Our title is itself a book's and the first sentence, see that after the comma, is in its front flap by journalist Scott Rosenberg. Let's take some more words from it and share here. Blogging brought the Web's native character into focus---convivial, expressive, democratic. Bloggers have become the curators of our collective experience, testing out their ideas in front of a crowd and linking people in ways that broadcasts can't match. Blogs have created a new kind of public sphere--one in which we can think out loud together. The preceding paragraph is all in the book flap, front and back. It is the simplest answer if somebody is asking what a blog is, then and now. Although we see that as the magnanimous purpose of a blog which is really enticing and challenging. It adds choices and rooms for both sources and audiences without the regular prescriptive cadence. What's common is the responsibility. Whether or not we do it via blog, print and online news, and whoever
How functional and secure AES is?
The Philippine electorate will once again go to polls and decide who will lead the nation in the next six years of their lives. This important event which will elect new president, vice president and 12 senators for national posts, and seats are also being contested for provincial, city and municipal levels, is expected to be counted unofficially in 24 hours, concluded or canvassed officially in a few days or so but authorities and observers expected it to be done in less than a week. Last presidential election, it was known three days after close of election precincts. This is especially true for nation states, not only the Philippines, that conducts their elections using automated election or computerized-and-networked voting systems.
In PH, the past automated elections were encumbered with technical issues and fraudulent results, uttered and written everywhere by many concerned and affected individuals and institutions alike.
This time, we could say, these technical issues must have been eliminated and any possibility of risks to the functionality and security of the AES must have been anticipated and contingencies have been put in place to thwart any incident towards the voting machines, servers, transmission of votes or data, governance and support, electricity, well-being of electorate, since we are still in the middle of pandemic following of basic health protocols and emergency backup systems.
In technology parlance, especially for mission critical systems, vulnerability in the entire operation is attended to immediately, either in the form of software fix or some improvise mechanisms to control such threats.
The proper functionality, and shall we say, stringent security of voting machines, processing and transmission of votes or data are paramount to successful, and as a result, an evidently clean election exercise. Without such technical considerations, thoughtful and careful examinations of mechanisms, assured by and for stakeholders, encompassing the nationwide voting system, concerns of technical issues and fraudulent election results will definitely turn up in no time. Protest of election result is excruciatingly slow, expensive if money is even relevant, and most of the time they are not resolved accordingly.
Let’s identify the basic what makes AES functional and secure. While we are not part of the organizations facilitating, running and managing the AES, we have few ideas what makes up the whole system. Functional means processing and transmission of votes have been perfected or at least the system have been finalized for election proper and that during the time which the AES is being used, there will be no need to do anything, that is to say no more system setup and correction necessary. Secure means anything related to the question of code, setup, build, network of the system have been thoroughly examined, tested and validated, based on security and data protection protocols agreed upon by involved parties, if not the requirement expressed in Philippine election-and-related laws and AES-specific rules, and only authorized personnel must have access to the system’s administrative interface for monitoring and incident response purposes, removing the ability to manipulate both the system and data. That must be the default setting. Security is also about being restrictive, and this is very helpful for a network environment like AES which is serviced and provided by different telecommunications and internet service providers that connected and linked every voting machines and servers deployed in precincts and protected facilities designated nationwide. Depending on the agreement of parties involved in AES, the network environment must have been vetted and assured for security without sacrificing the systems overall functionality, disabling unnecessary configuration, interfaces and access.
Dig a little deeper and that would let us consider some of the primary security technologies playing different roles including DMZ and if used properly it may differentiate virtually-segmented subnetworks within the whole system; firewall(s) can block, reject, drop and redirect traffic with the newer ones now capable of rendering permissions for end-users based on their given role and applications, meaning it may or may not allow effective access to an AES resource and data; access control may specifically permit and authenticate authorize credentials specific to a certain role and application as well as some functionalities that may be available in a firewall; anti-malware may be use to identify malicious data or applications which can then be quarantined for further investigation or removed immediately; network monitoring can attest network traffic authenticity and that no other devices are connected to the network unless authorized; directory services can authenticate roles and devices, facilitate cryptographic methods to encrypt and decrypt protected, in transit or at rest data. There are other security technologies specific for DNS, routing, information and events management, technical and administrative operations, surveillance camera including but not limited to artificial intelligence. There is, however, the most important element in security, the stakeholder, with the roles the entities and their staff got we can easily identify what those meant for the AES in which case their actions should be guarded and their computers connected to the system are limited with only the applications they need to monitor and for non-interfering operation. All others, must be taken out and computers with full operational capability must only be used if necessary, especially if there was a persistent security incident or threat being identified.
Don’t allow super privilege accounts and programming tools in which these must have been removed in any machines to be connected to the election system once it has been finalized for deployment, during and even after voting. Let no one know of any of these credentials except for a few authorized personnel. This is not so easy to handle if things are not systematic.
The organizations that operates the AES during this important juncture in which the electorate wants to be heard of their decision, a final and significant one in a six-year time basis, that is critical to people’s lives, must make this election as comme il faut as one of their missions, not just delivering the votes to the deserving future leader of our nation.
Absent of any contortion, the future is being determined by the people themselves, with vigilance and respect to the process and with zero tolerance to unacceptable practices, we must expect only the best.
The Philippine electorate will once again go to polls and decide who will lead the nation in the next six years of their lives. This important event which will elect new president, vice president and 12 senators for national posts, and seats are also being contested for provincial, city and municipal levels, is expected to be counted unofficially in 24 hours, concluded or canvassed officially in a few days or so but authorities and observers expected it to be done in less than a week. Last presidential election, it was known three days after close of election precincts. This is especially true for nation states, not only the Philippines, that conducts their elections using automated election or computerized-and-networked voting systems.
In PH, the past automated elections were encumbered with technical issues and fraudulent results, uttered and written everywhere by many concerned and affected individuals and institutions alike.
This time, we could say, these technical issues must have been eliminated and any possibility of risks to the functionality and security of the AES must have been anticipated and contingencies have been put in place to thwart any incident towards the voting machines, servers, transmission of votes or data, governance and support, electricity, well-being of electorate, since we are still in the middle of pandemic following of basic health protocols and emergency backup systems.
In technology parlance, especially for mission critical systems, vulnerability in the entire operation is attended to immediately, either in the form of software fix or some improvise mechanisms to control such threats.
The proper functionality, and shall we say, stringent security of voting machines, processing and transmission of votes or data are paramount to successful, and as a result, an evidently clean election exercise. Without such technical considerations, thoughtful and careful examinations of mechanisms, assured by and for stakeholders, encompassing the nationwide voting system, concerns of technical issues and fraudulent election results will definitely turn up in no time. Protest of election result is excruciatingly slow, expensive if money is even relevant, and most of the time they are not resolved accordingly.
Let’s identify the basic what makes AES functional and secure. While we are not part of the organizations facilitating, running and managing the AES, we have few ideas what makes up the whole system. Functional means processing and transmission of votes have been perfected or at least the system have been finalized for election proper and that during the time which the AES is being used, there will be no need to do anything, that is to say no more system setup and correction necessary. Secure means anything related to the question of code, setup, build, network of the system have been thoroughly examined, tested and validated, based on security and data protection protocols agreed upon by involved parties, if not the requirement expressed in Philippine election-and-related laws and AES-specific rules, and only authorized personnel must have access to the system’s administrative interface for monitoring and incident response purposes, removing the ability to manipulate both the system and data. That must be the default setting. Security is also about being restrictive, and this is very helpful for a network environment like AES which is serviced and provided by different telecommunications and internet service providers that connected and linked every voting machines and servers deployed in precincts and protected facilities designated nationwide. Depending on the agreement of parties involved in AES, the network environment must have been vetted and assured for security without sacrificing the systems overall functionality, disabling unnecessary configuration, interfaces and access.
Dig a little deeper and that would let us consider some of the primary security technologies playing different roles including DMZ and if used properly it may differentiate virtually-segmented subnetworks within the whole system; firewall(s) can block, reject, drop and redirect traffic with the newer ones now capable of rendering permissions for end-users based on their given role and applications, meaning it may or may not allow effective access to an AES resource and data; access control may specifically permit and authenticate authorize credentials specific to a certain role and application as well as some functionalities that may be available in a firewall; anti-malware may be use to identify malicious data or applications which can then be quarantined for further investigation or removed immediately; network monitoring can attest network traffic authenticity and that no other devices are connected to the network unless authorized; directory services can authenticate roles and devices, facilitate cryptographic methods to encrypt and decrypt protected, in transit or at rest data. There are other security technologies specific for DNS, routing, information and events management, technical and administrative operations, surveillance camera including but not limited to artificial intelligence. There is, however, the most important element in security, the stakeholder, with the roles the entities and their staff got we can easily identify what those meant for the AES in which case their actions should be guarded and their computers connected to the system are limited with only the applications they need to monitor and for non-interfering operation. All others, must be taken out and computers with full operational capability must only be used if necessary, especially if there was a persistent security incident or threat being identified.
Don’t allow super privilege accounts and programming tools in which these must have been removed in any machines to be connected to the election system once it has been finalized for deployment, during and even after voting. Let no one know of any of these credentials except for a few authorized personnel. This is not so easy to handle if things are not systematic.
The organizations that operates the AES during this important juncture in which the electorate wants to be heard of their decision, a final and significant one in a six-year time basis, that is critical to people’s lives, must make this election as comme il faut as one of their missions, not just delivering the votes to the deserving future leader of our nation.
Absent of any contortion, the future is being determined by the people themselves, with vigilance and respect to the process and with zero tolerance to unacceptable practices, we must expect only the best.
Comments
~&