Editorials: More openness, less secrecy, on election security | Tampa Bay Times

State Sen. Annette Taddeo said on national television Sunday that she has been advised to stop talking about how Russian hackers released confidential information regarding her 2016 congressional campaign. That’s an issue from Washington to Tallahassee to county courthouses. Less than a year from the 2020 election, voters need more transparency, not more secrecy, about foreign interference in our democracy and what is being done at every level to combat it. There were few new revelations in the 60 Minutes report that featured Taddeo, a Miami Democrat who narrowly lost a primary race for Congress in 2016. But it provided a succinct, compelling narrative that reminded viewers how Russian interference in the elections stretched well beyond the race for president. The report also included a frank warning from a former FBI cyber-security expert that the Russians have not abandoned their efforts to influence U.S. elections and can be counted on to refine their methods for 2020.

Kentucky: Misinformation Efforts Over Kentucky Vote Could Be Playbook for 2020 | Jessica Huseman/ProPublica

The right-wing radio personality took to Twitter not long after the polls had closed and it seemed the Democtratic candidate had prevailed in the excruciatingly close race for governor of Kentucky. “Today #ELECTIONFRAUD and what is going on in #kentucky is REAL,” the host of “Tore Says,” streamed on the Red State Talk Radio website, tweeted on Nov. 8. “How do I know? I am actually have EVIDENCE because me and my family are VICTIMS of it.” The personality, whose real name is Terpsichore Lindeman, alleged that somehow she and her husband had wound up as registered Democrats in Kentucky, which she saw as a sure sign that Andy Beshear, the Democratic attorney general ultimately declared the winner of the race for governor, had been manipulating the voter rolls. Lindeman said that she is not a Democrat, and that she had her name removed from the rolls when she and her husband left the state years ago. Indeed, she said her husband is not a U.S. citizen and should not have been on any voting roll.

Ohio: State Takes Steps to Ensure Cyber Security at the Polls | Andrew Meyer/WKSU

We’re less than a year away from the 2020 presidential election, and concern about Russian interference in the 2016 election persists. Have states, including Ohio, done everything they need to ensure that the vote next time will be safe and secure? We spoke with Jen Miller, executive director of the League of Women Voters of Ohio. She says the state is in pretty good shape, but there’s still work to be done. Miller says in terms of security, Ohio already has a pretty good system that’s “well ahead of other states.” Ohio’s voting machines are not hooked up to the internet, so they can’t be hacked. But Miller advises it’s important to be ready for what comes next. She points to Sec. of State Frank LaRose, who worked with the Ohio Senate to craft Senate Bill 52. Gov. Mike DeWine signed this cybersecurity into law. According to Miller, the law gives the secretary of state a seat on the Homeland Security Council. “Clearly, elections are critical infrastructure,” she said. The law also creates a cyber-information officer seat within the secretary of state’s office, and it would codify postelection audits, Miller said. On that last point, Miller says that’s something the League of Women Voters secured from a lawsuit following the 2004 election.

Ohio: Election Day cyber attack attempt traced to Panama | Rick Rouan/The Columbus Dispatch

Ohio Secretary of State Frank LaRose said that the “SQL injection” attack was detected by the state’s internal systems. He called the attack “relatively unsophisticated.” The Ohio Secretary of State’s office was the subject of a thwarted foreign cyber attack on Election Day. Ohio Secretary of State Frank LaRose said Tuesday that the so-called “SQL injection” attack was detected by the state’s internal systems. The attack was attempting to insert malicious code into his office’s website. The attempted hack originated in Panama and was traced to a Russian-owned company, he said, but was “relatively unsophisticated.” “Some of these unsophisticated attacks are ways that they probe for vulnerabilities. They are poking around for soft spots,” LaRose said, noting that the cyber attack was looking for vulnerabilities in his office’s website.

Pennsylvania: Philadelphia’s Voting Machines Challenged In Federal Court Ahead Of 2020 Presidential Election | Associated Press

A federal court was asked Tuesday to force Pennsylvania to rescind its certification of a voting machine newly purchased by Philadelphia and at least two other counties in the state ahead of 2020’s presidential election. The filing casts doubt onto how 17% of Pennsylvania’s registered voters will cast ballots in the April 28 primary election, as well as next November, when the state is expected to be one of the nation’s premier presidential battlegrounds. Court papers filed by former Green Party presidential candidate Jill Stein and several supporters accuse Gov. Tom Wolf’s administration of violating their year-old agreement in Philadelphia’s federal court by certifying the ExpressVote XL touchscreen system made by Omaha, Nebraska-based Election Systems & Software. The plaintiffs say certifying the system violates their agreement, in part because the machine does not meet the agreement’s requirements “that every Pennsylvania voter in 2020 uses a voter-verifiable paper ballot.” For one, the ExpressVote XL counts votes by counting machine-printed bar codes on paper, a format that is neither readable nor verifiable by an individual voter, they wrote in court papers.

Texas: Report finds 20% of Texas counties are following best website security practices | Wes Rapaport/Nexstar

With a big election year coming up, one Texas group says improvements to election security are still needed. A new survey from the League of Women Voters of Texas found 20% of Texas county election websites are following best security practices. The review looked at nine points of criteria:
Website security: counties earned points for having secure websites, including “.gov” domains and “https” URLs.
Mobile friendly: each website was tested for its compatibility with mobile devices.
Accessibility: the sites were judged on keywords like “election” or “voting” on the home page.
Election information: reviewers looked at ease of accessible voter and election information like detailed contact information for county election offices, dates and hours for early voting and Election Day, registration information, polling locations, and personnel, sample ballots, election results and candidate filing.
Help for special categories of voters: the survey reviewed how much information was provided for military and overseas voters, students, and voters with special needs

Texas: Midland ISD canvassing bond election | Victor Blanco, Tatum Guinn, Rachel Ripp/KWES

It’s officially in the books: the Midland school board finalized the bond election recount results Tuesday. Everything from here forward will be dealt with by Midland County. This despite a more than 800 ballot discrepancy. People at today’s meeting asked the board to hold off on canvassing the recount until the county gets to the bottom of what happened. “It’s disappointing in that there’s so many questions left unanswered. That’s the part that really I’m having trouble with,” Matt Galindo said. “To know that there’s a discrepancy in the amount of votes. I’m disappointed, worried and now have a lack of trust.” Midland ISD school board president Rick Davis took the opportunity to explain in detail how the recount process worked Friday. The process included nine teams of three – one representative from each side of the issue and an at-large member were on each team.

Namibia: Court throws out case against electronic voting machines | Tim Cocks/Reuters

A Namibian court dismissed a case on Monday aimed at preventing the use of electronic voting machines in its presidential election, which opponents of President Hage Geingob fear could be used to rig the result. Namibians will elect a president on Wednesday, with Geingob expected to be win with a reduced margin owing to voter anger over the worst economic crisis since independence from apartheid South Africa three decades ago. The use of voting machines has been controversial both within and outside Africa. Critics say they make it easier to fiddle the result than traditional pen and paper ballots. However, Magistrate Uaatjo Uanivi ruled that the tribunal has no jurisdiction to forbid the electoral commission from using them. Opposition leader McHenry Venaani told reporters he was disappointed with the ruling. “EVMs (electronic voting machines) in their current form do not address the question of transparency of the vote and I thought the court would put more effort into addressing (that) … question,” he said.

National: Swing states adopt audit tool to safeguard voter ballots ahead of 2020 election | One America News Network

A leg of the Department of Homeland Security recently announced its soon to be partnership with election officials and non-profit VotingWorks that would audit votes in 2020. Ballot box officers say the purpose is to prevent possible hacks and watch for faulty voting machines. Battleground states, such as Pennsylvania and Ohio, have already embraced a voter monitoring tool known as Arlo. Four other states have reportedly adopted the tool as well. The VotingWorks sponsored tool is free for state and local election leaders, and would double-check all votes cast. Arlo is a web-based app that uses a security method called “risk-limiting audit.” During this process, a small percentage of the paper ballots are taken at random to check if they match what the machines recorded. Although the method is simple, many places don’t use them reportedly because many states use direct electronic voting machines, which eradicates all paper trails.

California: It May Take a Month to Name California’s Winner on Super Tuesday | Emily Glazer/Wall Street Journal

California’s decision to move up its 2020 primary to Super Tuesday in early March from June will make the nation’s most populous state one of the most important in deciding the Democratic presidential candidate. But changes to the voting process could mean the final results won’t be known for weeks. If the allocation of California’s 494 Democratic delegates—by far the most of any state—isn’t finalized until early April, that could affect the candidates’ viability, campaigning and fundraising momentum in the meantime. It also could influence voter support in other states. California Secretary of State Alex Padilla earlier this year decertified most voting systems in the state’s 58 counties, giving them until February 2020 to install more advanced and secure technology. Many counties are still testing the new or updated devices, while also preparing for state-mandated election changes, including allowing in-person voting 10 days before Election Day and broadening the number of people who can vote by mail, a procedure that now will be available to about half the state’s population. The changes also allow same-day voter registration at every polling location. They also add, for the first time for a presidential election, the ability for voters to submit missing signatures on vote-by-mail ballots no later than two days prior to the certification of the election, which could vary by county. County elections officials will still have up to 30 days after Election Day to complete vote counting, auditing and certification. “I’m telling people it’s no longer Election Day, it’s election month,” said Neal Kelley, the registrar of voters in Orange County.

Editorials: Florida must do better than ‘Trust us’ to instill confidence in 2020 elections | The Palm Beach Post

The 2020 elections are just around the corner, and government officials responsible for ensuring the upcoming vote occurs without a hitch are asking a lot from the public — trust. Florida Secretary of State Laurel Lee said late last month that the state’s voting systems are adequately prepared for electronic attacks — a pressing concern since the specter of Russian hacking haunted the last presidential election. Securing Florida’s voting systems is long overdue. Unfortunately, Lee undermined her message by refusing to provide any details that might convince the public that these latest efforts to stem cyber-attacks on Florida’s elections systems would work. “The Department of State stands here in 2019 with an incredible amount of information we never previously had,” said Lee, who is Florida’s top elections official, without a word of specifics about that incredible amount of information. “I believe that should inspire a level of confidence that we have access to far more information than we had at any prior point.” Not really. Ever since the Mueller report on the 2016 presidential election determined that hacking efforts by Russian intelligence were successful in “at least one” Florida county, Floridians wanted to know where they’re vulnerable. Compounding the anxiety, Gov. Ron DeSantis said in May that he learned from the FBI that Russians hacked two counties — their voter-information files, not systems involved in vote tallying. But state officials, saying they’ve been muzzled by federal investigators, still refuse to say which counties were hacked in 2016. And although they just conducted a review of state and county election systems, they won’t say what kind of security weaknesses were uncovered — if any. Nor will they promise to tell us about any future breaches.

Georgia: Secretary of State seeks election audit rules | Doug Richards/WXIA

Georgia’s Secretary of State wants new rules to govern the timing and location of post-election audits. This comes after critics said an audit of the recent November election was done in virtual secrecy. The November elections, a handful of locations, were the first-ever in Georgia done with new voting machines purchased from Dominion Systems by the state of Georgia. The new machines are expected to roll out statewide in time for the March presidential primary. Aside from the audit controversy, critics said a pattern has emerged in recent weeks that shows the secretary of state’s office initiating political battles with its critics. Thursday, a roomful of volunteers at Ebenezer Baptist Church had created a phone bank to contact voters they say were at risk of getting purged from voter rolls.

Indiana: Vanderburgh County will counter voters who refuse to use machines | Thomas B. Langhorne/Evansville Courier & Press

Suspicious voters who refuse to use voting machines at polling places will have no other option if Vanderburgh County’s chief elections officer has her way. County Clerk Carla Hayden said she will seek changes to Indiana law in the wake of a city election that saw three voters at Plaza Park School request — and receive — paper provisional ballots simply because they refused to use machines. The ballots ultimately were counted by election board members who said the voters were eligible. In at least one case, poll worker Don Gibbs said, a voter at Plaza Park explained he is suspicious about voting machines. “He said he just didn’t trust the machines. I didn’t ask why,” said Gibbs, the highest-ranking poll worker at Plaza Park. After calling the Vanderburgh County Election Office for guidance, Gibbs gave the three voters — he said they weren’t together — paper provisional ballots. By law, provisional ballots are sealed in security envelopes, kept apart from other ballots and acted upon later. Provisional ballots are the only paper ballots available at polling places in Vanderburgh County. Machines, not paper, are the county’s method of voting on election day.

Louisiana: No data lost, no ransom paid in Louisiana cyber attack; Ardoin says no impact on state elections | Mark Ballard/The Advocate

Monday’s ransomware attack, which crippled about 10% of the state’s computer network servers just hours after votes were tallied in statewide elections for governor, legislative seats and other positions prompted many to look for intrigue, a legislative panel heard Friday. “A lot of the conspiracy theorists are calling me,” said state Sen. Bodi White, R-Central. He questioned whether the attack, which kept many in state government from using their computers throughout much of the week, could cause problems for certification of election results or changed numbers in election returns. Secretary of State Kyle Ardoin said no. “Nothing impacted our system,” Ardoin said in an interview Friday. The website was down for a while. But, for the most part, the election office’s databases for voters and votes are separate from the state system.

Mississippi: Paper ballots offer extra election security | Caleb Bedillion/Daily Journal

Amid ongoing anxiety about election hacking and foreign interference, Lee County continues to use what many experts deem the most secure voting system: the paper ballot. In Mississippi, the bulk of the state’s 82 counties use fully electronic voting systems. But about a dozen or so counties use paper ballots. And that number is increasing. “The shift is we’re going back,” said Lee County Circuit Clerk Camille Roberts Dulaney. A Republican about to begin her second term, Dulaney said hand-marked ballots build voter confidence and ensure the integrity of the election. “It just feels safer to me,” Dulaney said. In North Mississippi, Choctaw County is among those exploring a return to a system that incorporates paper ballots. With touch-screen machines nearing the end of their life, the county tested new machines this year that produced a paper ballot. “We wanted to know if there was something new,” said Deputy Circuit Clerk Linda Miles. The county used machines built by VotingWorks, which provided them free of charge to test in this year’s statewide primary and general elections.

Pennsylvania: Philadelphia tests way to ensure no one hacks 2020 presidential election in Pennsylvania | Jonathan Lai/The Philadelphia Inquirer

Philadelphia voters can rest assured Jim Kenney really was reelected mayor this month, according to a squad of data and voting experts from around the country who ran a rigorous statistical test of the results Thursday. But while it’s no surprise that a Democrat won by 80 percentage points in an overwhelmingly Democratic city, it’s notable that the scientists were able to conduct such an audit in the first place. That’s because on Nov. 5, for the first time, Philadelphia used voting machines that leave a paper record of voters’ choices. As Pennsylvania’s counties roll out similar new machines required to create paper trails in time for the 2020 presidential election, the reported electronic returns can now be checked for accuracy. That’s an important change in a state that Donald Trump carried in 2016 by slightly more than 44,000 votes, or less than 1%. Pennsylvania is expected to be critical again next year. “We know we saw in 2016, everybody wondering, was this real, was this not real?” said Kathy Boockvar, secretary of the commonwealth, whose department oversees Pennsylvania elections. In 2020 and beyond, with what are known as risk-limiting audits, election officials will be able to confirm that the text of paper ballots lines up with what ballot-reading machines say. “The stakes are high, people are very passionate, and we have the paper that will be able to show the actual evidence,” Boockvar said. Officials hope the audits will make it harder for bad actors to tamper with the results. They also hope to increase public confidence in elections generally, following what U.S. intelligence agencies concluded was a systematic campaign by Russia to interfere in the 2016 election to boost Trump. (That campaign involved the dissemination of news and information Americans consumed, not the manipulation of actual votes or voting machines.)

Pennsylvania: Last-minute bill amendment addresses scanner, privacy issues at the polls | Emily Previti/PA Post

A bill headed to Gov. Tom Wolf’s desk is expected to address some of the problems experienced by counties that rolled out new voting systems during the general election earlier this month. All counties are required to have election systems in place for the presidential primary next spring. The systems must use paper ballots or generate paper copies of electronically cast votes, under the terms of a lawsuit settlement. More than half of them debuted voting machines during the general election earlier this month – and some experienced problems. The new rules would require counties to give voters more privacy while casting their ballots. The changes respond to voter complaints that their votes could be read by poll workers and other voters when they went to scan their ballot, despite counties providing folders for shield ballots from view. The legislation would also do away with ballot stubs. Voters using a hand or machine-marked ballot tear off the stubs before putting their ballot in a vote scanner.  In York County, the perforations left behind contributed to scanner jams and voting delays.

Texas: Cause of 820-vote discrepancy in Midland County not yet known | Midland Reporter-Telegram

Midland County Elections Administrator Deborah Land told the Reporter-Telegram it has not been determined what caused an 820-vote discrepancy between Election Day and the recount on the Midland ISD $569 million bond. Land said she has reached out to the legal department of the Secretary of State’s Office and is awaiting response. She has also reached out to representatives from ES&S, the voting machine vendor. “Until I have more information as to how we will be making any determination as to the difference in numbers, I have nothing further to tell you at this time,” Land wrote in an email. The electronic machines counted 23,631 ballots were cast on Nov. 5. When the ballots were counted by hand, the nine three-person teams counted 22,811 ballots total. The recount began sometime after 8 a.m. Friday and ended about 4 a.m. Saturday. Midland County Elections Administrator Deborah Land told the Reporter-Telegram it has not been determined what caused an 820-vote discrepancy between Election Day and the recount on the Midland ISD $569 million bond. Land said she has reached out to the legal department of the Secretary of State’s Office and is awaiting response. She has also reached out to representatives from ES&S, the voting machine vendor.

Canada: Russian election-meddling in Canada linked to Arctic ambitions: report | Daily Stock Dish

A new University of Calgary study is predicting Russian interference in the federal election campaign to serve what it describes as the Kremlin‘s long-term interest of competing against Canada in the Arctic. The study‘s author, Sergey Sukhankin, said in an interview that Moscow‘s ability to inflict serious damage is relatively low because Canadian society is not as divided as countries targeted in past elections, including the United States presidential ballot and Britain‘s Brexit referendum in 2016, as well as various attacks on Ukraine and the Baltic states. “The Kremlin has a growing interest in dominating the Arctic, where it sees Russia as in competition with Canada. This means Canada can anticipate escalations in information warfare, particularly from hacktivists fomenting cyber-attacks,” writes Sukhankin, a senior fellow with the Jamestown Foundation, a U.S. think-tank, who is teaching at the University of Calgary. “Perceived as one of Russia‘s chief adversaries in the Arctic region, Canada is a prime target in the information wars, with Russia potentially even meddling in the October 2019 federal election. Ottawa should be ready for a new surge in cyberattacks, disinformation and propaganda levelled against Canada in the near future.”

China: Spy defects to Australia, alleging election interference and cybercrimes | Devin Coldewey/TechCrunch

A purported agent of the Chinese intelligence service is seeking asylum in Australia, bringing with him explosive allegations of widespread interference in political affairs in that country, Taiwan and elsewhere. He claims also to have run a cyberterrorism campaign against supporters of Hong Kong independence. Wang “William” Liqiang indicated to Australian news outlet The Age that during a deep-cover assignment intended to manipulate the 2020 presidential election in Taiwan, he decided to defect and expose the Chinese networks from abroad. In addition to The Age, Wang spoke with The Sydney Morning Herald and 60 Minutes; the various outlets appear to be planning a broader release of the contents of his interviews on Monday. Wang has reportedly explained in detail the inner workings of a Hong Kong-listed company called China Innovation Investment Limited, which the government has allegedly been using as a front to infiltrate various universities, political groups and media companies.

Russia: Charges of Ukrainian Meddling? A Russian Operation, U.S. Intelligence Says | Julian E. Barnes and Matthew Rosenberg/The New York Times

Republicans have sought for weeks amid the impeachment inquiry to shift attention to President Trump’s demands that Ukraine investigate any 2016 election meddling, defending it as a legitimate concern while Democrats accuse Mr. Trump of pursuing fringe theories for his benefit. The Republican defense of Mr. Trump became central to the impeachment proceedings when Fiona Hill, a respected Russia scholar and former senior White House official, added a harsh critique during testimony on Thursday. She told some of Mr. Trump’s fiercest defenders in Congress that they were repeating “a fictional narrative.” She said that it likely came from a disinformation campaign by Russian security services, which also propagated it. In a briefing that closely aligned with Dr. Hill’s testimony, American intelligence officials informed senators and their aides in recent weeks that Russia had engaged in a yearslong campaign to essentially frame Ukraine as responsible for Moscow’s own hacking of the 2016 election, according to three American officials. The briefing came as Republicans stepped up their defenses of Mr. Trump in the Ukraine affair. The revelations demonstrate Russia’s persistence in trying to sow discord among its adversaries — and show that the Kremlin apparently succeeded, as unfounded claims about Ukrainian interference seeped into Republican talking points. American intelligence agencies believe Moscow is likely to redouble its efforts as the 2020 presidential campaign intensifies. The classified briefing for senators also focused on Russia’s evolving influence tactics, including its growing ability to better disguise operations.

National: Report: Election Assistance Commission Grapples With Staffing, Budget Cuts | Alexa Corse/Wall Street Journal

The federal agency responsible for setting election security standards is grappling with key leadership vacancies and inadequate funding, a new report by a government watchdog office has found. The U.S. Election Assistance Commission, which is focused exclusively on the voting process, is struggling to help state and local officials bolster the security of their voting systems, the agency’s inspector general said in a report released Wednesday. The commission has sought to promote cybersecurity best practices and to serve as a central resource for state and local governments, which have the primary responsibility for administering elections. But the inspector general’s report says that the commission’s efforts are faltering amid staffing shortages and years of budget cuts. Two of the agency’s most senior officials—the executive director and general counsel—stepped down last month, and the agency has begun looking for their successors, the report said. The agency’s acting executive director and chief information officer, Mona Harrington, said in a letter to the inspector general dated Monday that the agency “concurs” with the findings about its troubles.

National: CISA and VotingWorks release open source post-election auditing tool | Catalin Cimpanu/ZDNet

The US Cybersecurity and Infrastructure Security Agency (CISA) and VotingWorks, a non-partisan, non-profit organization, have open-sourced today a tool for the post-election auditing process. Developed by VotingWorks and named Arlo, the tool is available on GitHub. It’s a web-based app designed specifically for the US election process where votes are tallied electronically using software or special machines. To safeguard the election process against hacked or faulty voting systems, the US government mandates that all counted votes go through a post-election audit to verify the results, in a process called a Risk-Limiting Audit (RLA). Arlo is designed to automate this auditing process by automatically selecting random voter ballots for the RLA process, providing auditors with the information they need to find those ballots in storage, helping officials compare audited votes to tabulated votes, and providing monitoring & reporting capabilities so that election officials and public observers can follow the audit’s progress and outcome. “The tool supports numerous types of post-election audits across various types of voting systems including all major vendors,” CISA said in a press release today. CISA did not develop Arlo — created by VotingWorks on its own — but the agency has adopted the tool and is currently working on convincing state election officials to deploy it before next year’s presidential election.

National: House Panel Zeroes in on Election Security Ahead of 2020 | MeriTalk

With election security firmly in place as the popular policy de jour on Capitol Hill in the ramp-up to the 2020 election cycle, House members from both sides of the aisle voiced support at a Nov. 19 hearing for more focus on cyberattacks targeting election infrastructure, with a particular focus on ransomware exploits. The hearing of the House Homeland Security Committee subcommittee on Cybersecurity, Infrastructure Protection, and Innovation featured testimony from officials in the Federal government, academia, and the private sector, but mainly targeted efforts the private sector is making to protect U.S. elections infrastructure and political campaigns from malicious actors. Subcommittee Chairman Cedric Richards, D-La., began the hearing by highlighting Russia’s malicious cyber activity in the 2016 elections, saying, “The Russian government’s covert malicious foreign interference campaign attacked every aspect of our elections.” He further pointed to two new countries he said are working towards attacking U.S. elections – Iran and China. Rep. Richards said those countries are “weaponizing new technologies to disrupt our democracy, distort the daily news, and compromise our election security.”

National: On election security, U.S. government leaving much on the table | Derek B. Johnson/FCW

Expert witnesses warned Congress that the U.S. government has largely failed to address known security shortfalls leading up to 2020 and future elections.Much of the election security debate in Washington since 2016 has focused on improving baseline protections for voting machines, but witnesses at a Nov. 19 House Homeland Security Committee hearing noted that similar deficiencies also exist when it comes to protecting political campaigns from compromise by foreign intelligence services and preventing foreign and domestic disinformation. In his opening statement, Georgetown University professor Matthew Blaze noted that the current generation of voting machines used in U.S. elections were never designed to combat attacks or threats from adversarial foreign governments with the resources to penetrate the global supply chain or obtain software source code before it’s even shipped to election officials. “The intelligence services of even small nations can marshal far greater financial, technical and operational resources than would be available to even highly sophisticated criminal conspiracies,” Blaze said.

National: DHS cyber agency invests in election auditing tool to secure 2020 elections | Maggie Miller/The Hill

The Department of Homeland Security’s (DHS) cybersecurity agency announced Thursday it would partner with election officials and private sector groups to develop an election auditing tool that can be used to help ensure the accuracy of votes in 2020. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) is partnering with non-profit group VotingWorks on an open-source software tool known as Arlo, which is provided to state and local election officials for free. According to CISA, Arlo conducts an audit of votes by selecting how many ballots and which ballots to audit and comparing the audited votes to the original count. The tool has already been used to conduct post-election audits across the country, including during the recent 2019 elections. Election officials in Pennsylvania, Michigan, Virginia, Ohio and Georgia have signed on to partner with CISA on Arlo, with more officials expected to join.

National: Senior DHS cyber official Jeanette Manfra to step down | Sean Lyngaas/CyberScoop

Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, plans to step down from her position, according to multiple sources familiar with the matter. DHS officials are preparing an internal announcement about Manfra’s departure that could come as soon as this week, two sources told CyberScoop. Manfra has been a key liaison for the agency, speaking about cyberthreats to U.S. supply chains, election infrastructure, and industrial control systems to both the private sector and Congress. She has also represented DHS at top cybersecurity conferences like RSA and DEF CON. Over the course of her tenure, Manfra took on increasingly senior and cybersecurity-focused roles, culminating in her becoming assistant director at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) last year. In a speech last year, she likened supply-chain vulnerabilities to a “digital public health crisis.” It was not immediately clear who would replace her. One source told CyberScoop that officials had a replacement in mind, but declined to say who that was.

Colorado: County clerks ask federal, state officials for cash | Charles Ashby/Grand Junction Sentinel

Colorado’s county clerks are asking state and federal lawmakers to send money, lots of it. In a letter Wednesday to the state’s two U.S. senators — Democrat Michael Bennet and Republican Cory Gardner — the Colorado County Clerks Association asked them to ask U.S. Senate leaders to make sure they include funding to ensure the state’s and nation’s election systems are protected from cyber attacks, among other things. “Despite extraordinary progress by state and local election officials to improve election security, upgrade equipment and implement audit procedures, critical vulnerabilities remain,” wrote Janice Vos Caudill, Pitkin County clerk and current association president. “Although Colorado leads the nation in secure election practices — for example, Colorado is the first U.S. state to require risk-limiting audits after each election — there is much more Colorado can do with additional federal money,” she added. “This funding needs to be earmarked specifically to harden local government systems in a comprehensive way.”

Iowa: 2012 election problem a window into ongoing voter dysfunction, county auditor contends | Jason Clayworth/Des Moines Register

An Iowa election reporting delay that occurred the night President Barack Obama won a second term underscores longtime and ongoing dysfunction in the state’s voter system, says a county auditor who has filed an elections complaint against the state. A spokesman for Iowa Secretary of State Paul Pate, a Republican, disputed the contention by Linn County Auditor Joel Miller, a Democrat. “It’s totally irrelevant to anything this office has done,” spokesman Kevin Hall said this week. The 2012 delay was the result of a glitch in free computer software Iowa received from South Dakota, records the Des Moines Register obtained last week from the Iowa Secretary of State’s Office show. Because of a software crash, results from 126 Statehouse races were delayed and the balance of power in the Iowa Legislature remained unclear until the day after the election. BPro — a South Dakota company that designed the software and was hired via a no-bid contract to customize the system for Iowa — agreed to pay the state $150,000 in “liquidated damages” for the problem in its election night reporting system and its related work, according to an August 2014 termination agreement and a company spokesman.

Louisiana: Louisiana was hit by Ryuk, triggering another cyber-emergency | Sean Gallagher/Ars Technica

In October, the Federal Bureau of Investigation issued a warning of increased targeting by ransomware operators of “big game”—targets with deep pockets and critical data that were more likely to pay ransoms to restore their systems. The past week has shown that warning was for good reason. On November 18, a ransomware attack caused Louisiana’s Office of Technology Services to shut down parts of its network, including the systems of several major state agencies. These included the governor’s office, the Department of Health (including Medicare systems), the Department of Children and Family Services, the Department of Motor Vehicles, and the Department of Transportation. Louisiana Governor John Bel Edwards activated the state’s cybersecurity response team. While some services have been brought back online—in some cases, within hours—others are still in the process of being restored. Most of the interrupted services were caused by “our aggressive actions to combat the attack,” according to Louisiana Commissioner of Administration Jay Dardenne. “We are confident we did not have any lost data, and we appreciate the public’s patience as we continue to bring services online over the next few days.”