National: Feds Seek To Up Their Cybersecurity Game | Forbes

The idea that the U.S. federal government could play a dominant and effective role in protecting the nation from malicious cyberattacks on everything from Internet of Things (IoT) devices to critical infrastructure to election voting systems might strike some people as absurd. Its catastrophic security failures are well known.

– The Office of Personnel Management (OPM) couldn’t protect the personally identifiable information (PII) of more than 22 million current and former federal employees.

– The National Security Agency (NSA) couldn’t protect its own stash of so-called zero-day vulnerabilities that it hoped to use to spy on, or attack, hostile nation states or terrorist groups. Instead, the stash ended up in the hands of Wikileaks.

National: Senate Democrats push to match House’s ethics and election reforms | The Washington Post

Responding to action in the House, Senate Democrats unveiled their own version of a sweeping election and ethics reform bill Wednesday — one that Senate Majority Leader Mitch McConnell has vowed never to bring to a vote. Dubbed, like the House bill, the For the People Act, the Senate legislation includes a vast suite of proposals — including measures meant to expand voting, provisions aimed at unmasking and diluting the power of moneyed interests, new ethical strictures for federal officials and a new public financing system for congressional campaigns. The bill, according to its lead author, Sen. Tom Udall (D-N.M.), has the support of all 47 senators in the Democratic caucus. The House bill passed 234 to 193 this month with unanimous Democratic support, meaning every congressional Democrat is on record in support of the bill. “Today we are seizing their momentum and the momentum of the American people,” Udall said at a news conference Wednesday. “Now the ball is in Senator McConnell’s court. . . . This should not be about Democrats versus Republicans, this is about people versus special interests.”

National: Voting-machine vendors have some serious questions to answer, senators say | CyberScoop

While the security of the 2020 election remains a prominent topic in Washington, a group of Democratic senators is raising alarms about longer-term issues that will resonate after voters are done choosing a president about 20 months from now. The three companies that make most of the voting technology used in the U.S. must be more transparent about their plans to improve their products to meet current expectations about security and performance, says a letter Wednesday by Sen. Amy Klobuchar of Minnesota and three other top Democrats. In particular, the senators say every machine should reliably produce paper records, and the companies should do far more to upgrade their products. “The integrity of our elections is directly tied to the machines we vote on — the products that you make,” says the letter from Klobuchar, Mark Warner of Virginia, Jack Reed of Rhode Island and Gary Peters of Michigan. “Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.”

National: Former CIA leaders give ‘briefing book’ to 2020 candidates to counteract ‘fake news’ and ‘foreign election interference’ | The Washington Post

Two former top CIA officials have compiled an unclassified report on the major national security challenges facing the United States, which they are distributing to every candidate running for president. The report, which former acting CIA directors Michael Morell and John McLaughlin call a “briefing book,” is modeled on the classified oral briefing that the intelligence community provides to the nominees of each major political party running for president, usually after the nominating conventions. The former officials said they’re distributing their briefing now, more than a year before nominees are selected, in response to “the recent rise and abundance of fake news and foreign election interference,” according to a copy reviewed by The Washington Post. The 37-page document, which has not been previously reported, was sent this month to nearly every announced candidate and will soon be sent to President Trump, the former officials said. Intelligence agencies have usually viewed their discussions with nominees as a chance to prepare a potential president for the kinds of issues that he or she will have to grapple with, and to give them a sense of the kind of capabilities and expertise that the U.S. government can bring to bear.

Editorials: Fixing US Elections Is Easier—and Harder—Than You’d Think | Max Eddy/PCMag

When I flew out to San Francisco for the RSA Convention (RSAC) in early March, I planned to attend all the election security talks I could fit into my schedule. It’s an obvious choice. While the 2018 midterms concluded without much controversy, we’re still fighting over the 2016 presidential election, and we’re halfway to the next one. That’s in addition to the US system of casting and counting votes being, at best, a barely functional shambles. I expected the usual doom-and-gloom about election security, with researchers bemoaning the sorry state of voting machines in the US. I was even looking forward to it, because you have to be a little masochistic to be in this industry. There was a bit of the usual misery, but I wasn’t prepared for a double whammy of optimism and despair. I left convinced that we’ve actually sorted out the most pressing of the technological problems with voting. What has us stumped is the other stuff. And that’s a lot of stuff.

Georgia: Georgia likely to plow ahead with buying insecure voting machines | Politico

Georgia Gov. Brian Kemp is poised to sign a bill to overhaul the state’s voting system with machines that are widely considered vulnerable to hacking. The new equipment would replace the state’s paperless, electronic machines — technology so risky that a federal judge said last year that its continued use threatened Georgians’ “constitutional interests.” But security researchers say similar risks exist in the new electronic machines that the GOP-led legislature has chosen, which would embed the voter’s choice in a barcode on a slip of paper. The warnings from cybersecurity experts, election integrity advocates and Georgia Democrats are especially troubling given the abundant warnings from U.S. intelligence leaders that Russia will once again attempt to undermine the presidential election in 2020. “The bill’s sponsors made false and misleading statements during the entire legislative session in hearings leading up to the vote, often flatly contradicting objective evidence or mischaracterizing scientific writing,” said Georgia Institute of Technology computer science professor Rich DeMillo, who testified throughout the process.

New Jersey: New Jersey was going to have paper-based voting machines more than a decade ago. Will it happen by 2020? | Philadelphia Inquirer

New Jersey was once poised to become a national leader in election and voting security. Instead, it now lags most states — including Pennsylvania and Delaware — by relying on aging, paperless machines that experts say are vulnerable to attack and can’t be properly audited. There are no statewide plans to buy new machines; nor is the state urging counties to buy new systems, in contrast to Pennsylvania, where Gov. Tom Wolf has ordered all 67 counties to have new machines by next year’s primary election. “We are doing what we can with the funding that we have and the situation that we’re in,” said Robert Giles, who heads the state’s Division of Elections. The challenge, he said, is funding. Counties are left to their own initiatives. But the current machines are nearing death. The money will have to come from somewhere, said Jesse Burns, head of the League of Women Voters of New Jersey. “Time, it has run out. So there’s no more kicking it down the road,” she said.

Pennsylvania: Questions abound over new voting machines in Luzerne County | Citizens’ Voice

It looks like Luzerne County voters will not use new voting machines until next year, thanks in part to uncertainties over state funding. Also, it is not clear when officials will release information about investigations into county elections director Marisa Crispell’s ties to county vendor Election Systems & Software — one of the prospective vendors for the new machines. The county plans to purchase an electronic voting system that provides added security via a “paper trail” for each vote cast, to comply with a directive state officials issued last year. When county officials first discussed the planned purchase, with an estimated price tag of $4 million, they said the new machines might be in place for this year’s November election. That does not look likely now, though it’s not impossible, according to county Manager David Pedri. “We would still like to get them in for November,” Pedri said Thursday. “The question is when we can get them.”

Australia: Committee pushes ‘cyber taskforce’ for security of Australia’s election system | ZDNet

The Joint Standing Committee on Electoral Matters is tasked with overseeing the Australian electoral system, specifically the activities of the Australian Electoral Commission (AEC). Its Status Report [PDF], released on Friday, follows the November publication of the Report on the conduct of the 2016 federal election and matters related thereto [PDF], which made 31 recommendations to the AEC regarding cybersecurity, in particular where the manipulation of elections was concerned. One of the recommendations made by the committee was that the Australian government establish a permanent taskforce to “prevent and combat cyber manipulation in Australia’s democratic process” and to “provide transparent, post-election findings regarding any pertinent incidents”. Specifically, the taskforce, the committee wrote, would focus on “systemic privacy breaches”. In its latest report, the committee again recommended the taskforce be established.

Canada: Officials worry that foreign actors are trying to meddle in 2019 election | The Toronto Star

Canadian intelligence agencies have identified persistent foreign state-backed cyber campaigns against government and civilian targets that have some officials worried efforts to interfere with this year’s federal election have already begun. Two intelligence sources with direct knowledge of efforts to safeguard Canada’s 2019 election say the rate of cyber attacks against federal institutions, political parties and private companies has been steadily increasing. Between 2013 and 2015, an average of 2,500 state-sponsored “cyber activities” against government networks were detected each year. The rate of success of those activities declined over that period, from six per cent in 2013 to two per cent in 2015 — but that still works out to one successful attack per week. The government officials, who requested anonymity to speak about ongoing national security matters, said just because a hostile state have political and government systems targets does not necessarily mean they intend to disrupt the election. But others are treating it as a foregone conclusion.

Finland: Russia’s Neighbor Finland Mounts Defenses Against Election Meddling | Bloomberg

The country that shares a bigger border with Russia than the rest of the European Union combined is ramping up its defenses against the threat of foreign meddling in its April 14 election. Finland has always had a love-hate relationship with its much bigger neighbor. A history of tension and bloody confrontations has given way to a strong trading partnership, and the country’s diplomatic role as a bridge between Russia and the West is one reason why its capital was picked for last year’s summit between Donald Trump and Vladimir Putin. But with evidence of Russian interference in Western politics mounting, the euro area’s northernmost member state remains on high alert. Social media influence campaigns or direct cyber attacks are already thought to have impacted key votes such as the U.S. election in 2016 and the U.K’s Brexit referendum.

Thailand: Election Observers Call Still-Partial Thai Vote Count Flawed | Associated Press

A group of international observers criticized vote counting in Thailand’s first election since a 2014 military coup, saying Tuesday that the “tabulation and consolidation of ballots were deeply flawed” though it had no reason to believe the issues affected overall results. The Asian Network for Free Elections said the announcement of some preliminary results that were “wildly inaccurate” damaged the “perceived integrity of the general election.” The group, also known by its acronym Anfrel, is one of several observer groups that have raised concerns about Sunday’s vote, which in part pitted a party allied with the ruling junta against the party that led the government it ousted. Thailand’s Election Commission, appointed by the junta’s hand-picked legislature, has already defended its count, which is still in its preliminary stages. It blamed any issues on the failure of the media to keep up with the raw data. After delaying the release of the full vote count on election night and then again on Monday, the commission has now said it will release its final preliminary results on Friday. Official results are not expected until May.

Ukraine: Intelligence Service elaborates on Russia’s election meddling plans | Reuters

The Foreign Intelligence Service of Ukraine (SZRU) has released a report on the features of Russia’s approaches to affecting the course and results of Ukraine elections. Russia’s main action plan on Ukraine in the short and medium term envisages further provoking extensive destabilization to facilitate the revenge of pro-Russian forces following the 2019 election, the Information Resistance OSINT Group wrote citing the SZRU report published on its website Wednesday, March 27. This will include systemic and versatile measures for influencing the course of the election process and the vote count during the presidential and parliamentary elections, the report says. In this context, the main areas where Russia is most likely to intensify its efforts is destabilization, including on the contact line in Donetsk and Luhansk regions, incitement of military-political confrontation with elements of economic influence; propaganda campaigns in the Ukrainian media and using instruments for cyber interference; measures to provide electoral support to individual candidates; and discrediting the electoral process in the international media space and through Kremlin’s positions in international organizations, as well as Western political and expert circles.