May 24, 2017
As I wrote Monday, one of the underlying themes of Google’s annual cloud conference this month was making security truly seamless. From its closed supply chains, custom-designed security chips and 700-strong security engineering team to instant two-factor authentication and IAP and DLP offerings, Google has been moving aggressively both to tout its own security credentials and to “Googlefy” the enterprise – dragging it kicking and screaming out of half-century-old security practices and to a modern security stance. Through its sister organization Alphabet Jigsaw (formerly Google Ideas) the company has translated its technologies to the needs of journalists, human rights organizations and elections, from fighting DDOS attacks and deterring phishing attempts to migrating from 50-year-old password technology to modern two-factor authentication. Yesterday, Jigsaw announced its latest initiative called “Protect Your Election” that boxes several of these technologies into a single elections toolkit.
Protect Your Election does not include any new technologies or provide any new tools specific to elections, but rather brings together a cross-section of Jigsaw’s existing security-minded tools into a turnkey solution that can be rapidly rolled out ahead of election events.
Why might this be important? As Jigsaw’s announcement notes, a major election information site in Holland was taken offline by a DDOS attack just hours before polls opened this year, illustrating the potential of DDOS attacks to have a real impact by cutting the flow of information from governments to the people during critical junctures. Phishing attacks have increasingly become the norm and at least one successful phishing attack in the U.S. has been claimed to have had a material impact on the U.S. presidential election, illustrating the stakes as the cyber landscape collides with the electoral sphere around the world.
Jigsaw’s latest bundle targets several of the most common attack vectors during elections: DDOS attacks and account compromises, focusing on using Google’s security investments to secure electoral information resources in the same fashion that enterprises use them to secure their critical resources.
In short, just as Google has focused on externalizing its own security workflows to the enterprise via Google Cloud Platform, Jigsaw is in turn focusing on translating those workflows to the journalism, human rights and electoral communities, helping them adopt the kinds of best practices, like 2-factor authentication, that Google has made a one-click effort.
Governments all-to-often tend to be last in line when it comes to cybersecurity and so Jigsaw’s efforts represent a fascinating approach to infusing enterprise-grade security into select public-facing government services that play the greatest role in citizens’ ability to exercise their rights in shaping their government.
At this point, Jigsaw has focused primarily on low-level “mission continuity” tools like keeping websites online and reducing the impact and likelihood of email and account compromises of officials. It will be interesting to see if they expand this toolkit to add services like their Perspective API or perhaps a tool like Unfiltered.news that reaches across the political spectrum to help those on each side see what the other is talking about and how they see the world.
Given the outsized influence that a small number of voices play in elections in certain countries, it would be interesting to see future tools similar to Unfiltered.news, but which lend visibility into how the messaging around an election is being shaped – the key influencers, media sources and voices that are dominating the news cycle and shaping the public information environment.
Putting this all together, Jigsaw’s latest effort offers a powerful look at what’s possible as Google’s externalization of its immense security investments are in turn externalized to governments to ensure that no one has the ability to deprive citizens of their voices.