Risks and Reward of Google’s Improving Security: Nation-state threats continue to pose risks to national security. In efforts to mitigate those attack, Google continues to improve the security tools to better detect and respond to state-sponsored threats, with regards to protect the political campaigns and local, state and national elections.
In “An Update of State-Sponsored Activity” which published on 23 August, Kent Walker, SVP of Google’s global affairs, Wrote that its threat analysis group who are working with its partner at Jigsaw and the Google Trust & Safety team to identify the bad actors, disable their accounts, warn users and share intelligence – both with other companies and law enforcement officials.
Three areas of work where Google focused the most include “state-sponsored phishing attacks, technical attribution of a recently influence campaign from Iran and detection and termination of activity on Google properties.” To that end, Gmail users who received notification from Google alerting them to take immediate action against government-back attackers who may have been attempting to steal passwords.
“Google’s effort to track and terminate deceptive campaigns of influence run by inauthentic nation-state actors is a step in the right direction. Deception is one of the most effective and pernicious cyber-threats facing Americans and democracy today,” said Rick Moy, chief marketing officer at Acalvio.
“This coordinate action with other security organization should be welcomed. While some may characterize this as censorship, the evidence presented in the reports is transparent and open to vetting and analysis by the broader community.”
Yet not everyone in the security industry has welcomed these types of coordinated efforts. “Everyone appreciates any action taken to prevent any interference with the US political process. However, we must be careful that private actions done outside of the appropriate legal framework doesn’t result in exactly the opposite results that those actions were trying to protect against,” said Joseph Kucic, chief security officer at Cavirin.
“There should be governmental process implemented, similar to FISA court, where appropriate oversight is in place prior to private companies taking actions against perceived bad actors (individuals/ and/or companies).”