North Carolina: Federal review finds no evidence hacking caused 2016 Durham County election problems | Travis Fain/WRAL

A U.S. Department of Homeland Security review found no evidence that hacking caused the 2016 election problems that forced Durham County to shut down electronic poll books on election day, the State Board of Elections said Monday in a joint statement with Durham’s board of elections. The report, months in the making, is “compelling evidence that there were no cyberattacks impacting the 2016 election in Durham,” Durham County Board of Elections Chairman Philip Lehman said in the joint statement. The state released a heavily redacted version of the 12-page report late Monday afternoon. In it, federal cyber security experts say they “did not conclusively identify any threat actor activity,” but that aspects of the state’s election security could be improved. Most of these recommendations are redacted for security reasons, but Lehman said in his statement that the county has already “implemented additional training, security measures and staffing changes” since 2016. State elections director Karen Brinson Bell said the state is working with county boards and the federal government “to improve security at every step in the voting process.”

National: New Funding for Election Security Assistance Doesn’t Go Far Enough, Experts Say | Courtney Bublé/Government Executive

With just over 10 months to go before Americans head to the polls to elect their next president, states will have access to additional money to help shore up insecure voting equipment. The funding—$425 million—was included in appropriations for the Election Assistance Commission under the 2020 spending bills President Trump signed into law on Dec. 20. EAC Chairwoman Christy McCormick said the commission “will do everything in its power to distribute these funds as expeditiously as possible.” The funding is a boost over Congress’ most recent appropriation of $380 million for election improvements in 2018—the first time since 2010 that Congress made resources available to help states and localities with their election infrastructure and administration. “State and local election officials from across the country regularly tell us about the need for additional resources,” said EAC Vice Chair Benjamin Hovland. “This new funding will allow election officials to continue making investments that strengthen election security and improve election administration in 2020 and beyond.”  Despite widespread evidence of foreign interference in the 2016 U.S. presidential election and repeated warnings from the intelligence community about the vulnerability of election infrastructure, the bipartisan and independent Election Assistance Commission has struggled with funding and staff cuts as well as House Republicans’ threats to terminate it. With the 2020 presidential election less than a year away, the EAC lacks a permanent director and general counsel.

National: How good is the government at threat information sharing? | Andrew Eversden/Fifth Domain

Over and over cybersecurity officials in the civilian government, the intelligence community and the Department of Defense say the same platitude: information sharing is important. Often, however, little insight, or metrics, back up exactly how well they are doing it. But a new joint report from inspectors general across the government found that information sharing among the intelligence community and the rest of government “made progress.” The report, titled “Unclassified Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015” and released Dec. 19, found that cybersecurity threat information sharing has improved throughout government over the last two years, though some barriers remain, like information classification levels. Information sharing throughout government has improved in part because of security capability launched by the Office of the Director of National Intelligence’s Intelligence Community Security Coordination Center (IC SCC) that allowed the ODNI to increase cybersecurity information all the way up to the top-secret level. The capability, called the Intelligence Community Analysis and Signature Tool (ICOAST), shares both indicators of compromise and malware signatures that identify the presence of malicious code. According to the report, the information from the platform is available to “thousands” of users across the IC, DoD and civilian government.

National: Election security, ransomware dominate cyber concerns for 2020 | Maggie Miller/The Hill

Headed into 2020, with a presidential election on the horizon, cyber concerns are certain to be in the spotlight in Washington. Atop the list of cyber issues will be persistent questions about election security. Officials at the federal, state and local levels say they will be vigilant to any efforts to interfere in the election after 2016, even as lawmakers weigh additional actions to safeguard the vote. But lawmakers will also be looking to tackle other issues as well, such as the ransomware attacks spreading across the country and the growing concerns over companies with foreign ties accessing Americans’ data. 2020 will see a presidential election, along with nationwide elections for the House and a third of the Senate. It will be a major test for efforts to improve security after Russian interference efforts in the 2016 election. U.S. intelligence agencies, former special counsel Robert Mueller and the Senate Intelligence Committee have all concluded that Russia conducted a sweeping and systematic attack against the 2016 elections, using both hacking and disinformation campaigns. Mueller has warned that Russia would attempt to interfere again, testifying to the House Intelligence Committee in July that the Russians were trying to interfere “as we sit here.”

Georgia: State confident in timeline for delivery of new voting equipment | Tyler Estep/The Atlanta Journal-Constitution

Cellophane-wrapped pallet by cellophane-wrapped pallet, workers rolled some 2,800 new voting machines into the DeKalb County elections warehouse on Monday. Georgia Secretary of State Brad Raffensperger described it as the largest delivery to-date for the new voting system — and said he’s confident every community in Georgia will be fully equipped and fully prepared for March’s presidential primary. “We’ll have every county at 100 percent capacity before the end of the first week in February,” Raffensperger said. As recently as last month, officials had put the target date at the end of January. The new system, run on equipment provided by Dominion Voting Systems through a $107 million state contract awarded this summer, will replace Georgia’s 18-year-old electronic machines with a combination of touchscreens, printed ballots and scanners. Counties across the state must make the switch for the March 24 primary, which involves three weeks of early voting.

Georgia: State Ramps Up New Voting Machine Delivery As Election Deadline Looms | Stephen Fowler/Georgia Public Broadcasting

Standing at the edge of a DeKalb County loading dock, Georgia Secretary of State Brad Raffensperger joined several reporters and elections staff as a nondescript white truck slowly backed up to unload its cargo. The truck was loaded with battery backups that will help power 2,839 ballot-marking devices used by DeKalb voters in future elections. It was the first of many shipments arriving that day. While the holiday season has made coordinating deliveries to local officials tricky, Raffensperger said that more than 25,000 of the 33,100 BMDs are tested and in the state’s control and 32 of Georgia’s 159 counties have received nearly all of their new voting machines and accessories. Cobb County (2,039 machines) is waiting on final pieces of equipment, DeKalb County (2,839) is currently being delivered and in the next few weeks Fulton (3,058) and Gwinnett counties (2,257) will receive most of their equipment. “So, that represents 34% of all the voting equipment for the entire state of Georgia,” Raffensperger said.

Maryland: Board of Elections to use more wireless networking in 2020 | Steve Thompson /The Washington Post

Maryland election officials plan to use an expanded wireless network during the 2020 elections, prompted by a new law allowing people to register to vote on Election Day. But at least one lawmaker and a local elections board are questioning whether the new system will be worth the cost and will be safe from hackers. A cellular network will transmit new registrations from local polling places to state elections officials throughout Election Day, allowing officials to update voter lists that help meet objectives including that no one vote twice. “It’s creating a path, a road, for the voter check-in data to go from the poll books to our server here,” said Nikki Charlson, the deputy administrator at the Maryland State Board of Elections. She said the step is necessary to enable “local officials to do their research to prepare to count the votes.” Charlson said the only information the network will carry is who is registered and has voted, not how any person voted. The same type of network is used by law enforcement and public safety agencies, she said. “It’s using cellular data, but it’s a secure and closed network,” she said. “No one can find it, and the data’s encrypted, and the network is encrypted.” The state already uses a similar, though smaller-scale, network to upload new registrations during early-voting periods. “So this was taking something we did in early voting and bringing it to Election Day,” Charlson said. But state Sen. Cheryl C. Kagan (D-Montgomery) said the networking equipment, which will cost counties hundreds of thousands of dollars, is not needed and “makes us more vulnerable to hacks and attacks.”

Michigan: Audit pings state bureau of elections on voter file, training, campaign finance oversight | Beth LeBlanc and Craig Mauger/The Detroit News

Michigan’s Bureau of Elections failed to properly safeguard the state’s file of 7.5 million qualified voters, a discrepancy that allowed an unauthorized user to access the file and increased the risk of an ineligible elector voting in Michigan, according to a recent report from the Office of Auditor General. Elections officials lack proper training in more than 14% of counties, cities and townships, the audit also found. And the bureau did not make timely reviews for campaign statements, lobby reports and campaign finance complaints. The audit conducted between Oct. 1, 2016, and April 30, 2019, found in the qualified voter file “230 registered electors who had an age that was greater than 122 years, the oldest officially documented person to ever live,” according to the Friday report. The report came 2 1/2 months before the state’s March 10 presidential primary and a little over 10 months before Michigan voters cast ballots in the November general election. The reviewed information fell largely under the tenure of Republican former Secretary of State Ruth Johnson. Democratic Secretary of State Jocelyn Benson took office Jan. 1.

North Carolina: No evidence of cyber attack in Durham County 2016 election, acordind to DHS | Will Doran/Raleigh News & Observer

There’s no evidence that the 2016 Election Day problems in Durham were the result of cyber hackers, according to the federal government. Special Counsel Robert Mueller’s report on Russian election interference said a company — whose description closely matched the company that provided voter check-in software for Durham and other North Carolina counties in 2016 — was targeted by hackers. And Durham experienced widely reported issues with that check-in software during the 2016 elections. State officials have long said they believed the problems were just due to human error, however, and not anything malicious like foreign hackers. But after the Mueller report’s findings on election interference became public earlier this year, officials at the Department of Homeland Security agreed to look into the Durham situation. On Monday, putting an end to their months-long investigation, they announced they had found nothing to indicate a cyber attack. Phillip Lehman, chairman of the Durham County Board of Elections, called the report “compelling evidence that there were no cyberattacks impacting the 2016 election in Durham.” “As we have acknowledged, there was human error in the preparation of electronic poll books,” Lehman said in a news release announcing the investigation’s findings. “Since that time, the Durham County Board of Elections has implemented additional training, security measures and staffing changes. Elections in 2017, 2018 and 2019 were conducted efficiently and accurately with no significant incidents.”

Ohio: Is Ohio ready for 2020 election? League of Women Voters not so sure | Cincinnati Business Courier

Ohio Secretary of State Frank LaRose says the state’s voting systems are secure and ready for 2020. But Jen Miller of the League of Women Voters is concerned about voter turnout, WVXU reports. LaRose has been touring each of Ohio’s 88 Boards of Elections. He finished up last week in Akron, touting more than $114 million spent this year to equip almost every county with new voting machines. He estimates another $13 million to $15 million in federal “Help America Vote Act” funds is on its way. And he said counties will be completing his 34-point voting security checklist by the end of January to ensure readiness. Jen Miller, executive director of Ohio’s League of Women Voters, is encouraged but said the larger issue is increasing voter turnout – especially with next year’s primary coming on St. Patrick’s Day.

Pennsylvania: Counties make year-end deadline for picking new voting systems, but still have to contend with changes to state election code | Emily Previti/PA Post

Dauphin County Commissioners voted 2-1 Monday to buy new voting machines – the last jurisdiction to comply with the state mandate that counties update to paper-based, auditable voting systems before the end of 2019. After publicly resisting the state’s directive, Dauphin officials reversed course, averting a potential legal fight with the state and ensuring the county is eligible for election security funding. Costs for the new system – one where voters primarily fill out ballots by hand – won’t be final until sometime in January, but are expected to be about $2 million, according to commissioners chief of staff Chad Saylor. Commissioner Jeff Haste cast the vote against moving forward in contract negotiations with Clear Ballot. “It’s a disastrous solution in search of a problem,” Haste said of the state mandate. Haste and other county officials have said the county’s current touchscreen direct recording electronic machines (DREs) work fine, despite being 30 years old. Haste also said county leaders didn’t like the fact that the state didn’t keep counties apprised of efforts to settle a lawsuit brought by 2016 Green Party presidential candidate Jill Stein in the wake of President Trump’s victory. That settlement, which effectively created the voting machine replacement mandate, was reached without local leaders having input. 

Bangladesh: BNP opposes electronic voting, cites risks of rigging |

Election results generated by electronic voting machines (EVM) are never acceptable, BNP’s Senior Joint Secretary General Ruhul Kabir Rizvi said at a media briefing on Sunday. “It’s a matter of great concern that the Election Commission has become active to serve the government’s interest again. It created an unprecedented history with the last national election,” said Rizvi citing allegations of rigging. Rizvi accused the EC of helping the government rig the election through the use of electronic devices. “We call upon the EC to cancel the use of EVMs and initiate an election acceptable to all.” EVMs are not a transparent voting system which never serves democracy, said Rizvi citing some research. EVMs can be ‘tampered’ with, he said. “The results generated by these machines cannot be trusted.”

Namibia: Election court challenge to be heard in January | Estelle De Bruyn/The Namibian

The Supreme Court will on 17 January hear arguments on the electoral challenge through which independent presidential candidate Panduleni Itula and four others are trying to get a rerun of Namibia’s presidential election. Supreme Court judge Dave Smuts today presided over a case management hearing with the various parties to the case to establish a timeline for the filing of court papers and to determine the date of the final hearing. Itula and the other four applicants are basing their attack on the conduct of the presidential election on the Electoral Commission of Namibia’s decision to make use of electronic voting machines (EVMs), and are arguing that the Electoral Act required that the ECN could make use only of EVMs accompanied by a verifiable paper trail.

National: How Close Did Russia Really Come to Hacking the 2016 Election? | Kim Zetter/Politico

On November 6, 2016, the Sunday before the presidential election that sent Donald Trump to the White House, a worker in the elections office in Durham County, North Carolina, encountered a problem. There appeared to be an issue with a crucial bit of software that handled the county’s list of eligible voters. To prepare for Election Day, staff members needed to load the voter data from a county computer onto 227 USB flash drives, which would then be inserted into laptops that precinct workers would use to check in voters. The laptops would serve as electronic poll books, cross-checking each voter as he or she arrived at the polls. The problem was, it was taking eight to 10 times longer than normal for the software to copy the data to the flash drives, an unusually long time that was jeopardizing efforts to get ready for the election. When the problem persisted into Monday, just one day before the election, the county worker contacted VR Systems, the Florida company that made the software used on the county’s computer and on the poll book laptops. Apparently unable to resolve the issue by phone or email, one of the company’s employees accessed the county’s computer remotely to troubleshoot. It’s not clear whether the glitch got resolved—Durham County would not answer questions from POLITICO about the issue—but the laptops were ready to use when voting started Tuesday morning. Almost immediately, though, a number of them exhibited problems. Some crashed or froze. Others indicated that voters had already voted when they hadn’t. Others displayed an alert saying voters had to show ID before they could vote, even though a recent court case in North Carolina had made that unnecessary.

National: Voting by app is a thing, and it’s spreading, despite the fears of election security experts | Mark Sullivan/Fast Company

In this age of extreme concern—even paranoia—over election security, you might be a little surprised to hear that some voters in parts of the country are voting from home, using an app. So far the vote-by-app option has been reserved for military people serving overseas and elderly people who might have physical difficulty getting to the polls. One state (West Virginia) and a number of cities and counties have already used a voting app called Voatz in elections, mainly small ones. Voatz, a Boston-based startup that’s raised almost $10 million in venture capital, birthed its app at a SXSW hackathon in 2016, and went through the TechStars incubator. Its technology is unique in that it utilizes the biometric security features (such as fingerprint readers and facial recognition cameras) of newer smartphones to verify the voter’s identity. Those security technologies are already used to secure sensitive transactions like sharing financial information and making online purchases. But election security people have raised concerns about internet-connected voting technologies. The Mueller report exposed numerous attempts by foreign hackers to infiltrate U.S. voting systems via the internet during the 2016 election. Since then, states and counties have rushed to disconnect all voting systems–including voting machines, tabulators, and administrative technologies–from the public internet. The Voatz app’s use of the internet is the main reason it’s caught the attention of the election security community.

National: U.S. Cybercom contemplates information warfare to counter Russian interference in 2020 election | Ellen Nakashima/The Washington Post

Military cyber officials are developing information warfare tactics that could be deployed against senior Russian officials and oligarchs if Moscow tries to interfere in the 2020 U.S. elections through hacking election systems or sowing widespread discord, according to current and former U.S. officials. One option being explored by U.S. Cyber Command would target senior leadership and Russian elites, though probably not President Vladimir Putin, which would be considered too provocative, said the current and former officials who spoke on the condition of anonymity because of the issue’s sensitivity. The idea would be to show that the target’s sensitive personal data could be hit if the interference did not stop, though officials declined to be more specific. “When the Russians put implants into an electric grid, it means they’re making a credible showing that they have the ability to hurt you if things escalate,” said Bobby Chesney, a law professor at the University of Texas at Austin. “What may be contemplated here is an individualized version of that, not unlike individually targeted economic sanctions. It’s sending credible signals to key decision-makers that they are vulnerable if they take certain adversarial actions.” Cyber Command and officials at the Pentagon declined to comment.

National: State, local election officials train for cyber attacks as ‘another level of war’ | Christina Almeida Cassidy/Associated Press

Inside a hotel ballroom near the nation’s capital, a U.S. Army officer with battlefield experience told 120 state and local election officials that they may have more in common with the military strategists than they might think. These government officials are on the front lines of a different kind of high-stakes battlefield — one in which they are helping to defend American democracy by ensuring free and fair elections. “Everyone in this room is part of a bigger effort, and it’s only together are we going to get through this,” the officer said. That officer and other past and present national security leaders had a critical message to convey to officials from 24 states gathered for a recent training held by a Harvard-affiliated democracy project: They are the linchpins in efforts to defend U.S. elections from an attack by Russia, China or other foreign threats, and developing a military mindset will help them protect the integrity of the vote.

Editorials: There’s a lot to like in Congress’s new election security measures. But there’s a big omission. | The Washington Post

President Trump has signed into law a bundle of election security measures buried in this year’s spending bills. What the package includes says a lot about legislators’ commitment to safeguarding our democracy. What it does not include may say even more. There’s a lot to like in this year’s appropriations agreements, starting with a lump sum for states to bolster critical voting infrastructure. The $425 million Congress is providing in 2020 comes many days late and many dollars short according to experts, who say billions were needed starting at least two years ago. But it’s still an improvement over the $380 million allocated in 2018, and the $0 allocated this past year. These funds will be doled out in grants to states, which can then decide how to use them. The National Defense Authorization Act also includes essential measures, such as allowing state election officials to receive top-secret security clearances. The step will open the road at last to robust information-sharing between the federal and local governments. The same is true for public-private partnerships: The legislation establishes a threat analysis center at the office of the director of national intelligence responsible for coordinating between intelligence officials and technology companies to root out influence campaigns.

Connecticut: Merrill, Blumenthal share how Connecticut will spend new federal funds to defend voting systems in the 2020 election | Amanda Blanco/Hartford Courant

Secretary of the State Denise Merrill and U.S. Sen. Richard Blumenthal met Thursday to discuss how Connecticut will spend an expected $5 million more in federal funds to strengthen election security for the 2020 election. The initiative follows a previous $5 million allocated to the state in 2018 for the same purpose. While House Democrats originally called for $1 billion to go toward the national cybersecurity effort, funds were cut to $425 million by the time the bill made it out of the Senate. Blumenthal called it a “solid first step,” but acknowledged that there needs to be a “sustained, steady source of money for election security annually” to combat international interference. Fund distribution is decided by the federal Election Assistance Committee and is based on measures like population and severity of need, Merrill said. She expects a large portion of the money to go toward training local officials, as the state has an unusual voting infrastructure. While most states conduct elections at the county level, Connecticut conducts elections town-by-town. “It would be tough to hack all 169 towns,” Merrill said. On the other hand, the state is tasked with ensuring every single town has the proper infrastructure to support the security needed to protect voter files, which were attacked in 2016. “Our voter files can be entered at any of those 169 drop points, so we have to make sure that every single official in every single town understands the need for that security,” she said.

Georgia: Experts warn Georgia’s new electronic voting machines vulnerable to potential intrusions, malfunctions | Rachel Frazin/The Hill

Experts are reportedly warning that Georgia’s new electronic voting machines are at risk of intrusions and manlfunctions, as the state grapples with election security issues. Georgia Institute of Technology computing professor Richard DeMillo told the The Washington Post that bystanders could see the machines’ screens during his visit to polling places north of Atlanta in November. Some counties also experienced programming issues that delayed voter check-ins while others noted machine shutdowns, the Post reported Monday. DeMillo told the newspaper that state officials “seem to be structurally unable to confront the fact that the voting system in Georgia is at risk.”

North Carolina: Clear Ballot giving up on North Carolina for now | Gary D. Robertson/Associated Press

A Massachusetts-based election equipment manufacturer is giving up for now on selling its machines to North Carolina counties. Clear Ballot’s chief executive told the State Board of Elections it was withdrawing its request to certify its recent product upgrades. CEO Jordan Esten’s letter last week blamed the board’s slow pace for its troubles, saying the company was unable to communicate with the state’s counties during the two-year wait for the original certification. Esten said that gave current dominant equipment manufacturer Election Systems & Software “a marketing monopoly in the state.” “We still want to work with North Carolina,” Esten wrote. “However, the environment and rules continue to stifle competition, which is regretfully causing us to withdraw our certification request at this time.”

Ohio: Most counties tested new equipment in 2019 for 2020 election | Rick Rouan/The Columbus Dispatch

Most Ohio voters cast ballots on new election equipment in 2019 in preparation for 2020. But voters in seven counties, including Stark, will cast ballots on equipment and systems that date to the Obama years. In an off-year election with low turnout, Franklin County’s longest line on Election Day 2019 likely was at the county Board of Elections shortly after the polls closed. Poll workers from around the county converged on the board’s headquarters not in the staggered arrivals typical of election night, but mostly together just before 8 p.m. — an unexpected effect of new voting equipment that elections officials say is far easier to manage than older machines. Across Ohio, most voters cast their ballots on new machines in 2019, a test year before what Secretary of State Frank LaRose believes could be another record voter turnout election in 2020. But in seven counties, including both Stark and Summit, voters will cast ballots the same way they have for years: on equipment and systems that date to before former President Barack Obama’s first term.

Pennsylvania: Four questions Pennsylvania needs to answer to avert election chaos in 2020 | Emily Previti/PA Post

Pick an issue, any issue. Environmental health? Fiscal conservatism? Probation reform? You’re limited in your ability to influence how elected officials handle “your issue” — or anything else – if our voting systems aren’t secure and reliable. That’s why I’ve spent the past four months or so covering election security in Pennsylvania. Closely. So far, my attention has largely been on the replacement of voting machines throughout the state. That’s meant plenty of travel to observe and document different voting machine configurations at voter demonstrations in more than half a dozen counties. I’ve read, at this point, more than hundreds, maybe thousands, of pages of voting machine contracts and technical documents — not to mention filing the Right-to-Know requests required, in most cases, to obtain them. I’ve also sat through poll worker trainings and covered everything from local controversies to the first test-run of new election auditing procedures that ultimately will be in place statewide. And there will be more to come in 2020.

Bangladesh: Electronic voting machines take centre stage in Dhaka city polls as BNP objects, CEC defends | bdnews24

With political focus shifting towards the Dhaka city polls, electronic voting machine has taken the centre stage as the chief election commissioner has defended e-voting amid the BNP’s stance against the machines. The Election Commission will go for EVMs in all polling stations in the elections to the bifurcated Dhaka city corporations slated for Jan 30. The BNP has always opposed the use of EVMs and it has expressed reservations again this time over fears of result manipulation. “These (EVMs) are completely faulty and we reject these. It won’t be right (to use EVMs). The people’s mandate won’t be reflected in these EVMs,” Secretary General Mirza Fakhrul Islam Alamgir told reporters while paying respect to party founder Ziaur Rahman at his grave in Dhaka’s Sher-e-Bangla Nagar on Wednesday. “We think there will be little chance of fair elections if EVMs are used,” he said.

Pennsylvania: These Two Lawsuits Could Force Philadelphia to Purchase New Voting Machines | David Murrell/Philadelphia Tribune

Who knew something as seemingly mundane as voting machines could generate so much conflict? Then again, maybe we should know better — this is Philadelphia, where nothing related to politics is mundane. So of course the procurement process for the city’s 3,735 ExpressVote XL machines — which we wrote about here — was rife with allegations of impropriety, and an eventual City Controller audit concluded that the city had failed to ensure a transparent purchase without conflicts of interest. And that was before two lawsuits challenging the ExpressVote XL’s certification in the first place. The suits — one filed in state Commonwealth Court, one filed in federal court — share a central claim: that the machines, which were used by both Philadelphia and Northampton counties in November (not without some significant Election Day drama in the latter case), don’t satisfy the requirements of Pennsylvania’s byzantine 267-page election code. Needless to say, the stakes are high. If a judge agrees, Philadelphia could potentially have to return its machines — and after all that conflict! — for new ones that are compliant. We’ve broken down the details of the two suits. … “The ExpressVote XL elevates the risk to unacceptable levels, and some of those risks can’t be mitigated mainly because of the hardware design,” says Marian Schneider, a former Pennsylvania Department of State official and president of Verified Voting, a nonprofit that advocates for transparent elections.

National: Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials | Brennan Center for Justice

America’s intelligence agencies have unanimously concluded that the risk of cyberattacks on election infrastructure is clear and present — and likely to grow. 1 While officials have long strengthened election security by creating resiliency plans, 2 the evolving nature of cyber threats makes it critical that they constantly work to improve their preparedness. It is not possible to build an election system that is 100 percent secure against technology failures and cyberattacks, but effective resiliency plans nonetheless ensure that eligible voters are able to exercise their right to vote and have their votes accurately counted. This document seeks to assist officials as they revise and expand their plans to counter cybersecurity risks. Many state and local election jurisdictions are implementing paper-based voting equipment, risk-limiting audits, and other crucial preventive measures to improve overall election security. In the months remaining before the election, it is at least as important to ensure that adequate preparations are made to enable quick and effective recovery from an attack if prevention efforts are unsuccessful. While existing plans often focus on how to respond to physical or structural failures, these recommendations spotlight how to prevent and recover from technological errors, failures, and attacks. Advocates and policymakers working to ensure that election offices are prepared to manage technology issues should review these steps and discuss them with local and state election officials.

Florida: Palm Beach County elections chief ’interested’ in high-speed ballot systems for recounts | Jeffrey Schweers and Hannah Morse/The Palm Beach Post

Rather than hiring hundreds of people to perform the sometimes messy and always time-consuming job of recounting votes, several county supervisors, including officials in Palm Beach County, of elections want to use their high-speed ballot auditing systems instead. Legislation now has been filed to allow them to do just that. The measure’s co-sponsors this year are state Sen. Bill Montford, D-Tallahassee (SB 1032) and state Rep. Cord Byrd, R-Neptune Beach (HB 1005). It’s been endorsed by the Florida Supervisors of Elections Association. “There are so many issues and challenges with a recount that it just makes sense,” Montford said. Palm Beach County Supervisor of Elections Wendy Sartory Link said her office is considering testing out the technology during the presidential preference primary in March. If the elections office agrees to a trial run with the company, one type of ballot, like vote-by-mail, would be counted with this system. “We’ll be able to test how it works and whether or not we think it’s a useful program for us or not,” Link said. “It also gives us the opportunity to wait and see what the Legislature will do.” If the measure passes in Tallahassee, Link said she would “be even more interested in it.”

Georgia: As Georgia rolls out new voting machines for 2020, worries about election security persist | Neena Satija, Amy Gardner and Joseph Marks/The Washington Post

Last month, voters in six Georgia counties cast ballots for local elections using new touch-screen voting machines that officials have said will resolve long-standing questions about the security of the state’s election system. Richard DeMillo, a professor of computing at the Georgia Institute of Technology, said he was worried as he visited polling places in a county north of Atlanta. DeMillo said bystanders could easily see the screens from 30 feet away, presenting serious privacy concerns. In some counties, elections officials reported that programming problems led to delays in checking in voters, and in some precincts, the machines unexpectedly shut down and rebooted. Georgia is preparing to roll out 30,000 of the machines in every polling place for its presidential primary in March, replacing a paperless electronic voting system that a federal judge declared insecure and unreliable. But election security experts said the state’s newest voting machines also remain vulnerable to potential intrusions or malfunctions — and some view the paper records they produce as insufficient if a verified audit of the vote is needed.

Indiana: Election cybersecurity: Local election officials prepare for “doomsday-like” scenarios | Andy East/The Republic

How would Bartholomew County handle a cyberattack that compromises its election systems? The answer to that question, as well as other “doomsday-like,” election-related scenarios, will be put down on paper for the first time as Bartholomew County election officials continue their efforts to prepare for the 2020 presidential election, said Bartholomew County Clerk Jay Phelps. Next month, Phelps and other county election officials will begin drafting written contingency plans for how his office would respond to a range of threats that would constitute what he described as an election administrator’s “worst nightmare” — including a cyberattack directed at the county’s voting systems, theft or physical tampering of electronic poll books and even a catastrophic natural disaster that wipes out electricity and cellphone towers. Phelps clarified that his office already has a “verbal plan” in place for these scenarios and his staff knows the general practices for how to deal with them, but no written, step-by-step plans have been drafted. Phelps said he expects to have the written plans ready by April 1, just over one month before Indiana’s presidential primary on May 5.

Indiana: New Money For Needed Voting Machines Unlikely In 2020 | Brandon Smith/WVIK

It’s unlikely the General Assembly will give counties more money in the 2020 session for new voting machines. More than half the machines in Indiana don’t have a paper backup – something election security experts insist is critical. The legislature appropriated enough money in the 2019 budget to provide backups to 10 percent of the machines that need them. Lawmakers do plan in the 2020 session to use excess surplus dollars on cash payments for some pre-approved projects – like a swine barn at the State Fairgrounds. But money for more voting machines doesn’t make the list. Gov. Eric Holcomb says that’s because Secretary of State Connie Lawson has assured him Indiana’s voting systems are secure.