How Microsoft's Defending Democracy program amplifies account security

Diana Kelley, Microsoft's Cybersecurity Field CTO, explains how the company is combating disinformation, phishing attacks, and cloud security.

How Microsoft's Defending Democracy program amplifies account security

CNET's Dan Patterson interviewed Diana Kelley, Cybersecurity Field CTO at Microsoft, about disinformation, phishing attacks, and how Microsoft is combating these threats. The following is an edited transcript of the interview.

Campaign 2018: Election Hacking is a weekly series from TechRepublic sibling sites, CBS News & CNET, about the cyber-threats and vulnerabilities of the 2018 midterm election.

Dan Patterson: There are a number of emerging threats on the landscape ranging from interesting stuff with phishing all the way up to artificial intelligence and machine learning. What oncoming emerging technologies represent the biggest threat to elections around the world?

Diana Kelley: We actually have a program called Defending Democracy and we look at what those threats are. We look at four components that need to be supported in order to have democratic systems that people can trust, that voters can trust, that citizens can trust.

The first one is to prevent the hacking, and to look at how they're hacking, what they're trying to accomplish. Very often still, the way to get in is through some level of a phishing email, whether it's to a personal account to try and leverage that to get to a private account, a corporate account, or going in through a partner or the supply chain.

Coming in through phishing, there is a concern about the supply chain overall, ensuring that every piece of it, from when the hardware is created to when it's put together into a system, the software that goes onto that system, making sure that, that's all secured. Because anything along that line could be a way in and a way to get additional information or attack.

The other three areas of the total four in Defending Democracy, the second is around ad transparency. Who's putting that add out? If you're like me and you're older, so I'm Gen X. If you're Gen X, or you're a baby boomer, or even the silent generation, you remember a time when ads were mostly just from... they were on television and they were from the committee or the candidate themselves.

SEE: Network security policy template (Tech Pro Research)

Now we have a situation where we see ads coming in our social media feeds. We don't know who they're from. We don't even know if there's accurate information. So that's a way to influence how people think if they believe these ads. They don't know who paid for it and they don't know what the agenda of that group necessarily is.

There's also new technologies. So as we're watching what's going on with these attacks, looking for new ways both by learning how the techniques are changing, but also by concentrating and thinking about how the world is changing, so what we can do that's predictive in terms of protecting our systems and protecting elections.

Then the last piece is to try as much as possible, prevent disinformation 'cause again that's a... There's one, who's got the agenda in the ad transparency, but there's also just pure disinformation creating up an unreal, not true things and then presenting them as though they're a fact. If you're a voter, if you don't understand that, that's not true, that can be extraordinarily confusing.

SEE: Cybersecurity and the 2018 Midterms (TechRepublic Flipboard magazine)

Dan Patterson: I wanna talk about faith and confidence in institutions in just a moment, but first I wanna stay on technology and technologies, tools that Microsoft is developing. Beyond the four temples that you just mentioned, what tools in tech is Microsoft developing right now to prevent election hacking?

Diana Kelley: We're focusing a lot on tools and technology that can prevent election hacking, but also can just prevent any kind of hacking overall. We've got 3500 full-time professionals, who are looking at and analyzing six and a half trillion signals every single day to understand what activity and malicious activity is going on out in the internet.

We've got 3500 people looking, but I didn't mention the trillions of signals, so it's gonna be hard for humans to do that all on their own. That's where machine learning and artificial intelligence really come into play, and looking at models and tuning those models specifically to find this kind of activity.

SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)

Social engineering, right now, a lot of the social engineering attacks are coming in and using non-portable executable or macro or file-less malware. So tuning machine learning models to be able to identify when we're seeing that kind of activity, to put a stop to social engineering attacks and hopefully to getting into voters and their emails.

Some other areas are, again, looking at that file-less malware, using machine learning to de-obfuscate the code as it comes in because that's a technique. It doesn't look like it's gonna be a malicious powershell command. It's been obfuscated, but being able to parse and de-obfuscate it the way that the malicious attack would to identify that this is in fact something that is gonna 'cause damage or attempt to do information stealing.

So, machine learning, a lot of different really, really very useful ways to help us protect. Again, keep tuning, optimizing, and learning.

Also see