National: The Market for Voting Machines Is Broken. This Company Has Thrived in It. | Jessica Huseman/ProPublica
In the glare of the hotly contested 2018 elections, things did not go ideally for ES&S, the nation’s largest manufacturer of voting technology. In Georgia, where the race for governor had drawn national interest amid concerns about election integrity, ES&S-owned technology was in use when more than 150,000 voters inexplicably did not cast a vote for lieutenant governor. In part because the aged ES&S-managed machines did not produce paper backups, it wasn’t clear whether mechanical or human errors were to blame. Litigation surrounding the vote endures to this day. In Indiana, ES&S’ systems were plagued by mishaps at the local level. In Johnson County, for instance, the company’s brand-new machines faltered in ways that made it difficult to know whether some people had voted more than once. “ES&S misjudged the need for appropriate resources to serve Johnson County on Election Day 2018,” a report issued by state election officials later concluded. Johnson County subsequently terminated its contract with ES&S and, this September, paid more than $1.5 million to purchase an entirely new set of equipment. The uneven performance by ES&S in 2018, however, did little to dent its position as one of the most popular and powerful voting technology companies in the U.S. Any number of prior controversies hadn’t either.National: Here’s where U.S. cyber warriors are working to protect against election threats | Olivia Gazis/CBSNews
The U.S. government's actions to disrupt Russia's attempted cyber incursions into the 2018 midterm elections took place in part in a newly constructed Joint Operations Center (JOC) on the National Security Agency's expanding Fort Meade campus in Maryland. Efforts to protect the 2020 elections are expected to follow a similar drill. Located in the middle of the Cyber Integration Center — a 380,000 square foot, $520 million building whose construction was completed last September — the JOC links two adjoining facilities where NSA and U.S. Cyber Command personnel reside. A massive floor dotted by pods of desks and dominated by three curved, 20-foot-tall screens, the JOC is run by roughly 200 civilian and military officials who work 12-hour, rotating shifts — 24 hours a day, seven days a week, 365 days a year. "One of the first activities that were run out of here was NSA and U.S. Cyber Command support to the 2018 elections," said Colonel Stephen Landry, a senior officer in the NSA's recently launched Cybersecurity Directorate. That included support, he said, to the Russia Small Group, an election security task force comprising NSA and Cyber Command officials that was created last year by General Paul Nakasone, who heads both agencies. The Russia Small Group was instrumental in carrying out an offensive cyber operation that took the Internet Research Agency, a Kremlin-linked troll farm known to have waged an influence campaign in 2016, offline ahead of the November midterms. Nakasone has since publicly touted the success of the group, made it a permanent fixture, and said its approach in 2018 would serve as a model for 2020. (Its members are scattered throughout NSA and Cyber Command, not physically concentrated in the JOC.)National: Election Assistance Commission Loses Its Top Leaders | Courtney Bublé/Government Executive
s the nation’s elections clearinghouse faces tight funding and criticism from advocacy groups on its new voting guidelines, the agency is losing its top two officials. Election Assistance Commission commissioners voted in early September to not reappoint Executive Director Brian Newby and General Counsel Cliff Tatum, Politico reported. Under the previous succession plan, the chief operating officer would assume the role of acting executive director; however, that position has been vacant since 2015. Commission Chief Information and Security Officer Mona Harrington will assume the role of acting executive director on Wednesday, under the new plan, as the agency starts the search process for a permanent leader. “The [Election Assistance Commission] is charged with providing top quality resources that support accurate, secure and accessible elections for all eligible voters,” the EAC commissioners said in a press release regarding the vacancies. “We are lock-step in our commitment to fulfilling that mandate.”National: Senate GOP blocks three election security bills for second day | Jordain Carney/The Hill
Senate Republicans blocked three election security bills on Wednesday, marking the second time in as many days they've stymied legislation. Sens. Mark Warner (D-Va.), Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.) asked for unanimous consent to pass three election-related bills. But they were blocked by Sen. Marsha Blackburn (R-Tenn.), who noted that the unsuccessful attempt was the latest by Democrats to pass election security bills in the Senate ahead of 2020. “You know, it’s not a good sign if you’re doing the same thing over and over and expecting a different result," Blackburn said. Under Senate rules, any one senator can ask to vote on or pass a bill. But because it requires unanimous support, any one senator can also block their requests. Election security has become a point of contention during the Trump era. House Democrats have passed several election-related bills, including a sweeping ethics and election reform measure, but they've hit a wall in the GOP-controlled Senate.National: What Battleground States Need to Do to Prevent Voting Machine Hacking in 2020 | Hadley Hitson/Fortune
Three companies control the fate of United States elections. Election Systems & Software, Dominion Voting Systems, and Hart InterCivic dominate 92% of the voting machine market, standing to make bank as states rush to update their systems before the looming 2020 election. In 2016, counties in 16 states used paperless equipment without backup records. The Department of Homeland Security later notified six of those states that hackers targeted their systems. There’s now widespread recognition that paperless machines are the least secure. Some state governments control voting methods, others delegate the decision to local authority, but in most of those states, officials are moving to purchase new machines. “The transition is still happening, but I’m hopeful every battleground state will have a paper backup of every vote,” said Lawrence Norden, director of the Election Reform Program at the NYU Brennan Center For Justice. Norden predicts 90% of votes will have paper backups in 2020.National: Internal Cybersecurity Memo Warns White House Will Get Hacked | Jennings Brown/Gizmodo
In the 1,006 days since Donald Trump became president, his administration has shown little vigilance when it comes to its own security, and a new internal memo suggests the White House is working to weaken its own cybersecurity safeguards. Axios has published a memo written by the White House computer network defense branch chief Dimitrios Vastakis that warns “the White House is posturing itself to be electronically compromised once again.” The White House did not immediately respond to a Gizmodo request for comment. Vastakis submitted the memo as a letter of resignation last Thursday. As Axios reports, the letter comes after at least twelve top officials were dismissed or resigned from a cybersecurity team that protected the White House from security threats from Russia and other entities. This team—the Office of the Chief Information Security Officer (OCISO)—was built after the Obama administration was attacked by Russian hackers in 2014. As the memo states, the OCISO “was established to take on the responsibility of securing the Presidential Information Technology Community (PITC) network.” Since then, the team has “significantly matured the security posture of PITC and no major compromise has occurred,” according to the memo.National: NSA: ‘We know we need to do some work’ on declassifying threat intel | Shannon Vavra/CyberScoop
One of the National Security Agency’s newly minted Cybersecurity Directorate’s goals is to quickly share information on adversarial threats with the private sector — but the process for doing that needs to be refined, the directorate’s leader said Thursday. “The process in place today is where we know we need to do some work,” Anne Neuberger said while speaking at CyberTalks, produced by CyberScoop. “When we find indications of a threat, we see planning to execute a particular operation, or we see the operation being executed. [But] because we learn about it in a classified way, we treat it as classified.” Part of the difficulty the NSA faces is that adversaries often run operations and then discard their compromised infrastructure, making a protracted declassification process nearly useless since “indicators of compromise pretty much they have a ticking time clock for how useful they are,” Neuberger said. The new directorate, which started operations earlier this month, is measuring success by examining how well it is able to prevent attacks moving forward.National: Trolls could turn to cyber to disrupt the 2020 census | Amanda Seitz and Rachel Lerman/Fifth Domain
Worried about internet trolls and foreign powers spreading false news, census officials are preparing to battle misinformation campaigns for the first time in the count’s 230-year history. The stakes are huge. Who participates in the 2020 census count could influence how U.S. congressional seats and billions of federal tax dollars to educate children, help low-income families and pave new roads are divvied up. "It's a fine target," former U.S. Census Bureau director John Thompson said of the form, which is sent every decade to households in America to count the population. "If you want to disrupt a democracy, you can certainly go about it by disrupting a census." Already, false and inaccurate social media posts about the census have begun to appear online, where they have been viewed thousands of times. Foremost on everyone's mind are the misinformation wars waged during the last presidential election to confuse U.S. voters. Fake posts about the census began popping up days after the U.S. Supreme Court ruled in June that the Trump administration could not ask about citizenship status on the 2020 census: Conservative bloggers, Twitter users and pundits falsely blamed former President Barack Obama for scrubbing the question from the form in 2010. In fact, the main census form hasn't included a citizenship question since 1950, and the bureau's own analysis found it would discourage people from participating, possibly skewing results.Verified Voting Blog: DEFCON Voting Village Report highlights election system vulnerabilities and solutions
Verified Voting staff joined the Voting Village at the 27th annual DEFCON conference in Las Vegas in August. DEFCON brings security professionals, journalists, lawyers, researchers, and – of course – hackers under one roof at the world’s largest annual hacking convention. Since its launch in 2017, the Voting Village has served as an “open forum to identify vulnerabilities within the US election infrastructure and to consider solutions to mitigate these vulnerabilities.”
The conference addressed the risks of mobile and internet-only voting and featured a talk by Verified Voting President Marian K. Schneider cheekily titled, “If the voting machines are insecure, let’s just vote on our phones!” She outlined the risks of voting by mobile phone and noted that even voting mobile app creators are unable to guarantee that their own technology is unhackable, as demonstrated by the FBI’s investigation into a hack of the Voatz mobile voting app in West Virginia.