National: Voting machine companies may throw their doors open to ethical hackers | Joseph Marks/The Washington Post

Voting machine companies, which for years have been loath to acknowledge any security weaknesses, are finally saying they will consider allowing ethical hackers to search for them. But hackers are skeptical of the election industry’s recent commitment to security and transparency. The olive branch to hackers marks a huge about-face for the industry, which last week asked for feedback from researchers and companies about the best ways to let outsiders vet their security. They’ve long argued that researchers, by exposing security flaws, could give a roadmap to foreign hackers intent on compromising the 2020 contest. Now they’re saying the threat of Russian hacking and disinformation is too severe for the security of election systems to be treated as a private matter to be managed behind closed doors. “For many years the industry…preferred to work quietly behind scenes. [But] 2016 brought cybersecurity to the front burner and folks in this industry who were uncomfortable talking about vulnerabilities have warmed up to it,” Chris Wlaschin, the top cybersecurity official for Election Systems and Software, told me. But some ethical hackers worry the industry, which has historically prioritized making their machines easier for election administrators to use rather than making them as secure as possible, isn’t ready to make big changes. They fear the companies won’t work quickly enough to fix the bugs they discover and could use non-disclosure agreements to enforce silence about dangerous bugs that could compromise an election.

Colorado: Colorado the First State to Remove Bar Codes from Ballots | Andrew Westrope/Government Technology

Since learning the scope of Russia’s interference in the 2016 election, state and federal officials have been vocal about the need to secure America’s next elections. For many jurisdictions, that might mean less technology rather than more, and resisting pressure from voting-tech vendors to buy expensive solutions where pen and paper is more secure. This week, Colorado took the lead as the first state to require all ballots to be tabulated using only the marked ovals, as opposed to QR (quick response) codes, or bar codes in which the voter’s choices are encoded. According to a news release from Secretary of State Jena Griswold, the use of ballot-marking devices had created a situation in which votes tabulated by QR codes could not be verified by the human eye. Serena Woods, a spokeswoman for Griswold’s office, explained that while Colorado’s in-person voters would get a printed out summary of their choices, they couldn’t verify that the QR code accurately reflected those. While there had been no specific incidents of QR codes being tampered with, Woods said, a nefarious actor could theoretically program a tabulation machine to misread QR codes, or reprogram ballot-marking devices to print inaccurate codes.

Georgia: Election security investigation opened after Atlanta computers stolen | Mark Niesse and Arielle Kass/The Atlanta Journal-Constitution

Georgia Secretary of State Brad Raffensperger opened an investigation Wednesday into Fulton County’s election security procedures after two voting check-in computers were stolen from an Atlanta precinct. “It is unacceptable that bad actors entered a polling location under the cover of night and were able to steal critical elections machinery,” Raffensperger said. Atlanta police are also investigating the theft of the express poll computers from the Grove Park Recreation Center, which occurred the night before Tuesday’s special election for a seat on the city school board. New computers were brought in before polls opened Tuesday morning. Richard Barron, Fulton’s director of registration and elections, said the county will be reviewing its procedures, but poll workers did what they were supposed to do. “Other than providing 24-hour security at all polling locations, I’m unsure how you secure every building,” he said. “Ours was in a government facility that had an alarm and was locked.”

Indiana: Election upgrade leaves widespread paperless voting | Brynna Sentel/South Bend Tribune

By the next election, one in 10 direct recording electronic (DREs) voting machines will have a small black box attached to them that will let voters see a printout of their ballot, providing a paper trial that can be used in post-election audits. Secretary of State Connie Lawson held one-on-one interviews with reporters to discuss the new voting equipment as well as the other steps her office is taking to assure Hoosiers that every ballot cast in an election will be accurately counted. “I still believe that the most important concern for us is voter confidence,” Lawson said Wednesday. “We want voters to know that the vote they cast is counted the way it was cast and that elections are safe and secure.” Lawson will go to the State Budget Committee Friday to ask for the release of $10 million that had been budgeted during the legislative session for election security. The committee is meeting at Purdue University. “There were so many priorities this last budget cycle,” Lawson said. “Honestly, I felt very fortunate that our original $10 million request, and that’s what it was when the session began, stayed the same and did not change.”

Kansas: Cyberattacks vandalized Kansas county websites in August, exposing security weaknesses | Jonathan Shorman/The Wichita Eagle

Cyberattacks crippled the websites of about a dozen Kansas counties in early August — replacing their homepages with cryptic messages and an image of Mecca. One county, which was conducting an election during the assault, decided against posting results online. The attacks did not affect vote counting but meant citizens didn’t have access to normal government information, such as contacts for local agencies, for several hours. The hacks defaced websites, but did not affect other systems. It does not appear the hacker or hackers took data hostage, as has happened elsewhere in the country. State officials don’t think the hacking was connected to the August primary election. But the attacks — not widely known until now — showcased the cyber vulnerabilities of local governments in Kansas. And they took place as online threats are rising.

Maine: Voter database unaffected after computers in Maine election office hit by cyber attack | Christopher Burns/Bangor Daily News

A virus hit several state computers and servers, including in the state’s election office, on Wednesday afternoon, the Maine secretary of state’s office said. The virus was detected about 3 p.m. and affected Maine Bureau of Corporations, Elections and Commissions staff computers, two servers at the Maine Bureau of Motor Vehicles and a server at the Maine State Archive, according to Kristen Schulze Muszynski, a spokeswoman for the Maine secretary of state’s office. The Bureau of Motor Vehicles’ servers are only used for internal testing purposes, while the state archive server is used for scanning documents. The Office of Information Technology and the secretary of state’s office are working to restore computer services, Muszynski said Thursday morning. They were expected to be restored later on Thursday. No public data was accessed and the state’s voter database was not affected, she said. The cyber attack consisted of 1,600 emails, but only 18 emails reached employee inboxes, Muszynski said, adding that the virus appeared to have entered through a spam email that included a malicious link.

Minnesota: Guard’s coders, hackers may help shore up election defenses | Stephen Montemayor/Minneapolis Star Tribune

Minnesota election officials working to beef up the state’s cyber defenses against hackers now want to call in the National Guard. In an effort to protect the 2020 election just months before early primary voting starts, Secretary of State Steve Simon said he wants to formalize a long-term agreement to work with a new “cyber protection team” developed by the Minnesota National Guard ahead of a workshop planned this week in St. Paul as part of a national “policy academy” on election security. The gathering of federal and state officials comes as Congress deepens its impeachment inquiry over a whistleblower allegation that President Donald Trump solicited Ukrainian help in undermining former Vice President Joe Biden, one of his top Democratic challengers in 2020. But a more pressing concern for local and state election officials is the prospect of foreign hacking and social media disinformation. Simon and other state election officials have warned that more foreign sources are likely to try to penetrate states’ election systems than in 2016, adding that there are already signs of widespread online disinformation campaigns underway. “This is a security issue,” Simon said. “It isn’t just about bullets or boots on the ground, it’s about this cyber realm and the fact that adversaries try to expose or exploit weaknesses in the cyber world just as they would in other areas as well.”

North Carolina: Did North Carolina skip a step? New voting machines questioned again | Travis Fain/WRAL

Activists and computer scientists have raised questions about the process used to certify new voting machines in North Carolina that, for weeks, the State Board of Elections hasn’t answered. The board’s chairman and its executive director say answers are coming and that staff plan to bring detailed information to the board at its meeting next Tuesday. But at least two board members, along with a string of academics and activists, are concerned that the state skipped steps as it certified three new election systems. Counties around the state are weighing whether to buy those systems to use in the 2020 elections. Frustrated by slow progress at the state level, activists worried about the security of touchscreen systems reached out to county officials responsible for picking and buying new machines, spurring an email Tuesday from the state elections director promising local officials answers next week. If the issue lingers, it may “throw chaos into the 2020 elections,” said Marilyn Marks, a Charlotte activist who founded the Coalition for Good Governance and has pushed this line of inquiry. “The lack of response to date is irresponsible, given that the questions have been swirling for at least three weeks,” Marks wrote to state board members and other election officials on Sept. 14. “Obviously, if the legally mandated certification work had been performed, documentation would have been produced weeks ago.”

Pennsylvania: Allegheny County Elections board approves vendor for new voting machines | Paula Reed Ward/Pittsburgh Post-Gazette

The Allegheny County Board of Elections voted Wednesday to approve Election Systems and Security as the vendor to provide a hand-marked paper balloting system to be used beginning next year. The vote means the county will enter negotiations with ES&S to fulfill a contract to provide enough scanners to count the ballots. The bid proposed by ES&S was $10.5 million. The 3-0 decision came after additional public comment in which advocates expressed concerns about how the ES&S system handles ballots for people with disabilities, including the use of bar codes. The concern is that ballots completed on the Americans with Disabilities Act-compliant ballot-marking device cannot be reviewed for accuracy. “There’s not a perfect decision to be made,” said Tom Baker, a county councilman and chair of the elections board. Elections board member Kathryn Hens-Greco, a Common Pleas Court judge, agreed that the decision to choose ES&S was not optimal, but it is necessary. “Right now, we’re at a point where a decision needs to be made, and it needs to be a confident decision.”

National: Democrats launch ‘full court press’ on election security | Joseph Marks/The Washington Post

Democrats are pressing hard this week in what could be their final chance to pass legislation aimed at protecting the 2020 contest against Russian hackers. Senate Democrats have failed for months to force Senate Majority Leader Mitch McConnell (R-Ky.) to allow a vote on bills committing an additional $600 million to election security and also mandating security reforms such as paper ballots and post-election cybersecurity audits. Now they’re shifting tactics and trying to force some of that funding into a must-pass spending bill. Round one of the fight starts Thursday at a Senate Appropriations Committee meeting where the top-ranking Democrat, Sen. Patrick Leahy (Vt.), and the top Democrat on the committee’s general government panel, Sen. Chris Coons (Del.), will try to force the money into the Republican draft of a spending bill. If that doesn’t work, Democrats can keep trying to push Republicans to add the measure through the lengthy give-and-take of the appropriations process that’s likely to drag on for several months. Aides for Leahy and Coons declined to tell me precisely what was in the amendment they’ll be introducing Thursday, but Sen. Ron Wyden (D-Ore.) and other senators are pushing for at least the $600 million that’s included in legislation already passed by the House. If the last-ditch effort fails, many Americans are likely to cast votes in 2020 in a process still governed by the same lax rules as in 2016 – when a Russian hacking and disinformation operation upended the election and severely damaged voters’ confidence in the democratic process. The federal government has surged its cybersecurity help to state election officials since then and several states and localities have voluntarily improved protections, but the improvements are far from universal.

National: Election security funds caught in crosshairs of spending debate | Maggies Miller-The Hill

Funding to bolster election security efforts at the state level could become a sticking point during the ongoing government spending talks, with the House approving the funds while Republicans in the Senate remain staunchly opposed. The spotlight will be on the Senate on Tuesday, as the Appropriations Subcommittee on Financial Services and General Government marks up its portion of the annual spending bill, with the full committee due to vote on the bill Thursday. While the subcommittee will wait until after the markup to release its version of the annual financial services and general government funding bill, which includes appropriations for the Election Assistance Commission (EAC), it’s unlikely to include election security funds due to Republican opposition. This could become a factor in negotiations between the House and Senate over government funding bills and make it even more difficult for Congress to approve funding legislation prior to the end of the fiscal year on Sept. 30, which is needed to avert a shutdown.

National: How state election officials are contributing to weak security in 2020 | Joseph Marks/The Washington Post

It’s not just a question of paper ballots. The offices charged with administering elections across the country are falling short on a slew of basic cybersecurity measures that could make the 2020 contest far more vulnerable to hacking, according to a report out this morning. Numerous state election offices aren’t patching their computer systems against known digital attacks and rely heavily on outdated, weak software, the report from the cybersecurity company NormShield found. They’re not fully protecting their websites against attacks or taking technical steps that would help prevent hackers from impersonating employees over email. And employee emails and passwords have leaked online. Any one of those vulnerabilities could be the weak spot that allows hackers to compromise a swath of election systems — especially since several states with the worst security practices were swing states, the company’s Chief Security Officer Bob Maley told me. He declined to disclose how specific states fared at this time.

National: How counties are war-gaming Election Day cyberattacks | Joseph Marks/The Washington Post

If Russian hackers seek to disrupt the 2020 election, it will be county election officials on the front lines. And some are diving in to war games so they can be ready for anything Moscow or another U.S. adversary can throw at them. Election officials from New Jersey’s 21 counties huddled at tables in a hotel ballroom here, hashing out how they’d respond to Election Day cyberattacks. In some attack scenarios, hackers shut down voter registration databases, loaded voter files with phony information, or compromised county social media accounts so they start spreading false information about polling locations. They also prepared for what happens if attackers locked up election office computers with ransomware or shut down cellphone towers across multiple states. How the U.S. fares during an Election Day hack is likely to rest on the response of local election administrators in the first few hours, state and federal officials told me. “The county level is where all the risk is,” a Homeland Security Department cybersecurity official who was helping one county with its response-planning told me. “They own it in a way no state official does and certainly no federal official could. It’s always live or die at the county level.” The war-games are a sign of how drastically local politics has changed in this new era of cyberwar — preparing responses to attacks by a powerful nation-state is a far cry from more ordinary tasks of getting poll workers to voting locations on time and planning contingency operations for storms or other physical disasters. And there’s no turning back, as federal offiicals have warned Russia is likely to try to repeat its hacking and disinformation campaign in 2020 and other U.S. adversaries, including China, Iran and North Korea, may try as well.

National: Cyber firm examines supply-chain challenge in securing election ecosystem | Charlie Mitchell/InsideCyberSecurity.com

State election officials are doing a better job of securing systems but still need to pay more attention to “internet facing infrastructure” and possible weak links in their supply chains, according to a new report from NormShield, a cybersecurity firm that develops risk scorecards for companies. According to NormShield, “We noticed … that states may be focusing on their internal assets and may not be examining their broader cyber ecosystem footprint. So we undertook the exercise of examining that broader footprint to better understand what election system integrity looks like from that perspective.” The firm did not examine cyber hygiene around voting machines, but did look at “Network Connected Systems and Components” as identified in the Center for Internet Security “Handbook for Elections Infrastructure Security.” It found significant improvements between an initial scan in July and a follow-up August, according to the report issued today. “NormShield privately provided its findings to the Secretaries of State and election commissions in July in order to empower them with the information needed to remediate vulnerabilities,” the firm said. “NormShield ran a second scan in August and found significant improvement in the security posture of several election commissions.”

Editorials: Cyber attacks threaten security of 2020 election | Ray Rothrock/San Jose Mercury-News

Following the 2016 elections, investigators found evidence that Russian hackers successfully infiltrated the computerized voting systems of several states. Hackers also stole data from campaigns and weaponized social media polarizing the electorate against and for certain candidates.  All of this undermines the trust we all place in the United States’ election system. There is nothing more powerful in a democratic country than a legitimate election.  Unchecked, these actions and future similar future actions against our elections are a significant danger to our democracy.  It’s clear we’ll be facing similar threats in the 2020 election cycle. Elections have become a new target in asymmetrical cyber warfare, allowing smaller groups to launch targeted attacks that have an outsized impact. To ensure our democracy is resilient in the face of these bad actors and nation-states, Congress must take action to adequately fund our election system’s cyber defenses and implement programs that bring about greater digital resilience in our government systems and in candidate’s campaigns. More importantly, something so fundamental to the country – trust in our elections – must be pursued with vigor on a bipartisan basis and in a manner that makes our systems more resilient.

Arizona: Is Arizona doing enough to protect 2020 elections? Computer security experts weigh in | Andrew Oxford/Arizona Republic

Some aspects of how to secure Arizona’s elections from hackers and fraudsters may seem obvious. Change the passwords on equipment every once in a while, for a start. Oh, and make it complicated, with some numbers and uppercase letters tossed in. Of course, there is a lot more to fending off cyber attacks. The Arizona Secretary of State’s Office is writing a new manual for county election officials and its first draft includes additional provisions on security. While experts praise some of those measures as big steps to prevent tampering, they are raising concerns about potential vulnerabilities with other measures. County officials who administer elections can adopt tighter security standards than those set by the state, but the new election procedures manual will set out the minimum requirements that local officials must follow. It revises policies last updated in 2014. Among the provisions that raised concerns is a suggestion that a USB stick used to transfer files from one device to another can be re-used if it is cleaned and reformatted.

Georgia: Check-in computers stolen in Atlanta hold statewide voter data | Mark Niesse and Arielle Kass/The Atlanta Journal-Constitution

Two computers that are used to check in voters were stolen from a west Atlanta precinct hours before polls opened Tuesday for a city school board election. Officials replaced the computers before voters arrived, and the election wasn’t disrupted, according to the Georgia Secretary of State’s Office.The express poll computers contain names, addresses, birth dates and driver’s license information for every voter in the state, said Richard Barron, Fulton County’s elections director. They don’t include Social Security numbers. They are password-protected, and the password changes for every election.The computers, which were in a locked and sealed case, haven’t been recovered.Poll workers discovered the burglary early Tuesday morning at the Grove Park Recreation Center near Donald Lee Hollowell Parkway.Atlanta police said they were first called to the recreation center at 12:30 a.m. on an alarm call. They found an unlocked door but saw no one inside. When election employees arrived, they told police “the kitchen had been ransacked,” a microwave had been moved to a different room, food items were missing and the express poll machines were missing, Atlanta police Sgt. John Chafee said. Georgia Secretary of State Brad Raffensperger said he’s concerned about the stolen election equipment. “They may not have realized what they were stealing. They may have just thought they were stealing computer hardware of some sort, but they stole a whole lot more than they thought,” Raffensperger said. “They’re in a whole lot of trouble. There will be a thorough investigation.”

Louisiana: New Louisiana election, same old voting machines | Melinda DeSlatte/Associated Press

Despite a national uproar over election security, Louisiana voters will be casting their ballots next month in a statewide election on the same type of paperless voting machines the state has used since 2005. No changes are expected for the 2020 presidential election either. Allegations of improper bid handling derailed plans to replace to Louisiana’s voting machines, so the secretary of state’s office had to redo its vendor search process. The agency still is drafting the solicitation for bid proposals, so new voting machines aren’t coming soon. Still, Secretary of State Kyle Ardoin said voters should feel confident in the machines they will use to cast their ballots in the Oct. 12 and Nov. 16 elections for Louisiana governor, six other statewide positions and state legislative seats.

New Jersey: Activists press for federal support to upgrade New Jersey’s vulnerable voting machines | Briana Vannozzi/NJTV News

Progressive activists on Tuesday called for an overhaul of New Jersey’s voting system, saying that the lack of a paper backup to the electronic machines at the polls in many counties could undermine the faith of voters that their ballots will be counted. “This is our most important fundamental right, the right to vote,” said Marcia Marley, president of BlueWave NJ. “And if it doesn’t count, why vote?” The activists are also looking to put pressure on federal lawmakers to approve $600 million for election security funding at the state level. The allocation has already been approved by the Democratic-majority House of Representatives but has failed to get any traction in the upper house, which is controlled by the GOP and led by Majority Leader Mitch McConnell, the Kentucky Republican. Carrying signs that read “Moscow Mitch” and “Protect Our Elections,” the activists gathered outside the offices of the state’s two Democratic senators, Cory Booker and Robert Menendez. “Robert Mueller explained that the threat of foreign intervention in our elections is very much still alive and probably escalating for the 2020 elections,” said BlueWave NJ member Mark Lurinsky, referencing testimony before Congress by the former Special Counsel to the Justice Department who investigated Russia’s attempts to influence the 2016 presidential election.

North Carolina: Experts Warn of Voting Machine Vulnerabilities in North Carolina | Nancy McLaughlin/Greensboro News & Record

A hacker hired to find flaws in voting machines around the world and a computer code writer appointed by a judge to take a forensics look at a controversial election told an emergency meeting of the NAACP in Greensboro, N.C., that even the newest era voting machines are vulnerable to reprogramming. The panel of cyber experts, who were video-broadcasted into the discussion at New Light Baptist Church, took shots at bar code systems like the ones that Guilford County, N.C., is considering. “It suggests more information than is there,” said computer scientist and engineer Duncan Buell of the University of South Carolina. Buell is part of a team auditing election data in his state that has discovered problems in the process that led to uncounted votes in previous elections. The bar codes are only as good as what they are programmed to do, Buell said. Without a paper ballot showing how people voted, he said, they are unreliable even in a recount.

North Carolina: Voting equipment approval didn’t follow law | Jordan Wilkie/Carolina Public Press

North Carolina’s recent decision to certify new voting systems for use next year did not follow state law, according to a letter that a group of experts on election security and administration sent to the N.C. Board of Elections late Wednesday night. North Carolina has been in the process of reviewing new voting systems for certification for over two years. The system that is currently in use across the state was certified in 2005. The law requires a security review of the source code of all voting systems before they are certified for use in the state. The letter states that there is no indication that the state, either through its own contractors or through required federal testing, reviewed the source code for the computers in the voting systems it recently certified. The experts in question, including Duncan Buell, a professor of computer science at the University of South Carolina, reviewed testing documentation from the state and from the federal government. “You read all of that, and it’s clear,” Buell said. “There was no source code review conducted. That would certainly seem to suggest that things are not in accordance with North Carolina law.”

Pennsylvania: Elections officials touted new electronic poll books. Now the city says they don’t work right. | Jonathan Lai/Philadelphia Inquirer

Philadelphia was supposed to use new, electronic poll books in its election this November, allowing poll workers to search for voters on an iPad and sign them in electronically, rather than use thick paper books. The change was supposed to reduce human error, and to make checking in voters faster and easier. City officials promised it would to help troubleshoot problems, such as providing correct information to voters who show up in the wrong polling place. It was supposed to, eventually, provide real-time turnout numbers from every polling site across the city. Turns out the system was not ready for prime time. Instead, “the city observed several problems with KNOWiNK’s pollbook system” during a test election conducted last month, the city’s Acting Chief Administrative Officer, Stephanie Tipton, said in a letter Tuesday to the acting board of elections.

Tennessee: Federal judge dismisses voting security lawsuit in Tennessee | Adrian Sainz/Associated Press

A federal judge dismissed a lawsuit Friday challenging the security of voting machines in Tennessee’s largest county and calling for a switch to a handwritten ballot and a voter-verifiable paper trial. U.S. District Judge Thomas Parker ruled that the lawsuit filed by a group of Shelby County voters in October 2018 failed to show that any harm has come to the plaintiffs and that they have no standing to bring the suit. Attorney Carol Chumney sued on claims that the outdated touchscreen voting machines used by Shelby County are not secure because they do not produce a voter-verifiable paper trail, and security checks and other safeguards are needed to protect the system from outside manipulation. Chumney wanted the county election commission to let outside experts examine its election management software and report any evidence of hacking, possible editing of votes cast or unauthorized software to the Tennessee Bureau of Investigation. The suit questioned the security and reliability of the voting machines and its software, provided by vendor Election Systems & Software. Advocates claim the software is obsolete and presents a risk to the election system. The suit also questioned the security of memory cards, computers, and modems used by the county. The lawsuit asked that the county replace its entire elections system ahead of this October’s municipal elections in Memphis with an optical scan system that uses hand-marked paper ballots. Chumney also asked that officials require Election Systems & Software to install advanced security sensors on their system and ask the U.S. Department of Homeland Security to perform risk and vulnerability assessments on electronic voting systems.

Australia: Australia concluded China was behind hack on parliament, political parties – sources | Colin Packham/Reuters

Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters. Australia’s cyber intelligence agency – the Australian Signals Directorate (ASD) – concluded in March that China’s Ministry of State Security was responsible for the attack, the five people with direct knowledge of the findings of the investigation told Reuters. The five sources declined to be identified due to the sensitivity of the issue. Reuters has not reviewed the classified report. The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, two of the people said. The Australian government has not disclosed who it believes was behind the attack or any details of the report.

Ghana: EC To Acquire New Technology For Elections | GNA

Chairperson of the Electoral Commission (EC) Jean Mensah Thursday disclosed that the Commission was in the process of acquiring technology that would guarantee the absolute sovereignty of the Ghanaian electoral process. The system, which she said would be owned, managed and operated at a lesser cost by the Commission, would ensure that elections were free, fair, credible, and not subject to third party manipulations. Madam Jean made the disclosure when the EC called on President Nana Addo Dankwa Akufo-Addo at the Jubilee House in Accra. The call on the President formed part of the Commission’s wider consultations with key stakeholders as it seeks to initiate reforms to promote efficiency, transparency and accountability around its activities. Explaining that the EC was weakest at its Information Technology Department, the EC Chairperson said since 2011, vendors controlled elections and had unlimited access to the department both remotely and physically. And as a result, the vendors, who supplied both software and hardware and managed it for the EC, could shut the Commission’s Data Centre down at anytime.

Israel: ‘Election on Tuesday will be target of cyber-attacks’ | Maayan Jaffe-Hoffman/Jerusalem Post

t the conclusion of the April 9 election, an Israeli watchdog group exposed a network of hundreds of social media accounts, many of them fake, used to smear opponents of Prime Minister Benjamin Netanyahu and to amplify the messages of his Likud Party. Shortly before that, in January, it was reported that Iranians had been using hundreds of fake accounts on Israeli social media pages, in an effort to sow social division and influence the then upcoming Israeli election. Now right before Israelis go to the polls, due to the proximity of the two elections as well as the immediacy and scale of the threats, it is highly doubtful that Israel has built a digital defense against cyberattacks this time around either, said Dr. Gabriel Weimann, a professor of communications at the University of Haifa. He told The Jerusalem Post that this Israeli election is likely to be marred by online election interference just like the last election, something that will only be fully understood after Tuesday. #url#

Editorials: Election security isn’t that hard – We can have safe elections if we follow these three steps. | Kevin Shelley and Wayne Williams/Politico

Intelligence experts warn that hostile nation-states, criminals and political partisans are preparing attacks on our election systems in 2020. We’ve set ourselves up for this: In the course of modernizing our voting systems, our country has introduced computers into many layers of our election process, including the recording and tallying of our votes. In fact, 99 percent of votes cast in 2020 will be counted either by the computerized voting machines on which the voters cast their ballots or – in the case of voter-marked paper ballots – by scanners, which also are computers. As former secretaries of state from both parties, we know that it’s possible to devise tangible solutions needed to validate our elections. In fact, we can tell you how to do it. That’s not to say that it’s easy, particularly given the decentralized nature of our election administration system. Most states administer elections locally and only a few states have uniform equipment in each locality. For many years, election administration has been woefully underfunded, leading to wide variability in capacity and resources. But, as long as the equipment incorporates a voter-marked paper ballot, officials can adjust existing processes to instill confidence in elections, regardless of the equipment in place.

National: Former Homeland Security secretaries call for action to address cybersecurity threats | Maggie Miller/TheHill

Three former secretaries of the Department of Homeland Security (DHS) on Monday testified that cybersecurity threats to elections and other critical infrastructure are major issues that could impact the security of the nation. Former DHS Secretaries Michael Chertoff, Janet Napolitano and Jeh Johnson all discussed the severity of cyber threats to the U.S. while testifying in New York City during a field hearing at the National September 11 Memorial Museum held by the Senate Homeland Security and Governmental Affairs Committee. Napolitano, who served as secretary under former President Obama from 2009 through 2013, listed cybersecurity as one of the top three threats DHS “can and must confront,” pointing to vulnerabilities in election infrastructure, utility grids and other critical infrastructure as putting the country at risk.  “Our adversaries and international criminal organizations have become more determined and more brazen in their efforts to attack us and to steal from us,” Napolitano said. “We need a whole of government and a whole of public and private sector response to this threat, and it needs to happen immediately.

National: Even conservative Democrats are savaging GOP over election security | Joseph Marks/The Washington Post

A group of centrist House Democrats that usually aims for bipartisanship is coming out swinging against Senate Majority Leader Mitch McConnell (R-Ky.) and other Republicans for blocking election security legislation. Members of the Democrats’ Blue Dog Coalition, which includes the conservative wing of the party, charged Republican senators with endangering the country’s democratic process for not forcing a vote on election security legislation during a press briefing. And they leveled their most pointed criticism at McConnell, who has steadfastly refused to allow major election security bills to get a vote on the Senate floor. “The underlying trust of our citizens in their electoral system and who they choose to elect is at the base of this whole process,” Rep. Tom O’Halleran (D-Ariz.) said. “The question should be put day in and day out to Mr. McConnell: ‘Why are you not wanting to protect the electoral system in this nation?’”

National: Here’s why Mitch McConnell is blocking election security bills | Joseph Marks/The Washington Post

As Congress returns this week, Mitch McConnell remains the one-man roadblock for Democrats’ election security bills. He’s still refusing to allow a vote, even as Democrats deride him as “Moscow Mitch” and accuse him of inviting Russia to interfere on Republicans’ behalf in the 2020 election. But why is McConnell so staunchly opposed? Republicans and Democrats offer a fairly straightforward theory: McConnell is wary of drawing the ire of President Trump, who has repeatedly wavered on whether Russia interfered in the presidential contest — and seems to view traditionally bipartisan discussions about election security as delegitimizing his unexpected 2016 victory over Hillary Clinton. “This is a narrative that the White House doesn’t want to approach,” David Jolly, a former Republican House member from Florida and an outspoken Trump critic, told me. “The president’s not comfortable talking about it. He’s someone with a fragile ego. And McConnell is happy to coordinate with this White House. That’s the only thing that explains it.” McConnell is likely also concerned about the political fallout for Republican senators, several of whom have supported and even co-sponsored election security bills in the past, says a former Democratic Senate staffer who worked extensively on cybersecurity issues during the Obama administration.