Archives

North Carolina: Federal review finds no evidence hacking caused 2016 Durham County election problems | Travis Fain/WRAL

A U.S. Department of Homeland Security review found no evidence that hacking caused the 2016 election problems that forced Durham County to shut down electronic poll books on election day, the State Board of Elections said Monday in a joint statement with Durham’s board of elections. The report, months in the making, is “compelling evidence that there were no cyberattacks impacting the 2016 election in Durham,” Durham County Board of Elections Chairman Philip Lehman said in the joint statement. The state released a heavily redacted version of the 12-page report late Monday afternoon. In it, federal cyber security experts say they “did not conclusively identify any threat actor activity,” but that aspects of the state’s election security could be improved. Most of these recommendations are redacted for security reasons, but Lehman said in his statement that the county has already “implemented additional training, security measures and staffing changes” since 2016. State elections director Karen Brinson Bell said the state is working with county boards and the federal government “to improve security at every step in the voting process.”

Full Article: Federal review finds no evidence hacking caused 2016 Durham election problems :: WRAL.com.

National: New Funding for Election Security Assistance Doesn’t Go Far Enough, Experts Say | Courtney Bublé/Government Executive

With just over 10 months to go before Americans head to the polls to elect their next president, states will have access to additional money to help shore up insecure voting equipment. The funding—$425 million—was included in appropriations for the Election Assistance Commission under the 2020 spending bills President Trump signed into law on Dec. 20. EAC Chairwoman Christy McCormick said the commission “will do everything in its power to distribute these funds as expeditiously as possible.” The funding is a boost over Congress’ most recent appropriation of $380 million for election improvements in 2018—the first time since 2010 that Congress made resources available to help states and localities with their election infrastructure and administration. “State and local election officials from across the country regularly tell us about the need for additional resources,” said EAC Vice Chair Benjamin Hovland. “This new funding will allow election officials to continue making investments that strengthen election security and improve election administration in 2020 and beyond.”  Despite widespread evidence of foreign interference in the 2016 U.S. presidential election and repeated warnings from the intelligence community about the vulnerability of election infrastructure, the bipartisan and independent Election Assistance Commission has struggled with funding and staff cuts as well as House Republicans’ threats to terminate it. With the 2020 presidential election less than a year away, the EAC lacks a permanent director and general counsel.

Full Article: New Funding for Election Security Assistance Doesn’t Go Far Enough, Experts Say - Government Executive.

National: How good is the government at threat information sharing? | Andrew Eversden/Fifth Domain

Over and over cybersecurity officials in the civilian government, the intelligence community and the Department of Defense say the same platitude: information sharing is important. Often, however, little insight, or metrics, back up exactly how well they are doing it. But a new joint report from inspectors general across the government found that information sharing among the intelligence community and the rest of government “made progress.” The report, titled “Unclassified Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015” and released Dec. 19, found that cybersecurity threat information sharing has improved throughout government over the last two years, though some barriers remain, like information classification levels. Information sharing throughout government has improved in part because of security capability launched by the Office of the Director of National Intelligence’s Intelligence Community Security Coordination Center (IC SCC) that allowed the ODNI to increase cybersecurity information all the way up to the top-secret level. The capability, called the Intelligence Community Analysis and Signature Tool (ICOAST), shares both indicators of compromise and malware signatures that identify the presence of malicious code. According to the report, the information from the platform is available to “thousands” of users across the IC, DoD and civilian government.

Full Article: How good is the government at threat information sharing?.

National: Election security, ransomware dominate cyber concerns for 2020 | Maggie Miller/The Hill

Headed into 2020, with a presidential election on the horizon, cyber concerns are certain to be in the spotlight in Washington. Atop the list of cyber issues will be persistent questions about election security. Officials at the federal, state and local levels say they will be vigilant to any efforts to interfere in the election after 2016, even as lawmakers weigh additional actions to safeguard the vote. But lawmakers will also be looking to tackle other issues as well, such as the ransomware attacks spreading across the country and the growing concerns over companies with foreign ties accessing Americans’ data. 2020 will see a presidential election, along with nationwide elections for the House and a third of the Senate. It will be a major test for efforts to improve security after Russian interference efforts in the 2016 election. U.S. intelligence agencies, former special counsel Robert Mueller and the Senate Intelligence Committee have all concluded that Russia conducted a sweeping and systematic attack against the 2016 elections, using both hacking and disinformation campaigns. Mueller has warned that Russia would attempt to interfere again, testifying to the House Intelligence Committee in July that the Russians were trying to interfere “as we sit here.”

Full Article: Election security, ransomware dominate cyber concerns for 2020 | TheHill.

Georgia: State confident in timeline for delivery of new voting equipment | Tyler Estep/The Atlanta Journal-Constitution

Cellophane-wrapped pallet by cellophane-wrapped pallet, workers rolled some 2,800 new voting machines into the DeKalb County elections warehouse on Monday. Georgia Secretary of State Brad Raffensperger described it as the largest delivery to-date for the new voting system — and said he’s confident every community in Georgia will be fully equipped and fully prepared for March’s presidential primary. “We’ll have every county at 100 percent capacity before the end of the first week in February,” Raffensperger said. As recently as last month, officials had put the target date at the end of January. The new system, run on equipment provided by Dominion Voting Systems through a $107 million state contract awarded this summer, will replace Georgia’s 18-year-old electronic machines with a combination of touchscreens, printed ballots and scanners. Counties across the state must make the switch for the March 24 primary, which involves three weeks of early voting.

Full Article: Georgia official: Voting machines will arrive in plenty of time.

Georgia: State Ramps Up New Voting Machine Delivery As Election Deadline Looms | Stephen Fowler/Georgia Public Broadcasting

Standing at the edge of a DeKalb County loading dock, Georgia Secretary of State Brad Raffensperger joined several reporters and elections staff as a nondescript white truck slowly backed up to unload its cargo. The truck was loaded with battery backups that will help power 2,839 ballot-marking devices used by DeKalb voters in future elections. It was the first of many shipments arriving that day. While the holiday season has made coordinating deliveries to local officials tricky, Raffensperger said that more than 25,000 of the 33,100 BMDs are tested and in the state’s control and 32 of Georgia’s 159 counties have received nearly all of their new voting machines and accessories. Cobb County (2,039 machines) is waiting on final pieces of equipment, DeKalb County (2,839) is currently being delivered and in the next few weeks Fulton (3,058) and Gwinnett counties (2,257) will receive most of their equipment. “So, that represents 34% of all the voting equipment for the entire state of Georgia,” Raffensperger said.

Full Article: Georgia Ramps Up New Voting Machine Delivery As Election Deadline Looms | Georgia Public Broadcasting.

Maryland: Board of Elections to use more wireless networking in 2020 | Steve Thompson /The Washington Post

Maryland election officials plan to use an expanded wireless network during the 2020 elections, prompted by a new law allowing people to register to vote on Election Day. But at least one lawmaker and a local elections board are questioning whether the new system will be worth the cost and will be safe from hackers. A cellular network will transmit new registrations from local polling places to state elections officials throughout Election Day, allowing officials to update voter lists that help meet objectives including that no one vote twice. “It’s creating a path, a road, for the voter check-in data to go from the poll books to our server here,” said Nikki Charlson, the deputy administrator at the Maryland State Board of Elections. She said the step is necessary to enable “local officials to do their research to prepare to count the votes.” Charlson said the only information the network will carry is who is registered and has voted, not how any person voted. The same type of network is used by law enforcement and public safety agencies, she said. “It’s using cellular data, but it’s a secure and closed network,” she said. “No one can find it, and the data’s encrypted, and the network is encrypted.” The state already uses a similar, though smaller-scale, network to upload new registrations during early-voting periods. “So this was taking something we did in early voting and bringing it to Election Day,” Charlson said. But state Sen. Cheryl C. Kagan (D-Montgomery) said the networking equipment, which will cost counties hundreds of thousands of dollars, is not needed and “makes us more vulnerable to hacks and attacks.”

Full Article: Maryland Board of Elections to use more wireless networking in 2020 - The Washington Post.

Michigan: Audit pings state bureau of elections on voter file, training, campaign finance oversight | Beth LeBlanc and Craig Mauger/The Detroit News

Michigan’s Bureau of Elections failed to properly safeguard the state’s file of 7.5 million qualified voters, a discrepancy that allowed an unauthorized user to access the file and increased the risk of an ineligible elector voting in Michigan, according to a recent report from the Office of Auditor General. Elections officials lack proper training in more than 14% of counties, cities and townships, the audit also found. And the bureau did not make timely reviews for campaign statements, lobby reports and campaign finance complaints. The audit conducted between Oct. 1, 2016, and April 30, 2019, found in the qualified voter file “230 registered electors who had an age that was greater than 122 years, the oldest officially documented person to ever live,” according to the Friday report. The report came 2 1/2 months before the state’s March 10 presidential primary and a little over 10 months before Michigan voters cast ballots in the November general election. The reviewed information fell largely under the tenure of Republican former Secretary of State Ruth Johnson. Democratic Secretary of State Jocelyn Benson took office Jan. 1.

Full Article: Audit pings bureau of elections over voter file, campaign finance.

North Carolina: No evidence of cyber attack in Durham County 2016 election, acordind to DHS | Will Doran/Raleigh News & Observer

There’s no evidence that the 2016 Election Day problems in Durham were the result of cyber hackers, according to the federal government. Special Counsel Robert Mueller’s report on Russian election interference said a company — whose description closely matched the company that provided voter check-in software for Durham and other North Carolina counties in 2016 — was targeted by hackers. And Durham experienced widely reported issues with that check-in software during the 2016 elections. State officials have long said they believed the problems were just due to human error, however, and not anything malicious like foreign hackers. But after the Mueller report’s findings on election interference became public earlier this year, officials at the Department of Homeland Security agreed to look into the Durham situation. On Monday, putting an end to their months-long investigation, they announced they had found nothing to indicate a cyber attack. Phillip Lehman, chairman of the Durham County Board of Elections, called the report “compelling evidence that there were no cyberattacks impacting the 2016 election in Durham.” “As we have acknowledged, there was human error in the preparation of electronic poll books,” Lehman said in a news release announcing the investigation’s findings. “Since that time, the Durham County Board of Elections has implemented additional training, security measures and staffing changes. Elections in 2017, 2018 and 2019 were conducted efficiently and accurately with no significant incidents.”

Full Article: Election hacking evidence not found in NC: US investigation | Raleigh News & Observer.

Ohio: Is Ohio ready for 2020 election? League of Women Voters not so sure | Cincinnati Business Courier

Ohio Secretary of State Frank LaRose says the state’s voting systems are secure and ready for 2020. But Jen Miller of the League of Women Voters is concerned about voter turnout, WVXU reports. LaRose has been touring each of Ohio’s 88 Boards of Elections. He finished up last week in Akron, touting more than $114 million spent this year to equip almost every county with new voting machines. He estimates another $13 million to $15 million in federal “Help America Vote Act” funds is on its way. And he said counties will be completing his 34-point voting security checklist by the end of January to ensure readiness. Jen Miller, executive director of Ohio’s League of Women Voters, is encouraged but said the larger issue is increasing voter turnout – especially with next year’s primary coming on St. Patrick’s Day.

Full Article: Is Ohio Ready for the 2020 Election? - Cincinnati Business Courier.

Pennsylvania: Counties make year-end deadline for picking new voting systems, but still have to contend with changes to state election code | Emily Previti/PA Post

Dauphin County Commissioners voted 2-1 Monday to buy new voting machines – the last jurisdiction to comply with the state mandate that counties update to paper-based, auditable voting systems before the end of 2019. After publicly resisting the state’s directive, Dauphin officials reversed course, averting a potential legal fight with the state and ensuring the county is eligible for election security funding. Costs for the new system – one where voters primarily fill out ballots by hand – won’t be final until sometime in January, but are expected to be about $2 million, according to commissioners chief of staff Chad Saylor. Commissioner Jeff Haste cast the vote against moving forward in contract negotiations with Clear Ballot. “It’s a disastrous solution in search of a problem,” Haste said of the state mandate. Haste and other county officials have said the county’s current touchscreen direct recording electronic machines (DREs) work fine, despite being 30 years old. Haste also said county leaders didn’t like the fact that the state didn’t keep counties apprised of efforts to settle a lawsuit brought by 2016 Green Party presidential candidate Jill Stein in the wake of President Trump’s victory. That settlement, which effectively created the voting machine replacement mandate, was reached without local leaders having input. 

Full Article: Pennsylvania counties make year-end deadline for picking new voting systems, but still have to contend with changes to state election code | PA Post.

Bangladesh: BNP opposes electronic voting, cites risks of rigging | bdnews24.com

Election results generated by electronic voting machines (EVM) are never acceptable, BNP’s Senior Joint Secretary General Ruhul Kabir Rizvi said at a media briefing on Sunday. “It’s a matter of great concern that the Election Commission has become active to serve the government’s interest again. It created an unprecedented history with the last national election,” said Rizvi citing allegations of rigging. Rizvi accused the EC of helping the government rig the election through the use of electronic devices. “We call upon the EC to cancel the use of EVMs and initiate an election acceptable to all.” EVMs are not a transparent voting system which never serves democracy, said Rizvi citing some research. EVMs can be ‘tampered’ with, he said. “The results generated by these machines cannot be trusted.”

Full Article: BNP opposes e-voting, cites risks of rigging - bdnews24.com.

Namibia: Election court challenge to be heard in January | Estelle De Bruyn/The Namibian

The Supreme Court will on 17 January hear arguments on the electoral challenge through which independent presidential candidate Panduleni Itula and four others are trying to get a rerun of Namibia’s presidential election. Supreme Court judge Dave Smuts today presided over a case management hearing with the various parties to the case to establish a timeline for the filing of court papers and to determine the date of the final hearing. Itula and the other four applicants are basing their attack on the conduct of the presidential election on the Electoral Commission of Namibia’s decision to make use of electronic voting machines (EVMs), and are arguing that the Electoral Act required that the ECN could make use only of EVMs accompanied by a verifiable paper trail.

Full Article: Election court challenge to be heard in January - The Namibian.

National: How Close Did Russia Really Come to Hacking the 2016 Election? | Kim Zetter/Politico

On November 6, 2016, the Sunday before the presidential election that sent Donald Trump to the White House, a worker in the elections office in Durham County, North Carolina, encountered a problem. There appeared to be an issue with a crucial bit of software that handled the county’s list of eligible voters. To prepare for Election Day, staff members needed to load the voter data from a county computer onto 227 USB flash drives, which would then be inserted into laptops that precinct workers would use to check in voters. The laptops would serve as electronic poll books, cross-checking each voter as he or she arrived at the polls. The problem was, it was taking eight to 10 times longer than normal for the software to copy the data to the flash drivesan unusually long time that was jeopardizing efforts to get ready for the election. When the problem persisted into Monday, just one day before the election, the county worker contacted VR Systems, the Florida company that made the software used on the county’s computer and on the poll book laptops. Apparently unable to resolve the issue by phone or email, one of the company’s employees accessed the county’s computer remotely to troubleshoot. It’s not clear whether the glitch got resolved—Durham County would not answer questions from POLITICO about the issue—but the laptops were ready to use when voting started Tuesday morning. Almost immediately, though, a number of them exhibited problems. Some crashed or froze. Others indicated that voters had already voted when they hadn’t. Others displayed an alert saying voters had to show ID before they could vote, even though a recent court case in North Carolina had made that unnecessary.

Full Article: How Close Did Russia Really Come to Hacking the 2016 Election? - POLITICO.

National: Voting by app is a thing, and it’s spreading, despite the fears of election security experts | Mark Sullivan/Fast Company

In this age of extreme concern—even paranoia—over election security, you might be a little surprised to hear that some voters in parts of the country are voting from home, using an app. So far the vote-by-app option has been reserved for military people serving overseas and elderly people who might have physical difficulty getting to the polls. One state (West Virginia) and a number of cities and counties have already used a voting app called Voatz in elections, mainly small ones. Voatz, a Boston-based startup that’s raised almost $10 million in venture capital, birthed its app at a SXSW hackathon in 2016, and went through the TechStars incubator. Its technology is unique in that it utilizes the biometric security features (such as fingerprint readers and facial recognition cameras) of newer smartphones to verify the voter’s identity. Those security technologies are already used to secure sensitive transactions like sharing financial information and making online purchases. But election security people have raised concerns about internet-connected voting technologies. The Mueller report exposed numerous attempts by foreign hackers to infiltrate U.S. voting systems via the internet during the 2016 election. Since then, states and counties have rushed to disconnect all voting systems–including voting machines, tabulators, and administrative technologies–from the public internet. The Voatz app’s use of the internet is the main reason it’s caught the attention of the election security community.

Full Article: Voting by app is spreading—via a startup called Voatz.

National: U.S. Cybercom contemplates information warfare to counter Russian interference in 2020 election | Ellen Nakashima/The Washington Post

Military cyber officials are developing information warfare tactics that could be deployed against senior Russian officials and oligarchs if Moscow tries to interfere in the 2020 U.S. elections through hacking election systems or sowing widespread discord, according to current and former U.S. officials. One option being explored by U.S. Cyber Command would target senior leadership and Russian elites, though probably not President Vladimir Putin, which would be considered too provocative, said the current and former officials who spoke on the condition of anonymity because of the issue’s sensitivity. The idea would be to show that the target’s sensitive personal data could be hit if the interference did not stop, though officials declined to be more specific. “When the Russians put implants into an electric grid, it means they’re making a credible showing that they have the ability to hurt you if things escalate,” said Bobby Chesney, a law professor at the University of Texas at Austin. “What may be contemplated here is an individualized version of that, not unlike individually targeted economic sanctions. It’s sending credible signals to key decision-makers that they are vulnerable if they take certain adversarial actions.” Cyber Command and officials at the Pentagon declined to comment.

Full Article: U.S. Cybercom contemplates information warfare to counter Russian interference in 2020 election - The Washington Post.

National: State, local election officials train for cyber attacks as ‘another level of war’ | Christina Almeida Cassidy/Associated Press

Inside a hotel ballroom near the nation’s capital, a U.S. Army officer with battlefield experience told 120 state and local election officials that they may have more in common with the military strategists than they might think. These government officials are on the front lines of a different kind of high-stakes battlefield — one in which they are helping to defend American democracy by ensuring free and fair elections. “Everyone in this room is part of a bigger effort, and it’s only together are we going to get through this,” the officer said. That officer and other past and present national security leaders had a critical message to convey to officials from 24 states gathered for a recent training held by a Harvard-affiliated democracy project: They are the linchpins in efforts to defend U.S. elections from an attack by Russia, China or other foreign threats, and developing a military mindset will help them protect the integrity of the vote.

Full Article: Election officials learn military mindset ahead of 2020 vote - StarTribune.com.

Editorials: There’s a lot to like in Congress’s new election security measures. But there’s a big omission. | The Washington Post

President Trump has signed into law a bundle of election security measures buried in this year’s spending bills. What the package includes says a lot about legislators’ commitment to safeguarding our democracy. What it does not include may say even more. There’s a lot to like in this year’s appropriations agreements, starting with a lump sum for states to bolster critical voting infrastructure. The $425 million Congress is providing in 2020 comes many days late and many dollars short according to experts, who say billions were needed starting at least two years ago. But it’s still an improvement over the $380 million allocated in 2018, and the $0 allocated this past year. These funds will be doled out in grants to states, which can then decide how to use them. The National Defense Authorization Act also includes essential measures, such as allowing state election officials to receive top-secret security clearances. The step will open the road at last to robust information-sharing between the federal and local governments. The same is true for public-private partnerships: The legislation establishes a threat analysis center at the office of the director of national intelligence responsible for coordinating between intelligence officials and technology companies to root out influence campaigns.

Full Article: There’s a lot to like in Congress’s new election security measures. But there’s a big omission. - The Washington Post.

Connecticut: Merrill, Blumenthal share how Connecticut will spend new federal funds to defend voting systems in the 2020 election | Amanda Blanco/Hartford Courant

Secretary of the State Denise Merrill and U.S. Sen. Richard Blumenthal met Thursday to discuss how Connecticut will spend an expected $5 million more in federal funds to strengthen election security for the 2020 election. The initiative follows a previous $5 million allocated to the state in 2018 for the same purpose. While House Democrats originally called for $1 billion to go toward the national cybersecurity effort, funds were cut to $425 million by the time the bill made it out of the Senate. Blumenthal called it a “solid first step,” but acknowledged that there needs to be a “sustained, steady source of money for election security annually” to combat international interference. Fund distribution is decided by the federal Election Assistance Committee and is based on measures like population and severity of need, Merrill said. She expects a large portion of the money to go toward training local officials, as the state has an unusual voting infrastructure. While most states conduct elections at the county level, Connecticut conducts elections town-by-town. “It would be tough to hack all 169 towns,” Merrill said. On the other hand, the state is tasked with ensuring every single town has the proper infrastructure to support the security needed to protect voter files, which were attacked in 2016. “Our voter files can be entered at any of those 169 drop points, so we have to make sure that every single official in every single town understands the need for that security,” she said.

Full Article: Merrill, Blumenthal share how Connecticut will spend new federal funds to defend voting systems in the 2020 election - Hartford Courant.

Georgia: Experts warn Georgia’s new electronic voting machines vulnerable to potential intrusions, malfunctions | Rachel Frazin/The Hill

Experts are reportedly warning that Georgia’s new electronic voting machines are at risk of intrusions and manlfunctions, as the state grapples with election security issues. Georgia Institute of Technology computing professor Richard DeMillo told the The Washington Post that bystanders could see the machines’ screens during his visit to polling places north of Atlanta in November. Some counties also experienced programming issues that delayed voter check-ins while others noted machine shutdowns, the Post reported Monday. DeMillo told the newspaper that state officials “seem to be structurally unable to confront the fact that the voting system in Georgia is at risk.”

Full Article: Experts warn Georgia's new electronic voting machines vulnerable to potential intrusions, malfunctions | TheHill.