Ohio Takes Volunteer Approach to Election Hacking Threats

Serving as senior vulnerability risk manager with Blue Cross Blue Shield IT, Wayne Nordstrom handles a wide range of vulnerability issues. Having attended Champlain College, Wayne Nordstrom took advantage of a program that has been designated a Defense Cyber Crime Center (DC3) Air Force Office of Special Investigations’ National Center of Digital Forensics Academic Excellence.

One state that has taken a lead in the fight against cyberattacks is Ohio, which has created a volunteer team of private-sector professionals dedicated to preventing cyberattacks on voting systems. Including employees of companies such as Cisco Systems, the Ohio Cyber Reserve has 80 members and is ready for call up by the National Guard. As crime-fighting reservists, volunteers provide services one Tuesday per week, and on the weekend as necessary.

The state has the funds to increase to the Ohio Cyber Reserve to 200 members, and its creation is a proactive move to ensure that hacking attempts do not ruin the integrity of public elections. At stake is nothing less than American democracy, and a number of state and local governments currently lack the funding to prevent today’s sophisticated hacks. Several states are working to copy this volunteer-driven model and marshal forces against election interference and ransomware hacks.

A Brief Look at Penetration Testing and Web Application Security

 An experienced cybersecurity specialist, Wayne Nordstrom serves as an IT security and vulnerability program manager at Blue Cross Blue Shield in Boston, where he oversees the development of plans for the program's continuous improvement. Wayne Nordstrom possesses expertise in penetration testing.

Also called “pen test,” penetration testing evaluates software for vulnerabilities and hidden loopholes that can be exploited by a malicious party to degrade the efficiency of software, disable it, or gain unauthorized access to information and control. Penetration testing is performed to help strengthen a web application firewall (WAF), which acts like a security official for a website and prevents malicious data or commands from entering front-end or back-end servers.

A pen test simulates the types of attacks that malicious hackers would most likely use. If the simulated attack successfully bypasses the WAF, the firewall can then be improved to remove the vulnerability. For example, a pen test may subject the firewall to a code injection attack, which is a malicious program that changes the behavior or features of a website. If such an attack were able to bypass the firewall, the website would change or malfunction, depending on the injected code. The IT security team prepares the firewall to repel such attacks in the future.