National: Almost 100 former officials, members of Congress urge Senate action on election security | Maggie Miller/The Hill
A group of nearly 100 former members of Congress, Cabinet officials, ambassadors and other officials is urging Congress to take action to secure U.S. elections, citing “severe threats to our national security” if certain steps are not taken. The officials, all of whom are members of nonprofit political action group Issue One’s “ReFormer’s Caucus,” sent a letter to the Senate on Thursday urging members to support various bills designed to bolster election security. “Foreign interference in American elections is a national security emergency,” the group wrote. “We are alarmed at the lack of meaningful Congressional action to secure our elections. The United States cannot afford to sit by as our adversaries exploit our vulnerabilities. Congress — especially the Senate — must enact a robust and bipartisan set of policies now.” Specifically, the officials advocated for the passage of five bipartisan bills, including the Honest Ads Act, a bill meant to increase the transparency surrounding online political ads, and the Defending Elections from Threats by Establishing Redlines (DETER) Act, which would impose sanctions on countries that interfere in U.S. elections. The officials also urged the Senate to pass legislation aimed at increasing the cybersecurity of voting infrastructure and cracking down on foreign donations to U.S. elections.National: Voting machines still easy prey for determined hackers | Derek B. Johnson/FCW
Security researchers showed lawmakers and reporters how easy it is to compromise voting machines in what has become an annual event at the U.S. Capitol. The Washington, D.C., version of the Voting Village event at the DefCon security conference in Las Vegas gives policymakers a hands-on glimpse of the technology that powers U.S. democracy. This year's report is consistent with prior exercises: virtually every machine experts can get their hands on can be easily exploited in a number of different ways. What has changed in recent years, said Voting Village Co-founder Harri Hursti, is that the community of security researchers with first-hand experience working with these machines has grown from less than a dozen to thousands. Even though the annual event has been held for several years, fresh researchers have discovered of new vulnerabilities and attack vectors. "In this area, it's always mind-blowing how these machines keep giving," Hursti told FCW.National: Four ways to address electronic voting security concerns | Earl D. Matthews/StateScoop
Despite the $380 million in federal grants made to states to update the security of their election systems, we are still woefully unprepared to deal with potential attacks on our essential digital voting infrastructure. With the 2020 election cycle fast approaching, there is tremendous urgency to address the underlying issues that jeopardize the sanctity of our elections.
As former director of cyber operations and chief information security officer for the U.S. Air Force, as well as with my more recent experience working in the cybersecurity sector, I have a fairly unique perspective on how our state governments should be addressing election security. In my view, the main cause of our cybersecurity-unpreparedness is that we are not looking at the problem holistically, nor are we fully appreciating the complexity involved. Solutions being posed only address part of the problem and inevitably fall short, thus putting our democracy at serious risk.
States are ultimately responsible for election systems and their security, but cybersecurity solutions vendors can also contribute to this effort. Below are four steps that state governments should take, working with the technology community, to effectively address vulnerabilities in the voting system and better protect our democratic process through cybersecurity practices, people and technology.
1. Mandate transparency from e-voting hardware and software providers about security of their software and require them to identify security vulnerabilities.
What I’m talking about is mandating cybersecurity hygiene, much in the same way that companies require cybersecurity hygiene of the organizations with which they do business or form partnerships. There is a broad range of commercial providers of election system technology, each playing a different role in the overall e-voting system ecosystem — some of which have begun offering free, open-source versions of their software to governments — making it critical for providers to be transparent about potential vulnerabilities in their systems. Similar to how Microsoft releases patches and upgrades when new threats are discovered to offer users greater protections, this needs to happen in our election system as well. As part of this transparency, ongoing monitoring and measurement of the effectiveness of each component also needs to be conducted, which leads to my next point.
2. Instate continuous, automated measurement and monitoring of the effectiveness of security controls.
States need to understand how systems are protecting against new and existing vulnerabilities, and this needs to be automatically monitored on an ongoing basis with cooperation from each software provider. Too often, assumptions are made that security technology and protocols are working as they’re supposed to — but given the complexity of IT environments, the number of software elements that need to work together and the volume of network and access changes made every day, misconfigurations that compromise performance are common. To ensure optimal performance of the overall security environment requires quantifiable measurement and evidence that controls are working as they should.
3. Limit access for government employees to certain portions of the election system based on role and need.
In the business world, insider threats pose greater risks to organizations than external forces, and the same can be true for governments.
National: FBI chief warns of possible 2020 interference from Russia, China | Maggie Miller/The Hill
FBI Director Christopher Wray on Wednesday testified that he expects Russian actors to attempt to interfere in the 2020 elections, adding that he also expects countries like China to explore disinformation efforts. “Some of the things that the Russians have tried in other countries we expect them to try to do here as well, it’s pretty common to test it out in other jurisdictions, thankfully we don’t have elections every year, so that gives us a little bit of time to plan ahead,” Wray testified in regards to potential attacks on U.S. elections to the House Homeland Security Committee. Wray did not offer details of what exactly the Russians might attempt due to the open setting of the hearing. Wray noted that while the FBI has not seen “any intention” from China, Iran and North Korea to attempt attacks on election infrastructure, these countries are “clearly interested in engaging in malign foreign influence” in regards to elections, such as through social media disinformation efforts.Verified Voting Blog: ICYMI: John Oliver Takes on Voting Machines
John Oliver took a deep dive into voting machines on the November 3, 2019 episode of “Last Week Tonight with John Oliver” and the Verified Voting team was excited to advise on the feature and provide our data from the Verifier. The 20 minute segment noted that while America’s voting systems are still vulnerable, the solution to securing our elections is surprisingly simple: voter-marked paper ballots, a strong chain of custody of those ballots, and risk limiting audits. Check out the segment here:
National: GOP senator blocks sweeping election reform bill | Jordain Carney/The Hill
A Republican senator blocked a sweeping House-passed election and ethics reform bill on Wednesday, the latest of several failed attempts by Democrats to advance election-related legislation ahead of 2020. Democratic Sens. Jeff Merkley (Ore.) and Tom Udall (N.M.) tried to pass the ethics and elections reform measure, known as H.R. 1, which they argued had been buried in the upper chamber's "legislative graveyard." "The For the People Act repairs our broken campaign finance system, opens up the ballot box to all Americans [and] lays waste to the corruption in Washington," Udall said. "We must unite in defense of our electoral system and in defense of the sanctity of our democracy." Merkley argued that the bill was crucial "because everything else we care about ... is going to fail if we let this chamber be controlled by powerful special interests through this corrupted system." But Sen. Roy Blunt (R-Mo.), the chairman of the Senate Rules Committee, objected to the bill's passage, arguing that the legislation would "give the federal government unprecedented control over elections in this country."National: Free cybersecurity help for campaigns is on its way | Joseph Marks/The Washington Post
Securing political campaigns against cyberattacks is about to get a lot cheaper. A nonprofit group that won permission in May from the Federal Election Commission to provide campaigns with free and reduced-price cybersecurity help is announcing its first slate of services this morning, including email security, encrypted messaging and security training for staff. Defending Digital Campaigns, which was co-founded by Hillary Clinton’s 2016 campaign manager Robby Mook and Mitt Romney’s 2012 campaign manager Matt Rhoades, is basically a middleman for the services provided by cybersecurity companies. They’ll be available to presidential and congressional campaigns that meet certain polling or fundraising thresholds and to political party committees.The DDC announcement marks one of the biggest efforts yet to prevent a repeat of the 2016 election when Kremlin-linked hackers stole and released embarassing documents from the Democratic National Committee and the Clinton campaign in an effort to help the Trump campaign, according to U.S. intelligence officials.National: Voting Village brings equipment to lawmakers to boost urgency on election security | Sean Lyngaas/CyberScoop
A year from the 2020 election and with a new round of election security funding stalled in Congress, the DEF CON Voting Village organizers have again taken to Capitol Hill to raise awareness about software vulnerabilities in voting equipment. This time, they brought the equipment with them to drive home their point. “If we’re going to meaningfully introduce funding or introduce new technologies for 2020, time is rapidly running out to be able to do that,” Matt Blaze, a professor at Georgetown University and co-organizer of the Voting Village, told CyberScoop. “We need to act pretty fast.” A handful of House Democrats and their staffers sauntered up to equipment on display, including a ballot-marking device and an electronic voting machine, to ask the researchers about the software bugs they found. “This is really helpful in understanding that these aren’t just abstract problems, that these are real things,” Blaze, an expert in cryptology, told CyberScoop. This is the second time in a month that the Voting Village has hosted an event on Capitol Hill. Last month, Blaze and Harri Hursti, another village organizer, unveiled the village’s annual report on flaws in voting gear that could be exploited by hackers.National: Threat to US elections in 2020 is not limited to Russia | Eric Tucker/Associated Press
Russia interfered in the 2016 election and may try to sway next year’s vote as well. But it’s not the only nation with an eye on U.S. politics. American officials sounding the alarm about foreign efforts to disrupt the 2020 election include multiple countries in that warning. Concerns abound not only about possible hacking of campaigns but also about the spread of disinformation on social media and potential efforts to breach voting databases and even alter votes. The anxiety goes beyond the possibility that U.S. adversaries could affect election results: The mere hint of foreign meddling could undermine public confidence in vote tallies, a worrisome possibility in a tight election. “Unfortunately, it’s not just Russia anymore. In particular, China, Iran, a couple of others, studied what the Russians did in 2016,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington.Verified Voting Blog: Verified Voting Releases Guide Comparing Available Ballot Marking Devices
Characteristics of Currently Available Ballot Marking Devices
Verified Voting Releases Guide Comparing Available Ballot Marking Devices
Today, Verified Voting published a guide comparing the features of ballot marking devices (BMDs) available in the United States: “Characteristics of Currently Available Ballot Marking Devices By Vendor.”
The guide is intended to be a useful comparison chart between the various BMD vendors and devices for informational purposes. We attempted to collect the most meaningful characteristics that would help in evaluating the differences among systems. As detailed in Verified Voting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices, Verified Voting does not endorse any specific vendor or device. Check out The Verifier to see an interactive map of voting equipment in use throughout the United States.
Please send questions and feedback to voting-system-features@verifiedvoting.org.