Editorials: Cybersecurity doesn’t stop at the federal level — our states need help | John DeSimone/The Hill

This week, Congress reintroduced the State Cyber Resiliency Act, which encourages state and local governments to strengthen their defenses against cybersecurity threats and vulnerabilities. The bill, originally introduced in 2017, would create and authorize the Department of Homeland Security to run a grant program for states to develop, revise or implement cyber resiliency measures — including efforts to detect, protect, respond to, and recover from cyber threats. This legislation is good news for local government leaders, businesses and civilians who have been victims of ransomware and other forms of cyberattacks targeted at major cities. Local governments are an attractive target for malicious actors, including the massive cyberattack on the city of Atlanta last year and the recent ransomware attack in Albany, NY. As attacks increase in frequency and sophistication, increased funding at the local level is needed for cyber training and enhancing recruitment and retention efforts, ultimately helping ensure public safety. Just because a cyberattack is focused on one city — or even smaller, one sector of infrastructure within a city — does not mean the consequences are minor. In the example of the SamSam ransomware attack in Atlanta, the more than week-long event caused major disruption in five of the city’s 13 local government departments and ultimately cost the city $17 million. Impacting citizens, the system shutdown crippled the court system, limited vital communications involving critical infrastructure requests and forced the Atlanta Police Department to file paper reports. Empowering officials at the state and local level to easily detect and deter such preventable breaches like ransomware could save millions of dollars in damages. 

National: House Homeland Committee wants more cyber funding for DHS | FCW

Twenty-eight members of the House Homeland Security Committee are urging appropriators to boost cyber funding at the Department of Homeland Security above what the White House has requested. In a letter sent to the House Appropriations Committee, the signatories — including Chairman Bennie Thompson (D-Miss.) and ranking member Mike Rogers (R-Ala.) — asked for a raise in the spending cap for DHS cyber spending, saying years of flat funding levels at the department will not be enough to “properly resource” the newly established Cybersecurity and Infrastructure Security Agency and its mission. “We urge the committee to break from the status quo and increase the Homeland Security Subcommittee’s 302(b) allocation commensurate with the threat,” the members wrote. “It is imperative that [the allocation] enable CISA to mature and grow the services it provides to secure federal and critical infrastructure networks.” The letter cited increasing threats to federal data, election infrastructure, critical infrastructure sectors and “long-standing threats from nation-states, terrorists, transnational criminal organizations and other malicious actors” to justify an elevation in funding. Members highlighted how past funding increases have helped DHS and CISA expand their services to state and local governments to secure election and voting systems and incorporate additional federal agencies into cybersecurity programs like Einstein and Continuous Diagnostics and Mitigation.

National: How Will Cybersecurity Influence the 2020 US Election Cycle? | HeadStuff

The air is undeniably tense surrounding the next United States presidential race. Not only does the Land of the Free currently have one of the most controversial commanders-in-chief in its history, but the issues at stake are being approached from more partisan, polarised angles than ever before. Whether it’s women’s rights, the tax plan, or guns and public health, you cannot deny the stiff atmosphere in politics today. There’s a topic that’s become a bigger issue than it was four years ago, however: data protection. Cybersecurity is already a hot topic in the media. Of course, data security was previously a concern to the people who knew a thing or two about it, but the public was largely focused on other issues. But now, cybersecurity has become a public cause of concern. With the emerging news in the last few years about Russia’s attempts to tamper with the 2016 election, the American people are skeptical like never before. This begs a few questions: What role is cybersecurity going to play in our upcoming presidential debates? How will it be discussed in the media? And how will the public come down on these important issues?

National: The cyber teams that helped stop Russian election interference | Fifth Domain

When Pentagon leaders tasked Air Force cyber teams with helping prevent Russian trolls from influencing the 2018 midterm elections, it marked the first time those forces were tasked with such a mission under new authorities. Department of Defense has openly discussed their success in keeping the midterm elections free from Russian interference, but officials have provided few details about which teams were tasked with doing so. During an April 11 event at Langley Air Force Base, Gen. James Holmes, commander of Air Combat Command, said Maj. Gen. Robert Skinner, the head of Air Forces Cyber, was ordered and given the authority to defeat Russian influence operations. “It’s the first time we’ve really had the authority to go operate and do that in the cyber environment,” Holmes said. Cyber authorities have typically been held at the highest levels of government making them difficult to be approved for rapid use, but over the last year the Trump administration has begun to loosen those restrictions in an attempt to make it easier for commanders to employ cyber tools faster and react more quickly to adversaries in a domain that is measured in milliseconds.

Minnesota: Simon: Federal election money shouldn’t be budget bargaining chip | Mankato Free Press

The Minnesota Legislature shouldn’t delay up to $6.6 million in federal election cybersecurity funding to use as potential end-of-session bargaining, according to Secretary of State Steve Simon. Simon made several stops in south-central Minnesota Monday to discuss the upcoming 2020 election with local officials. The secretary of state stopped at Gustavus Adolphus College to praise students’ efforts to increase voter turnout. He also shared concerns he has with lawmakers delaying discussions on federal funding. “Every state in the country has it,” Simon said after a meeting with Blue Earth County officials. “We’re the only state that doesn’t. And it’s inexcusable.” Congress approved $380 million in additional election cybersecurity money following the 2016 elections and numerous attacks on state election systems. While 45 states automatically received funding, Minnesota — which gets $6.6 million under the updated Help America Vote Act — is one of five states that needs lawmaker approval before the Secretary of State’s Office gets that money. Simon made a $1.5 million request from lawmakers last year to free up money before the 2018 election, as Minnesota was one of 21 states targeted by foreign hackers attempting to get access to voter information during the 2016 election. That request was rolled into a $1 billion supplemental budget bill then-Gov. Mark Dayton vetoed. The DFL-controlled House passed a new bill in February allowing election officials to get all $6.6 million. Yet the GOP-controlled Senate passed a bill that only freed up Simon’s original $1.5 million request.

Editorials: More secure voting with a paper trail on its way to Pennsylvania | Jonathan M. Marks/Bucks County Courier Times

Pennsylvania voters can expect some important improvements at their polling place in the next year. More secure voting systems that produce a paper record are on the way. The paper record allows voters to verify their choices before casting the ballot. The systems also will make it easier for people with disabilities to vote without assistance and for officials to conduct better post-election audits. At least 25 percent of Pennsylvania’s 67 counties have already selected new voting systems that meet Pennsylvania’s enhanced standards for security, accessibility and auditing. Other counties are in various stages of deciding which certified system will best serve the needs of their voters. Susquehanna County led the way and installed new voting machines in time for last November’s election. Pennsylvania’s most populous county — Philadelphia — selected their new system recently with plans to implement it in time for this November’s election. We know we have little choice but to modernize our election infrastructure. The U.S. Department of Homeland Security and the Senate and House intelligence committees are urging states to upgrade their voting systems. There is nearly universal agreement among national security and election experts that all voters should be casting their ballots on new paper-based systems. Most other states have already made the vital switch to paper ballots.

Texas: Election security bill passes in Senate | News-Journal

East Texas state Sen. Bryan Hughes’ signature bill on election security won passage Monday in the Texas Senate and moves to the House of Representatives for debate. Senate Bill 9 creates a paper trail for electronic voting. It also takes aim at voter fraud that can occur when people who help disabled voters try to influence how they vote. It enhances the penalty for making a false statement on a mail ballot application from a misdemeanor to state jail felony and requires those who help voters who are not family members to sign a form documenting their role. The bill also would require people who help disabled voters cast a mail-in ballot officially certify that the voter they help is physically unable to enter a poll without risk to harm. In addition, it allows poll watchers to accompany both the voter and helper into the voting area. “The heart of the bill is that paper ballot, that paper backup,” Hughes, R-Mineola, said as he urged passage of the measure. “This is not a partisan issue. … It says if you’re going to bring someone to the polls and help them cast their ballot … then, yes. We want to know your names.” Hughes chaired a Select Committee on Election Security last summer in preparation for the legislative session that opened in January. Many of the provisions in his Senate Bill 9, he told senators, came from sworn testimony from Democrats and Republicans. The bill passed on a 19-12 vote along party lines. “For whatever reason, the national Democrats made this a lightning rod,” he said. “Election integrity is important to all of us.”

Europe: The EU is not ready to deal with Russian influence in its elections. Here’s why | CNBC

The European Union is having a hard job building a sufficient firewall when it comes to election interference, experts have told CNBC. The European Parliament — the EU’s legislative arm — has launched a campaign to tackle online disinformation ahead of its elections in May. But there are certain loopholes that mean there could still be outside influence in the vote. “Russia will attempt to influence the parliamentary elections using its usual tool kit, including targeted propaganda, and the stealing and leaking of information,” Andrew Foxall, director of the Russia and Eurasia studies at the Henry Jackson Society, told CNBC via email. He added that there are a number of steps that European institutions should take to prevent such influence. EU countries could share information with each other on “fake news” stories or disinformation; make public any influence attempts — whether from Russia or elsewhere; pledge not to use stolen data in their campaigns and make campaign financing more transparent, Foxall said. The Russian government was not immediately available for comment when contacted by CNBC.

Editorials: A storm of misinformation is coming. The Canadian federal election could be at risk | Eric Jardine/The Globe and Mail

Foreign Affairs Minister Chrystia Freeland made headlines recently when she proclaimed that foreign interference in Canada’s coming federal election was “very likely,” and that there had “probably already been efforts by malign foreign actors to disrupt our democracy.” Ms. Freeland is not wrong, nor is she being alarmist. If Canada’s election avoids the meddling and campaigns of disinformation experienced by the United States in the 2016 presidential election and Britain during the Brexit campaign, it will be because we have a small population and are of marginal power in comparison to the United States and Britain – not because we are special or somehow immune. Indeed, to think that there is something unique about Canada or Canadians that would make us more resilient to disruptive foreign influence operations would be a grave mistake. Canadians are just as prone as our U.S. and British friends to being swayed by malicious interference and the poisoning of our democratic processes by disinformation. The lessons of other Western countries loom large. While perhaps narrowly correct to say that Russia preferred Donald Trump to Hillary Clinton in the 2016 election, the real objectives of these operations are often not as clear-cut as trying to elect a particular person or secure a specific referendum outcome.

Israel: Can Israel’s election count be tampered with? An official explains the process | The Times of Israel

Last Thursday, two days after the elections, New Right party leader Naftali Bennett learned that his party was about 1,380 votes shy of earning any seats in the Knesset and demanded a recount, hinting at possible foul play. Sources in his party went so far as to allege that the elections were being “stolen” via a corrupted count. On Sunday, the Central Elections Committee granted Bennett access to the original “double-envelope” ballots — the “extra” votes from soldiers and diplomats on whose votes New Right had pinned its hopes of making it into the Knesset — so that he could confirm for himself that the count was honest. At the same time, the committee chastised his party for its insinuations of wrongdoing. In addition to New Right, several parties, including United Torah Judaism and Meretz, were in touch with the committee in the days immediately after the election over what they believed were mishandled ballot boxes. With the votes finalized on Tuesday — and UTJ bumped up a seat, Likud down a seat, and New Right still outside the Knesset — Bennett’s party remained insistent that it was the victim of fraud in the vote-counting process, asserting discrepancies in 8% of ballot boxes. The Central Elections Committee dismissed the claim as unfounded.

Philippines: System reviewers: Automated election system tough to hack, but Comelec still has to keep close watch | BusinessWorld

Individuals who took part in reviewing the automated election system (AES) that will be used for the midterm elections in May assure its security, but said they will still keep track of the Commission on Elections (Comelec) in ensuring its integrity. Philippine Linux Users’ Group (PLUG) source code reviewer Pablo Manalastas Jr. said that while the system is taxing for those who plan to rig the automated elections, the Comelec still plays a part in upholding the 2019 National and Local Elections fairness. “It’s very difficult for outsiders to hack into the system but it’s not as difficult to hack into the system if you’re a Comelec or a group of Comelec or Smartmatic personnel who knows all the.. access, then you can hack the system,” he said on Monday during the Poll Body’s consultation with the Local Source Code Review Committee (LSCRC) for this year’s elections. “We have to have faith that the Comelec will do its job,” he added. NPC Source Code reviewer Gadburt Mercado, for his part, said, “This is the first time we have been given unprecedented access so we clearly see the commitment of the agency towards ensuring the elections is a really transparent one.”

Russia: MPs cry foul in row over electronic voting | BBC

Russia’s lower house of parliament has passed a law allowing electronic voting in public elections – despite complaints that MPs’ own electronic voting system was being abused. Communist Aleksei Kurinny said fewer than half the MPs who backed the bill were actually present to vote. Earlier, his colleague Sergei Ivanov said some MPs were abusing the system by voting on behalf of colleagues. Deputy Speaker Alexander Zhukov ignored the complaints. Mr Ivanov, an MP for the Liberal Democratic Party, appeared to cast doubt on the reliability of any electronic voting, based on his colleagues’ behaviour in the State Duma. “I will not vote for this bill… There are 140 of you in this chamber, give or take one or two. If you are honest and decent people and don’t vote for your colleague who is not occupying their seat next to you, the bill won’t pass.” Media reports say Mr Zhukov tried to make a joke of the plea, calling on MPs not in the chamber to take their seats.

Ukraine: Ukraine’s Election Is an All-Out Disinformation Battle | The Atlantic

“Everything,” Dmytro Zolotukhin tells me, “is going like they wanted.” Slumped in a chair in a café here in the Ukrainian capital, Zolotukhin wasn’t talking about the campaign of Volodymyr Zelensky, a comedian who is favored to win the country’s presidential elections this weekend, or the incumbent, Petro Poroshenko. No, they are the Russians. Moscow has used Ukraine as a disinformation laboratory for years—and Zolotukhin is one of the men charged with fending them off. The Kremlin stands accused of interfering in elections the world over, driving division in societies through an array of tactics, chief among them online disinformation. Using fabricated or misleading news stories and fake accounts, Russian operations have sought to sow doubt in the democratic process. Ahead of European Parliament elections next month and the American presidential contest in 2020, Putin’s online armies are auditioning their tactics in Ukraine. Kyiv isn’t just the laboratory for Russia’s information warfare tactics, though; it’s also a proving ground for possible solutions, where officials such as Zolotukhin, Ukraine’s deputy minister of information policy, struggle to walk the line between defending democratic discourse and trampling freedom of speech. As the United States prepares for another contentious presidential race and social-media regulation looks inevitable, the Ukrainian government’s efforts highlight how difficult it is to fight disinformation in a polarized information environment. But offices such as Zolotukhin’s are often under-resourced, and in a divisive electoral period in which campaigns are themselves combatants in the information war, separating fact from fiction, patriot from enemy, and friend from foe is not as simple as it once was.