National: Feds Seek To Up Their Cybersecurity Game | Forbes

ForbesThe idea that the U.S. federal government could play a dominant and effective role in protecting the nation from malicious cyberattacks on everything from Internet of Things (IoT) devices to critical infrastructure to election voting systems might strike some people as absurd. Its catastrophic security failures are well known.

– The Office of Personnel Management (OPM) couldn’t protect the personally identifiable information (PII) of more than 22 million current and former federal employees.

– The National Security Agency (NSA) couldn’t protect its own stash of so-called zero-day vulnerabilities that it hoped to use to spy on, or attack, hostile nation states or terrorist groups. Instead, the stash ended up in the hands of Wikileaks.

Full Article: Feds Seek To Up Their Cybersecurity Game.

National: Senate Democrats push to match House’s ethics and election reforms | The Washington Post

Responding to action in the House, Senate Democrats unveiled their own version of a sweeping election and ethics reform bill Wednesday — one that Senate Majority Leader Mitch McConnell has vowed never to bring to a vote. Dubbed, like the House bill, the For the People Act, the Senate legislation includes a vast suite of proposals — including measures meant to expand voting, provisions aimed at unmasking and diluting the power of moneyed interests, new ethical strictures for federal officials and a new public financing system for congressional campaigns. The bill, according to its lead author, Sen. Tom Udall (D-N.M.), has the support of all 47 senators in the Democratic caucus. The House bill passed 234 to 193 this month with unanimous Democratic support, meaning every congressional Democrat is on record in support of the bill. “Today we are seizing their momentum and the momentum of the American people,” Udall said at a news conference Wednesday. “Now the ball is in Senator McConnell’s court. . . . This should not be about Democrats versus Republicans, this is about people versus special interests.”

Full Article: Senate Democrats push to match House’s ethics and election reforms - The Washington Post.

National: Voting-machine vendors have some serious questions to answer, senators say | CyberScoop

While the security of the 2020 election remains a prominent topic in Washington, a group of Democratic senators is raising alarms about longer-term issues that will resonate after voters are done choosing a president about 20 months from now. The three companies that make most of the voting technology used in the U.S. must be more transparent about their plans to improve their products to meet current expectations about security and performance, says a letter Wednesday by Sen. Amy Klobuchar of Minnesota and three other top Democrats. In particular, the senators say every machine should reliably produce paper records, and the companies should do far more to upgrade their products. “The integrity of our elections is directly tied to the machines we vote on — the products that you make,” says the letter from Klobuchar, Mark Warner of Virginia, Jack Reed of Rhode Island and Gary Peters of Michigan. “Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.”

Full Article: Voting-machine vendors have some serious questions to answer, senators say.

National: Former CIA leaders give ‘briefing book’ to 2020 candidates to counteract ‘fake news’ and ‘foreign election interference’ | The Washington Post

Two former top CIA officials have compiled an unclassified report on the major national security challenges facing the United States, which they are distributing to every candidate running for president. The report, which former acting CIA directors Michael Morell and John McLaughlin call a “briefing book,” is modeled on the classified oral briefing that the intelligence community provides to the nominees of each major political party running for president, usually after the nominating conventions. The former officials said they’re distributing their briefing now, more than a year before nominees are selected, in response to “the recent rise and abundance of fake news and foreign election interference,” according to a copy reviewed by The Washington Post. The 37-page document, which has not been previously reported, was sent this month to nearly every announced candidate and will soon be sent to President Trump, the former officials said. Intelligence agencies have usually viewed their discussions with nominees as a chance to prepare a potential president for the kinds of issues that he or she will have to grapple with, and to give them a sense of the kind of capabilities and expertise that the U.S. government can bring to bear.

Full Article: Former CIA leaders give ‘briefing book’ to 2020 candidates to counteract ‘fake news’ and ‘foreign election interference’ - The Washington Post.

Editorials: Fixing US Elections Is Easier—and Harder—Than You’d Think | Max Eddy/PCMag

When I flew out to San Francisco for the RSA Convention (RSAC) in early March, I planned to attend all the election security talks I could fit into my schedule. It’s an obvious choice. While the 2018 midterms concluded without much controversy, we’re still fighting over the 2016 presidential election, and we’re halfway to the next one. That’s in addition to the US system of casting and counting votes being, at best, a barely functional shambles. I expected the usual doom-and-gloom about election security, with researchers bemoaning the sorry state of voting machines in the US. I was even looking forward to it, because you have to be a little masochistic to be in this industry. There was a bit of the usual misery, but I wasn’t prepared for a double whammy of optimism and despair. I left convinced that we’ve actually sorted out the most pressing of the technological problems with voting. What has us stumped is the other stuff. And that’s a lot of stuff.

Full Article: SecurityWatch: Fixing US Elections Is Easier—and Harder—Than You'd Think - PCMag UK.

Georgia: Georgia likely to plow ahead with buying insecure voting machines | Politico

Georgia Gov. Brian Kemp is poised to sign a bill to overhaul the state’s voting system with machines that are widely considered vulnerable to hacking. The new equipment would replace the state’s paperless, electronic machines — technology so risky that a federal judge said last year that its continued use threatened Georgians’ “constitutional interests.” But security researchers say similar risks exist in the new electronic machines that the GOP-led legislature has chosen, which would embed the voter’s choice in a barcode on a slip of paper. The warnings from cybersecurity experts, election integrity advocates and Georgia Democrats are especially troubling given the abundant warnings from U.S. intelligence leaders that Russia will once again attempt to undermine the presidential election in 2020. “The bill’s sponsors made false and misleading statements during the entire legislative session in hearings leading up to the vote, often flatly contradicting objective evidence or mischaracterizing scientific writing,” said Georgia Institute of Technology computer science professor Rich DeMillo, who testified throughout the process.

Full Article: Georgia likely to plow ahead with buying insecure voting machines - POLITICO.

New Jersey: New Jersey was going to have paper-based voting machines more than a decade ago. Will it happen by 2020? | Philadelphia Inquirer

New Jersey was once poised to become a national leader in election and voting security. Instead, it now lags most states — including Pennsylvania and Delaware — by relying on aging, paperless machines that experts say are vulnerable to attack and can’t be properly audited. There are no statewide plans to buy new machines; nor is the state urging counties to buy new systems, in contrast to Pennsylvania, where Gov. Tom Wolf has ordered all 67 counties to have new machines by next year’s primary election. “We are doing what we can with the funding that we have and the situation that we’re in,” said Robert Giles, who heads the state’s Division of Elections. The challenge, he said, is funding. Counties are left to their own initiatives. But the current machines are nearing death. The money will have to come from somewhere, said Jesse Burns, head of the League of Women Voters of New Jersey. “Time, it has run out. So there’s no more kicking it down the road,” she said.

Full Article: N.J. was going to have paper-based voting machines more than a decade ago. Will it happen by 2020?.

Pennsylvania: Questions abound over new voting machines in Luzerne County | Citizens’ Voice

It looks like Luzerne County voters will not use new voting machines until next year, thanks in part to uncertainties over state funding. Also, it is not clear when officials will release information about investigations into county elections director Marisa Crispell’s ties to county vendor Election Systems & Software — one of the prospective vendors for the new machines. The county plans to purchase an electronic voting system that provides added security via a “paper trail” for each vote cast, to comply with a directive state officials issued last year. When county officials first discussed the planned purchase, with an estimated price tag of $4 million, they said the new machines might be in place for this year’s November election. That does not look likely now, though it’s not impossible, according to county Manager David Pedri. “We would still like to get them in for November,” Pedri said Thursday. “The question is when we can get them.”

Full Article: Questions abound over new voting machines - News - Citizens' Voice.

Australia: Committee pushes ‘cyber taskforce’ for security of Australia’s election system | ZDNet

The Joint Standing Committee on Electoral Matters is tasked with overseeing the Australian electoral system, specifically the activities of the Australian Electoral Commission (AEC). Its Status Report [PDF], released on Friday, follows the November publication of the Report on the conduct of the 2016 federal election and matters related thereto [PDF], which made 31 recommendations to the AEC regarding cybersecurity, in particular where the manipulation of elections was concerned. One of the recommendations made by the committee was that the Australian government establish a permanent taskforce to “prevent and combat cyber manipulation in Australia’s democratic process” and to “provide transparent, post-election findings regarding any pertinent incidents”. Specifically, the taskforce, the committee wrote, would focus on “systemic privacy breaches”. In its latest report, the committee again recommended the taskforce be established.

Full Article: Committee pushes 'cyber taskforce' for security of Australia's election system | ZDNet.

Canada: Officials worry that foreign actors are trying to meddle in 2019 election | The Toronto Star

Canadian intelligence agencies have identified persistent foreign state-backed cyber campaigns against government and civilian targets that have some officials worried efforts to interfere with this year’s federal election have already begun. Two intelligence sources with direct knowledge of efforts to safeguard Canada’s 2019 election say the rate of cyber attacks against federal institutions, political parties and private companies has been steadily increasing. Between 2013 and 2015, an average of 2,500 state-sponsored “cyber activities” against government networks were detected each year. The rate of success of those activities declined over that period, from six per cent in 2013 to two per cent in 2015 — but that still works out to one successful attack per week. The government officials, who requested anonymity to speak about ongoing national security matters, said just because a hostile state have political and government systems targets does not necessarily mean they intend to disrupt the election. But others are treating it as a foregone conclusion.

Full Article: Canadian officials worry that foreign actors are trying to meddle in 2019 election | The Star.

Finland: Russia’s Neighbor Finland Mounts Defenses Against Election Meddling | Bloomberg

The country that shares a bigger border with Russia than the rest of the European Union combined is ramping up its defenses against the threat of foreign meddling in its April 14 election. Finland has always had a love-hate relationship with its much bigger neighbor. A history of tension and bloody confrontations has given way to a strong trading partnership, and the country’s diplomatic role as a bridge between Russia and the West is one reason why its capital was picked for last year’s summit between Donald Trump and Vladimir Putin. But with evidence of Russian interference in Western politics mounting, the euro area’s northernmost member state remains on high alert. Social media influence campaigns or direct cyber attacks are already thought to have impacted key votes such as the U.S. election in 2016 and the U.K’s Brexit referendum.

Full Article: Russia’s Neighbor Finland Mounts Defenses Against Election Meddling.

Thailand: Election Observers Call Still-Partial Thai Vote Count Flawed | Associated Press

A group of international observers criticized vote counting in Thailand’s first election since a 2014 military coup, saying Tuesday that the “tabulation and consolidation of ballots were deeply flawed” though it had no reason to believe the issues affected overall results. The Asian Network for Free Elections said the announcement of some preliminary results that were “wildly inaccurate” damaged the “perceived integrity of the general election.” The group, also known by its acronym Anfrel, is one of several observer groups that have raised concerns about Sunday’s vote, which in part pitted a party allied with the ruling junta against the party that led the government it ousted. Thailand’s Election Commission, appointed by the junta’s hand-picked legislature, has already defended its count, which is still in its preliminary stages. It blamed any issues on the failure of the media to keep up with the raw data. After delaying the release of the full vote count on election night and then again on Monday, the commission has now said it will release its final preliminary results on Friday. Official results are not expected until May.

Full Article: Election Observers Call Still-Partial Thai Vote Count Flawed | World News | US News.

Ukraine: Intelligence Service elaborates on Russia’s election meddling plans | Reuters

The Foreign Intelligence Service of Ukraine (SZRU) has released a report on the features of Russia’s approaches to affecting the course and results of Ukraine elections. Russia’s main action plan on Ukraine in the short and medium term envisages further provoking extensive destabilization to facilitate the revenge of pro-Russian forces following the 2019 election, the Information Resistance OSINT Group wrote citing the SZRU report published on its website Wednesday, March 27. This will include systemic and versatile measures for influencing the course of the election process and the vote count during the presidential and parliamentary elections, the report says. In this context, the main areas where Russia is most likely to intensify its efforts is destabilization, including on the contact line in Donetsk and Luhansk regions, incitement of military-political confrontation with elements of economic influence; propaganda campaigns in the Ukrainian media and using instruments for cyber interference; measures to provide electoral support to individual candidates; and discrediting the electoral process in the international media space and through Kremlin’s positions in international organizations, as well as Western political and expert circles.

Full Article: Ukrainian Intelligence Service elaborates on Russia's election meddling plans - news politics | UNIAN.

National: States Need Way More Money to Fix Crumbling Voting Machines | WIRED

The 2018 midterm elections were hardly a glowing reflection on the state of America’s voting technology. Even after Congress set aside millions of dollars for state election infrastructure last year, voters across the country still waited in hours-long lines to cast their ballots on their precincts’ finicky, outdated voting machines. Now, a new report published by New York University’s Brennan Center for Justice finds that unless state governments and Congress come up with additional funding this year, the situation may not be much better when millions more Americans cast their vote for president in 2020. In a survey that the center disseminated across the country this winter, 121 election officials in 31 states said they need to upgrade their voting machines before 2020—but only about a third of them have enough money to do so. That’s a considerable threat to election security given that 40 states are using machines that are at least a decade old, and 45 states are using equipment that’s not even manufactured anymore. This creates security vulnerabilities that can’t be patched and leads to machines breaking down when the pressure’s on. The faultier these machines are, the more voters are potentially disenfranchised by prohibitively long lines on election day. “We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting up,” one South Carolina election official told the Brennan Center’s researchers, noting that he feels “lucky” to be able to find spare parts.

Full Article: States Need Way More Money to Fix Crumbling Voting Machines | WIRED.

National: Senate Democrats investigate cybersecurity of election machines, introduce version of H.R. 1 |

A group of senior Senate Democrats is seeking information on what the three largest manufacturers of U.S. voting machines are doing to secure the systems ahead of the 2020 elections, while the entire Democratic Caucus on Wednesday signed on to sponsor the Senate version of House-passed H.R. 1, the “For the People Act,” which includes language on securing election machines. A letter — signed by Senate Rules ranking member Amy Klobuchar (D-MN), Intelligence ranking member Mark Warner (D-VA), Homeland Security and Governmental Affairs ranking member Gary Peters (D-MI), and Armed Services ranking member Jack Reed (D-RI) — was sent Tuesday to voting machine vendors Hart InterCivic, Dominion Voting Systems, and Election Systems and Software, or ES&S. “Despite the progress that has been made, election security experts and federal and state government officials continue to warn that more must be done to fortify our election systems,” the senators wrote. “Of particular concern is the fact that many of the machines that Americans use to vote have not been meaningfully updated in nearly two decades. Although each of your companies has a combination of older legacy machines and newer systems, vulnerabilities in each present a problem for the security of our democracy and they must be addressed.” The senators posed questions on steps the companies are taking to secure their machines ahead of 2020, and how Congress can assist in these efforts; what the plans are for updating “legacy” voting machines; whether the companies would support legislation requiring “expanded use of post-election audits”; if the companies have vulnerability disclosure programs; and if they employ full-time cybersecurity experts.

Full Article: Senate Democrats investigate cybersecurity of election machines, introduce version of H.R. 1 |

New Jersey: New voting machines being tried in districts across the state |

A decade after New Jersey voters were promised more secure voting machines, some districts will receive new machines through a federally funded pilot program. Voters in Gloucester, Union and Essex counties have already seen new machines, and Passaic County intends to join the pilot this year. Meanwhile, Bergen County officials are taking a wait-and-see approach. Robert Giles, director of the state Division of Elections, wrote to county election officials in September to explain one of the initiatives: the Voter Verified Paper Audit Trail pilot. “This pilot program will afford counties the opportunity to purchase and test new VVPAT voting machines,” Giles wrote. “The goal of this pilot program is to assist counties to begin the process of transitioning from their current paperless voting systems to the new voting systems that produce a voter-verifiable paper record of each vote cast.” The program rolls out in a climate of heightened concern over ballot security. “It’s a step forward; there are better ways to do it and worse ways to do it,” Professor Andrew Appel of Princeton University said about the upcoming replacements.

Full Article: New NJ voting machines being tried in districts across the state.

National: Wyden lambastes voting machine makers as ‘accountable to nobody’ | Politico

Sen. Ron Wyden (D-Ore.) on Thursday attacked the small but powerful group of companies that controls the production of most voting equipment used in the U.S. “The maintenance of our constitutional rights should not depend on the sketchy ethics of these well-connected corporations that stonewall the Congress, lie to public officials, and have repeatedly gouged taxpayers, in my view, selling all of this stuff,” Wyden said during the Election Verification Network conference, a gathering of voting integrity advocates and election security experts in Washington. Wyden has been a leading voice among lawmakers who have criticized the voting machine industry as too opaque and not subject to enough oversight from Washington, especially as concerns grow among U.S. intelligence officials that elections will once again be a prime hacking target in 2020. “We’re up against some really entrenched, powerful interests, who have really just figured out a way to be above the law,” he said. “There is no other way to characterize it.” Furthermore, Wyden said, voting machine vendors have “been able to hotwire the political system in certain parts of the country.” He noted that newly elected Georgia Gov. Brian Kemp picked the top lobbyist for the voting giant Election Systems & Software as his deputy chief of staff. The companies, he said, “are accountable to nobody.”

Full Article: Wyden lambastes voting machine makers as ‘accountable to nobody’ - POLITICO.

Switzerland: Second flaw found in Swiss election system could change ‘valid votes into nonsense,’ researchers say | CyberScoop

CyberScoopResearchers have uncovered a second security flaw in the electronic voting system employed by the Swiss government. The vulnerability involves a problem with the implementation of a cryptographic protocol used to generate decryption proofs, a weakness that could be leveraged “to change valid votes into nonsense that could not be counted,” researchers Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague wrote in a paper published Monday. This disclosure comes weeks after the same team of researchers announced they had uncovered a flaw in the e-voting system that could allow hackers to replace legitimate votes with fraudulent ones. Swiss Post, the country’s national postal service, which developed the system along with Spanish technology maker Scytl, said earlier this month that first vulnerability had been resolved. Researchers said at the time that the vulnerability demonstrated what can go wrong when governments shift to electronic voting with no alternative plan. The security and integrity of electronic voting systems vary by country, and the vulnerabilities outlined in this research are specific to Switzerland, but other areas of the world increasingly are moving toward a voting infrastructure where it could soon be impossible to verify whether vote tampering has occurred. Christopher Krebs, head of the U.S. Cybersecurity and Infrastructure Agency told Congress last month election officials must have the ability to audit election results.

Full Article: Second flaw found in Swiss election system could change 'valid votes into nonsense,' researchers say.

National: Election security in 2020 means a focus on county officials, DHS says | CNET

As special counsel Robert Mueller’s investigation on Russian hacking and collusion with the Trump campaign ends, the Department of Homeland Security is gearing up to prevent a repeat for the 2020 US presidential election. The federal agency, which formed the Cybersecurity and Infrastructure Security Agency last November, said that it’s “doubling down” on its efforts, calling election security for 2020 a top priority. It hopes to do that by focusing on local election officials, Matt Masterson, a DHS senior adviser on election security, said in an interview with CNET. The emphasis on local represents a new tact as the DHS tries to shut down foreign interference in the US elections. While the agency worked with all 50 states during the 2018 midterm elections, security experts said the outreach needs to zoom in on a county level. There are about 8,800 county election officials across the US, and they are the people responsible for your voting machines, your polling place’s security and handling vote auditing.

Full Article: Election security in 2020 means a focus on county officials, DHS says - CNET.

National: What Will Mueller’s Russia Report Mean For Election Security In 2020? | WMOT

The release of special counsel Robert Mueller’s report may provide Americans with the best playbook yet on how to defend democracy in the lead-up to the 2020 presidential election. In the days since Attorney General William Barr’s letter to Congress, much of the focus has boiled down to one line from President Trump: “No Collusion, No Obstruction.” But judging by Barr’s language and the details that have come to light through indictments filed by Mueller’s team over the past two years, the report may also reveal more about how Russia attacked the 2016 U.S. presidential election. The report’s first section, according to Barr, focuses on Russian “computer hacking operations,” which included the theft of emails from the Democratic National Committee and Hillary Clinton’s campaign, as well as agitation online to try to exacerbate divisions among Americans. Barr’s summary didn’t address an aspect of the interference that Mueller has described elsewhere, including the cyberattacks that targeted state elections infrastructure.

Full Article: What Will Mueller's Russia Report Mean For Election Security In 2020? | WMOT.