National: Mayberry v. Moscow: How Local Officials Are Preparing to Defend the 2020 Elections | AJ Vicens/Mother Jones

In early June, the Allegheny County Board of Elections held a special meeting in downtown Pittsburgh, inviting a trio of election security experts to offer advice as the county selects new voting equipment. Marian Schneider, a former Pennsylvania state elections official and the current president of Verified Voting, an election security watchdog group, gave an opening statement framing the day’s conversation in stark terms. “Twenty sixteen demonstrated what many of us have long believed…the threat to our computerized voting system was not merely theoretical, but real and persistent,” she warned, reiterating that another nation had “conducted a well-orchestrated attack on American democracy.” The members of the board solemnly listened, took copious notes, and thanked the panel for their expertise as they assessed bids offering new and more secure equipment. After the meeting, Candice Hoke, a longtime election administration and security expert who’d also been invited to speak, described the gathering as an unusual bright spot, contrasting the attention Allegheny County had devoted to the issue to many places around the country where the state of election security lags. Efforts by federal agencies to work with states and jurisdictions to improve election security are helping, Hoke says, but the bureaucrats overseeing the country’s more than 10,000 election jurisdictions are still routinely outmatched.

National: Are States Taking Cybersecurity Seriously Enough? | Katherine Barrett & Richard Greene/Governing

A spike in cyberattacks in recent months has left state and local governments reeling. Baltimore faces more than $18 million in losses following a May ransomware attack. Several Florida cities were hit in June. And Los Angeles police data was hacked in late July. A 2018 report from the National Association of State Chief Information Officers (NASCIO) found one unidentified state undergoing 300 million attacks a day — up from 150 million two years before. Cybersecurity and risk management is at the top of CIOs’ list of 10 priorities for 2019, according to an annual NASCIO survey. Rhode Island was making it the biggest priority. In 2017, it became one of only two states with a cabinet-level cybersecurity position. (The other is Idaho, according to Meredith Ward, NASCIO’s director of policy and research.) But this pioneering approach wasn’t long-lived in Rhode Island. Last month, the position was removed from the state’s 2020 budget. High-level officials in the state, including its CIO, are confident that cybersecurity will continue to be a priority, but others worry it will receive less attention.

National: Senator: Status quo on voting machine security is a ‘danger to our democracy’ | Alfred Ng/CNET

In the aftermath of the 2016 US presidential election, lawmakers have seen little change in security for voters. But if voting machine security standards don’t change by the 2020 presidential election, Sen. Ron Wyden warns, the consequences could be far worse than the cyberattacks of 2016. The Democrat from Oregon, who is a member of the Senate Intelligence committee, told the Defcon hacking conference that US voting infrastructure is failing to keep elections secure from potential cyberattacks. He made the comments in a Friday speech at the Voting Village, a special section of the Las Vegas conference dedicated to election security. “If nothing happens, the kind of interference we will see form hostile foreign actors will make 2016 look like child’s play,” Wyden said. “We’re just not prepared, not even close, to stop it.”  Election security has been a major concern for lawmakers since the 2016 election, which saw unprecedented interference by the Russians. Though no votes are believed to have been changed, the Russians targeted election systems in all 50 states, according to the Senate Intelligence Committee. Legislation to protect elections has been trudged along in Congress. Multiple members of Congress were at Defcon to discuss the issue, as well as to learn about cybersecurity policy.

National: DARPA’s $10 million voting machine couldn’t be hacked at Defcon (for the wrong reasons) | Alfred Ng/CNET

For the majority of Defcon, hackers couldn’t crack the $10 million secure voting machine prototypes that DARPA had set up at the Voting Village. But it wasn’t because of the machine’s security features that the team had been working on for four months. The reason: technical difficulties during the machines’ setup. Eager hackers couldn’t find vulnerabilities in the DARPA-funded project during the security conference in Las Vegas because a bug in the machines didn’t allow hackers to access their systems over the first two days. (DARPA is the Defense Advanced Research Projects Agency.) Galois brought five machines, and each one had difficulties during the setup, said Joe Kiniry, a principal research scientist at the government contractor.  “They seemed to have had a myriad of different kinds of problems,” the Voting Village’s co-founder Harri Hursti said. “Unfortunately, when you’re pushing the envelope on technology, these kinds of things happen.” It wasn’t until the Voting Village opened on Sunday morning that hackers could finally get a chance to look for vulnerabilities on the machine. Kiniry said his team was able to solve the problem on three of them and was working to fix the last two before Defcon ended.

National: Why blockchain-based voting could threaten democracy | Lucas Mearian/Computerworld

Public tests of blockchain-based mobile voting are growing. Even as there’s been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through “wholesale fraud” or “manipulation tactics.” The topic of election security has been in the spotlight recently after Congress held classified…

National: Election Systems Are Even More Vulnerable Than We Thought | Louise Matsakis/WIRED

Hacker summer camp is here again! You know what that means: WIRED is back in Las Vegas for the annual Black Hat and Defcon security conferences, where we’re digging into the latest and greatest hacks on display. First, let’s talk about iPhones. A researcher found it’s possible to break into one just by sending a text message. To help uncover similar vulnerabilities in the future, Apple is handing out new, hacker-friendly iPhones to its favorite security researchers, and paying up to $1.5 million in bug bounties. Moving on to planes. Boeing’s 787 jets might not be very secure, it turns out—Andy Greenberg talked to a security researcher who found multiple serious flaws in the code for one of the plane’s components. (The 787 is distinct from the 737 MAX plane grounded earlier this year, although a recent test flight of that jet had its ups and downs, as WIRED’s transportation desk reports.) That’s not all that’s happening in Vegas. Safecrackers can unlock an ATM in minutes without leaving a trace. Apple pay buttons can make websites less safe. Have you heard of DDOS attacks? Kindly meet their cousin, the DOS attack. Lily Hay Newman also looked at two very old bugs that have continued to persist, one in desk phones and another in a ubiquitous encryption algorithm. Lastly, check out this very cool fake hospital, where real medical devices get hacked on purpose.

National: Top DHS cyber official calls paper ballot backups necessary for 2020 election | Kevin Collier and Caroline Kelly/CNN

The top cybersecurity official at the Department of Homeland Security said Friday that backup paper ballots would be a necessary part of 2020 election security. “Ultimately when I look at 2020, the top priority for me is engaging as far and wide as possible, touching as many stakeholders as possible, and making sure we have auditability in the system,” Chris Krebs, DHS’ top cyber official, said at a DEFCON cyber conference Friday when discussing election security. “IT, key tenant, can’t audit the system, can’t look at the logs, you don’t know what happened,” he added. “Gotta get auditability, I’ll say it, gotta have a paper ballot backup.” Krebs said that he doesn’t “have all the answers” on election security, adding that “a lot of these policy suggestions are not my job to answer — Congress has a role here.” The cyber head also called for state legislatures to pick up the slack along with federal lawmakers in addressing a lack of much needed funds to update different states’ election systems. “I don’t know where, for instance, the state of New Jersey is going to get their money to update their systems,” Krebs said. “I don’t know where some of these other states that have (paperless machines) without a paper trail associated with it — I don’t know where they’re going to get the money, but they need it.”

Editorials: 2020 and the black-box ballot box | Jon Evans/TechCrunch

One of the scarier notions in the world today is the prospect of American voting machines being compromised at scale: voters thrown off rolls, votes disregarded, vote tallies edited, entire elections hacked. That’s why the nation’s lawmakers and civil servants flocked (relatively speaking) to Def Con in Las Vegas this week, where hackers at its Voting Village do their best to prove the potential vulnerabilities — including, in some cases, remote command and control — of voting systems. There are several ways to help secure voting. One, thankfully, is already in place; the decentralization of systems such that every state and county maintains its own, providing a bewildering panoply of varying targets, rather than a single tantalizing point of failure. A second, as security guru Bruce Schneier points out, is to eschew electronic voting machines altogether and stick with good old-fashioned paper ballots.

Georgia: New Georgia voting system certified by secretary of state | Mark Niesse/The Atlanta Journal-Constitution

Secretary of State Brad Raffensperger certified that Georgia’s new voting system is reliable and accurate Friday as state officials finalized a $107 million contract with Dominion Voting Systems. The certification of the new voting system, which combines touchscreens and paper ballots, was required before it could be used in Georgia elections. The state had announced last week that Dominion won the state’s voting contract, before certification testing had been completed.Raffensperger found that the Dominion system “has been thoroughly examined and tested,” according to his certification, filed in federal court Friday.His office didn’t release the results of certification testing Friday, which was conducted by a Huntsville, Ala.-based company called Pro V&V. But state rules give the secretary of state broad discretion to certify the voting system.

Georgia: New voting machines certified by the state | Kate Brumback/Associated Press

Georgia’s secretary of state certified new touchscreen voting machines as election-safe in court documents Friday, bidding to put behind the acrimonious 2018 electoral season marred by reports of malfunctioning voting equipment, hourslong wait times and criticism that the state’s outdated machines were vulnerable to hacking. Republican Brad Raffensperger’s office formally awarded a $106 million contract to a Denver-based company, Dominion Voting Systems, for machines it said met state law for election security after neither losing vendor challenged Dominion’s winning bid. The developments came in court documents filed by attorneys defending state election officials against a lawsuit challenging Georgia’s current voting system and seeking statewide use of hand-marked paper ballots.

Illinois: Hackers got info for 76,000 Illinois voters in 2016. Here’s what’s being done in Macon County. | Tony Reid/Herald-Review

The person in charge of safeguarding Macon County’s electoral system from Russian hacker attacks or other nefarious onslaughts said he’s confident local ballots are secure. Macon County Clerk Josh Tanner, recently returned from a cybersecurity conference, said much has been done to beef up system firewalls and protections in the three years since Russian hackers infiltrated the Illinois voter registration database. Tanner said state grant money — he’s not allowed to reveal how much, but it’s into the thousands — paid for consultants who tested the county’s voting system earlier this year by trying to hack into it. They weren’t successful, but Tanner said the exercise produced a detailed report highlighting areas that needed beefing up. He said county clerks like himself have to be aware of defending against other threats. “There are other ways of causing mischief than just to penetrate the voting system,” said Tanner, a Republican elected in November. “There are denial of service attacks where they don’t actually penetrate your system but they can bombard it with traffic, slowing it down. The consultants help us focus on how to tie-down the system and protect it.”

Rhode Island: Voting machines had modems in 2016 and 2018. Now the state is assessing its hackability. | Patrick Anderson/Providence Journal

Before the 2016 election, the state bought voting machines equipped with Verizon modems that transmit preliminary election results to the state Board of Elections — speeding the state’s ability to declare winners on election night, but also exposing the system to potential meddling. The Providence Journal delivers accurate, timely news about the moments that matter most. To receive stories like this one in your inbox, sign up here. Election hacking fears rekindled by the federal Russia probe have prompted Rhode Island election officials to take a closer look into whether the state’s voting systems are vulnerable to attack. The new concerns relate to the state’s decision to buy voting machines before the 2016 election equipped with their own Verizon modems that transmit preliminary election results to the state Board of Elections after the polls close. The modems have helped shorten the time it takes the state to declare winners on election night. But because any internet connection exposes a system to potential cyberattack, the federal government never certified the modem-equipped machines for states to use. And this summer the U.S. Senate committee investigating Russian efforts to breach the 2016 election urged states to tighten their election security, use only federally approved voting machines and “remove (or render inert) any wireless networking capability” such as a modem.

Wisconsin: Election officials trying to address outdated equipment | Lawrence Andrea/Milwaukee Journal Sentinel

Wisconsin elections officials are considering spending more than $800,000 to replace outdated equipment, update software and further address computer security as the state prepares for the 2020 presidential election. Among the proposals in a Wisconsin Elections Commission plan is to establish a program that would lend new computers to municipalities with outdated operating systems. More than 500 state elections system users are on computer systems that have reached the end of their life or will do so in the next six months, according to a commission memo. Some of these users have plans to update their systems, but the commission is proposing lending 250 devices to municipalities unable to replace them. The loans will be free and distributed on a first-come, first-served basis. The equipment is expected to cost up to $300,000. The commission staff knows “that at least a handful” of clerks are logging into the WisVote voter registration and election management system with operating systems that are no longer receiving security updates, according to the memo. It also notes that hundreds of clerks are using Microsoft Windows 7, which will stop providing free updates in January.

Wisconsin: Expert: Many Wisconsin elections clerks use outdated systems | Todd Richmond/Associated Press

Hundreds of local clerks are using outdated computer systems or aren’t installing security patches, leaving Wisconsin’s election system vulnerable to potentially devastating cyberattacks, state elections officials fear. Election officials across the country have stepped up efforts to block hackers from wreaking havoc during the 2020 contests after Russians interfered with the 2016 presidential election. Congress has been warned that there could be more foreign interference next year, when Wisconsin is expected to be a presidential swing state again. But Wisconsin Elections Commission Election Security Lead Tony Bridges said in a memo to commissioners released Friday that some local clerks are still logging into the state election system using Windows XP or Windows 7. Microsoft stopped supporting Windows XP in 2014 and said it will stop providing free security updates for Windows 7 starting in January. Bridges wrote that it’s safe to assume a large percentage of clerks won’t upgrade before the deadline or pay for updates. Even clerks with current operating systems often fail to install security patches, he said. The failure to maintain current operating systems exposes state elections to tremendous risk, Bridges wrote. He pointed to an incident in March in which a ransomware variant called Ryuk shut down vital systems in Jackson County, Georgia, including computers supporting emergency dispatch. Ransomware is software designed to shut down computer systems or data until a ransom is paid.

National: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials | Kim Zetter/Motherboard

For years, U.S. election officials and voting machine vendors have insisted that critical election systems are never connected to the internet and therefore can’t be hacked. But a group of election security experts have found what they believe to be nearly three dozen backend election systems in 10 states connected to the internet over the last year, including some in critical swing states. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties—all states that are perennial battlegrounds in presidential elections. Some of the systems have been online for a year and possibly longer. Some of them disappeared from the internet after the researchers notified an information-sharing group for election officials last year. But at least 19 of the systems, including one in Florida’s Miami-Dade County, were still connected to the internet this week, the researchers told Motherboard. The researchers and Motherboard have been able to verify that at least some of the systems in Wisconsin, Rhode Island, and Florida are in fact election systems. The rest are still unconfirmed, but the fact that some of them appeared to quickly drop offline after the researchers reported them suggests their findings are on the mark.

National: You can easily secure America’s e-voting systems tomorrow. Use paper – Bruce Schneier | The Register

While various high-tech solutions to secure electronic voting systems are being touted this week to election officials across the United States, according to infosec guru Bruce Schneier there is only one tried-and-tested approach that should be considered: pen and paper. It’s the only way to be sure hackers and spies haven’t delved in from across the web to screw with your vote. “Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.” The integrity of the election process depends on three key areas: the security of the voter databases that list who can vote; the electronic ballot boxes themselves, which Schneier opined were the hardest things to hack successfully; and the computers that tabulate votes and distribute this information.

National: Here’s how the Justice Department wants to befriend ethical hackers – The Washington Post

The Justice Department’s relationship with the cybersecurity research community has historically been tempestuous, but Leonard Bailey is on a mission to improve it. That’s what brings him here, to the BSides cybersecurity conference. The head of the cybersecurity unit of DOJ’s computer crimes division is extending an open invitation today to ethical hackers to air some grievances and offer policy advice, in a talk called: “Let’s Hear from the Hackers: What Should DOJ do Next?” Bailey wants to ensure hackers are willing to work with government on improving cybersecurity — instead of staying away because they’re suspicious of government. “It’s about figuring out how to make sure that their ability to help us improve [the nation’s] cybersecurity is not taken off the playing field,” Bailey tells me. “They have a valuable resource and they can be helping everyone.” This marks a drastic change — in terms of both outreach and attitude — from previous years. Tensions have soared as ethical hackers accused DOJ of being too quick to prosecute them for benign research aimed at improving cybersecurity — and of not being transparent enough about the rules for what constitutes a digital crime.

Editorials: Scientific evidence and securing the vote: Verdict is in, now we need the funds | Michael D. Fernandez/The Hill

The Senate Intelligence Committee recently released its much-anticipated report on election security and Russian interference in the 2016 presidential election. Alongside the alarming insights regarding Russian interference, there are critical recommendations based on scientific evidence regarding the security of our voting process, including the replacement of “outdated and vulnerable voting systems.” In too many counties across the country, ballots are being cast on insecure electronic systems. These direct recording electronic systems record a voter’s selection directly to the machine’s memory and automatically tabulate votes. Many leave no physical record of the vote cast. Within the scientific community, there has been consistent alarm regarding the security vulnerabilities of these direct recording electronic systems. Just last year, the National Academies of Science, Engineering, and Medicine issued a report finding that paperless direct recording electronic machines are not secure and should be removed from service as soon as possible. The committee of computer science and cybersecurity experts, legal and election scholars, social scientists, and election officials concluded that local, state, and federal elections should be conducted using human-readable paper ballots, either marked by hand or machine. Every effort should be taken to ensure that direct recording electronic machines are removed from service prior to the 2020 election. Regardless of the vendor or configuration, direct recording electronic systems are fundamentally unverifiable. While hacking is the most discussed concern, these systems are also vulnerable to everyday coding mistakes or errors that could lead to the same inaccurate results as malicious hacking. To effectively safeguard public confidence in our elections and democracy, we must  ensure that every vote is counted accurately.

Florida: Counties’ elections systems were connected to the internet, report says | Steven Lemongello/Orlando Sentinel

Seven Florida counties have elections systems that have been connected to the internet for months, if not years, according to a report by Vice Motherboard – and one was still connected as of this week. The counties – Bradford, Charlotte, Flagler, Wakulla, Miami-Dade, Pasco and one other county researchers were unable to identify – were among 35 in 10 states in which elections systems were potentially exposed to risk of hacking, Motherboard reported. At least 19 of the systems, including one in Miami-Dade, were still connected to the internet as of August. Elections supervisors in Central Florida said although they use the equipment being cited, none of them believed their systems were exposed. The systems are made by Election Systems & Software, one of the country’s top voting machine companies. Orange County Supervisor of Elections Bill Cowles said 49 of the state’s 67 counties, including Orange, use ES&S equipment. The systems are used to transmit unofficial vote totals via a wireless modem from ES&S voting machines on election night, Motherboard reported. The server that receives these votes is connected to the internet behind a Cisco firewall, both of which are only supposed to be connected to the internet for only a few seconds.

Georgia: State faces tight timeline for replacing voting system | Kate Brumback/Associated Press

Georgia elections officials have no time to spare as they hustle to replace thousands of outdated voting machines statewide while fending off lawsuits in the wake of a much criticized gubernatorial election. Even if the state manages to implement the $106 million purchase of new voting machines on schedule, some county officials worry the tight timeline could lead to another round of confusion as presidential politics drives high voter turnout. “There is concern from my board and myself that we won’t have enough time to get our training in for ourselves, our poll workers and the voters,” Elections Supervisor Jennifer Doran of Morgan County said in an interview Wednesday. Without proper training time, voters could face “confusion, anxiety” and longer waits as people learn to navigate the new system, Doran said. The voting system overhaul comes after Republican Gov. Brian Kemp — previously Georgia’s top election official — beat Democrat Stacey Abrams for the governor’s mansion.

Mississippi: Recovered thumb drive puts Newman ahead after DeLano claimed victory in District 50 race | Alyssa Newton/Biloxi Sun Herald

The District 50 Senate race was one of the closest on the Mississippi Coast, but it’s taken another turn with the Wednesday recovery of a thumb drive full of votes. With all precincts in Tuesday night, incumbent Rep. Scott DeLano held a 33-vote lead over Biloxi City Councilwoman Dixie Newman. That lead was without the affidavit votes, but DeLano declared the victory late Tuesday evening. “We look at these elections and see how many affidavits that are out there. It’s very unusual to make a really big difference in the outcome,” told the Sun Herald Tuesday night. “Even though it’s razor-thin, we expect it to fall in line with what the vote came out of those individual precincts.” It wasn’t the affidavits, but a thumb drive that changed the race Wednesday afternoon. “There was a drive that was left out from the D’Iberville Civic Center,” Newman’s campaign manager Holly Gibbes said. “Those numbers were never counted. (Harrison County Circuit Clerk) Connie Ladner‘s office produced that thumb drive today and added it in. “The thumb drive and all the affidavits, absentees and what could be counted is what put Dixie up by one vote.”

Montana: Stapleton nixes upgrade to voter registration system | The Fulcrum

The modernization of Montana’s voter registration system won’t happen in time for next year’s elections, because the state’s top election administrator has concluded the new software cannot be installed and its security assured in time. The decision was made by Secretary of State Corey Stapleton, who has something of a vested interest in his decision. He’s a leading GOP candidate for the state’s singular and reliably Republican seat in the House of Representatives in 2020. But Stapleton was pressed to make the decision by the association of the state’s county clerks, who said the system in place for 15 years was good enough for one more election. “It would seem more reasonable to begin this immense change-over outside of a presidential cycle, which could be one of the biggest in our lifetimes,” they told the secretary of state. “The current project development timeline is simply too aggressive and stands to put the election process in Montana at risk.”

North Carolina: Proposal offers new absentee ballot security, tweaks early voting hours | Travis Fain/WRAL

House leadership rolled out a wide-ranging election bill Thursday to tinker with early voting hours, let counties that use touchscreen voting machines keep doing so and tighten absentee ballot rules in response to last year’s 9th Congressional District scandal. Among other things, Senate Bill 683 would start a pilot project to cover postage on absentee ballots so that voters wouldn’t have to buy stamps. There are other measures meant to keep campaigns from trying to collect absentee ballots en masse, including a rule requiring prohibiting outside groups from returning ballot request forms. Those forms would also change every election so groups couldn’t simply photocopy old ones and submit fraudulent requests. The 12-page bill has been under construction for some time, and it has a ways to go to become law. Rep. David Lewis, R-Harnett, a House leader on election issues, said in a statement that he looks forward to working with the Senate to get the bill passed “in a timely manner.”

Rhode Island: Report prompts elections officials to examine security of voting systems | Patrick Anderson/Providence Journal

The Providence Journal delivers accurate, timely news about the moments that matter most. To receive stories like this one in your inbox, sign up here. Election hacking fears rekindled by the federal Russia probe have prompted Rhode Island elections officials to take a closer look into whether the state’s voting systems are vulnerable to attack. The new concerns relate to the state’s decision to buy voting machines before the 2016 election equipped with their own Verizon modems that transmit preliminary election results to the state Board of Elections after the polls close. The modems have helped shorten the time it takes the state to declare winners on election night. But because any internet connection exposes a system to potential cyber attack, the federal government never certified the modem-equipped machines for states to use and this summer the U.S. Senate committee investigating Russian efforts to breach the 2016 elections urged states to tighten their election security, use only federally-approved voting machines and “remove (or render inert) any wireless networking capability,” such as a modem.

Washington: Primary election tests new voter system, but ‘everything went according to plan’ | Joseph O’Sullivan/The Seattle Times

Washington’s same-day voter-registration law and new elections system faced a major stress test Tuesday as voters around the state returned ballots for the primary election. The new statewide voter management system, VoteWA, had a rocky rollout this spring, but county auditors Tuesday said it was running smoothly as the 8 p.m. election deadline came and went. “Everything went according to plan and worked out really well,” said King County Elections Director Julie Wise after Tuesday night’s election results posted. She previously had expressed concerns about the system being ready for the primary. Turnout in King County was projected to hit 36%, and possibly be a few points higher than that in Seattle, where seven City Council seats are up for grabs. VoteWA, which is rooted in a centralized voter-registration database, is expected to cut the risk of fraud, strengthen the security of the state’s elections and give many counties new elections capabilities.

India: Electronic Voting Machines Controversy: Election Commission’s Use Of Contract Engineers Puts Indian Elections At Risk | Ravi Nair/HuffPost India

The Election Commission of India has deployed teams of private contract workers, with a minimum work experience of just one year, to Maharashtra and Haryana, where they are conducting “first-level checks” on Electronic Voting Machines (EVMs) for state assembly elections scheduled for later this year, HuffPost India has learnt. These engineers told HuffPost India they had previously been tasked with critical aspects of the voting process — including setting EVMs and loading symbols into vote verification machines called VVPATS — in the 2019 general elections. Opposition leaders in these states told HuffPost India they were unaware that first-level checks on EVMs had begun, and that these checks were being performed by engineers who were not full-time employees of Bharat Electronics Limited (BEL) and Electronics Corporation of India Limited (ECIL), two state-owned companies that manufacture and maintain EVMs for the Election Commission. The Election Commission has never admitted to the use of contract workers, and the commission’s own guidelines require that representatives from all political parties be present when first level checks on EVMs are conducted. This HuffPost India report suggests that the nature of electronic voting makes it impossible for the Election Commission of India to maintain full control over all aspects of the voting process, despite its protestations to the contrary. The Commission’s submissions in Supreme Court indicate, at best, a fundamental ignorance about the nature of cybersecurity threats.

National: The government’s relationship with ethical hackers has improved, security experts say | Joseph Marks/The Washington Post

The relationship between ethical hackers and the federal government is better now than it was in 2013, when then-National Security Agency chief Keith Alexander first spoke at the Black Hat cybersecurity conference — not long after Edward Snowden revealed the government’s sweeping surveillance programs. That’s the conclusion of 72 percent of experts who responded to an informal survey by The Cybersecurity 202 before the kickoff of this year’s conference in Las Vegas. The experts are part of the The Network, an ongoing survey of more than 100 cybersecurity experts from government, academia and the private sector. (You can see the full list of experts here. Some were granted anonymity in exchange for their participation.) When Alexander spoke in 2013, many security researchers were enraged about the newly disclosed surveillance programs, which they said ran roughshod over Americans’ privacy rights and made their jobs harder. Alexander’s defense of the programs fell especially flat, many survey respondents said, since at that time the U.S. government often failed to distinguish between ethical hackers, who tried to make the Internet safer by finding and patching computer bugs, and criminal hackers who tried to exploit those bugs to steal people’s money and information.

National: Black Hat 2019: What We Expect | Neil J. Rubenking and Max Eddy/PCMag

The annual DEF CON hacking conference started as an accident in 1993, and has been going and growing ever since. Black Hat, launched in 1997 by DEF CON founder Jeff Moss (aka Dark Tangent), is its more formal cousin. To paraphrase a welcome speech by Moss a few years ago, friends said to him, “Hey, why don’t you invite more people, charge them a lot of money, and make them wear suits?” The suits are gone, for the most part, but Black Hat gets bigger every year, with 19,000 attendees last year. Black Hat consists of two very different parts. From Saturday to Tuesday, security experts and aspiring experts pay thousands of dollars to participate in training sessions intended to hone their skills in a wide range of security tasks. The press is not invited. On Wednesday and Thursday, the conference switches to briefings, where security experts and academics from all over the world share their latest discoveries, new vulnerabilities, and cutting-edge research.

National: Def Con draws election officials to Las Vegas in effort to combat hackers | Miranda Willson/Las Vegas Sun

Ahead of the annual hacker and cybersecurity conference Def Con in Las Vegas this weekend, organizers anticipate that the part of the event devoted to election security will entice more local, state and federal election officials than ever before. Drawing tens of thousands of hackers, researchers, lawyers and others interested in cybersecurity every year to Las Vegas, Def Con has included a so-called “Voting Village” in its weekend-long programming for the past three years to address election security and how to protect elections from hacking. This is the first time that Def Con explicitly invited local and state election officials to attend, and many seem to be taking advantage of the opportunity, said Harri Hursti, co-founder of the Voting Village and founder of computer and network security company Nordic Innovation Labs. “We never intended this to be a main or big thing. It became a big thing because of popular demand,” Hursti said. Among those attending the conference are representatives from the Clark County Election Department and the Nevada Secretary of State’s Office.

National: Key House Republican demands answers on federal election security efforts | Maggie Miller/The Hill

Illinois Rep. Rodney Davis, the top Republican on the House Administration Committee, demanded answers from the Election Assistance Commission (EAC) on Monday regarding election security oversight issues. In a letter to the EAC, Davis posed a series of questions, citing the committee “Majority’s inadequate oversight of your Commission” during an EAC oversight hearing on May and the recent testimony by former special counsel Robert Mueller as key factors in sending the letter.  “I remain committed to ensuring that local election officials have every resource they need to provide for a secure election in 2020,” Davis wrote. “Effective and focused oversight over the EAC is critically important in this mission.” Questions included what steps the EAC is taking to ensure there is a plan in place to coordinate with the Department of Homeland Security in the event of a threat to election infrastructure in 2020, how the EAC is communicating its activities to the public, and details around the new Voluntary Voting Systems Guidelines 2.0, which are a national voluntary set of standards for voting systems. Davis gave the EAC until Sept. 2 to respond. A spokesperson for the EAC told The Hill the commission has “received the letter and will respond to Congress within the agreed upon deadline.”