Editorials: Averting a voting-machine disaster: New York must stay far away from election devices with a proven record of failure | Ritchie Torres/New York Daily News

Imagine spending millions of taxpayer dollars for brand-new voting technology. Then imagine the first time the machines are used in an election, they fail catastrophically. That’s what happened this month across the state line in one Pennsylvania county. How bad was it? Widespread and alarming were failures of this machine, an Election Systems & Software (ES&S) product called ExpressVote XL. Hypersensitive touchscreens picked candidates without voters actually touching the screens. Tick-marks next to selected candidates randomly disappeared. Some machines were unable to tabulate “yes/no” questions at all. In some races, there were “severe undercounts,” including one judicial candidate who received an implausible zero votes, according to the machine’s false reporting. Another candidate won by roughly 1,000 votes, but the ExpressVote XL machine reported 15 votes cast total. Amid the chaos that ensued in this low-turnout election, poll workers were forced to physically pry open the machines, pull out ballot papers and wait for scanners to arrive from outside the state to recount the votes. Weeks later, ES&S has still “has not determined root cause” of the malfunctions, and now reports indicate that lawsuits are likely to be filed against the company and the county. If this sounds like a nightmarish but distant scenario with no practical relevance to us, think again. In fact, if New York City Board of Elections Executive Director Mike Ryan gets his way, the voting technology that catastrophically failed in Pennsylvania will be heading to polling places in the five boroughs for next year’s presidential elections, when turnout will be through the roof.

Pennsylvania: State starts testing new election auditing procedures | Emily Previti/PA Post

Pennsylvania’s elections overhaul isn’t limited to deploying new voting machines and making sweeping changes to absentee voting and registration deadlines. Officials also are working on new post-election auditing procedures that employ statistical modeling. Test runs occurred earlier this week in Mercer County and are scheduled for Thursday in Philadelphia. Post-election audits already happen in Pennsylvania. State law requires counties to audit 2 percent of ballots cast – or 2,000, whichever is less – in each race. Other auditing criteria – such as sample ballot selection – are largely left up to county election officials. That’s expected to change in 2022. The state agreed to implement a more robust post-election audit system — called risk-limiting audits — as part of the settlement of a lawsuit brought by 2016 Green Party presidential candidate Jill Stein. “The process that’s in place now is practically meaningless,” Stein’s spokesman Dave Schwab wrote in an email Tuesday. “In contrast, risk-limiting audits are designed to use the paper records to ensure that the machine count didn’t produce the wrong winner.”

Pennsylvania: Northampton County voters want refund for ExpressVote XL voting machines | Jeff Ward/WFMZ

Northampton County should get back the $2.88 million it spent on voting machines, residents told County Council on Thursday night. The ExpressVote XL machines used for the Nov. 5 election had touch screens that were too sensitive, did not record all votes electronically, and the backup paper ballots that were displayed to voters to confirm their choices were hard to read. The county bought machines from Election Systems & Software after Pennsylvania required voting machines that would thwart hacking and provide a paper backup to electronic tallies. “We really need to get our money back,” Gail Preuninger of Bethlehem Township said. Deborah Hunter, who served on the county’s election commission and opposed selection of Election Systems & Software’s machines, said the vendor broke its contract. “I will not use this machine,” said Roger Dreisbach-Williams of Williams Township. He said he will vote via a paper ballot next time, perhaps as an absentee voter.

Editorials: Hand-marked Paper Ballots: How this Tried-and-True Method Makes Us More Secure | Bennie J. Smith/Memphis Commercial Appeal

In 2016, Facebook CEO Mark Zuckerberg shared a photo on Instagram (owned by Facebook) to celebrate Instagram’s historic milestone of reaching 500 million users. Though Zuckerberg was excited to share his company’s success, headlines instead focused on the unintended revelation that his laptop’s webcam and mic were covered with tape. As one of the greatest high-tech inventors, he knows the dangers of modern technology and reveals his simple low-tech method of protection from hackers. One thing is clear, he doesn’t blindly trust technology, and neither should you.We’ve blindly trusted voting technology until it recently came under intense scrutiny. Many technologists, concerned citizens and others now want to replace voting machines with hand-marked paper ballots to record our votes. Combined with post-election audits, these low-tech methods provide evidence that voters’ choices were counted correctly when tabulated. If you think about it, paper marked by a human is immune to any virus since no computer is involved. It’s your starting line in an election, with its most important fact (true voter intent) undeniably created by you. Your available choices and who you chose are both verifiable and documented. Voters unable to mark a ballot by hand will need ballot-marking device choices.

Virginia: State Board of Elections Approves 2020 Election Cybersecurity Standards | The Fredericksburg Free Lance-Star

The Virginia State Board of Elections on Monday unanimously passed minimum security standards for all Virginia elections administrators to follow beginning next year. In 2019, the General Assembly passed HB 2178, calling for new, modern cyber security standards that must be met throughout the Commonwealth before systems are allowed to access Virginia’s election database, according to a news release from the state board. Since July, the Department of Elections along with a workgroup comprised of local government IT professionals and general registrars have met to compose a list of standards that will help to ensure the integrity of Virginia’s voter registration system. These new minimum security requirements for election administrators include, but are not limited to: setting new standards for creating secure passwords, requiring an increased emphasis on utilizing anti-virus protection on their election systems, and developing and training on incident response plans, the release stated.

Georgia: Problems with new Georgia voting system found in test election | Mark Niesse/The Atlanta Journal-Constitution

Voting machines rebooted in the middle of voting. Computers couldn’t program the cards voters use to activate voting machines. One voter inserted a driver’s license into the voting machine, causing it to go blank. Those were some of the 45 incidents reported during a test run of Georgia’s new voting system, according to a summary from the secretary of state’s office. The pilot was conducted in six counties, where 27,482 ballots were cast in this month’s election. The test identified issues with the voting system, which combines touchscreens with printed-out paper ballots, that can now be corrected before it’s used statewide in the March 24 presidential primary, said Gabe Sterling, the chief operating officer for the secretary of state’s office. “These problems are mainly human-based,” Sterling said. “We can train and train, and our plan is to train again. That’s going to be the main thing that’s going to make these things work properly.” Sterling said he’s confident that the state’s voting system will be ready for the presidential primary, and all equipment is scheduled for delivery by late January.

National: States and cities make cybersecurity pledge after Trump administration rejects it | Joseph Marks/The Washington Post

U.S. states and cities are breaking with the federal government and signing onto an international pledge aimed at making cyberspace safer. Virginia, Colorado and Washington state have all endorsed the Paris Call, which was first boosted last year by French President Emmanuel Macron and which commits members to combatting major cyberattacks, digital theft of intellectual property and foreign election interference. City governments in Louisville, San Jose and Huntington, W.Va., have also joined. The Trump administration, meanwhile, is still refusing to endorse the pledge — even though it was approved by 74 other nations including our closest allies in Britain, Canada, Australia and New Zealand. The move is another way that cities and states are breaking with the Trump administration. Others have done so on issues ranging from climate change, privacy to immigrant rights. It also underscores how states and localities, which have been pelted with costly ransomware attacks and struggled to protect their elections against highly sophisticated Russian hackers in recent years, are increasingly viewing cybersecurity as an existential threat. “It’s a problem that’s facing us and I really don’t give a flip whether a governor or a president is addressing it,” Huntington, W.Va., Mayor Stephen T. Williams told me. “I’m going to find people on common ground and we’re going to move forward and make our case. If the states and federal government want to come along, that’s fine, but, if not, we’ve got our own voice.”

National: Senate Democrats urge DHS to fund cyber threat information-sharing programs | Maggie Miller/The Hill

A group of three Senate Democrats is urging the Department of Homeland Security’s (DHS) cyber agency to help fund cybersecurity threat information-sharing centers involved in election security efforts. In a letter sent on Monday to Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency, Senate Minority Leader Charles Schumer (D-N.Y.), and Sens. Maggie Hassan (D-N.H.) and Gary Peters (D-Mich.) expressed concerns around the funding level for two information-sharing groups. Specifically, the senators noted that DHS’s proposed fiscal 2020 budget covers only around 70 percent of the estimated $15 million it would take for the Center for Internet Security to run both the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

National: Ex-U.S. security officials urge ‘aggressive steps’ to protect 2020 election | Mark Hosenball/Reuters

The United States should boost spending and take other “aggressive steps” to protect next year’s presidential election from foreign meddling, a group of former national security officials said on Monday. Citing what they said were signs U.S. rivals want to undermine the November 2020 poll, National Security Action – a group led by former advisers to President Barack Obama – said states and agencies should invest in paper ballot backups for digital voting machines, ensure audits of election results, improve cybersecurity and boost training for poll workers. Election security has become a major concern since U.S. intelligence agencies claimed Russia interfered in the 2016 presidential election to tilt the vote in Donald Trump’s favor. Moscow has denied here any interference. Congress has appropriated some $600 million for election security since 2018 and is working to approve another $250 million, an amount that National Security Action called a “modest start.” Its statement was signed by 70 former security officials from a range of agencies.

National: Russian Hacking 2.0 Could Employ a Whole New Bag of Digital Dirty Tricks | Nick Bilton/Vanity Fair

Last week, a woman, who we’ll call Jane, woke up in her home, as she does every morning, at around 5 a.m. (Her kids didn’t get the memo about daylight saving time.) Jane hobbled downstairs, still half asleep, walked into her kitchen, and started the coffee machine. Then she turned on her iPhone and immediately said, “Holy fuck!” Jane is a former senior staffer at the Democratic Congressional Campaign Committee, or DCCC, and when she turned on her phone that morning, her email inbox had filled with over 4,500 new messages from thousands of authentic businesses across the internet. Because of their authenticity, many of those messages had not been spotted by her Gmail spam filter. As she held her phone in her hand, she watched in disbelief as new messages appeared almost every second. Before she could quell the onslaught, 8,000 had landed in her inbox.

National: U.S. National Guard’s Evolving Mission Includes Assisting Local Governments Experiencing Cyber Attacks | Scott Ikeda/CPO

Cyber attacks on municipalities have been on the rise in the past year, particularly in smaller cities that have inadequate resources to deal with them. In the smallest of towns and cities, local government relies on state and federal resources to deal with remediation in the wake of a breach. For some, those resources now include the National Guard. Established at the national level in 1903, the National Guard is a reserve military force called upon for certain domestic emergencies; primarily, recovery efforts when natural disasters and major terrorist attacks occur. With cyber attacks evolving to target both the digital and physical infrastructure of towns and cities, states are now able to justify deploying the Guard to assist in supporting and protecting these vital services. As little as a few years ago, cyber defense was not even on the radar of most National Guard agencies. In the past two years, cyber brigades have begun to spring up around the country as the need for proactive defense and response to nation-state cyber attacks has become clear. Though each state has its own National Guard agency, many of these cyber brigades are responsible for covering multiple states. For example, the Army Nation Guard’s 91st Cyber Brigade is based in Virginia but is tasked with overseeing cyber response units in 30 states.

National: 3 Cybersecurity Threats Facing Campaigns in 2020 | Sean J. Miller/Campaigns & Elections

Cyber threats are a growing market this cycle. Security vendors, some free or low-cost, are stepping up to provide services for campaigns and groups to help protect themselves from hacking, which could come from a lengthening list of foreign adversaries. Still, awareness and adoption remain uneven, particularly down-ballot. Now, the industry vulnerabilities that exist aren’t just being probed by Russians. Other state actors are trying their hands at election inference, according to Matt Rhoades, co-founder of the non-profit group Defending Digital Campaigns, Inc. “We know that the Chinese play this game. But if you’re a Republican too, you know that the Iranians are now fully invested in this kind of effort, and they’re going to be targeting Republicans, especially, who have been hardcore on things like the Iranian nuclear deal,” Rhoades said last month during a panel at the George Washington University’s GSPM. “You have to look past just Putin.” The tactics that the state actors could use are established, with some new twists. Here are three threats campaigns face.

Colorado: Secretary of State’s Office begins post-election ballot audit | Michael Karlik/Colorado Politics

Secretary of State Jena Griswold on Friday directed county clerks to begin the audit of a random selection of ballots after this month’s general election. A press release said that this risk-limiting audit, the only statewide one in the country following most elections, provides a “high statistical level of confidence that the outcome of an election is correct and reflects the will of the voters.” Colorado conducted its first statewide audit in 2017, covering all counties that used machines to tally their votes. Two counties, Jackson and San Juan, do not perform an audit because their ballots are hand counted. The secretary of state’s office randomly chose the ballots for each clerk to review using a 20-digit number, generated from multiple rolls of a 10-sided die. “If what the audit board reports matches how the voting system tabulated the ballots, the audit concludes,” Griswold’s website explains. “If there are discrepancies, additional ballots are randomly selected to compare until the outcome has been confirmed. If the wrong outcome was reported eventually all of the ballots will be examined and a new outcome will be determined.”

Indiana: Why Critics Say Indiana Isn’t Doing Enough To Beef Up Election Security | Adam Pinsker & Sean Hogan/ Indiana Public Media

A big upgrade of voting machines is taking place around the state, but it won’t be finished before the 2020 election, when Hoosiers will choose a president, governor and other down ballot candidates. Some Hoosier voters worry their votes aren’t protected, and critics say a larger effort to safeguard votes is needed from the state. There are two types of machines for counties to use during elections in Indiana: Direct Record Electronic (DREs) and Optical Scans, which utilize a paper ballot. Valerie Warycha, the Indiana Deputy Chief of Staff says the state is providing four DRE counties — Bartholomew, Boone, Hamilton, and Hendricks — with Voter Verifiable Paper Audit Trails (VVPAT) by 2020. A VVPAT is a device that attaches to the machine and prints out a paper copy of an individual vote that can be reviewed in the course of an election audit. A law that went into effect in July requires all counties to use voting machines that provide a paper trail audit by the beginning of 2030.

Louisiana: Government computers knocked out after ransomware attack | Christopher Bing & Raphael Satter/Reuters

Louisiana state government computers were knocked out following a ransomware attack, the governor said on Monday, as results from the close gubernatorial election in the southern state await certification. Many state agencies had their servers taken down in response to the attack, Governor John Bel Edwards said in a series of messages posted to Twitter. He said the agencies were coming back online but that full restoration could take “several days.” “There is no anticipated data loss and the state did not pay a ransom,” he said. Ransomware works by scrambling data held on vulnerable computers and demanding a payment to unlock it. Louisiana Secretary of State spokesman Tyler Brey said that while his office’s website was briefly offline, the tallying of Saturday’s vote, in which Bel Edwards narrowly won re-election, was unaffected. The vote drew national attention following U.S. President Donald Trump’s well-publicized endorsement of Bel Edward’s Republican challenger, Eddie Rispone.

Michigan: Absentee voting surges in Michigan, creating challenges for local clerks | Kathleen Gray/Detroit Free Press

With absentee voting skyrocketing since voters approved a ballot proposal  last year allowing for its expansion, clerks across the state are worrying about counting ballots next year, when a record turnout is expected for the presidential race. Some clerks and Secretary of State Jocelyn Benson are calling on the state to allow election officials to be able to open and prepare absentee ballots for counting — and maybe even begin tabulating — votes before Election Day. Opponents worry that early processing and counting could lead to more voter fraud because ballots could be less secure until they’re ready to be counted. They’re also concerned that results could leak out and have a chilling effect on voters who haven’t cast ballots yet. In the August primary and November general election, when city leadership races and police and parks millages were at stake, absentee voting in some communities was as high as 82%. Hot races drew a record number of absentee voters:

Pennsylvania: Mercer County conducts first risk limiting election audit | Glenn Stevens/WFMJ

Mercer County is conducting a risk-limiting post-election audit for the first time in Pennsylvania. A working group assembled at the Mercer county courthouse on Monday to perform the post-election audit.   It’s described as a scientifically designed procedure that utilizes math and statistical data to confirm election outcomes. “They’ve found out a way to use the math to provide a statistical certainty that the results that we are reporting accurately reflect that’s what the voters did,” said Mercer County Elections Director Jeff Greenburg. “The math is maybe a little complicated for the average person until you get kind of hands-on experience, and that’s really what we’re doing here today,” according to Jonathan Marks, Deputy Secretary of Elections for Pennsylvania.  Pennsylvania has returned to a paper ballot, and the risk-limiting audit is viewed as another step forward for voter confidence and election integrity.

Virginia: State Board of Elections approves election security standards for 2020 | Augusta Free Press

The Virginia State Board of Elections unanimously passed minimum security standards for all Virginia elections administrators to follow beginning next year. In 2019, the General Assembly passed HB 2178; this legislation called for new, modern cyber security standards that must be met throughout the Commonwealth before systems are allowed to access Virginia’s election database. Since July, the Department of Elections along with a workgroup comprised of local government IT professionals and general registrars have met to compose a list of standards that will help to ensure the integrity of Virginia’s voter registration system. These new minimum security requirements for election administrators include, but are not limited to: setting new standards for creating secure passwords, requiring an increased emphasis on utilizing anti-virus protection on their election systems, and developing and training on incident response plans.

Wisconsin: Voters with disabilities face barriers at the polls | Rory Linnane/Milwaukee Journal Sentinel

A sign on a door reading “handicapped entrance, knock hard.” A set of stairs leading to voting booths with no elevator. A poll worker demanding voters state their names and addresses aloud, no matter their ability to speak. These are just a few of the barriers voters with disabilities have faced at Wisconsin polling places in recent elections. Advocates say the issues are preventing people with disabilities from voting with the same ease and privacy as others — or preventing their votes entirely. The last state report on accessibility barriers, in 2015, found most audited polling places had problems. State law requires such a report every two years, but state officials failed to complete one in 2017 and they’re late on the 2019 report.  The 2015 report found about 4,000 accessibility problems at 808 polling places. It said about 1,650 problems were severe enough to likely prevent some voters from entering and casting a private and independent ballot.  Federal law requires voting facilities to be accessible to people with disabilities.

Montenegro: US, Montenegro plot cyber warfare ahead of 2020 elections | Dusan Stojanovic/Associated Press

Deployed inside the sprawling communist-era army command headquarters in Montenegro’s capital, an elite team of U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. With its pristine rocky mountains, lush green forests and deep blue seas, the tiny Balkan state seems an unlikely location for waging global cyber warfare. But after the newest NATO nation was targeted by Russia-linked hackers and following a Moscow-backed coup attempt in Montenegro in 2016, the U.S. military dispatched their cyber experts to the Adriatic Sea nation. Montenegro is in the Balkans, a strategic area where Russia has been seeking to restore its historic influence. The country of just over 600,000 people joined NATO in 2017, defying strong opposition from Moscow. It has proven to be a key Western ally in the volatile region that went through a devastating war in the 1990s’.

Nigeria: Senate moves to okay e-voting for future polls | Azimazi Momoh Jimoh/The Guardian Nigeria

The Senate has begun a fresh electoral reform which has mandated the Independent National Electoral Commission (INEC) to adopt the much-awaited electronic voting method for future polls.
The lawmakers also compelled INEC to operate an electronic database into which all results in an election should be transmitted. A bill to amend the Electoral Act 2010 through which the reform would be achieved has already been published in an official gazette and debate on its general principles may begin on the floor of the Senate during the week. A copy of the bill exclusively obtained by The Guardian also stipulates that data of accredited voters must be transmitted to the central data base upon the conclusion of the accreditation of voters which would be done through the use of the card reader. “At the end of accreditation of voters, the presiding officer shall transmit the voter accreditation data by secure mobile electronic communication to the central database of the commission kept at the national headquarters of the commission.

United Kingdom: Notorious hackers claim responsibility for Labour DDoS | Alex Scroxton/Computer Weekly

Hacking group Lizard Squad has claimed responsibility for the 12 November distributed denial of service (DDoS) attack on the Labour Party, according to private messages exchanged with The Independent. Better known for targeting online gaming services, including Sony’s PlayStation and Microsoft’s Xbox networks, as well as celebrity social media accounts and, on one occasion, an airline, Lizard Squad tends to focus on large-scale DDoS attacks that generate substantial publicity. A Twitter account allegedly associated with the group said on 12 November that the DDoS attack was taking place because “no terrorist-supporting government should allow to rule [sic] a country”, a likely reference to Labour leader Jeremy Corbyn’s views on the Northern Ireland peace process and his frequent contacts with prominent Sinn Féin members during the Troubles. The account said the botnet used in the attack incorporated millions of devices on a global scale, to “enable more power to process such attacks”.

National: Despite Concerns About Election Security, ‘Vulnerabilities Abound’ | Alan Greenblatt/Governing

Ten days after he lost his re-election bid, Kentucky GOP Gov. Matt Bevin conceded the election. Bevin admitted defeat on Thursday following a recanvass of the vote, which he had requested and didn’t change the outcome. Beginning Nov. 5 — the night of the election — Bevin had complained that his narrow loss to Democrat Andy Beshear was due to irregularities. Bevin’s unsubstantiated complaints showed that there is more than one way to undermine confidence in elections. Although election officials worry about hacking into voting machines and registration rolls, they also worry that claims about potential problems make it harder for the public to accept the outcome of elections — especially if their preferred candidate has lost. “If I wanted to undermine the democratic system, all I really need to do is create doubt in the mind of whatever team loses,” said Michael Miller, a political scientist at Barnard College. “It’s very concerning that we’ve begun to focus on which team do [hackers] hurt, Republican or Democrat. It could be your team today, but it could be the other team tomorrow.”

National: Election vendors should be vetted for security risks, says watchdog group | Joseph Marks/The Washington Post

The federal government should start vetting companies that sell election systems as seriously as it does defense contractors and energy firms, a top election security group argues in a proposal out this morning. Under the proposal from New York University’s Brennan Center for Justice, government auditors would verify election companies and their suppliers are following a raft of cybersecurity best practices. They would also have to run background checks to ensure employees aren’t likely to sabotage machines to help Russia or other U.S. adversaries. The suggestion comes as Congress continues to fight over whether to tighten election security as candidates ramp up for the 2020 election. Senate Republicans, especially, have stalled further security measures, even as observers warn that the next election is ripe for hacking by foreign adversaries such as Russia, which interfered in the 2016 contest. Vendors of voting machines, however, have traditionally been exempt from close review by federal regulators. “These vendors are a critical part of securing our elections, but we haven’t really focused on them at all,” Lawrence Norden, director of Brennan’s election reform program and one of the authors, told me. “We need to understand that they’re critically important but also represent a vulnerability that there needs to be oversight for.”

National: Arming agencies for ransomware attacks in an election year | Stephen Moore/GCN

In the past few months, we have seen just how imperative it is to stop ransomware attacks. Ransomware has the power to rob state and local governments of thousands — or hundreds of thousands — of budget dollars and grind productivity to a halt. Recovery can cost tens of millions, as Atlanta and Baltimore discovered. Just two months ago, a coordinated attack hit 22 local Texas governments simultaneously, forcing many municipalities to rely on backup systems. Fortunately, none of the demanded $2.5 million ransom was paid, but that does not mean the event was without consequence. Cities and their elected officials have learned that failing to protect networks housing taxpayer data risks losing the trust of constituents. While ransomware attacks can happen at any time, an election year is an opportune time for adversaries to conduct attacks — on voter registration systems, for example. In an attempt to prevent a ransomware attack affecting upcoming elections, the Department of Homeland Security recently  announced a program to provide state election officials with guidance and support, as well as pen testing and vulnerability scanning of their voting systems. The rollout of this program, and future programs, serves as a major step in helping local governments protect their networks ahead of the 2020 elections and beyond.

National: Bipartisan bill to secure election tech advances to House floor | Maggie Miller/TheHill

The House Science, Space and Technology Committee on Thursday unanimously approved legislation intended to secure voting technology against cyberattacks. The Election Technology Research Act would authorize the National Institute of Standards and Technology and the National Science Foundation to conduct research on ways to secure voting technology. The legislation would also establish a Center of Excellence in Election Systems that would test the security and accessibility of voting machines and research methods to certify voting system technology. The bill is sponsored by Reps. Anthony Gonzalez (R-Ohio) and Mikie Sherrill (D-N.J.), along with committee Chairwoman Eddie Bernice Johnson (D-Texas) and ranking member Frank Lucas (R-Okla.). All four sponsors enthusiastically praised the bill during the committee markup on Thursday, with Johnson saying that “transparent, fair, and secure elections are the bedrock of our democracy,” and that attacks in 2016 on online voter registration databases “have increased Americans’ concerns about the integrity of our elections.”

National: Election Assistance Commission Needs More Authority In Face of 2020 Threats, Report Finds | Courtney Bublé/Government Executive

With less than a year until the 2020 presidential election, a new report calls on Congress to bolster the authority of the agency that serves as the nation’s elections clearinghouse and devote more funding and resources to it. The Brennan Center for Justice, a nonpartisan law and public policy institute, released a report on Tuesday that proposes a new framework for protecting election systems. Its recommendations focus on the oversight and internal operations of the Election Assistance Commission, the understaffed and underfunded federal agency responsible for promoting election administration best practices and voting machine security standards. “The federal government regulates colored pencils, which are subject to mandatory standards promulgated by the Consumer Product Safety Commission, more strictly than it does America’s election infrastructure,” said the report. Although the Homeland Security Department designated election systems as critical infrastructure in 2017 following revelations of Russian interference in the 2016 presidential election, election systems don’t receive the same type of oversight as other sectors with the critical infrastructure classification.  “While voting systems are subject to some functional requirements under a voluntary federal testing and certification regime, the vendors themselves are largely free from federal oversight,” the report said. “Under our proposal, the EAC would extend its existing certification regime from voting systems to include all vendors that manufacture or service key parts of the nation’s election infrastructure.”

National: State, local elections officials agree no ‘one-size-fits-all-approach’ exists for cybersecurity | Jory Heckman/Federal News Network

Less than a year out from the 2020 election, state and local election security personnel are gearing up to defend against cyber threats. But while these officials work directly with the Department of Homeland Security to protect this critical infrastructure, in many cases they face limited resources on a scale not seen in the federal government. More than 40 states have a secretary of state that serves as the chief election official, but in Wisconsin, an administrator is appointed by a bipartisan commission to serve in that role. Meagan Wolfe, the administrator of the Wisconsin Elections Commission, said Wisconsin is the most decentralized election administration system in the country. The state runs elections at the municipal level, whereas most other states run elections at the county level. However, resources for these offices can run thin and two-thirds of Wisconsin’s election officials work part-time. “A lot of them don’t have any type of IT support at the local level, which is very different than some of the county-based systems. The clerk might be the sole employee of that jurisdiction,” Wolfe said at the Cybersecurity Coalition’s CyberNext D.C. conference.

Editorials: Restoring Trust And Security In U.S. Elections | Earl Matthews/Forbes

There was a time when we didn’t think twice about the security of our election systems. We trusted that when we cast our votes, they would be accurately counted. That has changed. During the 2016 election, a powerful threat appeared from outside our own borders – the shadow of other governments hacking and attempting to unduly influence our election systems. If we care about voting and election security, and if we still believe that every voter and every vote counts, then there is a big existential question that we must be willing to address: Is cybersecurity fundamental to the health, if not the very existence, of a democracy today? I say absolutely yes. The issue is not significantly different from the challenges that businesses face as they try to protect their data and digital assets. It’s the ramifications that are so much bigger.

Arizona: County recorders falling short on web security, expert says | Andrew Oxford/Arizona Republic

Arizonans still vote on paper but much of an election unfolds online, from finding a polling place to requesting a mail ballot.

Cyber security experts worry election officials in some of the state’s counties are not doing enough to secure their websites and prevent fraudsters from sowing disinformation or spreading confusion. Most of the county recorders in Arizona are not using one of two basic safety measures that cyber security firm McAfee is encouraging local governments adopt. The company is urging election officials to use web addresses ending in .gov as well as secure sockets layer — encryption commonly used on websites that handle passwords, credit card information and other sensitive data. Without these measures, it could be easier for saboteurs to hijack a website and steal users’ data or provide false information, particularly heading into an election that experts anticipate will be targeted with disinformation.