8/01/2020)- The 2020 U.S. presidential election clock is ticking, with just 94 days to go, and President Trump has, rather unconvincingly, already called for the election to be postponed. Although this suggestion was quickly dismissed as something that Trump has no authority to make happen, the comments he made when putting forward the idea cannot be quite as easily put to one side.

How Election Security Has Become a Top Issue (21/06/2020)- As international attention and media coverage increasingly focuses on the 2020 U.S. presidential election, election security measures will take center stage. Where are the resources?

Cybersecurity Concerns with Online Voting for 2020 Presidential Election (11/06/2020)- A new report by researchers at the Massachusetts Institute of Technology (MIT) and University of Michigan discusses the cybersecurity vulnerabilities associated with OmniBallot, a web-based system for blank ballot delivery, ballot marking and (optionally) online voting. Three states – Delaware, West Virginia and New Jersey – recently announced they would allow certain voters to cast votes using OmniBallot. Researcher Michael A. Specter at MIT and J. Alex Halderman at the University of Michigan reverse engineered the client-side e portion of OmniBallot, as used in Delaware, in order to detail the system’s operation and analyze its security.

As November Looms, So Do Cybersecurity Concerns for Elections (21/07/2020)- Amid pandemic confusion and delayed primaries, experts are watching the fall election season closely. The action related to the hotly anticipated primary election season was  expected to last for months. With dozens of Democratic candidates still on the ballot for the first primary in New Hampshire, social media taking an active role in campaigning and the threat of foreign influence on the election playing out, election officials were keenly aware of the need to keep the elections secure.

ELECTION SECURITY: The Threat to the Ballot and How to Fight Foreign Ops ( 05/08/2020)- PERSPECTIVE: Everyone Must Be a Modern-Day Minuteman to Protect Our Election. It’s quite simple: If we don’t defend our election from the ramparts of truth, we don’t defend it at all. There are countless courageous, trained professionals working within the national security community but they can only do so much. DHS and their national security partners are working on election infrastructure, cybersecurity, etc., but that still will not be enough.

Top Democrats Request FBI Briefing On Threats That Congress Is Being Targeted To Disrupt 2020 Election (21/07/2020) TOPLINE Congress’ top four Democrats have asked the FBI to brief the entire body on intelligence that the legislative branch is being targeted by a “foreign interference campaign” as part of efforts to disrupt the November presidential election, highlighting ongoing concerns about election security after Russia was found to have interfered in the 2016 election.

Biden campaign hires cybersecurity experts to defend against potential threats (13/07/2020)- The presidential campaign of former Vice President Joe Biden announced that it had filled the positions of chief information security officer (CISO) and chief technology officer (CTO) in order to address potential cybersecurity threats to the campaign. 

How to Get Ahead of Election 2020 Security Threats (30/03/2020) With the first waves of 2020 election primaries behind us, state officials continue to face the question of whether their election systems are prepared for looming cybersecurity threats.

The State of Election 2020 Cybersecurity Threats ( 02/03/2020)- Cybersecurity concerns are top of mind for election officials going into the November 2020 election. The threat is more than just to voting machines and voter rolls, experts say. State and local election officials and cybersecurity leaders need to be aware of social media manipulation, deep fakes and disinformation. At RSA 2020, we spoke with a wide range of cybersecurity experts about the nature of the election security threat and how state and local authorities are responding.  

The Cybersecurity 202: The 2020 election will be the country’s biggest cybersecurity test ever (08/01/2020)- Russia’s hacking and disinformation campaign to interfere in the last presidential election shook the nation’s confidence in the U.S. democratic process and rocketed cybersecurity into the mainstream of Washington’s political life

Cyber attacks and electronic voting errors threaten 2020 outcome, experts warn (02/02/2020 )- Potential electronic voting equipment failures and cyber attacks from Russia and other countries pose persistent threats to the 2020 elections, election security analysts and key Democrats warn.)

Foreign powers including Russia, China trying to meddle in US election, top official warns (08/08/2020)- The governments of China, Russia and Iran are seeking to influence the forthcoming US elections, the country’s top counterintelligence official says, warning that the Kremlin is already using a variety of measures to denigrate Democratic candidate Joe Biden.

How the US Can Prevent the Next ‘Cyber 9/11 (08/06/2020)- In an interview with WIRED, former national intelligence official Sue Gordon discusses Russian election interference and other digital threats to democracy. Calling the past month, a tumultuous one for United States digital policy might be an understatement. Between remote working and learning, Netflix binging, and doom scrolling, internet usage has swelled during the pandemic. The Trump administration, meanwhile, continues its campaign against Chinese telecom Huawei and has touted banning TikTok in the United State.

States Are Deploying National Guard Cybersecurity Teams To Prevent Election Interference (24/07/2020)- The officials in charge of making sure America’s elections are safe and secure face unprecedented challenges this fall. The coronavirus pandemic poses a serious health risk to the employees and volunteers, often older, who run local polling places. And states worry the equipment voters handle to fill out their ballots could become a vector for the disease.

Publications

Belfer Center Influence Operations Playbook For State and Local Election Officials: Understanding Election Mis and Disinformation

Report Of The Select Committee On Intelligence on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election

Covid-19 and Cybersecurity

Articles of Interest

Malicious Activity Targeting COVID-19 Research, Vaccine Development (7/16/2020)- In response to malicious activity targeting COVID-19 research and vaccine development in the United States, United Kingdom (UK), and Canada, the Cybersecurity and Infrastructure Security Agency (CISA), UK’s National Cyber Security Centre (NCSC), Canada’s Communications Security Establishment (CSE), and the National Security Agency (NSA) released a Joint Cybersecurity Advisory to expose the threat. A malicious cyber actor is using a variety of tools and techniques to target organizations involved in COVID-19 research and vaccine development. Tools include SOREFANGWELLMESS, and WELLMAIL malware.

Local, State Governments Face Cybersecurity Crisis (6/5/2020)- Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle.

The Privacy & Security Outlook for Businesses Post-COVID-19 (6/5/20)- Long-term business needs — and the ethical implications that result — don’t simply go away just because we’re navigating a global health crisis.

Online scams related to COVID-19 payments (6/5/2020)- As governments worldwide implement support measures for pandemic-hit citizens and businesses, online scammers strive to cash in.

China Is Hacking Coronavirus Research and Federal Agencies Can’t Stop Them — Newsweek (5/22/2020)- China is stepping up efforts to hack the critical coronavirus research conducted by American universities and laboratories in the private sector because the information is not classified and federal authorities can’t do anything to protect it, national security experts and legislators told Newsweek.

Feds warn of attacks related to bogus COVID-19 conspiracy theory (5/17/2020)- DHS report warns violence could follow bogus conspiracy theories about the novel coronavirus and telecommunications

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs (05/16/20)- A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.

3 Ways to Get Endpoint Security Back Under Control in the New Remote World of Work (5/11/2020)- The massive, overnight shift to a fully remote work environment during the COVID-19 crisis has amplified both the urgency and the obstacles around endpoint security. Not only were many machines not designed to work outside the corporate environment, leaving many companies woefully unprepared, but cybercriminals have already sprung to the occasion, preying on COVID-19 fears.

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware (5/7/2020)- Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues.

Cyber volunteers release blocklists for 26,000 COVID-19 threats (5/7/20)- The COVID-19 Cyber Threat Coalition has released a block list of known URLs and domain names associated with Coronavirus-themed scams, phishing attacks, and malware threats.

How Cybercriminals are Weathering COVID-19 (5/5/2020)- In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. But it’s not all good news: The Coronavirus also has driven up costs and disrupted key supply lines for…

How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic (5/4/2020)- Security pros are banding together to ensure healthcare facilities can focus on saving lives instead of defending against cyber attacks. Here are a few places you can volunteer your services.

US Blames China for Hacks Allegedly Targeting COVID-19 Research (4/25/2020)- US officials are pinning a surge of hacks on a Chinese bid to steal COVID-19 treatment and vaccine research.

WHO Reports ‘Dramatic’ Increase in Attacks(4/25/20)- The World Health Organization, which has been at the forefront of the global COVID-19 pandemic, has witnessed a “dramatic” increase in the number of attacks since the healthcare crisis began earlier this year, according to the agency’s CIO.

Cybercriminals Targeting Healthcare Providers With Phishing Scams Exploiting COVID-19(4/23/20)- Cybercriminals are exploiting the vulnerability of the healthcare community affected by COVID-19, an increase in teleworking and the need by medical professionals to stay current on coronavirus information. Ransomware attacks that lockdown hospital networks and medical practices at this critical time have become more prevalent as well as other types of attacks. Phishing, remote access technical exploits, and targeting unsecured devices used by stay-at-home staff are a few of the other schemes being used by cybercriminals. This alert focuses on phishing schemes.

Findings on COVID-19 and Online Security Threats(4/22/20)- Google’s Threat Analysis Group (TAG) is a specialized team of security experts that works to identify, report, and stop government-backed phishing and hacking against Google and the people who use our products. We work across Google products to identify new vulnerabilities and threats. Today we’re sharing our latest findings and the threats we’re seeing in relation to COVID-19.

New Cybersecurity Regulations ‘On Track’ Despite Virus(4/22/20)- Work on the Defense Department’s highly anticipated set of new cybersecurity standards — known as the Cybersecurity Maturity Model Certification version 1.0 — is still on track despite the ongoing COVID-19 pandemic, said an official in charge of the effort April 22.

Global Cybercrime Damages Predicted to Reach $6 Trillion Annually by 2021 (12/7/18)- Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.

Publications

CRI Research