Georgia: Problems with new Georgia voting system found in test election | Mark Niesse/The Atlanta Journal-Constitution

Voting machines rebooted in the middle of voting. Computers couldn’t program the cards voters use to activate voting machines. One voter inserted a driver’s license into the voting machine, causing it to go blank. Those were some of the 45 incidents reported during a test run of Georgia’s new voting system, according to a summary from the secretary of state’s office. The pilot was conducted in six counties, where 27,482 ballots were cast in this month’s election. The test identified issues with the voting system, which combines touchscreens with printed-out paper ballots, that can now be corrected before it’s used statewide in the March 24 presidential primary, said Gabe Sterling, the chief operating officer for the secretary of state’s office. “These problems are mainly human-based,” Sterling said. “We can train and train, and our plan is to train again. That’s going to be the main thing that’s going to make these things work properly.” Sterling said he’s confident that the state’s voting system will be ready for the presidential primary, and all equipment is scheduled for delivery by late January.

National: States and cities make cybersecurity pledge after Trump administration rejects it | Joseph Marks/The Washington Post

U.S. states and cities are breaking with the federal government and signing onto an international pledge aimed at making cyberspace safer. Virginia, Colorado and Washington state have all endorsed the Paris Call, which was first boosted last year by French President Emmanuel Macron and which commits members to combatting major cyberattacks, digital theft of intellectual property and foreign election interference. City governments in Louisville, San Jose and Huntington, W.Va., have also joined. The Trump administration, meanwhile, is still refusing to endorse the pledge — even though it was approved by 74 other nations including our closest allies in Britain, Canada, Australia and New Zealand. The move is another way that cities and states are breaking with the Trump administration. Others have done so on issues ranging from climate change, privacy to immigrant rights. It also underscores how states and localities, which have been pelted with costly ransomware attacks and struggled to protect their elections against highly sophisticated Russian hackers in recent years, are increasingly viewing cybersecurity as an existential threat. “It’s a problem that’s facing us and I really don’t give a flip whether a governor or a president is addressing it,” Huntington, W.Va., Mayor Stephen T. Williams told me. “I’m going to find people on common ground and we’re going to move forward and make our case. If the states and federal government want to come along, that’s fine, but, if not, we’ve got our own voice.”

National: Senate Democrats urge DHS to fund cyber threat information-sharing programs | Maggie Miller/The Hill

A group of three Senate Democrats is urging the Department of Homeland Security’s (DHS) cyber agency to help fund cybersecurity threat information-sharing centers involved in election security efforts. In a letter sent on Monday to Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency, Senate Minority Leader Charles Schumer (D-N.Y.), and Sens. Maggie Hassan (D-N.H.) and Gary Peters (D-Mich.) expressed concerns around the funding level for two information-sharing groups. Specifically, the senators noted that DHS’s proposed fiscal 2020 budget covers only around 70 percent of the estimated $15 million it would take for the Center for Internet Security to run both the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

National: Ex-U.S. security officials urge ‘aggressive steps’ to protect 2020 election | Mark Hosenball/Reuters

The United States should boost spending and take other “aggressive steps” to protect next year’s presidential election from foreign meddling, a group of former national security officials said on Monday. Citing what they said were signs U.S. rivals want to undermine the November 2020 poll, National Security Action – a group led by former advisers to President Barack Obama – said states and agencies should invest in paper ballot backups for digital voting machines, ensure audits of election results, improve cybersecurity and boost training for poll workers. Election security has become a major concern since U.S. intelligence agencies claimed Russia interfered in the 2016 presidential election to tilt the vote in Donald Trump’s favor. Moscow has denied here any interference. Congress has appropriated some $600 million for election security since 2018 and is working to approve another $250 million, an amount that National Security Action called a “modest start.” Its statement was signed by 70 former security officials from a range of agencies.

National: Russian Hacking 2.0 Could Employ a Whole New Bag of Digital Dirty Tricks | Nick Bilton/Vanity Fair

Last week, a woman, who we’ll call Jane, woke up in her home, as she does every morning, at around 5 a.m. (Her kids didn’t get the memo about daylight saving time.) Jane hobbled downstairs, still half asleep, walked into her kitchen, and started the coffee machine. Then she turned on her iPhone and immediately said, “Holy fuck!” Jane is a former senior staffer at the Democratic Congressional Campaign Committee, or DCCC, and when she turned on her phone that morning, her email inbox had filled with over 4,500 new messages from thousands of authentic businesses across the internet. Because of their authenticity, many of those messages had not been spotted by her Gmail spam filter. As she held her phone in her hand, she watched in disbelief as new messages appeared almost every second. Before she could quell the onslaught, 8,000 had landed in her inbox.

National: U.S. National Guard’s Evolving Mission Includes Assisting Local Governments Experiencing Cyber Attacks | Scott Ikeda/CPO

Cyber attacks on municipalities have been on the rise in the past year, particularly in smaller cities that have inadequate resources to deal with them. In the smallest of towns and cities, local government relies on state and federal resources to deal with remediation in the wake of a breach. For some, those resources now include the National Guard. Established at the national level in 1903, the National Guard is a reserve military force called upon for certain domestic emergencies; primarily, recovery efforts when natural disasters and major terrorist attacks occur. With cyber attacks evolving to target both the digital and physical infrastructure of towns and cities, states are now able to justify deploying the Guard to assist in supporting and protecting these vital services. As little as a few years ago, cyber defense was not even on the radar of most National Guard agencies. In the past two years, cyber brigades have begun to spring up around the country as the need for proactive defense and response to nation-state cyber attacks has become clear. Though each state has its own National Guard agency, many of these cyber brigades are responsible for covering multiple states. For example, the Army Nation Guard’s 91st Cyber Brigade is based in Virginia but is tasked with overseeing cyber response units in 30 states.

National: 3 Cybersecurity Threats Facing Campaigns in 2020 | Sean J. Miller/Campaigns & Elections

Cyber threats are a growing market this cycle. Security vendors, some free or low-cost, are stepping up to provide services for campaigns and groups to help protect themselves from hacking, which could come from a lengthening list of foreign adversaries. Still, awareness and adoption remain uneven, particularly down-ballot. Now, the industry vulnerabilities that exist aren’t just being probed by Russians. Other state actors are trying their hands at election inference, according to Matt Rhoades, co-founder of the non-profit group Defending Digital Campaigns, Inc. “We know that the Chinese play this game. But if you’re a Republican too, you know that the Iranians are now fully invested in this kind of effort, and they’re going to be targeting Republicans, especially, who have been hardcore on things like the Iranian nuclear deal,” Rhoades said last month during a panel at the George Washington University’s GSPM. “You have to look past just Putin.” The tactics that the state actors could use are established, with some new twists. Here are three threats campaigns face.

Colorado: Secretary of State’s Office begins post-election ballot audit | Michael Karlik/Colorado Politics

Secretary of State Jena Griswold on Friday directed county clerks to begin the audit of a random selection of ballots after this month’s general election. A press release said that this risk-limiting audit, the only statewide one in the country following most elections, provides a “high statistical level of confidence that the outcome of an election is correct and reflects the will of the voters.” Colorado conducted its first statewide audit in 2017, covering all counties that used machines to tally their votes. Two counties, Jackson and San Juan, do not perform an audit because their ballots are hand counted. The secretary of state’s office randomly chose the ballots for each clerk to review using a 20-digit number, generated from multiple rolls of a 10-sided die. “If what the audit board reports matches how the voting system tabulated the ballots, the audit concludes,” Griswold’s website explains. “If there are discrepancies, additional ballots are randomly selected to compare until the outcome has been confirmed. If the wrong outcome was reported eventually all of the ballots will be examined and a new outcome will be determined.”

Indiana: Why Critics Say Indiana Isn’t Doing Enough To Beef Up Election Security | Adam Pinsker & Sean Hogan/ Indiana Public Media

A big upgrade of voting machines is taking place around the state, but it won’t be finished before the 2020 election, when Hoosiers will choose a president, governor and other down ballot candidates. Some Hoosier voters worry their votes aren’t protected, and critics say a larger effort to safeguard votes is needed from the state. There are two types of machines for counties to use during elections in Indiana: Direct Record Electronic (DREs) and Optical Scans, which utilize a paper ballot. Valerie Warycha, the Indiana Deputy Chief of Staff says the state is providing four DRE counties — Bartholomew, Boone, Hamilton, and Hendricks — with Voter Verifiable Paper Audit Trails (VVPAT) by 2020. A VVPAT is a device that attaches to the machine and prints out a paper copy of an individual vote that can be reviewed in the course of an election audit. A law that went into effect in July requires all counties to use voting machines that provide a paper trail audit by the beginning of 2030.

Louisiana: Government computers knocked out after ransomware attack | Christopher Bing & Raphael Satter/Reuters

Louisiana state government computers were knocked out following a ransomware attack, the governor said on Monday, as results from the close gubernatorial election in the southern state await certification. Many state agencies had their servers taken down in response to the attack, Governor John Bel Edwards said in a series of messages posted to Twitter. He said the agencies were coming back online but that full restoration could take “several days.” “There is no anticipated data loss and the state did not pay a ransom,” he said. Ransomware works by scrambling data held on vulnerable computers and demanding a payment to unlock it. Louisiana Secretary of State spokesman Tyler Brey said that while his office’s website was briefly offline, the tallying of Saturday’s vote, in which Bel Edwards narrowly won re-election, was unaffected. The vote drew national attention following U.S. President Donald Trump’s well-publicized endorsement of Bel Edward’s Republican challenger, Eddie Rispone.

Michigan: Absentee voting surges in Michigan, creating challenges for local clerks | Kathleen Gray/Detroit Free Press

With absentee voting skyrocketing since voters approved a ballot proposal  last year allowing for its expansion, clerks across the state are worrying about counting ballots next year, when a record turnout is expected for the presidential race. Some clerks and Secretary of State Jocelyn Benson are calling on the state to allow election officials to be able to open and prepare absentee ballots for counting — and maybe even begin tabulating — votes before Election Day. Opponents worry that early processing and counting could lead to more voter fraud because ballots could be less secure until they’re ready to be counted. They’re also concerned that results could leak out and have a chilling effect on voters who haven’t cast ballots yet. In the August primary and November general election, when city leadership races and police and parks millages were at stake, absentee voting in some communities was as high as 82%. Hot races drew a record number of absentee voters:

Pennsylvania: Mercer County conducts first risk limiting election audit | Glenn Stevens/WFMJ

Mercer County is conducting a risk-limiting post-election audit for the first time in Pennsylvania. A working group assembled at the Mercer county courthouse on Monday to perform the post-election audit.   It’s described as a scientifically designed procedure that utilizes math and statistical data to confirm election outcomes. “They’ve found out a way to use the math to provide a statistical certainty that the results that we are reporting accurately reflect that’s what the voters did,” said Mercer County Elections Director Jeff Greenburg. “The math is maybe a little complicated for the average person until you get kind of hands-on experience, and that’s really what we’re doing here today,” according to Jonathan Marks, Deputy Secretary of Elections for Pennsylvania.  Pennsylvania has returned to a paper ballot, and the risk-limiting audit is viewed as another step forward for voter confidence and election integrity.

Virginia: State Board of Elections approves election security standards for 2020 | Augusta Free Press

The Virginia State Board of Elections unanimously passed minimum security standards for all Virginia elections administrators to follow beginning next year. In 2019, the General Assembly passed HB 2178; this legislation called for new, modern cyber security standards that must be met throughout the Commonwealth before systems are allowed to access Virginia’s election database. Since July, the Department of Elections along with a workgroup comprised of local government IT professionals and general registrars have met to compose a list of standards that will help to ensure the integrity of Virginia’s voter registration system. These new minimum security requirements for election administrators include, but are not limited to: setting new standards for creating secure passwords, requiring an increased emphasis on utilizing anti-virus protection on their election systems, and developing and training on incident response plans.

Wisconsin: Voters with disabilities face barriers at the polls | Rory Linnane/Milwaukee Journal Sentinel

A sign on a door reading “handicapped entrance, knock hard.” A set of stairs leading to voting booths with no elevator. A poll worker demanding voters state their names and addresses aloud, no matter their ability to speak. These are just a few of the barriers voters with disabilities have faced at Wisconsin polling places in recent elections. Advocates say the issues are preventing people with disabilities from voting with the same ease and privacy as others — or preventing their votes entirely. The last state report on accessibility barriers, in 2015, found most audited polling places had problems. State law requires such a report every two years, but state officials failed to complete one in 2017 and they’re late on the 2019 report.  The 2015 report found about 4,000 accessibility problems at 808 polling places. It said about 1,650 problems were severe enough to likely prevent some voters from entering and casting a private and independent ballot.  Federal law requires voting facilities to be accessible to people with disabilities.

Montenegro: US, Montenegro plot cyber warfare ahead of 2020 elections | Dusan Stojanovic/Associated Press

Deployed inside the sprawling communist-era army command headquarters in Montenegro’s capital, an elite team of U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. With its pristine rocky mountains, lush green forests and deep blue seas, the tiny Balkan state seems an unlikely location for waging global cyber warfare. But after the newest NATO nation was targeted by Russia-linked hackers and following a Moscow-backed coup attempt in Montenegro in 2016, the U.S. military dispatched their cyber experts to the Adriatic Sea nation. Montenegro is in the Balkans, a strategic area where Russia has been seeking to restore its historic influence. The country of just over 600,000 people joined NATO in 2017, defying strong opposition from Moscow. It has proven to be a key Western ally in the volatile region that went through a devastating war in the 1990s’.

Nigeria: Senate moves to okay e-voting for future polls | Azimazi Momoh Jimoh/The Guardian Nigeria

The Senate has begun a fresh electoral reform which has mandated the Independent National Electoral Commission (INEC) to adopt the much-awaited electronic voting method for future polls.
The lawmakers also compelled INEC to operate an electronic database into which all results in an election should be transmitted. A bill to amend the Electoral Act 2010 through which the reform would be achieved has already been published in an official gazette and debate on its general principles may begin on the floor of the Senate during the week. A copy of the bill exclusively obtained by The Guardian also stipulates that data of accredited voters must be transmitted to the central data base upon the conclusion of the accreditation of voters which would be done through the use of the card reader. “At the end of accreditation of voters, the presiding officer shall transmit the voter accreditation data by secure mobile electronic communication to the central database of the commission kept at the national headquarters of the commission.

United Kingdom: Notorious hackers claim responsibility for Labour DDoS | Alex Scroxton/Computer Weekly

Hacking group Lizard Squad has claimed responsibility for the 12 November distributed denial of service (DDoS) attack on the Labour Party, according to private messages exchanged with The Independent. Better known for targeting online gaming services, including Sony’s PlayStation and Microsoft’s Xbox networks, as well as celebrity social media accounts and, on one occasion, an airline, Lizard Squad tends to focus on large-scale DDoS attacks that generate substantial publicity. A Twitter account allegedly associated with the group said on 12 November that the DDoS attack was taking place because “no terrorist-supporting government should allow to rule [sic] a country”, a likely reference to Labour leader Jeremy Corbyn’s views on the Northern Ireland peace process and his frequent contacts with prominent Sinn Féin members during the Troubles. The account said the botnet used in the attack incorporated millions of devices on a global scale, to “enable more power to process such attacks”.