National: Protecting the integrity of US elections will require a massive regulatory overhaul, academics say | Jonathan Shieber/TechCrunch

Ahead of the 2020 elections, former Facebook chief security officer Alex Stamos and his colleagues at Stanford University have unveiled a sweeping new plan to secure U.S. electoral infrastructure and combat foreign campaigns seeking to interfere in U.S. politics. As the Mueller investigation into electoral interference made clear, foreign agents from Russia (and elsewhere) engaged in a strategic campaign to influence the 2016 U.S. elections. As the chief security officer of Facebook at the time, Stamos was both a witness to the influence campaign on social media and a key architect of the efforts to combat its spread. Along with Michael McFaul, a former ambassador to Russia, and a host of other academics from Stanford, Stamos lays out a multi-pronged plan that incorporates securing U.S. voting systems, providing clearer guidelines for advertising and the operations of foreign media in the U.S. and integrating government action more closely with media and social media organizations to combat the spread of misinformation or propaganda by foreign governments.

National: Finally, a Top Voting Machine Maker Is Calling for Stronger Election Security Laws | Patrick Howell O’Neill/Gizmodo

Over the last few decades, the state of American election cybersecurity has been excoriated by hackers who hope to fix a host of glaring problems before the entire system is exploited. Voting machine makers as an industry have long pushed back against security and transparency efforts until, suddenly, this week. Tom Burt is the CEO of Election Systems & Software (ES&S), one of the biggest voting machine manufacturers in the United States. Last year, hackers gathered at the Def Con conference in Las Vegas to test the security of voting machines. While Burt’s company criticized the hackers and suggested the threat against their machines was minimal and “extremely unlikely,” the event was punctuated by an 11-year-old changing voting results and researchers finding a decade-old security flaw in an ES&S ballot counting machine used across the United States.

National: Leading voting-machine vendor vows to ditch paperless voting | Timothy B. Lee/Ars Technica

Election Systems & Software, which describes itself as the nation’s leading elections-equipment provider, has vowed to stop selling paperless electronic voting systems—at least as the "primary voting device in a jurisdiction." And the company is calling on Congress to pass legislation mandating paper ballots and raising security standards for voting machines. "Congress must pass legislation establishing a more robust testing program—one that mandates that all voting-machine suppliers submit their systems to stronger, programmatic security testing conducted by vetted and approved researchers," writes ES&S CEO Tom Burt in an op-ed for Roll Call. Over the last 18 months, election-security advocates have been pushing for new legislation shoring up the nation's election infrastructure. Election-security reform proposals enjoy significant support among Democrats—who control the House of Representatives—and have picked up some Republican co-sponsors, too. However, such measures have faced hostility from the White House and from the Republican leadership of the Senate. "I don't think there is any likelihood that we are going to move a bill that federalizes more of the election process," said Sen. Roy Blunt (R-Mo.), a member of the Senate leadership team, last week.

National: Russia’s 2016 election interference was highly organized, but fixes for 2020 are possible: reports | Bradley Barth/SC Magazine

The campaign by Russia’s Internet Research Agency to interfere with the 2016 U.S. presidential election using fake Twitter accounts was even organized than many people realize, according to a new report from Symantec Corporation. But another new report from scholars at Stanford University prescribes more than 45 policy recommendations for how the U.S. can prevent a repeat performance of Russian meddling in 2020. The latter report, titled “Securing American Elections” represents the culmination of a study conducted by a team of scholars with expertise in areas such as cybersecurity, social media, election regulations, Russia and more. The recommendations are subdivided into seven categories: bolstering election infrastructure, regulating online political ads from foreign entities, countering election manipulation by foreign media, fighting state-sanctioned disinformation campaigns, improving transparency of foreign involvement in U.S. elections, establishing norms, and deterring future attacks.

National: McConnell Blocking Plans to Prevent Russian Election Attack | Jonathan Chait/New York Magazine

The House Judiciary Committee held hearings today on the Mueller report and its devastating findings of the Trump campaign efforts to collude with Russia, and Trump’s obstruction of justice thereof. The Republican message, articulated by ranking member Doug Collins, is that this is all in the distant past — the Mueller report came out in early spring; it’s already late spring — and we should focus on the future. “We’re not bringing Russians front and center,” he complained. “If we were attacked, then the priorities should be to go on the battlefields and not to the sideshow.” Funny thing about that: There actually are a lot of bills to safeguard the 2020 elections from the next Russian attack. Mitch McConnell is blocking all of them.

National: 5 steps to critical infrastructure collaboration | Randy James/FCW

The days of simply protecting critical infrastructure with guns, gates and guards or combating cyber threats solely with IT data and network protection are fleeting. Today's threats are many and varied, as our physical and digital worlds become increasingly interconnected. They stretch all the way from contested regions around the globe back to the U.S. homeland -- a country that is no longer the sanctuary it once was. Emerging threats -- including the proliferation of weapons of mass destruction, information warfare against our election system, cyberattacks targeting both defense and civilian networks and even the recent Huawei indictments -- put our nation's military capability, critical infrastructure, democratic institutions and even the safety of everyday civilians at risk. In today's threat landscape, our national defense strategy must incorporate a new, more robust and integrated "whole-of-nation" approach to homeland security. The plan must coordinate the assessment of defense and homeland security threats and synchronize how we address civilian critical infrastructure security and military mission assurance interdependencies. But the million-dollar question among government and industry leaders is not why we must adopt this approach -- it's how.

Editorials: Mueller and the Russian threat | James W. Pardew/The Hill

Special Counsel Robert Mueller warned Americans about the critical threat of Russian attacks on U.S. democracy in his recent valedictory press conference. Mueller’s statement is the latest alert on the urgent requirement for a comprehensive and tough national security strategy to deter and respond to future assaults on the U.S. Constitution by foreign entities. Part One of Mueller’s report on Russian interference in the 2016 U.S. election describes a brazen, wide-ranging attack by the Putin regime on the U.S. democratic system of government. Mueller found that Russian interference in the 2016 U.S. national election was sweeping and systematic. In part one, the report identified two major areas for Russian interference. The first was an aggressive social media campaign that favored presidential candidate Donald Trump and disparaged presidential candidate Hillary Clinton. Mueller states that Russian operatives on social media controlled multiple Facebook groups and Instagram accounts that had hundreds of thousands of U.S. participants. Russian Twitter accounts separately had tens of thousands of followers, all favoring one candidate or sowing discord within American society.

Editorials: Knowing It’s Right: Limiting the Risk of Certifying Elections | Tammy Patrick/Democracy Fund

Every election we ask ourselves, what motivates voters to participate? Could it be the love of a charismatic candidate? The dislike of a less-than-desirable one? Passion for a specific ballot initiative? Do voters show up to the polls out of habit? The answer is as varied as the voting population, as is the reason voters do not participate. Research shows that while voters’ confidence in their own vote being counted accurately remains relatively constant, their belief that results at the national level are correct is in decline. As we work through reestablishing trust in our elections following Special Counsel Robert Mueller’s 22-month long investigation, the threat of interference in our elections by another nation-state remains. The American public wants to believe that when they vote it means something—we are teaching elections officials about a new way to audit our elections and check for the accuracy every voter deserves. As with most election administration processes, implementation success lies in preparation—and Risk Limiting Audits (RLAs), which some proponents often refer to as the “cheap and easy” method to check the accuracy of the results, are no exception.

Florida: FBI urged to disclose Florida election hack details after ignoring request | Andrew Blake/Washington Times

The FBI faced fresh calls Friday to release additional details about the hacking campaign that compromised election systems in Florida during the 2016 U.S. presidential race. Rep. Ted Deutch, Florida Democrat, pressed for transparency nearly two months since the release of special counsel Robert Mueller’s report about Russian election interference began to reveal the scope of its success in the Sunshine State. The FBI assessed that Russian hackers infiltrated at least one Florida county government during the 2016 race, Mr. Mueller wrote in the report. Many state officials were unaware of the breach prior to the report’s publication, and individuals briefed by the FBI afterward said they were told that a total of two Florida counties had been compromised. Nearly no further details have emerged since, however, and Florida’s governor said he signed a non-disclosure agreement legally preventing him from revealing what counties were hacked.

Michigan: Three communities auditing May election results as part of election security pilot program | Lauren Gibbons/mlive.com

Michigan elections officials are continuing pilot tests of an auditing system to check election results, with the ultimate goal of perfecting a process for verifying outcomes of both local and statewide races. The pilot audit kicked off in Lansing Monday, where local and state elections officials joined national experts and observers from around the country in overseeing a “risk-limiting audit” of the results in a May ballot question regarding a millage for the Lansing School District. The risk-limiting audit process relies on a mathematical formula to randomly select ballots for auditors to review, and is intended to detect any potential irregularities that could have influenced the outcome of the election. Colorado currently uses risk-limiting audits to test election results.

North Carolina: With Guilford and Mecklenburg voting machines facing decertification, confusion looms for 2020 election | By Will Doran/Greensboro News & Record

Roughly a third of North Carolina voters use electronic machines with no paper ballots. But that might all change next year for the 2020 presidential election. Supporters of the change say it will help ensure election security, especially given reports from the FBI and other sources that the Russian government attempted to influence America’s 2016 elections and may have hacked into some U.S. voting software. But the switch has been held up for years, despite first being ordered in a 2013 law. Now, some officials — including some in Guilford County and the new state elections director — worry that there’s not enough time left to get new voting systems in place for the 2020 elections. Guilford County uses an electronic machine with a paper backup, said Chris Duffey, deputy director of the Guilford County Board of Elections. However, these DRE touch-screen machines, which use electronic ballot counting as opposed to paper tabulation, will be decertified by state law effective Dec. 1, he said. The law, adopted in 2013, aims to thwart cyber hackers who might have the skills to manipulate digital election results.

North Carolina: Laptops used in 2016 North Carolina poll to be examined by feds – after 2.5 years | Lisa Vaas/Naked Security

More than two and a half years after the fact, the Feds are finally going to investigate the failure of voter registration software – from a ­company that had been cyber-attacked by Russians just days before the November 2016 US presidential election – in the swing state of North Carolina. Politico has reviewed a document and spoken to somebody with knowledge of the episode, both of which suggest that the vendor, VR Systems, “inadvertently opened a potential pathway for hackers to tamper with voter records in North Carolina on the eve of the presidential election.” Specifically, VR Systems used remote-access software to connect for several hours to a central computer in Durham County so as to troubleshoot problems with the company’s voter registration software. In fact, election officials would come to find out that this was common practice, according to Politico’s source, in spite of the fact that election technology security experts agree that it opens up systems to hacking.

Ohio: Students find new uses for old Ohio voting machines that shouldn’t have been sold to Dispatch | Marc Kovac/The Columbus Dispatch

Government offices have different ways of dealing with stuff they formally declare is no longer needed. Electronics often are shipped to a recycler, but furniture, vehicles, clothing and other items sometimes are offered for sale to the general public. Licking County offers old equipment, confiscated property and other items on GovDeals.com, an online auction site used by government offices across the country. For a couple of months earlier this year, the county’s board of elections posted a handful of different auctions for "Diebold AccuVote-TSx" voting machines, purchased for $2,700 each in 2005 and ’06. The lots sold for between $7 and $19. "Be Creative… what could I do with a Used Voting Machine?," the auction listing read. The Dispatch took the suggestion literally and bought one lot of five machines at a cost of $3.40 each, receiving touchscreen units and stands, along with headphones, keypads, memory cards, keys and voter access cards. The actual elections software was removed before the sale, but the units were otherwise functional.

South Carolina: Company that courted South Carolina elections chief wins $51M bid for new voting machines | Tom Barton/The State

South Carolina voters will get a paper printout of their completed ballots starting next year, when the state puts in place some 13,500 new voting machines. State officials on Monday announced that a $51 million contract had been awarded to Election Systems and Software, the nation’s largest voting equipment vendor, to provide the new voting machines which promise more security in producing a paper ballot. ES&S has a lengthy history with South Carolina. The company provided the state’s existing voting system, in place since 2004. The paperless system has drawn increasing scrutiny, raising questions about accuracy of counting votes and whether the system is vulnerable to hacking. The company also has ties to elections officials in South Carolina and other states, an investigation by McClatchy and The State revealed. Marci Andino, executive director for the S.C. State Election Commission, formerly served on an advisory panel to the company, which treated her and elections officials from other states to trips to Las Vegas and elsewhere. Andino said she ran her trips by state ethics officials and has stepped down from the advisory role with ES&S prior to the state’s efforts to procure a new voting system.

South Carolina: State chooses new voting machines that will print paper ballots but some fear it’s not safe | Mike Fitts/Post and Courier

Beginning with the presidential primary next year, South Carolina voters will mark their choices on paper ballots by touching digital screens under a new $51 million voting system announced Monday by the state Election Commission — a choice criticized by a civic group that advocates for safe balloting. Under the system made by Election Systems & Software, voters will put their paper ballot into a touchscreen system and choose their candidates. They print out a completed ballot to review their selections and then put the ballot into a scanner to formally record their votes. … The League of Women Voters of South Carolina, however, was disappointed in the choice. The group sees this system as overly elaborate and possibly vulnerable to hacking or other mischief, especially when compared with a simple paper ballot.

International: Russians’ US election interference has inspired copycats around the world: US study | Charissa Yong/The Straits Times

Russia will not be alone in trying to interfere with the next American election, and other copycats are using similar techniques against other democracies around the world, Stanford University researchers have warned in a report. Russian influence operations used against America during its 2016 presidential election - from brigades of online impostors deepening pre-existing social divisions to hacking operations and obvious propaganda - have been picked up around the world, they said. "American policymakers rightly are focused on threats to election integrity in the United States in the run-up to the 2020 presidential vote, but these threats are part of a much larger, ongoing challenge to democracies everywhere," said the report titled "Securing American elections", which was released on June 5. The 96-page report was written by 14 authors, including former US ambassador to Russia Michael McFaul and former Facebook chief security officer Alex Stamos, who headed the social media giant's investigation into 2016 election manipulation before he joined Stanford University in August last year.

Russia: Putin says Russia didn’t meddle in US vote, despite evidence | Gary Pruitt/Associated Press

Russian President Vladimir Putin on Thursday reaffirmed his staunch denial that his government meddled in the 2016 U.S. presidential election despite the extensive evidence to the contrary, and insisted Moscow has no intention of interfering in any future votes, either. Speaking in response to a question from The Associated Press during a meeting with chief executives of international news agencies in St. Petersburg, the Russian leader said that “we didn’t meddle, we aren’t meddling and we will not meddle in any elections.” Putin and other Russian officials have hotly denied any interference with the U.S. vote to help Donald Trump win the presidency, even though U.S. special counsel Robert Mueller has uncovered evidence of a Kremlin operation to interfere with the 2016 vote. He charged 12 Russian military intelligence officers with breaking into Democratic Party emails, and also indicted other Russians who used phony social media accounts to spread divisive rhetoric and to undermine the U.S. political system.

National: New Election Security Bills Face a One-Man Roadblock: Mitch McConnell | Nicholas Fandos/The New York Times

A raft of legislation intended to better secure United States election systems after what the special counsel, Robert S. Mueller III, called a “sweeping and systematic” Russian attack in 2016 is running into a one-man roadblock in the form of the Senate majority leader, Mitch McConnell of Kentucky. The bills include a Democratic measure that would send more than $1 billion to state and local governments to tighten election security, but would also demand a national strategy to protect American democratic institutions against cyberattacks and require that states spend federal funds only on federally certified “election infrastructure vendors.” A bipartisan measure in both chambers would require internet companies like Facebook to disclose the purchasers of political ads. Another bipartisan Senate proposal would codify cyberinformation-sharing initiatives between federal intelligence services and state election officials, speed up the granting of security clearances to state officials and provide federal incentives for states to adopt paper ballots. But even bipartisan coalitions have begun to crumble in the face of the majority leader’s blockade. Mr. McConnell, long the Senate’s leading ideological opponent to federal regulation of elections, has told colleagues in recent months that he has no plans to consider stand-alone legislation on the matter this term, despite clamoring from members of his own conference and the growing pressure from Democrats who also sense a political advantage in trying to make the Republican response to Russia’s election attack look anemic.

National: Election Security Is Still Hurting at Every Level | Lily Hay Newman/WIRED

The Russian meddling that rocked the 2016 US presidential election gave the public a full view of something officials and advocates have warned about for years: weak voting infrastructure and election systems around the US, and a lack of political will and funding to strengthen them. Two and a half years later, real progress has been made in key areas. But with a new presidential election less than 18 months away, glaring systemic risks remain. Many of those inadequacies show up in a new report from the Stanford Cyber Policy Center, which breaks down the threats facing the 2020 election and beyond, and proposes paths to managing them. But as the report also makes clear, many of those necessary steps will not be completed before 2020. Smooth-running elections will require a clear-eyed view of those lingering deficiencies.

National: Stanford group calls for major overhaul on election security. Here are their recommendations | Joseph Marks/The Washington Post

A plan released this week by a Stanford University group that includes former top government and tech industry officials aims to be the equivalent of the 9/11 Commission report for election security. Like the 9/11 report, which fundamentally reorganized the nation’s homeland security and intelligence structure after the Sept. 11, 2001, terrorist attacks, “Securing American Elections” aims big. It argues Russia's 2016 election interference operation was an attack on fundamental American values, and should provoke the government and private sector to step up "defenses against efforts to erode confidence in democracy.”  The report’s 108 pages include 45 recommendations ranging from securing voting systems and combating online disinformation campaigns to negotiating major election security norms with allies and punishing adversaries who violate them. Like the 9/11 commission leaders who spent years pushing the government to fully implement their reforms amid partisan bickering, this group is preparing for a fierce lobbying campaign to turn its recommendations into reality, said Nate Persily, a report author and director of Stanford’s Cyber Policy Center.

National: House subcommittee approves funding bill with $600 million for election security | Maggie Miller/The Hill

A House Appropriations subcommittee approved a bill Monday night that includes $600 million in funding for the Election Assistance Commission (EAC) meant for states to bolster election security, with the money specifically earmarked for states to buy voting systems with “voter-verified paper ballots.” The approval comes as recent remarks by special counsel Robert Mueller emphasizing the dangers posed by foreign interference in U.S. election systems injected new life into the election security debate on Capitol Hill. The Senate already approved a bill Monday night to ban foreign individuals who meddle in U.S. elections from entering the country. The funds are part of the Financial Services fiscal 2020 budget, and were approved by voice vote by the House Appropriations Subcommittee on Financial Services and General Government. The bill now goes to the full House Appropriations Committee for consideration.

National: Election Rules Are an Obstacle to Cybersecurity of Presidential Campaigns | Nicole Perlroth and Matthew Rosenberg/The New York Times

One year out from the 2020 elections, presidential candidates face legal roadblocks to acquiring the tools and assistance necessary to defend against the cyberattacks and disinformation campaigns that plagued the 2016 presidential campaign. Federal laws prohibit corporations from offering free or discounted cybersecurity services to federal candidates. The same law also blocks political parties from offering candidates cybersecurity assistance because it is considered an “in-kind donation.” The issue took on added urgency this week after lawyers for the Federal Election Commission advised the commission to block a request by a Silicon Valley company, Area 1 Security, which sought to provide services to 2020 presidential candidates at a discount. The commission questioned Area 1 about its request at a public meeting on Thursday, and asked the company to refile the request with a simpler explanation of how it would determine what campaigns qualified for discounted services. Cybersecurity and election experts say time is running out for campaigns to develop tough protections.

National: DHS needs help peeking into state and local networks, cybersecurity official says | Benjamin Freed/StateScoop

A top federal cybersecurity official said Wednesday the Department of Homeland Security often lacks a clear picture of state and local governments’ network security, even as foreign adversaries increase their attempts to disrupt all levels of the public sector. And while federal agencies are getting better at working with state and local authorities, they face an ongoing challenge of staying ahead of an evolving threat landscape. “We don’t have good visibility in the state and local dot-gov [domain],” Rick Driggers, the deputy assistant director for cybersecurity at DHS’s Cybersecurity and Infrastructure Agency, said at FedScoop’s FedTalks event in Washington. Driggers said one of the most immediate steps state and local governments can take is to enact more robust information sharing with federal cybersecurity authorities. He said hackers, especially those backed by foreign governments, have increased their focus on state and local governments, raising the threat that a local population could suffer the brunt of a successful cyberattack.

National: NGA selects six states for election cybersecurity policy academy | Benjamin Freed/StateScoop

The National Governors Association announced Wednesday the six states that will participate in the organization’s latest cybersecurity policy academy. Officials from Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia will spend the next six months studying election security to come up with plans and practices to protect the integrity of their voting systems ahead of the 2020 presidential election. The NGA has convened the cybersecurity policy academies, which are run by the group’s Homeland Security and Public Safety division, since 2016. Last year’s program — which included Indiana, North Carolina, West Virginia and Wisconsin — focused broadly on IT security, ultimately producing a set of recommendations for greater collaboration between state and local governments.

National: States, experts ask EAC for more flexibility in voting machine standards | Derek B. Johnson/FCW

State officials and security experts say security updates contained in the Election Assistance Commission's new Voluntary Voting System Guidelines 2.0 are badly needed, but there is concern that the bureaucratic process the agency has set up to approve and update those standards can't keep up with the pace of technological change. Later this year, the commission is expected to vote to approve a five-page document outlining principles that will guide the development of VVSG 2.0, including a new emphasis on security. That process will be followed up with far more detailed technical guidance and standards that companies will rely on to design their new voting machines. At a May 21 hearing, the commission heard from a number of stakeholders who advised that the agency refrain from requiring a full vote to approve the technical portions of the guidelines, saying it would run counter to the goal of ensuring that voting machine standards account for the latest developments in technology.

National: Democratic base fired up by effort to ban Internet-connected voting machines | Joseph Marks/The Washington Post

As the 2020 election approaches, voting security groups are trying to rally the public behind an effort to ban Internet connections from U.S. voting machines that could be hacked by Russia and other foreign adversaries. And they’re getting an assist from activists on the left, who are still burned by the 2016 election, when Russia hacked troves of Democratic emails and strategically released them to damage the Hillary Clinton campaign. The joint effort has resulted in a staggering number of people -- 50,000 -- submitting comments on the issue to the Election Assistance Commission, a federal body that’s rewriting voluntary guidelines for voting machines, the organizing groups told me. The fact that a topic this technical can be an effective rallying cry for tens of thousands of people underscores that election security has become an increasingly pivotal issue in the 2020 contest — and tangible proof it's resonating with a Democratic base that fears Russia, which sought to help the Trump campaign in 2016, might try to deliver the president a second term.

National: Voatz has raised $7 million in Series A funding for its mobile voting technology | Connie Loizos/TechCrunch

Voatz, the four-year-old, Boston, Mass.-based voting and citizen engagement platform that has been at the center of debate over the merits and dangers of mobile voting, has raised $7 million in Series A funding. The round was co-led by Medici Ventures and Techstars, with participation from Urban Innovation Fund and Oakhouse Partners. Voatz, which currently employs 17 people, is modeled after other software-as-a-service companies but geared toward election jurisdictions, working with state and local governments to conduct elections and provide related election management and cybersecurity services. As we reported back in March, the city of Denver agreed to implement a mobile voting pilot in its May municipal election using Voatz’s technology, an opportunity that was offered exclusively to active-duty military, their eligible dependents and overseas voters using their smartphones.

National: ES&S reverses position on election security, promises paper ballots | Zack Whittaker/TechCrunch

Voting machine maker ES&S has said it “will no longer sell” paperless voting machines as the primary device for casting ballots in a jurisdiction. ES&S chief executive Tom Burt confirmed the news in an op-ed. TechCrunch understands the decision was made around the time that four senior Democratic lawmakers demanded to know why ES&S, and two other major voting machine makers, were still selling decade-old machines known to contain security flaws. Burt’s op-ed said voting machines “must have physical paper records of votes” to prevent mistakes or tampering that could lead to improperly cast votes. Sen. Ron Wyden introduced a bill a year ago that would mandate voter-verified paper ballots for all election machines. The chief executive also called on Congress to pass legislation mandating a stronger election machine testing program. Burt’s remarks are a sharp turnaround from the company’s position just a year ago, in which the election systems maker drew ire from the security community for denouncing vulnerabilities found by hackers at the annual Defcon conference.

Editorials: The Mueller Report Sounded the Alarm on Election Attacks. Will Congress Act? | The New York Times

Members of Congress have several major decisions to make after the special counsel Robert Mueller’s investigation into Russian interference in the 2016 election. Whether to pursue an impeachment inquiry is the one that’s gotten the most attention — and reasonable people can disagree about that. But Mr. Mueller’s findings leave no room for debate about the need to address the legal and institutional deficiencies that allowed a foreign adversary to tamper with America’s democracy. From cyberattacks on state voter systems to disinformation campaigns waged on social media to the hacking of materials belonging to a major political party, Mr. Mueller made plain that the country’s electoral infrastructure remains vulnerable to attack. If the problems are left unaddressed, nothing will stop Russia or other actors from once again undermining free and fair elections in the United States — and they seem to be gearing up to try to do just that.

National: FEC allows nonprofit to provide free cybersecurity services to campaigns | Shannon Vavra/CyberScoop

The Federal Election Commission has decided that a nonprofit spinoff of Harvard’s Defending Digital Democracy Project may provide free and low-cost cybersecurity services to political campaigns without violating campaign finance laws, given the fact that there is a “highly unusual and serious threat” posed to U.S. elections by foreign adversaries. The driving force behind the FEC’s advisory opinion, which FEC Chair Ellen Weintraub issued Tuesday, is the fact that there is a “demonstrated, currently enhanced threat of foreign cyberattacks against party and candidate committees,” she writes in the advisory. The nonprofit, Defending Digital Campaigns, has political campaign veterans Matt Rhoades and Robby Mook among its board members, as well as former National Security Agency executive Debora Plunkett. In the ruling, Weintraub notes the FEC’s decision is partly due to the other efforts by the government, primarily to expose and prosecute foreign adversaries, that she indicates have not done enough to protect campaigns and political parties.