In Washington County, Pennsylvania, foreign cybercriminals were able to seize control of the county’s network, basically paralyzing all of the county’s operations. The cyber-attack became a full-blown ransomware attack that resulted in a ransomware payment of nearly $350,000. According to the March 15 WJPA News Archive, the Commissioners indicated that prior to their being notified of the attack, the cyber criminals took data from the county’s network that contained personally identifiable information. It is interesting that Washington County had an Intrusion Detection (Albert Sensor) Service Agreement with the Pennsylvania Department of State which provided network monitoring. So, did Albert perform as expected?
What is an Albert Sensor? What part does Albert play when a county experiences a cyber-attack? And more broadly, what part does Albert play in Pennsylvania’s elections? Much has been written about Albert Sensors. Much is still unknown. According to CIS, Center for Internet Security, Albert Network Monitoring and Management is an industry-leading Intrusion Detection System (IDS) designed specifically for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. Albert Sensors reportedly help states and counties by monitoring for malicious traffic, serving as a second line of defense, offering 24x7x365 management and support, saving money with free incident response, serving as an extension of the security team, and has a Net Flow Record.
During the last days of the Obama Administration, our elections became part of the Federal Government’s critical infrastructure. This was accomplished under the Department of Homeland Security (DHS). At this time, it was alleged that Russia hacked into the 2016 election and changed the outcome of the Presidential race. On January 6, 2017, Homeland Security Secretary Jeh Johnson released a statement explaining that by election infrastructure, we mean storage facilities, polling places, and centralized vote tabulations locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments. The Department of Homeland Security partnered with the Center for Internet Security (CIS), a Non-Governmental Organization (NGO).
On July 15, 2020, Secretary of the Commonwealth of Pennsylvania, Kathy Boockvar, entered into a Service Agreement for Albert Monitoring Services with the Center for Internet Security (CIS).
Appendix A of the service agreement includes the Albert Network Appliance Services needed for the 67 counties in Pennsylvania as well as the costs for each of Pennsylvania’s counties. Under the agreement, CIS would receive $2.9 million to monitor the entire state of Pennsylvania.
Appendix B of the service agreement includes Device Management and Batch Queries. Small, medium, and large appliance sensors are proposed for the various counties. The actual specifications for the equipment being installed appears to be a mystery. The fact that CIS has not disclosed anything about the actual equipment being installed is cause for alarm because this equipment is being installed behind county firewalls. Pennsylvania citizens deserve to know what the capabilities and vulnerabilities of this equipment might be.
Before providing Albert Sensor Services to a county, the county would sign a contract or a Memorandum of Agreement (MOA) with the Pennsylvania Department of State. Other states who have examined their Albert Sensor MOAs found a disturbing clause in requiring every employee who worked on the network being monitored to give up their expectation of privacy for their data. However, the Memorandum of Agreement with Pennsylvania Counties appears to be missing this clause, but other language in the MOA suggests that CIS does indeed have the same expansive access to the election system being monitored.
The following information came from a Memorandum of Agreement between a Pennsylvania County and the Pennsylvania Department of State. MOAs with other Pennsylvania Counties look the same.
Services Provided
- Combined NetFlow and intrusion detection system monitoring, with analysis of related data; event notification and delivery; and management of associated devices, including hardware and software necessary for service delivery.
- Security Operation Center (“SOC”)- 24 X 7 X 365 watch and warning center operated by CIS that provides network monitoring, dissemination of cyber threat warnings and vulnerability identification and mitigation recommendations.
County Responsibilities
The County has several responsibilities that must be afforded to the PA Department of State and the Center for Internet Security (CIS) prior to commencement of services. Albert Network Monitoring and Management is an Intrusion Detection System. This intrusion into the county’s election infrastructure is alarming. Counties give up both internet access and expansive access into all aspects of their election infrastructure to the Center for Internet Security who is partnered with the Department of Homeland Security. Furthermore, upon entering into an Albert Monitoring agreement, the county gives the Elections Infrastructure Sharing and Analysis Center (EI-ISAC) total access to the Local County IP-Connected equipment. EI-ISAC is in the same physical location as CIS.
The County shall provide logistic support in the form of rack space, electricity, Internet connectivity, and any other infrastructure necessary to support communications at County’s expense. The County must supply current network diagrams to facilitate analysis of security events, other reasonable assistance to CIS, including, but not limited to, providing all technical information related to the Service reasonably requested by CIS, to enable CIS to perform the Albert Monitoring Service for the benefit of County. Public and private IP address ranges including a list of servers being monitored including the type, operating system, and configuration information, as well as a list of IP ranges and addresses that are not in use by County (Dark Net space) is required. A Pre-Installation and an Escalation Procedure Form is completed. The Escalation Procedure Form includes the name, e-mail address, and 24/7 contact information for all designated Points of Contact. In addition, the County may need to furnish assistance with remotely installing and troubleshooting devices including hardware and communications.
Pennsylvania Department of State Responsibilities
Compare the PA Department of State’s responsibilities with the county’s responsibilities. As consideration for the Services provided to County, DOS has agreed to pay to CIS the costs for such Services as set forth in the Agreement for the term of the Agreement. That’s all folks!
Moreover, one of the most surprising clauses in the Memorandum of Agreement is that the PA Department of State takes absolutely no responsibility that its monitoring system will be accurate or that it will even work as advertised! The No Warranty Clause of the MOA states that the DOS and its employees provide no warranty or assurances as to the accuracy or viability of the services provided by CIS. Would you sign a contract or do business with a company like that?
How to Begin An Investigation in Your County
Citizens might expect that an election infrastructure, intrusion detection system would have the approval of elected officials with the full knowledge and consent of the electorate. Citizens might want proof that there was an independent analysis conducted. Citizens might also want to know if Albert Sensors are co-located with registration databases such as electronic poll books. County Commissioners, Directors of Voter Services, and County Clerks may not even know what an Albert Sensor is. However, the County Chief Information Officer or the Information Technology Director appears to be the main contact person in each PA County. Citizens can begin their investigation into whether Albert Sensors are in their counties by doing the following:
- Search County Commissioners’ Meetings agendas. Check the county government website. Some agendas can be found online. Use these search words: Albert Sensor, Memorandum of Agreement for Albert Sensor Services, Pennsylvania Emergency Management Agency (PEMA) funding Cybersecurity (Albert Sensors)
- File these Right to Know Requests regarding agreements between the county and the PA Department of State:
- I am requesting a copy of the Albert Sensor Memorandum of Agreement (MOA) for Services between the Pennsylvania Department of State (DOS) and the County of NAME. I prefer electronic documents.
- I am requesting the Consent Agreement with NAME County and the Commonwealth of Pennsylvania through the Pennsylvania Emergency Management Agency (PEMA) for funding Cybersecurity (Albert Sensors) from Fiscal Year 2022 State and Local Cybersecurity Grant Program (SLCGP). I prefer electronic documents.
- File this Right to Know Request regarding communications between the County Commissioners Association of Pennsylvania and the county:
I am requesting communications between NAME County and Michael Sage, Chief Information Officer of the County Commissioners Association of PA between the dates of January 1, 2020 to present. Records requested may be located with NAME: Chief Information Officer at the Department of Information Services, or within the department or NAME: Information Technology Director, or within the I prefer electronic documents.
Albert Sensors have been deployed throughout the state of Pennsylvania. Citizens should conduct their own research to find out if Albert is being implemented in their county and what expectation does their county officials have regarding Albert. In addition to Washington County, Bucks and Butler Counties encountered cyber-attacks this year. Those counties also have Albert Sensors. Albert does not actually stop a cyber-attack but only monitors for malicious traffic, serves as a second line of defense, offers 24x7x365 management and support, and saves money with free incident response. Did Albert perform as expected in Washington, Bucks, and Butler Counties? One might ask, what else does Albert monitor regarding election infrastructure? That is a question that remains unanswered.
Appreciate what you’re reading? Be sure to share it!
Have a story? Break it at LibertyLens.News! Become a Contributor.
Support platforms, like The Liberty Lens, that enable independent grassroots journalism. Donate here.
Discover more from The Liberty Lens
Subscribe to get the latest posts sent to your email.