Operation Hardened Buckeye

MSI is pleased to announce the immediate formation and availability of Operation Hardened Buckeye!

This special program is dedicated to assisting Ohio’s Rural Electrical Cooperatives.

MSI will set up aggregated groups of Electrical Cooperatives and perform services and offer tools to the groups en-masse at discounted rates, as if they were one large company. Essentially, this allows the co-ops to leverage group buying, while still receiving individual reports, software licenses and overall group-level intelligence & metrics.

MSI will offer a package consisting of the following:

  • External Vulnerability Assessment with aggregated executive level reports/metrics & individual technical detail reports
  • An aggregated Targeted Threat Intelligence engagement with individual notifications of critical findings and an aggregated intelligence report for the group
  • 3 HoneyPoint Agent licenses and a console license per co-op that participates
  • Deep discounts to individual co-ops who desire application assessment, internal vulnerability assessments, wireless assessments or other MSI professional services (including MSI::Vigilance & ICS Network Segregation Services)
  • Deep discounts for ongoing assessments and targeted threat intelligence as a service

Caveats: All assessments will be performed at the same time. Co-ops must each sign onto a common MSA. Each co-op will be billed for the total of the package divided by the number of participating co-ops. Co-ops must provide accurate IP address ranges for their external assessment.

This enables the co-ops to have a security baseline of their security posture performed, including aligning their current status against that of their peers. It also allows for each of the co-ops to deploy a HoneyPoint Agent in their DMZ, business network and control network for detection capabilities. The targeted threat intelligence will provide them with an overall threat assessment, as well as identifying individual targets that have either already been attacked or are likely to provide easy/attention raising targets for future attacks.

We will be holding a webinar for those interested in participating on Thursday, May 21, 2015. You can register for this event here. You can also download the flyer about the program here.

For more information, please contact Allan Bergen via the email below or call (513) 300-0194 today! 

Email: sales@microsolved.com

Ohio Laws Around Hacking

We are often asked for specific details of the legal issues surrounding hacking, computer intrusion and other criminal acts around infosec. Specifically, many of our Ohio clients ask for specific pointers. As such, similarly to what we did a couple of weeks ago with regard to child pornography, here is some vital information about the topic.

Computer hacking in Ohio falls under unauthorized use of property. Generally this is a misdemeanor of the 4th degree. If the hacking is for the purpose of obtaining property or services and the loss is under $1000 it is a 1st degree misdemeanor. Losses between $1,000-$7,500 it is a 5th degree felony, between $7,500-$150,000 it is a 4th degree felony and over $150,000 it is a 3rd degree felony. If the victim is elderly or disabled, then computer hacking is automatically at least a 5th degree felony, depending on the circumstances. 

This information is directly from the Ohio state government website and should be the most up to date info available.

Statute 2909.04 also has a section on computer intrusion and hacking, prohibiting the aforementioned activities in so far as they may interfere with the ability of public services or emergency response.

This information was obtained here.

To report instances of computer intrusion in Ohio, citizens are directed to contact their local law enforcement/sheriff’s office. In addition, citizens and organizations should also consider notifying the Federal Bureau of Investigation (FBI), as federal laws are also likely to apply. You can contact the FBI directly through a variety of methods detailed here. 

(NOTE: MSI is not providing legal advice of any kind, consult your attorney or council for legal advice. This material is simply meant to be a pointer for education. MSI is NOT qualified to offer legal advice under any circumstance.)

Ohio Votes Today

The day for the Ohio primary is here. With a ton of media attention focused on our state, a new voting process in place and the removal of the touch-screen systems our primary is certain to have its ups and downs today.

When we reviewed the security of the Ohio voting system, we did find some serious issues. However, the optical scanning systems from our review were less prone to problems under normal voting use than the touch screens. Therefore, we agree that the optical scanners are a more secure choice, especially in the way that our Secretary of State has outlined their use.

Voters in Ohio today should expect some lines and a small amount of confusion and hype. But, careful review of your ballot, care marking of your selections and following the published procedures should make the process easy, reliable and interesting. Our only words of caution are to ask for another ballot if you make a mistake and refrain from marking anywhere except in the square of your chosen candidate. Again, take a few moments and review the ballot before you turn it in.

The Secretary of State has taken great measures to ensure oversight and accountability for all votes and voters around our state. The various boards of election and other officials have also taken great steps toward improving the security of the process. They are all to be commended for achieving the progress we have made thus far, in such a short amount of time.

While there is still quite a bit of work to be done around electronic voting and elections security; today is a good day to look at the work we have done so far. Together, citizens, politicians and government can work to find a useful, reliable and secure way to continue the wonderful democracy that we, as Americans, enjoy.

Do your part. Vote. Stay engaged in the debate about electronic voting and don’t be afraid to let others know what you think…

Ohio Voting Systems Review (EVEREST)

MicroSolved, Inc. announced today that it has completed its assessment of the security of Ohio’s electronic voting systems. The testing, a part of project EVEREST, was lead by the Ohio Secretary of State’s office and was designed to seek a comprehensive, independent and objective assessment of the risks to elections integrity associated with Ohio’s voting systems. The project leveraged MicroSolved’s advanced methodologies and in-depth experience to perform “red team” penetration testing of the voting systems. MicroSolved emulated various attacks against the voting systems and analyzed the impact of these attacks on the confidentiality, integrity and availability of the voting systems and their elections data.

While the study revealed several critical security issues in the various elections systems, MicroSolved also identified specific strategies for mitigating or managing these risks. “By applying the identified mitigation strategies, all of the administrative stakeholders in the elections process have an opportunity to demonstrate their commitment to the integrity of Ohio’s elections.”, said Brent Huston, CEO of MicroSolved. “While these strategies require hard work, significant investment in resources and continued vigilance, they represent the best approach to creating truly secure mechanisms for electronic voting in Ohio.”

“We appreciate the opportunity to participate in the EVEREST project and to help the Secretary of State further her goal of restoring trust in Ohio’s elections.”, Huston added.

For information about the specifics of the project, MicroSolved’s role and findings, please see http://www.microsolved.com/everest/.