International: Cyber security: This giant wargame is preparing for the next big election hack | ZDNet

A giant cyber-defence exercise has pitted teams from NATO nations against mysterious hackers trying to cause chaos during the elections of a small, fictional, country. The aim of the annual Locked Shields exercise is to give teams the chance to practice protection of national IT systems and critical infrastructure under the intense pressure of a severe cyberattack. The event organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), which describes the event as the largest and most advanced international live-fire cyber exercise in the world. According to the Locked Shields scenario, the fictional island country of Berylia finds itself under a cyber attack just as the country is conducting national elections. The coordinated attacks aim to disrupt water purification systems, the electric power grid, 4G public safety networks, and other critical infrastructure components. The cyber attacks also attempt to undermine the trust in the election result — leading to public unrest.

National: Feds say Russian 2016 election meddling spanned all US states | Naked Security

A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race. The report is called a joint intelligence bulletin (JIB), and it comes from the Department of Homeland Security and the FBI. It is an unclassified document intended for internal distribution to state and local authorities. Intelligence newsletter OODA Loop reports that the JIB reveals stronger evidence of Russian interference. Agencies believe that Russian agents targeted more than the 21 states initially suspected. According to the bulletin:

Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified, bringing the number of states known to be researched by Russian actors to greater than 40.

Although there are some gaps in the data, the bulletin claims “moderate confidence” that Russia conducted “at least reconnaissance” against all US states because its research was so methodical, it added.

National: Inside the Russian effort to target Sanders supporters — and help elect Trump | The Washington Post

After Bernie Sanders lost his presidential primary race against Hillary Clinton in 2016, a Twitter account called Red Louisiana News reached out to his supporters to help sway the general election. “Conscious Bernie Sanders supporters already moving towards the best candidate Trump! #Feel the Bern #Vote Trump 2016,” the account tweeted. The tweet was not actually from Louisiana, according to an analysis by Clemson University researchers. Instead, it was one of thousands of accounts identified as based in Russia, part of a cloaked effort to persuade supporters of the senator from Vermont to elect Trump. “Bernie Sanders says his message resonates with Republicans,” said another Russian tweet. While much attention has focused on the question of whether the Trump campaign encouraged or conspired with Russia, the effort to target Sanders supporters has been a lesser-noted part of the story. Special counsel Robert S. Mueller III, in a case filed last year against 13 Russians accused of interfering in the U.S. presidential campaign, said workers at a St. Petersburg facility called the Internet Research Agency were instructed to write social media posts in opposition to Clinton but “to support Bernie Sanders and then-candidate Donald Trump.” That strategy could receive new attention with the release of Mueller’s report, expected within days.  

Editorials: Good, bad and ambiguous in Georgia’s new voting system | Wenke Lee/Atlanta Journal Constitution

Although I’m pleased the Georgia General Assembly acted quickly this session to address flaws in our current voting equipment, I remain concerned that, overall, our state has chosen the less-secure, more-cumbersome, costly option and that too many details — essential for election security and voter confidence — are still undefined. First, let’s review what’s right about HB 316 and what Georgia gained. It requires: pre-certification election audits to validate initial outcomes; “voting in absolute secrecy;” that voting equipment produce a paper record in a format readable by humans, and that equipment will “mark correctly and accurately.” I’m also pleased that voter education is part of this bill, in the albeit very modest stipulation that poll workers post signs reminding voters to read, review, and verify paper printouts before casting their final votes. What’s bad about HB 316 is what it could have accomplished but did not: human-readable, hand-marked paper ballots — by far the most cost-effective and cybersecure method of voting. Instead, it establishes a system where electronic ballot markers (EBMs) are used to generate a paper receipt of voter selections — rather than a hand, holding a pen to paper. Overwhelmingly, citizens, computer scientists, cybersecurity experts, and nonpartisan groups recommended and requested hand-marked paper ballots in Georgia over any other method. I am baffled as to why state lawmakers repeatedly ignored such an overwhelming cry.

Editorials: Georgia’s voting system must be secure, accessible, auditable | David Becker and Michelle Bishop/Atlanta Journal Constitution

Russia attacked our election infrastructure and spread disinformation in the 2016 election, and continues to interfere in our elections. While there remains zero evidence that any votes in any election have been changed, Russia achieved its goal of dividing this country and reducing Americans’ confidence in their democracy. Russia’s efforts are likely to continue through 2020, and it is critical now more than ever that we come together to secure our democratic systems, upgrade outdated voting technology, and improve auditing ballots post-election, to ensure that every eligible American is able to cast their ballots accurately and with confidence. There is a consensus among the intelligence community and cybersecurity experts that human-readable paper ballots, which can be audited by comparing them to the official tally of votes, are necessary to secure our elections. As a result, states such as Georgia are responding — moving toward paper-based voting systems for 2020 and planning for more robust audits to ensure the count is accurate, regardless of foreign interference.There are basically two types of voting systems that accommodate paper ballots. The most common are hand-marked ballots, where the voter fills in a bubble or connects an arrow. These ballots are then fed into a scanner that is programmed to read those handmade marks as votes in particular races, and those votes are tabulated to determine the winner. These systems have some advantages – they are considered cheaper by some (at first, though the costs of printing ballots adds up over time, and the cost benefits, if any, shrink), and voters are familiar with them.

Missouri: St. Louis County Board Of Elections Gearing Up For Upgrades | St. Louis Public Radio

The St. Louis County Board of Elections is upgrading its voting equipment for the upcoming 2020 elections. The county has roughly 1,800 touch voting machines and 500 optical scan paper ballot tabulators that have had their fair share of wear and tear, and the software is now out of date. Eric Fey, the Democratic director of elections for the St. Louis County Board, said the last time county voters had new voting equipment was in 2005. “Although the equipment is 100% accurate, we have to replace components more often,” Fey said. “It’s very hard to get replacement parts. And then with the software, the programming of the ballot, the tabulation of the ballots is very labor intensive.” Currently, the board of elections is holding public demonstrations with three contenders including Dominion, Hart InterCivic and the county’s current vendor Election Systems & Software.

New York: Oversight Committee head calls for halt on voting machines | New York Post

The chair of the City Council’s Oversight and Investigations Committee is calling for a halt to the Board of Elections’ plan to use machines supplied by a company with a spotty record for this fall’s early voting. “I’m against rigging the process in favor of a contractor with a dubious track record,” said Councilman Ritchie Torres (D-Bronx). Election Systems & Software came under fire after its ballot scanners reportedly jammed at polling places across the city in November’s elections. “There needs to be an investigation of the performance and conflicts of interest involving ES&S. There should be a competitive bidding process,” Torres said. BOE Executive Director Michael Ryan is also on the hot seat after it was revealed last year that he failed to report several posh business trips paid for by ES&S. He subsequently stepped down from an unpaid gig on the contractor’s advisory board.

Ohio: Heading off hackers: Ohio weighs Cyber Force | Dayton Daily News

In January, Akron suffered a “ransomware” attack when hackers shut down the city’s 311 non-emergency phone call system just as city plows were being deployed during a snowstorm. To undo the damage, hackers gave the city a demand: A five-figure sum.Ohio lawmakers are considering legislation — Senate Bill 52 — to deal with that kind of scenario in what they say will be a quick and organized way: The legislation would create a civilian force of 50 to 100 professionals across the state who would work to prevent such attacks and respond when they happen.RELATED: Ohio looks to set up a cyber reserve to fight, prevent attacks The all-volunteer Ohio Cyber Reserve would operate under Maj. Gen. John Harris, the Ohio adjutant general who commands the Army National Guard and the Air National Guard.“There’s so much cyber talent working out there in industry, in business and quite frankly in some municipalities, but we have no way to orchestrate that or organize that,” Harris said in an interview.

Pennsylvania: Philadelphia controller subpoenas city elections officials over voting machine decision | Philadelphia Inquirer

Philadelphia City Controller Rebecca Rhynhart last week subpoenaed the city’s elections officials for documents related to the controversial selection of new voting machines. Rhynhart’s subpoena is the most-pointed official effort known to date to obtain information about a voting machine selection process that critics have decried as opaque, lacking true public input, and biased. The items requested in the subpoena, dated April 1, include copies of all proposals received, the names of all committee members who scored them, and copies of those evaluations. The information was originally due by Tuesday, but the City Commissioners’ Office was granted an extension. (The new deadline was unclear Thursday; the Controller’s Office declined to comment on the subpoena.) Nick Custodio, deputy commissioner under Chairwoman Lisa Deeley, said only that the city’s Law Department “is handling everything as it relates to the request” from Rhynhart. He declined to comment further.

West Virginia: Division of Motor Vehicles is losing voter registrations | Register-Herald

State officials say the West Virginia Division of Motor Vehicles is losing voter registrations, but they don’t know how many and for how long. Donald Kersey, general counsel for Secretary of State Mac Warner’s office, said the DMV sends the Secretary of State’s office a daily list of voter registrations, but the secretary’s office estimate several registrations are lost per day because of technical problems at the DMV – “a systematic error,” he said. The problem, Kersey said, has been ongoing at least since the 2018 general election. During a five-day test period in January, 37 people, who were flagged as registering at the DMV, did not have their registration received by the Secretary of State. Kersey, who was previously elections director for the Secretary of State, noted that West Virginia law says the DMV should forward voter registrations to the Secretary of State’s office, which transfers it to county clerks. But he said that during early voting before the 2018 general election, dozens of people said they had registered at local DMVs to vote, but the Secretary of State’s office had no record of it.

Europe: Ensuring Legitimacy of the Vote by Boosting Cybersecurity | EuBulletin

As the May’s European elections are slowly approaching, EU institution have been intensively testing their own cyber systems to help prevent any potential outside attacks or breaches into their systems. Together with observers from the European Parliament, the European Commission and the EU Agency for Cybersecurity, over 80 representatives from EU governments have participated in a recent (5 April) exercise. Rainer Wieland, Vice-President of the European Parliament and German EPP MEP and many others voiced their concern about the dependability of the upcoming elections should cybersecurity be compromised. “A cyber-attack on elections could dramatically undermine the legitimacy of our institutions,” Mr. Wieland said. “The legitimacy of elections is based on the understanding that we can trust in their results.”

India: Opposition leaders questions reliability of electronic voting machines, demand 50 per cent VVPAT count | Business Standard

Opposition leaders including TDP chief N Chandrababu Naidu, Congress’ Abhishek Manu Singhvi and AAP’s national convenor Arvind Kejriwal, on Sunday questioned the reliability of the electronic voting machines (EVMS) and demanded a mandatory paper trail count in at least 50 per cent of the Assembly constituencies in all Lok Sabha seats. At a joint press conference, Singhvi said,”We will campaign in the whole country and outline that repeatedly questions are being raised on elections and the Election Commission is not paying due attention to it. We have heard many issues in these elections such as EVM button giving vote to a different candidate and lakhs of voters being deleted online. Fifteen state parties and six national parties are supporting this campaign. We believe that counting of five VVPATs per Assembly constituency is not good enough. We want that check of 50 per cent of VVPATs must be made mandatory in all constituencies.” “There were arguments raised about logistics and it was stated that VVPAT counting may take days. However, we believe that if the number of teams of poll officials is increased it can be done in lesser time. Between logistics and credibility, we must choose the latter. We believe that paper trail is indispensible,” he said.

Israel: How Israel Limited Online Deception During Its Election | The New Yorker

Earlier this year, Hanan Melcer, the chairman of Israel’s Central Elections Committee and a veteran justice on the Supreme Court, summoned representatives from major U.S. social-media and technology companies for talks about the role he expected them to play in curbing online deception during the country’s election, which took place on Tuesday. Facebook and Google sent representatives to meet with Melcer in person. Twitter executives, who weren’t in the country, arranged for a conference call. “You say you’ve learned from 2016,” Melcer told them, according to a government official who was present. “Prove it!” When Melcer, two years ago, assumed his role overseeing the election, he expected that covert influence campaigns by foreign adversaries, similar to Russia’s alleged interference during the 2016 U.S. Presidential race, could be his biggest challenge. But, as Melcer and his colleagues looked more closely into the issues they could face, they realized that the problem was broader than foreign interference. Russia’s campaign in the United States demonstrated that fake personas on social media could influence events. In Israel and elsewhere, political parties and their allies realized that they could use similar techniques to spread anonymous messages on the Internet and on social media to promote their candidates and undermine their rivals. The use of fake online personas has a long history in Israel. In the mid-two-thousands, an Israeli company called Terrogence used them to infiltrate suspected jihadi chat rooms. Later, Terrogence experimented with covertly influencing the jihadis they targeted. More recently, companies in Israel and elsewhere started using fake personas to spread messages on behalf of political parties and their allies.

National: DHS, FBI say election systems in all 50 states were targeted in 2016 | Ars Technica

A joint intelligence bulletin (JIB) has been issued by the Department of Homeland Security and Federal Bureau of Investigation to state and local authorities regarding Russian hacking activities during the 2016 presidential election. While the bulletin contains no new technical information, it is the first official report to confirm that the Russian reconnaissance and hacking efforts in advance of the election went well beyond the 21 states confirmed in previous reports. As reported by the intelligence newsletter OODA Loop, the JIB stated that, while the FBI and DHS “previously observed suspicious or malicious cyber activity against government networks in 21 states that we assessed was a Russian campaign seeking vulnerabilities and access to election infrastructure,” new information obtained by the agencies “indicates that Russian government cyber actors engaged in research on—as well as direct visits to—election websites and networks in the majority of US states.” While not providing specific details, the bulletin continued, “The FBI and DHS assess that Russian government cyber actors probably conducted research and reconnaissance against all US states’ election networks leading up to the 2016 Presidential elections.” DHS-FBI JIBs are unclassified documents, but they’re usually marked “FOUO” (for official use only) and are shared through the DHS’ state and major metropolitan Fusion Centers with state and local authorities. The details within the report are mostly well-known. “The information contained in this bulletin is consistent with what we have said publicly and what we have briefed to election officials on multiple occasions,” a DHS spokesperson told Ars. “We assume the Russian government researched and in some cases targeted election infrastructure in all 50 states in an attempt to sow discord and influence the 2016 election.”

National: Election machine vendors back legislation requiring post-election audits, vulnerability disclosure | InsideCyberSecurity

Two major election machine vendors stated their support for requiring post-election audits to ensure the validity of election results in the case of a cyber attack or other tampering, in response to questions recently posed by senior Senate Democrats. Sens. Amy Klobuchar (D-MN), Gary Peters (D-MI), Jack Reed (D-RI), and Mark Warner (D-VA) sent letters last month to the three largest election machine vendors asking whether the companies would support legislation around post-election audits and what cyber controls are in place to secure the vote. In its response submitted on Tuesday, Hart InterCivic wrote that “robust post-election audits are the most compelling response” to threats posed by outdated technology. “Auditing is the most transparent and effective means to demonstrate that election outcomes accurately reflect the intention of voters,” Hart wrote. “Hart unequivocally supports state efforts to strengthen auditing procedures.” Tom Burt, the president and CEO of Election Systems and Software, also supported the idea of legislation around post-election audits, writing that the company “strongly supports legislation that would expand the use of routine post-election audits. ES&S believes that successful post-election audits, including risk-limiting audits such as those which have recently occurred in several jurisdictions, will increase confidence in our country’s election process.”

National: Cybersecurity Campaign Aid Delayed by Corporate Money Fears | Bloomberg

The Federal Election Commission delayed a vote on a plan to provide free cybersecurity assistance for campaigns, with the panel’s chairwoman voicing concerns it could the open the door to corporate money in campaigns. Ellen Weintraub said she supported the goal of cybersecurity but questioned whether the proposal could grant broad leeway for providing aid to campaigns outside the limits and restrictions of campaign finance law, including a longstanding ban on corporate contributions to candidates. “We do not want to inadvertently blow a hole in the corporate contribution ban,” the Democratic chairwoman said at a commission meeting today. The nonprofit watchdog Campaign Legal Center, which had voiced similar concern about the initial proposal, has signed off on a compromise that includes language emphasizing the aid is tied to the imminent threat of illegal foreign interference in elections. The commission may take up the issue again at its scheduled April 25 meeting.

National: After Arrest of Julian Assange, the Russian Mysteries Remain | The New York Times

In June 2016, five months before the American presidential election, Julian Assange made a bold prediction during a little-noticed interview with a British television show. “WikiLeaks has a very big year ahead,” he said, just seconds after announcing that the website he founded would soon be publishing a cache of emails related to Hillary Clinton. He was right. But an indictment unsealed on Thursday charging Mr. Assange with conspiring to hack into a Pentagon computer in 2010 makes no mention of the central role that WikiLeaks played in the Russian campaign to undermine Mrs. Clinton’s presidential chances and help elect President Trump. It remains unclear whether the arrest of Mr. Assange will be a key to unlocking any of the lingering mysteries surrounding the Russians, the Trump campaign and the plot to hack an election. The Justice Department spent years examining whether Mr. Assange was working directly with the Russian government, but legal experts point out that what is known about his activities in 2016 — including publishing stolen emails — is not criminal, and therefore it would be difficult to bring charges against him related to the Russian interference campaign. Numerous significant questions are left unanswered, including what, if anything, Mr. Assange knew about the identity of Guccifer 2.0, a mysterious hacker who American intelligence and law enforcement officials have identified as a front for Russian military intelligence operatives.

National: Comey Says Trump’s Silence Invites Another Russia Election Hack | Bloomberg

Former FBI Director James Comey said the U.S. remains unprepared for another attack on its elections and faulted the attorney general for suggesting that the government was “spying” on Donald Trump’s presidential campaign in 2016. Echoing the findings of U.S. intelligence agencies, Comey said Russia intervened in the 2016 election to damage American democracy, undermine Democratic nominee Hillary Clinton and bolster Trump. Russian officials have denied the accusations. But Comey said Trump’s “denial of a fundamental attack” on the U.S. means “we’re inviting it to happen again with our president’s silence.” The former FBI leader also said he was concerned by Attorney General William Barr’s comments on Wednesday that he’s starting his own inquiry into counterintelligence decisions that may have amounted to political espionage, including actions taken during the Russia probe in 2016. “I really don’t know what he’s talking about when he talks about spying on the campaign,” Comey said. “The FBI and Department of Justice conduct court-ordered surveillance. If the attorney general has come to the belief that that should be called spying, wow, that’s going to inspire a whole lot of conversations in the Department of Justice.”

Missouri: Lawmakers discuss return to paper ballots | Columbia Missourian

Voters could get the chance to check their electronic ballot for accuracy before turning it in under a proposed bill. HB 543, sponsored by Rep. Tony Lovasco, R-O’Fallon, would require electronic voting machines to print out a paper ballot that could be reviewed by the voter. That paper ballot would also be available to those checking ballots during recounts. The bill also works to phase out electronic voting machines that directly record results without producing some sort of physical copy. As the machines die out due to age or malfunction, the bill states that they would not be replaced. The bill would make paper ballots the “official ballot” except for those submitted by electronic machines that have not yet been replaced.

Ohio: Thousands of voters given wrong polling location by Secretary of State website | Fayette Advocate

An apparent error on the Ohio Secretary of State’s website has caused thousands of voters to have the wrong polling location listed on their voter registration. According to the Pickaway County Board of Elections, “a large majority” of their county’s registered voters have been given the misinformation by the Secretary of State through the state’s official website voter registration portal. “We send a file to the Ohio Secretary of State and it appears they have addresses for several precincts incorrect,” Michele Lockard, director of the Pickaway County Board of Elections wrote in an email to a voter who inquired about the issue Thursday morning. It is unclear exactly how many voters have been impacted by the error, but Lockard said that she, herself, was also affected. It was also not made immediately clear to the Advocate if Pickaway County was the only county impacted by the error. The county has 34,339 registered voters.

Pennsylvania: Philadelphia commissioner breaks silence to criticize voting machine decision and call for new selection | Philadelphia Inquirer

Philadelphia City Commissioner Anthony Clark, who rarely says anything at board meetings and has a reputation for not showing up to work, suddenly spoke up Wednesday to say he favors invalidating the city’s choice of voting machines and restarting the selection process. His comments, which caught nearly everyone by surprise, were delivered almost casually during the commissioners’ weekly meeting, after City Controller Rebecca Rhynhart urged the elections officials to nullify the controversial selection of new systems. “Today I request that this body vacate the commissioners’ earlier decision and draft and reissue a new, fair” request for proposals, Rhynhart said after calling the selection process opaque and biased. “Please don’t deny Philadelphia’s voters a true voice in the selection of these machines.” Clark, who had not spoken publicly about the decision and did not cast a vote when the commissioners chose the system, responded: “Well, I’d just like to say that I do support your recommendation. That’s all I have to say at this time.” Advocates have for months implored Philadelphia election officials to select a hand-marked paper ballot system rather than the ES&S ExpressVoteXL system that was chosen Feb. 20 have accused the commissioners of illegally selecting that machine and called for that vote to be nullfied.

Finland: DoS attack against election results portal under investigation in Finland | Helsinki Times

A denial of service (DoS) attack against the official online election results service is under investigation in Finland. The National Bureau of Investigation (KRP) on Wednesday reported that the attack took place last weekend, stressing that the attack can have no impact whatsoever on the election results as the targeted service is not related to the casting or counting of votes. The short and low-volume attack caused intermittent disruptions to the results service in the wee hours of last weekend, Arto Jääskeläinen, the head of electoral administration at the Ministry of Justice, told Lännen Media. The service on vaalit.fi is used primarily by small news outlets, he added to Helsingin Sanomat. YLE, Helsingin Sanomat and other major outlets, in turn, have an agreement in place that provides them access to the results data through a secure connection.

India: The first day of voting in India is dotted with glitches in the electronic voting machines | Business Insider India

The general election has only just begun and reports of Electronic Voting Machine (EVM) malfunctions are flying in from multiple corners of the country. Butchirajupalem in Visakhapatnam and Cooch Behar in West Bengal were one of the first constituencies to halt voting because the EVM machines stopped working. One of the poll booths in Ghaziabad in Uttar Pradesh and two booths in Hyderabad, Telangana are also reported facing problems with their voting machines a while later. But most of the EVM malfunctions are being reported in Odisha and Andhra Pradesh. In Andhra Pradesh, Telugu Desam Party and the YSR Congress Party (YSRCP) are reporting EVM malfunctions. YSRCP is reporting that as many as 99 of the polling booths aren’t working. Tensions between both political parties have resulted in violent clashes and ransacking of poll booths.

Israel: Cyber expert: Future elections will have even more cyber issues | Jerusalem Post

While the 2019 Knesset elections had some unprecedented cyber issues, future elections will have even more, cyber expert and founder and editor-in-chief of Cybertech Magazine Amir Rapaport says. Speaking to The Jerusalem Post on Wednesday, Rapaport divided the impact of cyber on the elections into three spheres. He said that Israel’s Central Elections Committee, in coordination with the Israel National Cyber Directorate (INCD) and other agencies (the Shin Bet Israel Security Agency is known to have a heavy role), seem to have succeeded in protecting from actual hacking of physical election systems. To that extent, no one has called into question the voter totals produced by the committee based on accusations of a cyber attack. (There are some minor controversies, but not related to the cyber sphere.) Further, some of the dark scenarios to prevent voters from reaching the polling stations, including the hacking of trains and other public transit, did not transpire.

National: Divided Congress can’t agree on fix for ‘dangerous’ Russian election meddling | McClatchy

Despite clear and compelling evidence of a Russian plot to disrupt the 2016 presidential election, partisanship has all but killed any chance that Congress will pass legislation to shore up election security before voters cast their ballots next year. Republicans and Democrats in Congress largely agree with Special Counsel Robert Mueller’s finding that Russia tried to meddle in U.S. democracy — and that foreign interference remains a serious threat. “Russia’s ongoing efforts to interfere with our democracy are dangerous and disturbing,” said Senate Majority Leader Mitch McConnell, R-Kentucky, after Mueller finalized his investigation last month. But McConnell has made it clear that he’s unlikely to allow the Senate to vote on any election-related legislation for the foreseeable future. Republican Sen. Roy Blunt of Missouri, who chairs the Senate Rules Committee that has jurisdiction over election security legislation, blames House Democrats for McConnell’s hardline stance. Blunt said Democrats overreached in January when they passed H.R. 1, a sweeping measure focused on voting rights, campaign finance, and government ethics.

National: Registered to vote? Your state may be posting personal information about you online. | The Washington Post

Americans routinely hemorrhage personally identifiable information (PII) across social media and other websites. On almost a weekly basis, PII bleeds out in dramatic breaches like the recent one at Toyota that exposed 3.1 million customers or another at Georgia Tech in which an “unknown outside entity” illegally accessed data for more than 1 million students, faculty members and alumni. Some 26 million Americans were victims of identity theft in 2016, according to the Bureau of Justice Statistics. One way thieves, scammers and psychopaths perform reconnaissance on their victims is to find them via Google or social media. A fair start — but information on the Internet is often inaccurate. If I were a malicious actor looking for a victim’s PII, I’d begin where the data is government-certified. Tax records and housing data are PII treasure troves but not all records are digitized. Political contributions can be valuable — if a person gave money to a candidate over a certain amount. Yet, an exposed area still exists. States hold important personal records of American voters through their secretary of state (SOS) websites. In most states, some or all of this information is accessible to anyone with an Internet connection. I have an Internet connection. And until recently, I ran the open source intelligence division at a cybersecurity firm. So, I tried to access all 50 states’ (and the District’s) online voter registration systems. In the process, I was able to obtain personal information about the citizens of 40 different states, from Alaska to Arkansas, West Virginia to Wisconsin, New Mexico to North Carolina. In some states, that PII included personal addresses, historic voter data and race.

National: Cybersecurity toolkits ahead for elections and media people | Politico

The founder of Craigslist and the Global Cyber Alliance are teaming up to provide free cyber defense toolkits to election officials, nonprofit election rights groups and the media modeled after the ones GCA recently pioneered for small businesses. Craig Newmark Philanthropies is offering GCA more than $1 million for the project, and GCA is netting $1.5 million from other sources, the groups are announcing today. “Elections bodies and the media are facing increasingly sophisticated cyberattacks that can impair the exercise of democracy and affect election results, and they are not prepared to deal with the threat,” Phil Reitinger, president and CEO of the GCA, told MC. The idea is to assemble a set of immediately available resources, rather than just advice. “I’ve been lucky enough to do well and put my money where my mouth is and help protect the people who protect our country,” Newmark told MC.

National: Nielsen Firing Leaves Cybersecurity Concerns Without a Champion | Bloomberg

The abrupt ouster of Homeland Security Secretary Kirstjen Nielsen could be a blow to the department’s efforts to bolster America’s defenses against growing cybersecurity threats, former officials from the department, advocates and lobbyists say. “The worst-case scenario is that our adversaries use this moment of leadership transition, and use it as a Trojan Horse to launch some sort of attack,” Caitlin Durkovich, former DHS assistant secretary for infrastructure protection for the Obama administration, said in an interview. “Who’s to say that the new acting secretary’s priorities aren’t different and that there will be the same emphasis on cyber when there’s such an emphasis on immigration?” said Durkovich, who now works with risk advisory firm Toffler Associates. Nielsen may be most remembered as the face of President Donald Trump’s most hard-line immigration policies. But over her 16-month tenure, cyber specialists and federal officials have applauded her relentless championing of cybersecurity priorities. She frequently warned that increasing threats of hijacking critical infrastructure—from the electric grid to voting machines—were a greater threat to America’s security than terrorism.

National: ‘We can’t confirm him,’ Pat Roberts warns of potential Kobach nomination for DHS | The Kansas City Star

One of the GOP senators from Kris Kobach’s home state said Tuesday that the Senate would not be able to confirm the Kansas Republican if President Donald Trump taps him for a cabinet post. Kobach, the former Kansas secretary of state, has been mentioned as a potential candidate for an array of immigration-related positions since President Donald Trump pulled his nominee for the director of Immigration Customs Enforcement and announced the departure of Secretary of Homeland Security Kirstjen Nielsen. But Sen. Pat Roberts, R-Kansas, said he doesn’t believe the Republican-controlled Senate could confirm his fellow Kansan, who has gained national notoriety for championing stronger restrictions on immigration. “Don’t go there. We can’t confirm him,” Roberts whispered to The Kansas City Star when asked about Kobach Tuesday on his way into a Senate vote. “I never said that to you,” Roberts added, despite the fact that another reporter was present and The Star had not agreed to an off record conversation.

Alabama: Alabama failed to spend federal grants for election security | WALA

With looming fears of foreign interference in last year’s midterm elections, Congress rushed to send almost $6.2 million to help Alabama secure its voting system. But the state did not spend a dime of it, according to a report this month from the U.S. Election Assistance Commission, which disbursed the funds. The money came from the so-called omnibus spending bill approved in March 2018. But Alabama Secretary of State John Merrill said the money did not come in time to spend before the November midterm election. In order to spend federal grant money, he told FOX10 News, the state has to going through a competitive bidding process and get companies on an approved vendor list, among other requirements. “That’s an arduous process, at best,” he said. “We’re not gonna get in a hurry because someone thinks we should be in a hurry to spend it.”