National: Despite Concerns About Election Security, ‘Vulnerabilities Abound’ | Alan Greenblatt/Governing

Ten days after he lost his re-election bid, Kentucky GOP Gov. Matt Bevin conceded the election. Bevin admitted defeat on Thursday following a recanvass of the vote, which he had requested and didn’t change the outcome. Beginning Nov. 5 — the night of the election — Bevin had complained that his narrow loss to Democrat Andy Beshear was due to irregularities. Bevin’s unsubstantiated complaints showed that there is more than one way to undermine confidence in elections. Although election officials worry about hacking into voting machines and registration rolls, they also worry that claims about potential problems make it harder for the public to accept the outcome of elections — especially if their preferred candidate has lost. “If I wanted to undermine the democratic system, all I really need to do is create doubt in the mind of whatever team loses,” said Michael Miller, a political scientist at Barnard College. “It’s very concerning that we’ve begun to focus on which team do [hackers] hurt, Republican or Democrat. It could be your team today, but it could be the other team tomorrow.”

National: Election vendors should be vetted for security risks, says watchdog group | Joseph Marks/The Washington Post

The federal government should start vetting companies that sell election systems as seriously as it does defense contractors and energy firms, a top election security group argues in a proposal out this morning. Under the proposal from New York University’s Brennan Center for Justice, government auditors would verify election companies and their suppliers are following a raft of cybersecurity best practices. They would also have to run background checks to ensure employees aren’t likely to sabotage machines to help Russia or other U.S. adversaries. The suggestion comes as Congress continues to fight over whether to tighten election security as candidates ramp up for the 2020 election. Senate Republicans, especially, have stalled further security measures, even as observers warn that the next election is ripe for hacking by foreign adversaries such as Russia, which interfered in the 2016 contest. Vendors of voting machines, however, have traditionally been exempt from close review by federal regulators. “These vendors are a critical part of securing our elections, but we haven’t really focused on them at all,” Lawrence Norden, director of Brennan’s election reform program and one of the authors, told me. “We need to understand that they’re critically important but also represent a vulnerability that there needs to be oversight for.”

National: Arming agencies for ransomware attacks in an election year | Stephen Moore/GCN

In the past few months, we have seen just how imperative it is to stop ransomware attacks. Ransomware has the power to rob state and local governments of thousands — or hundreds of thousands — of budget dollars and grind productivity to a halt. Recovery can cost tens of millions, as Atlanta and Baltimore discovered. Just two months ago, a coordinated attack hit 22 local Texas governments simultaneously, forcing many municipalities to rely on backup systems. Fortunately, none of the demanded $2.5 million ransom was paid, but that does not mean the event was without consequence. Cities and their elected officials have learned that failing to protect networks housing taxpayer data risks losing the trust of constituents. While ransomware attacks can happen at any time, an election year is an opportune time for adversaries to conduct attacks — on voter registration systems, for example. In an attempt to prevent a ransomware attack affecting upcoming elections, the Department of Homeland Security recently  announced a program to provide state election officials with guidance and support, as well as pen testing and vulnerability scanning of their voting systems. The rollout of this program, and future programs, serves as a major step in helping local governments protect their networks ahead of the 2020 elections and beyond.

National: Bipartisan bill to secure election tech advances to House floor | Maggie Miller/TheHill

The House Science, Space and Technology Committee on Thursday unanimously approved legislation intended to secure voting technology against cyberattacks. The Election Technology Research Act would authorize the National Institute of Standards and Technology and the National Science Foundation to conduct research on ways to secure voting technology. The legislation would also establish a Center of Excellence in Election Systems that would test the security and accessibility of voting machines and research methods to certify voting system technology. The bill is sponsored by Reps. Anthony Gonzalez (R-Ohio) and Mikie Sherrill (D-N.J.), along with committee Chairwoman Eddie Bernice Johnson (D-Texas) and ranking member Frank Lucas (R-Okla.). All four sponsors enthusiastically praised the bill during the committee markup on Thursday, with Johnson saying that “transparent, fair, and secure elections are the bedrock of our democracy,” and that attacks in 2016 on online voter registration databases “have increased Americans’ concerns about the integrity of our elections.”

National: Election Assistance Commission Needs More Authority In Face of 2020 Threats, Report Finds | Courtney Bublé/Government Executive

With less than a year until the 2020 presidential election, a new report calls on Congress to bolster the authority of the agency that serves as the nation’s elections clearinghouse and devote more funding and resources to it. The Brennan Center for Justice, a nonpartisan law and public policy institute, released a report on Tuesday that proposes a new framework for protecting election systems. Its recommendations focus on the oversight and internal operations of the Election Assistance Commission, the understaffed and underfunded federal agency responsible for promoting election administration best practices and voting machine security standards. “The federal government regulates colored pencils, which are subject to mandatory standards promulgated by the Consumer Product Safety Commission, more strictly than it does America’s election infrastructure,” said the report. Although the Homeland Security Department designated election systems as critical infrastructure in 2017 following revelations of Russian interference in the 2016 presidential election, election systems don’t receive the same type of oversight as other sectors with the critical infrastructure classification.  “While voting systems are subject to some functional requirements under a voluntary federal testing and certification regime, the vendors themselves are largely free from federal oversight,” the report said. “Under our proposal, the EAC would extend its existing certification regime from voting systems to include all vendors that manufacture or service key parts of the nation’s election infrastructure.”

National: State, local elections officials agree no ‘one-size-fits-all-approach’ exists for cybersecurity | Jory Heckman/Federal News Network

Less than a year out from the 2020 election, state and local election security personnel are gearing up to defend against cyber threats. But while these officials work directly with the Department of Homeland Security to protect this critical infrastructure, in many cases they face limited resources on a scale not seen in the federal government. More than 40 states have a secretary of state that serves as the chief election official, but in Wisconsin, an administrator is appointed by a bipartisan commission to serve in that role. Meagan Wolfe, the administrator of the Wisconsin Elections Commission, said Wisconsin is the most decentralized election administration system in the country. The state runs elections at the municipal level, whereas most other states run elections at the county level. However, resources for these offices can run thin and two-thirds of Wisconsin’s election officials work part-time. “A lot of them don’t have any type of IT support at the local level, which is very different than some of the county-based systems. The clerk might be the sole employee of that jurisdiction,” Wolfe said at the Cybersecurity Coalition’s CyberNext D.C. conference.

Editorials: Restoring Trust And Security In U.S. Elections | Earl Matthews/Forbes

There was a time when we didn’t think twice about the security of our election systems. We trusted that when we cast our votes, they would be accurately counted. That has changed. During the 2016 election, a powerful threat appeared from outside our own borders – the shadow of other governments hacking and attempting to unduly influence our election systems. If we care about voting and election security, and if we still believe that every voter and every vote counts, then there is a big existential question that we must be willing to address: Is cybersecurity fundamental to the health, if not the very existence, of a democracy today? I say absolutely yes. The issue is not significantly different from the challenges that businesses face as they try to protect their data and digital assets. It’s the ramifications that are so much bigger.

Arizona: County recorders falling short on web security, expert says | Andrew Oxford/Arizona Republic

Arizonans still vote on paper but much of an election unfolds online, from finding a polling place to requesting a mail ballot.

Cyber security experts worry election officials in some of the state’s counties are not doing enough to secure their websites and prevent fraudsters from sowing disinformation or spreading confusion. Most of the county recorders in Arizona are not using one of two basic safety measures that cyber security firm McAfee is encouraging local governments adopt. The company is urging election officials to use web addresses ending in .gov as well as secure sockets layer — encryption commonly used on websites that handle passwords, credit card information and other sensitive data. Without these measures, it could be easier for saboteurs to hijack a website and steal users’ data or provide false information, particularly heading into an election that experts anticipate will be targeted with disinformation.

California: As Power Shut Offs Increase, California Counties Are Making Plans For Elections Without Electricity | Scott Rodd/California Public Radio

After California utilities cut power to millions of customers in October, county election officials are wasting little time making sure polling places are prepared in the case of an outage during an election.  Counties are using pre-election surveys to make sure polling places and vote-counting centers have equipment needed to mitigate the impact of power shutoffs. That includes back-up generators, flashlights, lanterns and portable power equipment. Some county election offices are also developing multitiered plans to ensure every vote is counted if an outage occurs. In Placer County, election officials are already preparing precincts ahead of next year’s primary in March and general election in November.  “We continually survey our polling places,” said Ryan Ronco, Placer County’s registrar of voters. That typically includes measuring doorway thresholds and installing ramps to increase accessibility. “And now, we’re also mitigating power [outages],” he said.

Georgia: Voting machine critics investigated by Georgia election officials | Mark Niesse/The Atlanta Journal-Constitution

Georgia election officials are investigating two prominent critics for allegedly intruding into voting areas during a test run of the state’s new voting machines. The two people under investigation said the investigation is an intimidation tactic by Secretary of State Brad Raffensperger’s office. Marilyn Marks, a plaintiff in a lawsuit demanding that Georgia switch to hand-marked paper ballots, and Richard DeMillo, a Georgia Tech cybersecurity expert, are accused of “interfering with voters by being in an unauthorized area” during the Nov. 5 election, said Walter Jones, a spokesman for Raffensperger. “The secretary of state takes voters’ reports that individuals are violating election law and undermining the integrity of our state and local elections seriously,” Jones said in a statement. Marks said Raffensperger is attempting to marginalize skeptics of the state’s new voting system, which combines touchscreens and printed ballots. The system is scheduled to be rolled out to voters statewide during the March 24 presidential primary.

Georgia: Paper ballots recounted to check election results in Georgia | Mark Niesse/The Atlanta Journal-Constitution

A recount of ballots printed out by Georgia’s new voting system confirmed the accuracy of electronically counted election results, state election officials said Wednesday. But critics say the state’s audit proved nothing, and they believe ballots created by computers remain vulnerable to tampering and inaccuracies. Election workers on Tuesday reviewed a sample of paper ballots printed by touchscreens during last week’s election in Bartow County, one of six counties that tested the state’s $107 million voting system. Voters in the rest of the state will switch to the new system starting with the March 24 presidential primary. “An important part of the new voting system is the ability to audit with the use of paper ballots. This feature provides the confidence voters deserve,” Secretary of State Brad Raffensperger said. During the audit, four teams of two election workers each pulled a random sample of 80 ballots out of 1,550 cast in Cartersville. The teams read the printed-out text on the ballots and tallied the results in the race for mayor and a referendum on Sunday morning alcohol sales.

Georgia: Election officials investigate prominent critics | Ben Nadler/Associated Press

Georgia election officials have opened an investigation into two prominent critics of the state’s new touchscreen voting machines, secretary of state Brad Raffensperger’s office confirmed Wednesday. Those critics called the investigation an attempt to intimidate detractors of the new machines. Marilyn Marks, executive director of the nonprofit Coalition for Good Governance, and Richard DeMillo, a cybersecurity expert and Georgia Tech professor, are accused of “interfering with voters by being in unauthorized areas” of voting locations while observing pilot elections conducted on the new machines on Nov. 5. Raffensperger spokesman Walter Jones says the investigation was launched after complaints from “poll workers and voters” and that Marks and DeMillo were “in an area of the polling place where only voters and election officials are allowed to be.” Marks responded, “I have absolutely no idea what this could be about other than just an effort to try to discredit us, because much of what we observed was not pretty.” Marks said they worked with local election officials that day and hadn’t heard any concerns at the time. She said Raffensperger should be promoting open and transparent elections rather than “trying to make examples of people who want to exercise their right to learn more, who want to observe, who want to promote transparency.”

Hawaii: How The Counties Are Preparing For All-Mail Voting | John Burnett/Hawaii Tribune-Herald

Hawaii County Clerk Jon Henricks told state legislators Wednesday that the county will have a high-speed ballot sorting machine by February, which he said will give Hawaii Island elections workers “plenty of time” to prepare for the new voting-by-mail system that will be in place for the 2020 primary and general elections. “It’s a very good machine. We had staff come to view the City and County of Honolulu’s machine, and they were sold on it,” Henricks said during a joint informational briefing of the state Senate and House Judiciary committees in Honolulu. “They’re essential, I believe, when you move to voting by mail because of the number of ballots.” The vote-by-mail law, passed by the Legislature and signed June 25 by Gov. David Ige, is aimed at improving voter participation and ballot security. Officials also think the new system will save money in the long run. “We wrote this bill to expand voting hours and access, and make it easier for everyone to vote. We hope to see voter participation rise this coming election,” said Rep. Chris Lee, an Oahu Democrat and chairman of the House Judiciary Committee.

Indiana: St. Joseph County Election Board recanvasses ballots after finding discrepancies | Monica Murphy/WNDU

The St. Joseph County Election Board, along with its attorney and election consultants, recanvassed ballots after finding discrepancies in the number of ballots cast. They noticed a 41-ballot difference and found discrepancies in 32 polling places. “So, this is just giving us a little more breathing room, since there weren’t that many discrepancies. It wasn’t affecting any races. It was sporadic all over,” St. Joseph Circuit Court Clerk Rita Glenn said. Glenn said it could have been a lot worse, making clear the recanvass will not impact election results. Here is what happened: They said there were no issues with the election equipment itself; rather, the majority of issues came from ballot jams. When there is a jam, the machine will give a message to poll workers saying “ballot cast,” so that would have meant not to reinsert the ballot. The board chair said some poll workers probably misunderstood the message and may have reinserted the paper, counting it twice.

Missouri: Greene County experiments with process for verifying elections | KOLR

Greene County Clerk Shane Schoeller says election security is a top priority, which is why his team is double-checking the accuracy of its vote-counting machines. His office does this after every local election. This time though, they’re doing things differently. People from around Greene County witnessed and participated in the debut of a new election-auditing process: the risk-limiting audit. It’s a new election accuracy test using 20 multi-sided dice and real ballots from the most recent Greene County election. Schoeller says this method is much better than the state’s current post-audit process. He says when Greene County post-audits, no less than five percent of the polling locations of the casted ballots that day are evaluated. His new risk-limiting audit, however, looks at a much wider range of polling locations. He says this ensures the accuracy and election security he’s looking for.

North Carolina: Election security debate affects voters with disabilities | Jordan Wilkie/Raleigh News & Observer

When Damon Circosta, chairman of the state board of elections, voted in August to certify an elections equipment system opposed by local election security advocates, he said conversations with disability rights groups helped him make that decision. Circosta, whose vote broke a 2-2 tie, was in his first meeting as board chair. Carolina Public Press first asked Circosta on Aug. 23, the date of the meeting, about which disability rights groups he had talked with in making up his mind. A response, emailed by Board of Elections public information officer Pat Gannon, did not answer CPP’s question. Neither did records requests for communications between Circosta and any disability rights group or advocate. The records showed that one person, Lawrence Carter, president of the Raleigh/Wake Council of the Blind, submitted a written statement and made public comment, but his views were in opposition to the voting system Circosta voted to certify.

Pennsylvania: 2020 election votes are at stake as a Pennsylvania county plays a game of chicken with Gov. Tom Wolf | Jonathan Lai/Philadelphia Inquirer

Dauphin County, home of the Pennsylvania capital of Harrisburg, is starting a high-stakes game of chicken with the state. Republican county commissioners decided Wednesday not to buy new voting machines, defying an order from Gov. Tom Wolf, a Democrat, and all but daring him to take action against the county ahead of the 2020 election. Dauphin has been one of several counties that have resisted buying new voting machines, with its elections director saying the electronic machines used for more than three decades remain secure and usable. The two Republican county commissioners agreed Wednesday not to buy machines. (A third commissionerm a Democrat, did not attend the meeting.) Wolf said he ordered the statewide upgrade to make the voting machines more secure and tabulations verifiable.

Pennsylvania: Dauphin County resists Pennsylvania’s push for new voting machines | Marc Levy/Associated Press

A Pennsylvania county is signaling that it won’t go along with Gov. Tom Wolf’s insistence that counties buy new voting systems as a security measure in 2020’s election, when the state is expected to be a premier presidential battleground. Dauphin County Commissioner Mike Pries, a Republican, said Wednesday that he’s comfortable with the county’s old machines, particularly after hearing about paper jams, long lines and other problems in other counties that debuted new machines in last week’s election. Some of those new machines were under consideration by Dauphin County. “There’s an old saying: ‘If it’s not broken, don’t fix it,’” Pries said in an interview. “Our machines work, they’re fundamentally sound, we trust our machines, you cannot hack our machines.” Thus far, no other county in Pennsylvania has taken such a hard line against getting new voting machines, now seven weeks before the Dec. 31 deadline that Wolf gave counties to select new machines that have an auditable paper backup. Pennsylvania’s presidential primary election is April 28, and Wolf’s administration has warned lawmakers and county officials that it will decertify the counties’ old voting systems Dec. 31. His administration reiterated Wednesday it has not reconsidered that decision, although it is making exceptions for special elections to fill legislative vacancies before April.

Pennsylvania: ‘You should be pretty worried’: Fixing York County’s election system before 2020 votes | Logan Hullinger/York Dispatch

The maker of York County’s new voting machines pledged to have support on hand for all of next year’s elections after a tumultuous rollout of the system earlier this month that delayed election results for days. A representative for Dominion Voting Systems made the announcement Thursday, Nov. 14, during a debriefing that included the county commissioners, nearly all of the county’s state lawmakers, poll workers and election officials. Kay Stimson, the company’s vice president of government affairs, said Dominion also would work with county officials to reevaluate the number of machines needed in each of the 159 precincts. Based of the problems during the Nov. 5 municipal election, Lawmakers were particularly concerned about the 2020 voting — which includes a special election in January, the primary in April and the presidential contest in November. “If you voted in York, you should be pretty worried,” state Rep. Seth Grove, R-Dover Township, said after the meeting.

Australia: Flaws found in New South Wales iVote system yet again | Stilgherrian/ZDNet

The “Days since last vulnerability found” indicator for the iVote system used in New South Wales’ elections was reset to zero on Wednesday thanks to a new research note from University of Melbourne cryptographer Dr Vanessa Teague. Or rather, the software vendor was notified 45 days earlier to keep with the terms of the source code access agreement while the rest of us found out today. iVote was purchased from Scytl Australia, a subsidiary of Barcelona-based election technology vendor Scytl Secure Electronic Voting, and is based on the system used by SwissPost. In March this year, Teague and her colleagues Sarah Jamie Lewis and Olivier Pereira found a flaw in the proof used by SwissPost system to prevent electoral fraud. Later that month, they detailed a second flaw that could be exploited to result in a tampered election outcome. NSWEC claimed it was safe from the second flaw, and had patched the first. In July, NSWEC ordered Scytl to release parts of the source code in a bid to prove it contained no further vulnerabilities. Vulnerabilities have now been found. “I examined the decryption proof and, surprise, it can easily be faked while passing verification,” Teague tweeted on Wednesday morning. “This exposes NSW elections to undetectable electoral fraud by trusted insiders & suppliers, people who guessed the passwords of the trusted insiders, people who successfully phished the trusted insiders, etc.” Teague’s analysis is detailed in the 8-page Faking an iVote decryption proof [PDF]

United Kingdom: Hackers hit UK political parties with back-to-back cyberattacks | Jack Stubbs/Reuters

Hackers hit Britain’s two main political parties with back-to-back cyberattacks on Tuesday, sources told Reuters, attempting to force political websites offline with a flood of malicious traffic just weeks ahead of a national election. The attacks come after Britain’s security agencies have warned that Russia and other countries may attempt to disrupt the Dec. 12 vote with cyberattacks or divisive political messages on social media, a charge Moscow denies. The opposition Labour Party said on Tuesday morning it had “experienced a sophisticated and large-scale cyberattack on Labour digital platforms,” but that the attack was repelled and no data was compromised. Just hours later, the party’s website and other online services came under a second digital bombardment, followed by a third attack on the website of the governing Conservative Party shortly before 1600 GMT, according to two people with knowledge of the matter and documents seen by Reuters. The sources said there was currently nothing to link the attacks on either party to a foreign state. One of sources said the attack on the Conservatives was larger and appeared to be conducted by different hackers, but did not take down any party websites.

National: Expensive, Glitchy Voting Machines Expose 2020 Hacking Risks | Kartikay Mehrotra and Margaret Newkirk/Bloomberg

The first sign something was wrong with Northampton County, Pennsylvania’s state-of-the-art voting system came on Election Day when a voter called the local Democratic Party chairman to say a touchscreen in her precinct was acting “finicky.” As she scrolled down the ballot, the tick-marks next to candidates she’d selected kept disappearing. Her experience Nov. 5 was no isolated glitch. Over the course of the day, the new election machinery, bought over the objections of cybersecurity experts, continued to malfunction. Built by Election Systems & Software, the ExpressVote XL was designed to marry touchscreen technology with a paper-trail for post-election audits. Instead, it created such chaos that poll workers had to crack open the machines, remove the ballot records and use scanners summoned from across state lines to conduct a recount that lasted until 5 a.m. In one case, it turned out a candidate that the XL showed getting just 15 votes had won by about 1,000. Neither Northampton nor ES&S know what went wrong. Digital voting machines were promoted in the wake of a similarly chaotic scene 19 years ago: the infamous punch-card ballots and hanging chads of south Florida that tossed the presidential contest between George W. Bush and Al Gore into uncertainty.

United Kingdom: Labour Party hit by second cyber-attack | BBC

Labour is reportedly suffering a second cyber-attack after saying it successfully thwarted one on Monday. The party says it has “ongoing security processes in place” so users “may be experiencing some differences”, which it is dealing with “quickly”. The Distributed Denial of Service (DDoS) attack floods a computer server with traffic to try to take it offline. The BBC’s Gordon Corera has been told Monday’s attack was not linked to a state. Earlier, a Labour source said that attacks came from computers in Russia and Brazil. Our security correspondent said he had been told the first attack was a low-level incident – not a large-scale and sophisticated attack. A National Cyber Security Centre spokesman said the Labour Party followed the correct procedure and notified them swiftly of Monday’s cyber-attack, adding: “The attack was not successful and the incident is now closed.” Meanwhile, Labour has denied that there has been a data breach or a security flaw in its systems after the Times reported the party’s website had exposed the names of online donors.

National: Voatz smartphone voting app needs security review, senator says | Ben Popken/NBC

A smartphone voting app that has been tested in local elections around the United States should undergo a cybersecurity review, Sen. Ron Wyden, D-Ore., said Friday. In a letter sent to Defense Secretary Mark Esper, Wyden requested the review of the Voatz voting app, which has been used in elections in Colorado, Oregon and Utah as a way to make it easier for military and overseas voters to cast their ballots. According to the developer, the app combines “mobile voting” and blockchain technology to create a secure way for people to vote without having to visit a voting booth. But Wyden wrote that he is “very concerned about the significant security risks associated with voting over the internet.” He cited the National Academy of Sciences, which recommended in 2018 that no internet voting be used until much stricter security measures can be put into place. “No known technology guarantees the secrecy, security and verifiability of a marked ballot transmitted over the Internet,” the academy authors wrote. Wyden also wrote that Voatz has said it has conducted independent audits but hasn’t published the results or identified the auditors. The FBI is currently investigating an attempt to hack the Voatz app.

National: Targets of foreign election interference may get a call from US intel officials | Kevin Collier and Zachary Cohen/CNN

The US government has set up a new process to alert targets of foreign election interference in an attempt to be more transparent and counter ongoing efforts by Russia and other adversaries to influence the American political process. The FBI, Department of Homeland Security, Department of Justice and relevant intelligence agencies announced Friday that the government will notify relevant members of Congress, state and local officials, private sector and the public of foreign interference “where necessary to protect national security and the integrity of our elections,” beyond existing laws and policies. Most intelligence concerning threats to election security is initially classified, making it difficult to quickly release to the public. When Russian intelligence conducted its election interference campaign in the leadup to the 2016 election, the FBI and DHS had difficulty conveying information about some cyber threats to county and state election officials who didn’t have security clearance.

National: Swing state election websites aren’t secure against Russian hacking, McAfee says | Joseph Marks/The Washington Post

County election websites in two battleground states are highly vulnerable to hacking by Russia or another adversary that might seek to disrupt the 2020 vote by misleading voters about polling locations or spreading other false information. About 55 percent of county election websites in Wisconsin and about 45 percent in Michigan, both states that President Trump flipped from Democratic to Republican in 2016 lack a key and fairly standard security protection, according to data provided exclusively to me by the cybersecurity firm McAfee. Without this protection, called HTTPS, it’s far easier for an adversary to hijack those sites to deliver false information, divert voters to phony sites that mimic the real ones or steal voters’ information, per McAfee. (You can often tell if a site has HTTPS protection if there’s a small lock icon to the left of a Web address.) The repercussions could be huge if Russia or another country decided to manipulate sites in key counties to send voters to the wrong polling places or at the wrong times. They could even flood people seeking voting information with malicious software so they spend much of Election Day getting their phones and laptops fixed and have less time to actually go vote. In states with incredibly tight margins of victory in the last presidential election, a hacker who prevented just a few thousand people from voting in one of them in 2020 could swing an election or create broad doubt about the results.

National: Spy, law enforcement agencies step up U.S. election security measures | Mark Hosenball/Reuters

U.S. spy and law enforcement agencies on Friday said they had strengthened procedures for informing Congress, state and local governments, private business and the public about foreign interference in U.S. elections. The FBI has already given some American election candidates “defensive” briefings on evidence U.S. agencies collected of possible election interference, an FBI official told a briefing for journalists. The official, who spoke on condition of anonymity, declined to give further details regarding who might have been warned about the interference or where and how such interference might have originated. An official, also speaking on condition of anonymity, said that U.S. agencies believe that Russia, China and Iran all present continuing potential threats to the U.S. electoral system. However, officials stressed that U.S. agencies had not seen direct threats to American election systems recently. An FBI official added that the bureau has “invested a lot of time” in trying to help social media companies detect inauthentic politically related message traffic, and shares information on this with social media companies.

National: As 2020 US presidential election nears, voter systems are still vulnerable | Lydia Emmanouilidou/Public Radio International

With just a little more than a year to go before the 2020 US presidential election, security experts and lawmakers say progress has been made to guard against foreign interference. But they warn the country’s election infrastructure could be vulnerable to the types of hacking operations that took place in the lead-up to the 2016 election. One such attack was directed at the Illinois State Board of Elections, an agency that oversees and facilitates parts of election processes in the state, including a statewide voter registration system. “One of our IT people noticed that our [voter registration] system was running extremely slowly,” said Matt Dietrich, a spokesperson for the agency. “It had practically shut down.” The IT member inspected the system, and discovered that an intruder had exploited a vulnerability on the board’s online voter application, broken into the statewide voter registration database and gained access to voter information, including names, addresses and drivers’ license numbers. “It was terrifying. … We took the entire system down,” Dietrich said.

National: Every State Was Given Funding to Increase Election Security. Here’s How They Spent It | Nicole Goodkind/Fortune

The U.S. is less than a year out from one of the most consequential elections of the century, which President Donald Trump’s Department of Homeland Security has called “the big game” for foreign adversaries looking to attack and undermine the Democratic process. Congress, meanwhile, is locked in a stalemate about how to secure systems in the country’s 8,000 largely disjointed voting jurisdictions. Tuesday marks the last test of security preparedness before the 2020 elections, as certain statewide polls take place around the country. The Department of Homeland Security is gearing up “war rooms” to monitor for potential interference and test voting infrastructure, but with sluggish movement at a federal level there is little they’ll be able to do to correct any issues within the next 12 months. There is, however, one beacon of hope: 2002’s Help America Vote Act (HAVA)—a block grant issued to states to bolster election security following the Bush v. Gore hanging chad debacle some 19 years ago. In 2018, Congress used the Omnibus Appropriations Act to pad HAVA with an extra $380 million to be divided up amongst the states in proportion to their voting age population. The idea was that they spend it to prepare for the 2020 elections, and Democrats and Republicans are likely to approve at least another $250 million through the act this year.

National: Retirements pose threat to cybersecurity expertise in Congress | Maggie Miller/The Hill

Rep. Pete King’s (R-N.Y.) planned retirement after the 2020 elections is the latest in a string of House departures that look likely to deal a blow to Republican cybersecurity expertise on Capitol Hill. King said on Monday he would not seek reelection after 14 terms in the House, including serving previously as chairman of the House Homeland Security Committee and as a member of the House Intelligence Committee. Those two panels have a focus on cyber issues, such as election security and other cyber threats from foreign countries, and the departure of a longtime member such as King could make it more difficult for Congress to address growing cyber threats in the future. His resignation comes on the heels of announcements by almost two dozen other House Republicans that they will not run for reelection, with several of these members having become key players in the cybersecurity debate on Capitol Hill, including Rep. Will Hurd (R-Texas). Cybersecurity is listed as an area of interest by King on his congressional website, with the lawmaker writing, “As the only senior member of Congress serving on the two Committees with the largest cybersecurity oversight mission, I have made it my goal to ensure we are building an effective cybersecurity program across the federal government.”