National: Democrats want tougher language on election security in defense bill | Maggie Miller/The Hill

Democrats are complaining that the annual National Defense Authorization Act (NDAA) set for a Senate vote this week doesn’t go far enough to protect election security. The bill includes a number of provisions that would tighten security, but Democrats — who for much of the year have targeted Senate Majority Leader Mitch McConnell (R-Ky.) on the issue of election security — say it lacks key safeguards that would help prevent foreign meddling, including post-election audits of the results and requirements for states that do not use paper ballots. While the concerns won’t prevent the Senate from approving the massive bill, they are likely to lead to complaints as Democrats continue to press the issue of election security next year. “We can’t mandate that, but we could say if you want to take the federal money, you’ve got to meet these prerequisites,” Sen. Mark Warner (D-Va.), the top Democrat on the Senate Intelligence Committee, said of the paper ballot issue. “I still don’t think we’re as protected as we should be going into the 2020 election.”

National: Election, grid security provisions in defense bill | Tim Starks/Politico

Via inclusion of a multi-year intelligence authorization measure, the defense legislation issues numerous election security edicts. The legislation would establish briefings and notifications from the Director of National Intelligence and DHS to Congress, state and local governments, campaigns and parties when there’s a significant cyber intrusion or attack campaign. It would take steps to expand and speed up security clearances for election officials. It would require development of a strategy for countering foreign influence. And ODNI would have to designate a lead counterintelligence official for election security. Intel officials (often in partnership with other agencies) would have to deliver reports and assessments to Congress on past attempted and successful cyberattacks on the 2016 elections, as well as those anticipated in the future; how prepared intel agencies are to counter Russian election influence; foreign intelligence threats to U.S. elections; and Russian influence campaigns in foreign elections. The grid: House and Senate negotiators included a proposal (S. 174) from Sens. Angus King (I-Maine) and Jim Risch (R-Idaho) that would establish a program to test analog and other methods of protecting the grid from cyberattack. It would authorize the use of military construction funding to make cyber and other improvements to utility systems that serve military installations.

National: Voting-Machine Parts Made by Foreign Suppliers Stir Security Concerns | Alexa Corse/Wall Street Journal

A voting machine that is widely used across the country contains some parts made by companies with ties to China and Russia, researchers found, fueling questions about the security of using overseas suppliers, which has also sparked scrutiny in Washington. Voting-machine vendors could be at risk of using insecure components from such overseas suppliers, which generally are difficult to vet and monitor, said a report being released Monday by Interos Inc., an Arlington, Va.-based supply-chain monitoring company that has consulted for government agencies and Fortune 500 companies. The findings are likely to fan worries about whether voting-machine vendors are doing enough to defend themselves against foreign interference ahead of the 2020 U.S. elections, which U.S. intelligence officials say hostile powers could try to disrupt. Voting-machine vendors assailed the research, which Interos conducted independently, saying the report failed to note existing safeguards, such as testing done at the federal, state and local levels, and the vendors’ internal protocols. The report comes as U.S. lawmakers and national-security officials increasingly have sounded alarms about supply-chain risks. Although supply chains that span the globe are common in the tech industry, Russia and China pose concerns because of how, according to U.S. officials, they press companies for access to technology within their borders. Washington lawmakers have specifically cited voting machines as an area of concern, among such other products as telecom equipment made by Chinese firm Huawei and antivirus software from Russia-based Kaspersky Lab. Russia and China historically have denied interfering in U.S. politics. The report examined one voting machine as a case study. In that machine, around 20% of the components in the supply chain that Interos was able to identify came from China-based companies, including processors, software and touch screens, according to the Interos research. Those components weren’t necessarily made in China, as the suppliers may have several locations globally, and the Interos data doesn’t necessarily cover the entire supply chain, the researchers noted. Researchers declined to name the particular model of voting machine they examined, or its maker, citing the sensitivity of the issue. They said only that it is “widely used” in the U.S. Two major vendors, Election Systems & Software LLC and Dominion Voting Systems Corp., said they didn’t think it was one of their products.

National: The biggest tech threats to 2020 elections | Roi Carmel/VentureBeat

As our election system modernizes, securing our democratic process has become a chief concern for both U.S. legislators and voters. Just last month, the House passed the SHIELD Act, which is focused on securing our elections. But that’s not going to be enough in an era when technology is turning out entirely new attack surfaces. In 2016, the Pew Research Center put the number of electronic voting machines — also known as direct-recording electronic (DRE) devices — at 28%. The 2020 election cycle will likely show an uptick in that number. But attacking American voting booths is an obvious move, and attackers consistently follow the path of least resistance. In the case of election security, the weakest point today is critical infrastructure. It’s the framework that supports our modern democratic process, and it runs deep, from traffic light systems and mass transit to the way we receive vital news and information.

Florida: Pensacola mum on ransom demands by cyberattackers | Bobby Caina Calvan and Frank Bajak/ Associated Press

A Florida city confirmed Friday that hackers seeking to extort money were responsible for crippling its computer systems earlier this week but officials have yet to decide whether they will pay a reported $1 million ransom. If they do opt to fork over the money, they may have to dip into Pensacola city coffers; the city of about 52,000 in Florida’s Panhandle — whose annual budget is roughly $245 million — is not insured for such an attack. Obtaining it in the future is “something that our risk manager will certainly be looking into,” said city spokeswoman Kaycee Lagarde. Lagarde confirmed that ransomware was behind the attack that brought down the city’s computer network over the weekend, less than a day after a Saudi aviation student killed three U.S. sailors and wounded eight other people at a nearby naval air station. The FBI has said the attacks were not connected.

Nevada: Cybersecurity risks cast shadow on Nevada’s 2020 Democratic presidential caucuses | Steven Rosenfeld/Salon

In August, the Democratic National Committee decreed there would be no online voting in 2020’s state party-run presidential caucuses due to security and reliability issues. But the Nevada Democratic Party will be using several online elements in early voting and 1,700-plus local precinct caucuses, reviving these concerns among election experts. The state party, as detailed in a long report in the Nevada Independent, will use an app—that “has not been finalized yet” — so caucus chairs can receive the results of early voting by area residents (February 15-18) and transmit the outcome of their precinct’s ranked-choice process (February 22) over Wi-Fi or cellular signals to state party headquarters. Nevadans who have not registered as Democrats can do so to vote early or at precinct caucuses, where party representatives will add them to their voter rolls via online or cellular transmissions, the Independent also said. Early voters and those participating in the caucuses will also record their registrations and presidential preferences on paper forms — as backups. But the central systems that will be used to manage voter lists and to submit local precinct results in 2020’s third Democratic presidential contest will be over the internet.

North Carolina: A divided North Carolina Elections Board narrowly approves newly ‘tweaked’ voting machines | Will Doran/Raleigh News & Observer

North Carolina elections officials approved a new type of touchscreen voting machine Friday over the objection of outside advocates and two elections board members who said the machines haven’t been properly tested. Election security and hacking concerns are at the center of the debate, with the 2020 election just a few months away. Federal government agencies have said foreign countries tried to interfere in the 2016 elections — including potentially in North Carolina — and will likely try to do so again next year. There are two main types of voting methods approved for the 2020 elections in North Carolina. Most counties plan to use hand-marked paper ballots. But some counties, including Mecklenburg, the state’s largest, plan to use touchscreen voting machines. Some election security advocates say touchscreen voting is more susceptible to hackers. But the state’s professional election experts have vouched for those machines, saying they’re confident in their ability to stop hackers. And in August the political leadership of the Board of Elections voted 3-2 to approve voting machines made by three different companies — ES&S, Clear Ballot and Hart InterCivic.

North Carolina: Despite ‘disappointment’ in manufacturer, election board skips certification to approve new voting systems | Benjamin Schachtman/Port City Daily

The state’s election board has resolved the potential for a major shortage of voting machines — including around $1 million worth that New Hanover County plans to order. The move was not without controversy, as some state officials said the manufacturer held back information about the shortage to force the state’s hand in approving a new model. On Friday afternoon, the North Carolina Board of Elections (NCSBE) voted 3-2 to approve the use of a newer model voting system manufactured by Elections Systems and Software (ES&S) without putting it through a state certification process. Board Chair Damon Circosta cast the tie-breaking vote in favor of the approval, but expressed disappointment in ES&S behavior. “I’m disappointed. I’m disappointed with ES&S, who in their zeal to sell their product lacked candor and were not forthcoming with this agency,” Circosta said. Circosta ultimately cast the vote in favor of fast-tracking ES&S’s new system, saying “my disappointment does not dissuade me from my obligation to North Carolina voters” and noting that the system itself was in line with the board’s commitment to providing election security and transparency, despite its manufacturer’s actions. The issue stems from a 2018 North Carolina law (SL 2018-13) that decertified direct record electronic (DRE) voting systems because they did not create a physical record that could be checked in the event of election challenges, evidence of hacking, or other irregularities. New Hanover County’s Board of Elections has over 100 DRE units.

Ohio: Fairfield County one of 13 counties to meet state deadline on election security procedures | Rick Rouan/The Columbus Dispatch

The vast majority of Ohio’s county boards of elections haven’t installed the digital burglar alarm Secretary of State Frank LaRose says helped his office detect a hack attempt of his office’s website on Election Day. With less than two months to go before the deadline LaRose imposed to install the so-called Albert systems, just 13 out of Ohio’s 88 county boards of elections have operational alarms. The remaining 75 have until Jan. 31. Fairfield County Board of Elections Director Jane Hanley said her county is one of the 13 that are using the Albert systems. She said she was not allowed to talk much about it for security reasons. But Hanley did say the systems scan all email that comes into the county in trying to detect an intrusion or attack. The county has been using it for about six weeks and will use it permanently.  Hanley said the state gave the county a $50,000 grant to install the new security system. She said the county is so far under budget on the grant and that she expects to stay that way. Hanley said the county is also about halfway to installing a Security Information Event Management (SIEM) system to further enhance security and detect intrusion attempts. She said the purpose to so make sure voters get a fair and honest election. But that’s not all Fairfield County has done.

Ohio: Thousands of Ohio absentee applications denied | Julie Carr Smyth/Associated Press

Thousands of Ohio voters were held up or stymied in their efforts to get absentee ballots for last year’s general election because of missing or mismatched signatures on their ballot applications, an Associated Press review has found. The signature requirement on such applications is a largely overlooked and spottily tracked step in Ohio’s voting process, which has shifted increasingly to mail-in ballots since early, no-fault absentee voting was instituted in 2005. To supporters, the requirement is a useful form of protection against voter fraud and provides an extra layer of security necessary for absentee balloting. To detractors, it’s a recipe for disenfranchisement — a cumbersome addition to an already stringent voter identification system. Susan Barnard, of Dayton in Montgomery County, said her 78-year-old husband, Leslie, who has cancer, missed a chance to vote last year because of a delay related to the signature requirement. “We had planned a cruise last fall to give him something to look forward to,” said Barnard, 73. “It fell at the time of the election, and we were going to vote the absentee ballot. We got right down to the wire and we didn’t have one for him, and so he did not vote because of that.”

Pennsylvania: Suit filed in Pennsylvania court challenges widely used electronic voting machine | Emily Previti/PA Post

The Pennsylvania Department of State is facing another lawsuit demanding decertification of the controversial ExpressVote XL voting machine. In addition to conflicting with Pa.’s election code, the XL’s design violates voters’ rights under the state constitution to cast a secure and secret ballot, according to the 224-page lawsuit filed in Commonwealth Court late Thursday by the National Election Defense Coalition, Citizens for Better Elections and 13 individual Pa. voters. The filing comes one day after Election Systems & Software announced the findings of its investigation into problems – including incorrect vote counts in certain races – with XL machines used by Northampton County in the November general election. In addition to Northampton’s tabulation problems, voters there and in Philadelphia, where the machine also debuted, reported other complaints, including over-sensitive touchscreens and excessively long lines. Those experiences are raised in the new filing as proof of the machine’s alleged deficiencies.

Pennsylvania: Northampton County Council presses for assurances that errors won’t occur in 2020 presidential election | Tom Shortell and Christina Tatu/ The Morning Call

Election Systems & Software, the largest voting machine company in the United States, failed to catch errors its employees configured into Northampton County’s new machines, leading to widespread problems this Election Day. Adam Carbullido, a senior vice president with ES&S, said the errors resulted in some voters having difficulty casting ballots. Other mistakes by ES&S allowed a flawed electronic ballot to be distributed to polling places across the county. The errors should have been caught during pre-election testing, Carbullido said, but ES&S failed to properly train county employees and to review the test results. “On behalf of ES&S, I apologize to Northampton County, its administration, County Council members, election officials and staff and, most importantly, to the voters,” Carbullido said Thursday at a news conference in Easton with county Executive Lamont McClure at his side. The Election Day fiasco led Northampton County residents and some elected officials to question the wisdom of entrusting the next election to ES&S’ ExpressVote XL machines. Northampton County Council members have demanded a refund on the $2.8 million purchase, and some have called for a different system for the presidential election. In 2016 the county helped elect Republican President Donald Trump after supporting Democrat Barack Obama four years earlier.

Texas: Alarming Discrepancies Found in Midland County Election | Matt Stringer |/Texas Scorecard

An investigation into a West Texas school district’s bond election found even more ballots unaccounted for and a locked ballot box that officials cannot explain, leaving the community still looking for answers. The election was held last month on a proposed $569 million school bond for the Midland Independent School District. Unofficial results from election night showed 11,560 votes for the bond and 11,548 votes against, with military and absentee votes still pending. But the unofficial results were flipped going into final tabulation, with the bond failing by 30 votes due to an incorrect reading of the unofficial results from election night that stood uncorrected by the elections administrator for some time. Final results showed 23,631 votes cast in the bond election: 11,803 votes for and 11,828 against the measure. A recount of the results conducted on November 23 found that 11,400 people had voted against the bond, while 11,411 voted for it, giving a grand total of 22,811 voters having participated in the election.

Taiwan: Elections vulnerable to cyber-warriors | Kent Wang/Asia Times

According to the latest survey by Taiwan United Daily News, 53% of Taiwanese voters think that hiring cyber-warriors is a severe issue during the current presidential election campaign. President Tsai Ing-wen said last week that during this period, most of the smearing and fake stories came from her Kuomintang (KMT) opponent Han Kuo-yu’s camp, adding that the government spent a lot of efforts to clarify fake news every day. A spokesman for Han’s campaign headquarters said, “At this moment there are so many cyber-warriors. How many people like Slow Yang (楊蕙如) are there exactly? Which attacks are self-motivated and which are organized? These all need to be further investigated by the police.” The general public has for long heard about Democratic Progressive Party (DPP) cyber-warriors, whose roars and rampages on the Internet are in direct proportion to their crude and brusque rhetoric. Yang was indicted for allegedly hiring and instructing cyber-warriors to exercise spin control by manipulating fake public opinions, resulting in the suicide of diplomat Su Chii-cherng (蘇啟誠), director of the Taipei Economic and Culture Office (TECO) in Osaka. Through the suicide case, Yang was charged with directing the cyber-warriors in guiding public opinion and her downstream subordinates. And the outside circles were wondering where Yang’s money to pay the cyber-warriors came from.

Pennsylvania: Northampton County election fiasco with new voting machines happened because they were set up incorrectly | Jonathan Lai/Philadelphia Inquirer

When votes were tallied last month using new voting machines in Northampton County, it was quickly obvious that something had gone wrong. The numbers were so clearly inaccurate that a judge ordered the machines impounded. Scanners were brought in to help count ballots, and voters questioned the integrity of the machines and the security of the election. The fiasco heightened concerns about the 2020 presidential election in Pennsylvania as the state looks to implement new voting machines in all 67 counties before the April primary. It turns out the machines had been set up improperly, county officials and the voting machine vendor said Thursday, a week after they began an investigation. The machines weren’t prepared to read the results of the specific ballot design used in Northampton County, and dozens of machines had touchscreens that weren’t properly calibrated. Adam Carbullido, an executive at Election Systems & Software, the Omaha, Neb.-based vendor of the ExpressVote XL machines used in Northampton County, said in a statement that the company “takes full accountability” for the mistakes and is reconfiguring the county’s machines.

National: GOP Senator Blocks Bipartisan Election Security Bill, claims protecting election security is an ‘attack’ on Trump | Emily Singer/The American Independent

Sen. Mike Crapo (R-ID) blocked a bipartisan bill aimed at protecting elections, saying it’s ‘designed more to attack the Trump administration.’A bipartisan bill to protect American elections from foreign interference was once again blocked on Tuesday, this time by a Republican senator who claimed that the legislation was an “attack” on Donald Trump. “The mechanisms in this bill have been designed more to attack the Trump administration and Republicans than to attack the Russians and those who would attack our country and our elections,” Sen. Mike Crapo (R-ID) said of the Defending Elections from Threats by Establishing Redlines Act. The DETER Act — introduced by Sens. Chris Van Hollen (D-MD) and Marco Rubio (R-FL) — directs the head of the U.S. intelligence community to expose any foreign interference in federal elections and sanction the countries that were determined to have interfered. The bill is a response to Russia’s hacking and disinformation campaign in the 2016 election.

National: Secretaries of State Unite to Fight Election Misinformation | Jessica Mulholland/Government Technology

There’s no question — the U.S. election system is vulnerable. In fact, it’s even more vulnerable than originally reported following the 2016 election. Government executives at all levels know, and they’re working on the problem, focusing on cybersecurity, inter-agency communication, paper trails and  audits. And the National Association of Secretaries of State (NASS) is working another angle: In mid-November, it launched  #TrustedInfo2020, an education campaign that aims to fight election misinformation by encouraging citizens to“to look to their state and local election officials as the trusted sources for election information,” according to the press release. The nation’s secretaries of state, 40 of whom serve as their state’s chief election official, will guide voters directly to election officials’ websites and verified social media pages to ensure they get accurate election information. In a NASS-led Twitter chat held Dec. 12, secretaries of state from California to West Virginia — along with various groups and associations — discussed the initiative and how likely it is to make an impact.

California: Hundreds of California voters are being registered with the wrong party. Is DMV to blame? | Bryan Anderson/The Fresno Bee

At least 600 Californians, including lifelong Republicans and Democrats, have had their voter registration unexpectedly changed, and several county elections officials are pinning much of the blame on the state’s Department of Motor Vehicles. Among those affected: the daughter of the California Senate’s GOP leader. “I was like, ‘Kristin did you register as no party preference?’” asked Sen. Shannon Grove, R-Bakersfield. “She said, ‘No, I’m a Republican.’” Grove’s daughter had recently visited the Department of Motor Vehicles to change her address. Shortly thereafter, Sacramento County sent her a postcard informing her she is now registered as a “No Party Preference” voter ahead of California’s March 3, 2020 presidential primary. Grove stumbled across the notice earlier this week at her daughter’s Sacramento home, and worries that hundreds more could soon experience a similar unwanted surprise. Elections officials across the state are linking many of the reported complaints to the state’s new Motor Voter program, which launched ahead of the 2018 midterms to automatically register eligible voters when they visit the DMV. The 2015 law was designed to help boost participation, but a rushed launch prompted 105,000 registration errors to occur following its roll-out.

Hawaii: Is Hawaii Prepared To Vote By Mail? | Sandy Ma/Honolulu Civil Beat

Vote-by-mail is coming to Hawaii in 2020, due to a law passed by the 2019 Hawaii State Legislature. Hawaii’s registered voters will no longer be voting at traditional polling places, such as schools and community centers on primary and election days. Ballots will be automatically mailed to all registered voters starting with the 2020 elections. This means no more standing in lines with family, friends, and neighbors, talking story before voting. Instead, we’ll talk story at Longs, Zippy’s, or the kitchen table, just like it should be! To some this will be a major adjustment, but to others, who are registered permanent absentee voters, this will be nothing new. Is Hawaii adequately prepared to make the transition to all mail-in voting? Proper implementation through public education and sufficient number of voter service centers will determine vote-by-mail’s success. People must be informed of how vote-by-mail will be altering how citizens will vote. All polling locations throughout the state are eliminated. Instead, there will be VSCs — eight total statewide. There were approximately 235 polling locations during the 2018 elections, but there will only be eight VSCs opened for the 2020 elections.

Indiana: State voting security seen as lax | Niki Kelly/The Journal Gazette

More than 50 Hoosiers attended the event put on by Common Cause Indiana that included a national look at election security as well as a detailed review of Indiana. The lack of an audit and paper trail has a tangible effect on whether voters trust the system, Dr. Greg Shufeldt – assistant professor of political science at Butler University – told the group. He noted states have taken divergent paths – some making voting easier and more accessible while others have cracked down on alleged voter fraud. A look at two different electoral integrity studies shows Indiana in the middle or slightly below the middle of the states. And Shufeldt said the primary thing that makes Indiana vulnerable is its use of direct record electronic machines. Election lawyer William Groth explained that 58 counties – including Allen – have these machines. They record votes directly into the machine with no paper ballot or trail generated. There is no way for a voter to confirm the machine accurately recorded their intent, and it is more difficult to do recounts.

Editorials: North Carolina elections board made elections less secure | David Levine/The Fayetteville Observer

Using a barcode ballot system makes it harder to audit election results — an essential election security feature for confirming the outcomes of the election. This past August, the N.C. State Board of Elections made a decision to enable large numbers of North Carolina voters to vote on Ballot Marking Devices (BMDs), which could have made the state’s elections less secure and more vulnerable to malicious foreign actors heading into the 2020 presidential elections. Last month, the vendor for these Ballot Marking Devices told a Board of Elections attorney that they had only one-sixth of the equipment needed to match demand for the 2020 elections under the current certification. To remedy the shortage, the vendor requested that the state certify an updated version of its voting systems through an administrative process that only applies to equipment that do not “substantially alter the voting system,” rather than go through an entire certification process which might not conclude before the 2020 election cycle.

Pennsylvania: Lawsuit seeks to force Pennsylvania to scrap these electronic voting machines over hacking fears | Joseph Marks/The Washington Post

Election security advocacy groups are suing the state of Pennsylvania today to stop some counties from using controversial voting machines they say are vulnerable to hacking by Russia and other adversaries in 2020. The suit, shared exclusively with The Cybersecurity 202, comes just weeks after these particular machines had technical issues and went haywire and called the wrong winner in a county judge’s race in November. The groups say hackers could do far worse to these electronic machines if they tried.  Concerns about hacking are supersized in Pennsylvania — a battleground state that could be vital to determining the next president. The ExpressVote XL machines, designed by Election Systems & Software, are being used in three counties that account for about 17 percent of the state’s registered voters, including Philadelphia County, the largest in the state. That’s more than enough to tip a close election.

Pennsylvania: Administration defends voting machines blamed in undercount | Marc Levy/Associated Press

Gov. Tom Wolf’s administration asked a federal court Thursday to reject a challenge to its certification of voting machines bought by Philadelphia and two other Pennsylvania counties, while the machine’s maker accepted responsibility for problems that led to badly undercounted returns in a judicial race last month. In a federal court filing, Wolf’s administration said the plaintiffs, former Green Party presidential candidate Jill Stein and several supporters, knew Pennsylvania was about to certify the ExpressVote XL touchscreen system when the sides settled the election-security lawsuit. “Many months had passed” before the plaintiffs objected to the certification of the machines, made by Omaha, Nebraska-based Election Systems & Software, lawyers for the Wolf administration said in the filing. The settlement agreement’s terms are clear and the ExpressVote XL complies with them, they wrote. The court fight casts doubt onto how 17% of Pennsylvania’s registered voters will cast ballots in the April 28 primary election, as well as next November, when the state is expected to be one of the nation’s premier presidential battlegrounds.

Texas: We won. No, you won. Wait! We won! Confusion in a Texas school bond election isn’t going away. | Dave Lieber/Dallas Morning News

Jim Wells County had the infamous Ballot Box 13. It was 1948, and supporters of Lyndon B. Johnson held the box back, and then, miraculously, came up with just enough votes for LBJ to win his first U.S. Senate race. History would be quite different if the future president’s South Texas supporters hadn’t cheated. The fragility of our voting system should not be taken for granted. This can happen anywhere in any election. Midland County currently faces its own threat to the sanctity of its election system. Nobody is officially accusing anyone of cheating, but there are problems galore. Much of the problems stem from the first-time use of new voter machines that are supposed to protect ballot security. Called hybrids, they record a vote both electronically and through a backup paper ballot. Most Dallas/Fort Worth area counties have switched to them or are working on a switch. But, so far, that promised measure of security hasn’t worked in that part of West Texas.

Estonia: E-election taskforce report complete, includes 25 improvement proposals | ERR

The e-election taskforce has completed a report which includes 25 proposals for supplementing Estonia’s e-election system, improving its reliability and managing its risks. Minister of Foreign Trade and Information Technology Kaimar Karu said that the report provided a useful overview of the issues surrounding e-elections. “The current e-election system has been in development and use since 2005 already, and, as with any other complex system, it requires continued further development and improvement,” Karu said in a press release on Thursday. The report by the taskforce, which was launched by previous IT minister Kert Kingo (EKRE), will serve as one input in agreeing on further concrete steps in cooperation with other involved ministries and agencies. “The e-election system can definitely be viewed as part of the state’s core infrastructure by now, and its funding and development are an extremely high priority,” he said. “We must continue to be sure that we are using the best technology currently available while also taking into account, to the extent possible, future changes in both cryptography and technology capabilities in general.”

Latvia: State institutions and politicians experience cyber attack | Latvian Public Broadcasting

The Information Technology Security Incident Response Institution Cert.lv announced on Friday, December 13 that over the last few days several state institution employees and politicians have experienced targeted cyber attacks using phishing emails from the Russian embassy formatted as a reply to a previous correspondence. The emails included a link for downloading a document, which would be used to infect the victim’s computer. All recipients recognised former correspondence fragments, which were used to promote trust in the email. This is at least the second such attack in the last three months where phishing emails were sent from the Russian embassy. The embassy itself informed the media in October that their email system experienced a cyber attack. The attack didn’t include critical vulnerabilities, but the downloadable documents included macro functions, where the user had to accept permissions. Cert.lv urges everyone to check the authenticity of all emails by checking the “From” and “Repy-to” addresses before opening any attachments or downloading any documents, as well as to avoid accepting any macro function permissions from documents.

Philippines: Comelec eyes ‘hybrid’ 2022 polls | Ferdinand Patinio/Philippine News Agency

The Commission on Elections (Comelec) is looking to “hybridize” the next national elections in May 2022. “We have no recommendations yet. It’s been talked about. Our focus really is a hybridization of the AES (Automated Election System),” Comelec spokesperson James Jimenez said in an interview Wednesday. A hybrid election system is a combination of both manual and electronic methods to be used either in voting, counting, transmission, and canvassing of results. However, the poll body official added that they have given Congress an estimated budget for their plan. “So far, we gave them our budget estimate, how much it would cost and well it looks like there is budget implication especially hybridization the way they are describing it now with projectors and everything at the canvassing level. So the costs have ballooned,” he said. While he doesn’t have the exact figures, Jimenez said the commission may have to pay twice or thrice the normal cost of an election.

Pennsylvania: How Pennsylvania’s election security lawsuit settlement led to the last minute challenge of the state’s top-selling touchscreen voting machine | Emily Previti/PA Post

Three Pennsylvania counties could end up scrambling to replace brand new voting machines before the 2020 election – a situation stemming largely from the loose terms of the 2018 legal settlement that mandates new voting machines across the state. Plaintiffs led by former Green Party presidential candidate Jill Stein say one system in particular never should have been certified in the first place and are asking a federal judge to force the state to decertify it. The ExpressVote XL doesn’t meet the agreement’s requirements for paper-based systems that produce auditable results and let voters verify ballots before they are cast, they claim. The Stein plaintiffs made their move about a month ahead of the year-end deadline for Pennsylvania counties to buy new machines, and well after most counties already spent or committed more than $150 million to buy machines certified by the Pennsylvania Department of State. It also comes amid Northampton County’s investigation into why the XL tabulated results incorrectly in some races in the Nov. 5 general election. Philadelphia debuted the machines that day, too, with comparatively minor issues. Stein spokesman Dave Schwab says they’re acting at this juncture, in part, because the settlement requires the parties to attempt to resolve any differences among themselves before seeking court intervention.

National: Several election security provisions are in the massive defense bill | Andrew Eversden/The Fifth Domain

The National Defense Authorization Act released Dec. 9 contains several provisions aimed at securing U.S. election infrastructure months before presidential primary season is in full-swing. The provisions in the compromised conference report mandate a broad range of election-related steps, from an assessment of foreign intelligence threats to U.S. elections to allowing top state election officials to receive Top Secret security clearances. The security clearance language is good news for the information-sharing relationship between the the federal government and state election officials, who don’t have proper clearance to view high-level intelligence related to election infrastructure cyberthreats. Throughout the 2016 election, the Department of Homeland Security and the FBI had a fraught information-sharing relationship with the states. In the years since, top federal election officials have consistently said information sharing needed to be improved, and while officials say it has been, the clearance problem was still a hindrance.

National: RNC, DNC bank on Duo authentication ahead 2020 election | Shannon Vavra/CyberScoop

The Republican National Committee is relying on authentication tools and careful social media behavior in order to avoid a devastating data breach like the kind that derailed its Democratic counterparts in 2016. The RNC, which develops and promotes the party’s platform and currently supports President Donald Trump’s re-election campaign, is banking on Duo Security, which specializes in multi-factor authentication, to keep state-sponsored hackers out of party accounts, according to recent Federal Election Commission filings. Even if a user’s password credentials are stolen, an extra layer of authentication can ensure that only the legitimate account holder could access his or her communications. Since March of this year, the RNC has paid just over $1,000 per month to Duo, according to FEC filings. The RNC started using Duo in 2016, just days before the election. And it’s not just email account access the RNC is trying to protect — the RNC uses multiple layers of authentication to protect other user accounts, both personal and professional, too, according to Mike Gilding, the deputy director of information technology at the RNC. The approach reflects the urgency with which both major political U.S. parties must adopt even basic cybersecurity measures after Russian hackers accessed email accounts belonging to key members of the Democratic National Committee in 2016. Another similar attack against either party could disrupt what is shaping up to be a particularly contentious U.S. election season, as impeachment proceedings against the president move forward. The DNC and RNC have a lot to safeguard, including polling data, candidate research, campaign funding, and election strategies.