National: 2020 Campaigns Remain Vulnerable as Signs of Russian Hackers Re-Emerge | Dustin Volz and Tarini Parti/Wall Street Journal

Many 2020 presidential campaigns face challenges in rebuffing cyberattacks despite taking some steps to beef up security, an issue brought into fresh focus by President Trump’s comments that he might accept information from foreign governments that was damaging to his rivals. Three years after John Podesta, Hillary Clinton’s 2016 campaign chairman, clicked on a spear-phishing email that allowed Russian hackers to break into his account, followed by the publication of his emails by WikiLeaks, campaigns today are hiring security personnel, using encrypted messaging apps and restricting access to sensitive information. But they are falling short in important areas, according to current and former U.S. officials, cybersecurity experts and people familiar with the operations of various campaigns. Those include an unwillingness to share information among campaigns about attempted hacks, regulations that prevent campaigns from accepting free or discounted security services, and technological advances that make deterring threats more difficult. Already there are signs that the same foreign forces that targeted the Clinton campaign are resurfacing.

National: Trump smashed months of FBI work to thwart election interference | Daren Samuelsohn and Natasha Bertrand

Nearly two years ago, FBI Director Chris Wray set up an office tasked solely with stopping the type of Russian interference efforts that infected the 2016 campaign. On Wednesday night, President Donald Trump undercut the whole operation in a matter of seconds. In an ABC News interview, the president first proclaimed he would have no problem accepting dirt on his opponents from a foreign power, then said Wray was “wrong” to suggest the FBI needs to know about such offers. The comments, according to interviews with nearly a dozen law enforcement veterans, have undone months of work, essentially inviting foreign spies to meddle with 2020 presidential campaigns and demoralizing the agents trying to stop them. And it has backed Wray into a corner, they added, putting him in a position where he might have to either publicly chastise the president and risk getting fired, or resign in protest. America’s enemies will see Trump’s comments and likely “come out of the woodwork like never before to try to influence the president,” said longtime FBI veteran Frank Figliuzzi, who served as the bureau’s assistant director for counterintelligence until 2012. “And it’s going to be more difficult to defend against because they’ll try harder than ever to mask their attempts.”

National: Election security threats increasing pressure on state governments | Mekhala Roy/Search Security

The rise of attacks on government agencies and election security threats have increased cybersecurity responsibilities for public sector officials, according to experts. According to Vermont Secretary of State Jim Condos, secretaries of state around the country are not just doing the work necessary to ensure election security, but they are also looking at ways to strengthen their organization’s overall cybersecurity posture. Condos, who also serves as the president of the National Association of Secretaries of State, spoke at the Route Fifty Cybersecurity Roadshow in Boston last week, which focused on public sector threats. “I never thought cybersecurity would be a big part of my role, as it has become,” Condos said in his keynote. “As public sector officials, we have a responsibility to do everything we can to protect the private data of the people we serve.  As secretaries of state, we take to work with protecting our election integrity with incredible seriousness, and we act rapidly when a situation presents itself.” But effective cybersecurity takes diligence and vigilance — and funding, Condos informed attendees.

National: Trump’s comments blur line between ‘oppo research’ and stolen information | Bridget Bowman/Roll Call

President Donald Trump’s argument in an interview that it was acceptable, and even common, to use opposition research from foreign governments threw a spotlight Thursday on how campaigns research opponents and whether they draw a line at foreign interference. Trump said in a Wednesday interview with ABC News he would consider accepting “oppo research” from a foreign government and wouldn’t necessarily alert the FBI. He also said members of Congress “all do it, they always have.” Lawmakers from both parties quickly pushed back on that characterization. Both parties have campaign staff and outside groups that work to uncover negative information about political opponents, but that research does not involve help from foreign governments. “I’ve lost track of how many campaigns I’ve been a part of, but can say with 1,000 percent confidence that I, and the people I’ve worked with, have never received ‘dirt’ on an opponent from a foreign adversary, let alone solicited it,” said Shripal Shah, vice president of American Bridge 21st Century, a Democratic opposition research super PAC.

National: Trump hit with bipartisan criticism for welcoming foreign help in 2020 election | Eli Stokols, Noah Bierman and Chris Megerian/Los Angeles Times

President Donald Trump, after two years of hammering home a simple, powerful defense — “no collusion!” — came under bipartisan fire Thursday after he said he would gladly “listen” if a foreign government offered him dirt on a political opponent, and asserted there would be nothing wrong with doing so. The president’s defiant comments in a television interview suggest special counsel Robert S. Mueller III’s final report — which found “sweeping and systematic” Russian interference in the 2016 election aimed at helping Trump win — did not so much chasten Trump as embolden him. National security veterans warned that Trump’s cavalier attitude all but invited foreign meddling in the 2020 race, raising the stakes as election officials and campaigns worry about sophisticated “deepfake” videos and other disinformation aimed at influencing voters. “Every hostile intelligence service in the world is listening to that,” said Robert Anderson, a former assistant director of the FBI’s counterintelligence division. “Forget Russia, it’s everybody. It’s China, it’s Iran.” The president’s stated willingness to accept foreign help in an election set off a cascade of criticism Thursday, spurring fresh Democratic calls for impeachment and some Republican expressions of concern, if not condemnation. Under federal law, foreigners are barred from donating money or making gifts to influence U.S. elections.

National: Homeland, Judiciary Democrat asks Pelosi to form election security task force | Lindsey McPherson/Roll Call

Rep. Lou Correa is asking Speaker Nancy Pelosi to form a task force to examine proposals for combating foreign influence and ensuring U.S. electoral systems are secure, according to a letter obtained by CQ Roll Call. The House Homeland Security and Judiciary Committee member wrote to his fellow California Democrat citing Special Counsel Robert S. Mueller III’s findings that foreign actors compromised U.S. election security as reason such a group is needed. “The report found that the Russian military launched and planned an attack on our nation and our political system,” Correa wrote in the letter to Pelosi. “They used cyber techniques to hack into our computers and networks. They stole private information and then disclosed that information through fake online profiles. They posed as American citizens and manipulated data for an agenda they agreed with.” In light of that “attack on our democratic process,” Correa said it’s incumbent upon members of Congress need to ensure the nation’s electoral system is safe and free of foreign influence.

National: Klobuchar, Wyden demand answers from FBI on 2016 election hacking incidents | Maggie Miller/The Hill

Sens. Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.) are demanding answers from the FBI on its response to Russia attempting to hack voting machine company VR Systems during the 2016 presidential election. The incident was revealed in special counsel Robert Mueller’s report, which said Russia in August 2016 targeted employees of “a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” The company wasn’t mentioned in the report, but VR Systems has since been confirmed as the targeted company. In a letter to FBI Director Christopher Wray on Wednesday, Klobuchar and Wyden asked the FBI what steps it took after VR Systems alerted the FBI in August 2016 that it had found suspicious IP addresses on its systems. “VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests that the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced,” the senators wrote.

Editorials: Mitch McConnell, Too, Welcomes Russian Interference | Jamelle Bouie/The New York Times

Why won’t Mitch McConnell protect our elections from outside interference? His Republican colleagues in the Senate want to do something. That’s why some of the most conservative members of his caucus are working with Democrats to improve the nation’s election security. One proposal, according to The New York Times, would “require internet companies like Facebook to disclose the purchasers of political ads.” Another, devised by Senators Marco Rubio of Florida and Chris Van Hollen of Maryland, would “impose mandatory sanctions on anyone who attacks an American election.” Yet another, the brainchild of Senators James Lankford of Oklahoma and Amy Klobuchar of Minnesota, would “codify cyber information-sharing initiatives between federal intelligence services and state election officials.”

Editorials: Foreign Election Interference Is Wrong, President Trump | Michael R. Bloomberg/Bloomberg

It was extraordinary to hear a U.S. president declare that the FBI director is “wrong” for saying that candidates should report to the FBI — as the law clearly intends — any effort by foreign agents to aid a political candidate by passing along opposition research. President Trump does not understand the value of the law prohibiting campaigns from such aid, nor does he appear to have any intention of following it. For all the different interpretations of the Mueller report, there is one aspect of it where there should be no debate among Republicans and Democrats: The threat of foreign meddling in U.S. elections has increased, it must not be tolerated or abetted, and campaigns must be held accountable for assisting in policing this national security imperative. On this issue, the standard for ethical and patriotic behavior should not be whether someone engages in a criminal conspiracy. It should be whether someone acts with honor in rebuffing — and reporting — attempts at foreign influence. That did not happen in 2016, and unless Congress acts soon, we may see an even worse breach in 2020. The National Republican Campaign Committee has refused to pledge, as its Democratic counterpart has, not to use hacked or stolen materials. And now the president has indicated that his re-election campaign would be open to using them, too. The Russians — to say nothing of the North Koreans — must be grinning ear to ear.

Editorials: How not to handle security threats to our elections | Jessica Brandt/Slate

In the weeks before the 2016 presidential election, a Florida company known as VR Systems fell victim to a Russian spear-phishing campaign. Most Americans have never heard of VR Systems, but it runs poll books—the registries that election workers use to track who is eligible to vote and who has already voted—for counties in eight states around the country. The hackers used the information they gathered from VR Systems to breach two of the Florida county election systems the company managed. And three years later, new reporting suggests that VR Systems may also have inadvertently put Russians in a position to alter voter rolls in North Carolina, another swing state, on the eve of the 2016 presidential election. By using remote-access software to connect directly to election systems, troubleshooters at VR Systems opened a gap that could have been exploited by hackers already in their system. Only now is a federal investigation into whether that actually occurred underway.

Florida: This small election tech firm in Florida may have been Russia’s front door to the 2016 election | Mark Sullivan/Fast Company

Two high-profile U.S. senators have taken a keen interest in a small Florida-based election tech company that may have unwittingly been used by Russian hackers to interfere with the U.S. presidential election in 2016. Senators Ron Wyden (D-OR) and Amy Klobuchar (D-MN) on Wednesday sent a letter to FBI director Christopher Wray asking for more information about the agency’s interactions with Tallahassee, Florida-based VR Systems, which makes the “pollbook” devices used by counties in eight states around the country to verify the eligibility of voters arriving at the polls. The senators emphasized that “Congress and the American people still do not have a complete picture of the federal government’s efforts to detect and defend against this attack against our democracy.” VR Systems was referenced–first in a leaked 2018 NSA report, then in the Mueller report–as the “U.S. Vendor” or “Vendor 1,” targeted in a GRU (Russian military) spearfishing attack that took place between August and November of 2016. The FBI and the NSA believe the GRU may have been trying to access the email addresses of VR Systems’ county election board end users, then send malicious code to those users that could alter the behavior of the company’s voter check-in hardware and software on election day.

North Carolina: Election hacking: North Carolina officials won’t approve new voting machines | Raleigh News & Observer

North Carolina election officials were supposed to certify new voting machines on Thursday for millions of voters to start using in 2020. But they declined to make any decisions, citing uncertainty over who owns the three companies that were seeking approval to sell voting machines here. The state gave them until next week to divulge everyone who owns at least 5 percent of their companies or any parent or subsidiary company. “I believe this follows along with the cyber security concerns we have found in the Mueller report and other documentation that has been furnished to our board,” Robert Cordle, the chairman of the State Board of Elections, said Thursday when the board announced its surprise decision. Special Counsel Robert Mueller’s report indicated that a company that provides voting software in some North Carolina counties may have been compromised by Russian hackers in 2016. That company’s software can’t be used to change or record votes; it only deals with checking voters in to the polls.

Pennsylvania: Voting machine fight could be costly for counties as Republican lawmakers defy Gov. Tom Wolf on refunds | Marc Levy/Associated Press

Republican lawmakers are refusing to commit to the millions of dollars sought by Democratic Gov. Tom Wolf to back up his demand that Pennsylvania’s counties buttress election security by replacing their voting machines before 2020′s presidential elections. Republicans who control Pennsylvania’s Legislature say that a roughly $34 billion budget counterproposal they are finalizing does not include the $15 million Wolf requested, and that they want Wolf to back off his stated intention to decertify voting machines in use last year. Republicans never agreed to require counties to replace voting machines, and helping finance the purchases is Wolf’s problem, not theirs, said Senate Majority Leader Jake Corman, R-Centre. “This was a crisis that the governor created, and he needs to resolve it,” Corman said in an interview. “I feel bad for the counties, because he put a huge unfunded mandate on the counties, but that’s his responsibility.”

South Carolina: State preparing for switch to paper ballot voting | Adam Benson/Index Journal

Local election officials say a new paper ballot-based system will give voters more control over their choices by introducing a layer of redundancy not available in more than a decade. On Monday, the state Election Commission said Omaha, Nebraska-based Election Systems & Software was granted a $51 million contract to swap out 13,000 touchscreen machines, in circulation since 2004, with units that include a BMD, or “ballot-marking device” to verify selections on a paper ballot after using the electronic interface to initially pick a candidate. “Our job was to find the best system out there for the voters of South Carolina,” commission chairman John Wells said in a release. “We were looking for a system that is secure, accurate, accessible, auditable, transparent, reliable and easy for poll managers and voters to use.”

Tennessee: Nashville elections: New voting machines to be used for August races | Andrew Wigdor/Nashville Tennessean

Nashville will get new voting machines for the upcoming Aug. 1 election in order to cut down on unintentional mistakes by voters. The most notable change with the new machines is a two-step paper ballot system. Voters are provided with a blank “ballot card” by an polling official that voters then insert into a new “ballot marking device.” Once the card is inserted, the voter selects their choices, and the machine prints out the ballot, now marked with the voter’s choices. The voter then inserts the ballot into a second machine, where the votes are scanned. If voters make a mistake, they are able to look at their ballot before inserting it into the second machine and decide whether they need to make a change. Once the ballot is inserted and scanned into the second machine, a vote is final.

Canada: Canada elections chief says hackers aim to keep people from voting | Steve Scherer/Reuters

Hackers seeking to interfere in Canada’s federal election this October want to undermine trust in voting and the democratic process rather than manipulate the result, says Canada’s chief electoral officer. Citing episodes of foreign interference in democratic elections in the United States in 2016 and the UK’s Brexit vote, Stephane Perrault said in an interview that Canada now is “quite alert” to the threat and has prepared extensively. “If there is an interest in interfering, it’s most likely to be to deflate the interest in voting, undermine democracy, and undermine trust in the election rather than undermine the particular results,” Perrault said in his office on Wednesday. Last month, Canadian security sources said they were concerned about the potential weakness in political parties’ cyber networks, particularly from the thousands of volunteers.

China: Telegram traces cyber-attack during Hong Kong protests to China | AFP

Encrypted messaging service Telegram suffered a major cyber-attack that originated from China, the company’s CEO said Thursday, linking it to the ongoing political unrest in Hong Kong. Many protesters in the city have used Telegram to evade electronic surveillance and coordinate their demonstrations against a controversial Beijing-backed plan that would allow extraditions from the semi-autonomous territory to the mainland. Demonstrations descended into violence Wednesday as police used tear gas and rubber bullets to disperse protesters who tried to storm the city’s parliament — the worst political crisis Hong Kong has seen since its 1997 handover from Britain to China. Telegram announced Wednesday that it was suffering a “powerful” Distributed Denial of Service (DDoS) attack, which involves a hacker overwhelming a target’s servers by making a massive number of junk requests. It warned that users in many regions may face connection issues.