National

From 8 a.m. to noon on Election Day last November, voting in Johnson County, Ind., ground to a halt. Lines at precincts across the county, just south of Indianapolis, swelled. Some voters waited hours to cast a ballot; some left furious that they were unable to do so. “People weren’t happy. People had to leave and go to work,” said Cindy Rapp, the Democratic member on Johnson County’s election board. The county votes on electronic voting machines, which don’t provide a paper trail — something cybersecurity experts vehemently warn against. But those machines weren’t what caused the issue in November. Instead, the problem came from the computer system, known as an electronic poll book, that poll workers were using to check people in. Increasingly, more and more states and voting jurisdictions are using these systems to speed up and improve in-person voting. According to federal data, nearly half of all voters who voted in person in 2016 signed in at their polling place using an electronic poll book. That’s up from 27 percent just one presidential election prior. Like many issues surrounding elections, moving from paper to a digital process may bring convenience, but it also brings big questions about security and reliability.

National: Republicans make alleged conservative bias top priority at election security hearing | Cat Zakrzewski/The Washington Post

Google, Facebook and Twitter executives came to Capitol Hill to testify about election security. Instead they faced a grilling about whether their platforms are biased against conservatives. A string of Republicans on the House Oversight and Reform Committee skipped questions about how the companies were tackling disinformation campaigns or preventing Russians from purchasing political ads on their platforms in the run-up to the 2020 election. They were more interested in whether Facebook and Twitter were “shadow-banning” — quietly blocking or restricting — conservatives’ accounts on their platform. “The minute you start putting your hand on the scale of freedom and justice to tilt it one way or another, quite frankly we’ve got to act as members of Congress,” warned Rep. Mark Meadows (R-N.C.). The technology executives vehemently denied that they engage in shadow banning. There is no evidence that the platforms have been systematically biased against one political party.

National: U.S. House bill would require feds to notify public of election hacking | Benjamin Freed/StateScoop

Two members of the U.S. House of Representatives from Florida said Thursday they will introduce a bill that would require federal officials to inform Congress, state and local authorities and the public if an election-related computer system is hacked. The measure, from Democrat Stephanie Murphy and Republican Michael Waltz, comes as a response to federal authorities’ refusal to publicly name the two Florida counties where voter registration databases were successfully breached by Russian military intelligence hackers during the 2016 presidential election. Under the bill, text of which has not yet been released, federal law enforcement and cybersecurity authorities who detect unlawful access of election systems would be required to “promptly” notify the relevant state and local officials, as well as members of Congress representing the targeted jurisdiction. In turn, state and local officials would be obligated to notify any potentially affected voters.

National: Mueller remarks put renewed focus on election security bills | Maggie Miller/The Hill

Legislation aimed at securing U.S. elections got an unexpected shot in the arm this week when Robert Mueller devoted a fair share of his first remarks on the Russia probe to the threat posed by foreign actors seeking to undermine democracy at the ballot box. Election security bills have been languishing in Congress for months, due in large part to Republicans who do not want to shine a light on Russia’s actions and risk the fury of President Trump. The president weighed in on the issue Thursday, telling reporters that “we are doing a lot, and we are trying to do paper ballots as a backup system as much as possible, because going to good old-fashioned paper in this modern age is the best way to do it.” Those remarks came after he said Russia did not help him secure the presidency — his first on-camera response to Mueller’s comments, though he tweeted earlier in the day that Russia helped him win the election. The president’s comments came a day after Mueller shined a spotlight on Russia’s attempts to interfere in the 2016 U.S. presidential election. Mueller emphasized that “the central allegation of our indictments” was “there were multiple, systematic efforts to interfere in our election.” He ended his 10-minute statement by saying this “deserves the attention of every American.”

National: Keeping voting security standards from bureaucracy | Derek B. Johnson/GCN

Although the security updates to the Election Assistance Commission’s new Voluntary Voting System Guidelines 2.0 are sorely needed, its approval and updating process can’t keep up with the technological changes. Later this year, the full commission is expected to vote to approve a five-page document outlining principles that will guide the development of VVSG 2.0, including a new emphasis on security. At a May 21 hearing, however, a number of stakeholders advised the agency to refrain from requiring a full vote to approve the technical portions of the guidelines, saying it could keep the latest technology from being incorporated into voting machine standards. “We cannot wait weeks or months for a decision on a federal level when there’s a need to act immediately,” Iowa Secretary of State Paul Pate said. “I’m asking all of you to have a dialogue about what happens if we run into that situation again when there is not a full quorum on the EAC. How will decisions be made, and will that make it more difficult for state election officials to protect the security and integrity of the vote?”

National: Top Republican says Senate unlikely to vote on any election security bills | Maggie Miller/The Hill

Sen. Roy Blunt (R-Mo.), a member of Senate GOP leadership, said Wednesday that the chamber is unlikely to vote on any election security legislation, despite requests from a federal agency for more funding to improve election systems nationwide. Blunt made the remarks at a Senate Rules Committee hearing where Election Assistance Commission (EAC) officials highlighted what they said is an urgent need for more resources. His comments were in response to Senate Minority Whip Dick Durbin (D-Ill.) pointedly asking during the hearing whether the Rules Committee, chaired by Blunt, would mark up any election security bills already introduced this Congress. “At this point I don’t see any likelihood that those bills would get to the floor if we mark them up,” Blunt said. When Durbin asked why that was the case, Blunt said, “I think the majority leader is of the view that this debate reaches no conclusion. And frankly, I think the extreme nature of H.R. 1 from the House makes it even less likely we are going to have that debate.”

National: Americans may vote in 2020 using old, unsecured machines | Gopal Ratnam/Roll Call

The first primary in the 2020 presidential race is a little more than 250 days away, but lawmakers and experts worry that elections will be held on voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results. Although states want to upgrade their voting systems, they don’t have the money to do so, election officials told lawmakers last week. Overhauling the nation’s election systems would mean injecting as much as $1 billion in federal grants that would then be supplemented by states, but top Senate Republicans have said they are unlikely to take up any election security bills or give more money to the states. The deadlock could mean that even as federal government and private companies spend tens of billions of cybersecurity dollars annually to protect their computers and networks from attacks, the cornerstone of American democracy could remain vulnerable in the upcoming elections.

National: EAC rattles the cup on Capitol Hill | Derek B. Johnson/FCW

For the first time in nearly a decade, the Election Assistance Commission has a full slate of commissioners in place. Now, with the agency sitting at the center of several key election security debates, they’re asking Congress to make their budget whole too. At a May 15 Senate Rules Committee hearing, Christy McCormick, who chairs the EAC, said the commission is at “a critical crossroads with regard to having sufficient resources necessary to better support state and local election administrators and the voters they serve” and asked members of Congress for more funding. “With additional resources, the EAC would have the opportunity to fund additional election security activities within its election technology program,” said McCormick. There is no shortage of ambition at EAC when it comes to supporting this work, but there is a stark shortage of funds for such activities.”

National: EAC hires 2 tech experts for testing and certification program | Sean Lyngaas/CyberScoop

The U.S. Election Assistance Commission has added two experienced hands to its voting system certification program amid concerns it had a shortage of technical experts overseeing election infrastructure. The agency is staffing up its crucial certification program by hiring Jessica Bowers, a former executive at Dominion Voting Systems, one of the country’s three largest voting system vendors, and Paul Aumayr, a former Maryland election official. Both new hires will work as senior election technology specialists. In an email announcement to staff obtained by CyberScoop, EAC Executive Director Brian Newby touted Bowers and Aumayr’s technical acumen. Bowers has “over 18 years of software development and product support experience,” while Aumayr is a “Microsoft-certified systems engineer,” Newby wrote.

National: Here’s how the military’s hacking arm is gearing up to protect the 2020 election |The Washington Post

Russia viewed the midterm elections as a “warm-up” for 2020. The U.S. military’s hacking division is treating it that way, too. In the run-up to the presidential election, U.S. Cyber Command is surging election defense efforts that proved useful during the midterms, officials told reporters Tuesday — including probing allies’ computer networks to glean insights about Russian threats. Cybercom is also working more closely with election defense teams at the Department of Homeland Security and the FBI, and with industry sectors that are targeted by Kremlin hackers and might have early warnings about threats facing the election, my colleague Ellen Nakashima reported from that briefing. “Our goal is to have no interference in our elections,” said Maj. Gen. Tim Haugh, who heads the command’s cyber national mission force. “Ideally, no foreign actor is going to target our electoral process.” Cybercom is the only outfit among the myriad federal state and local government agencies tasked with protecting the 2020 election that is allowed to punch back against Russian hackers — and it’s using its new authorities granted during the Trump administration to be more aggressive in cyberspace.

National: Congress focuses on money and staffing in election security | Derek B. Johnson/FCW

The Election Assistance Commission and the Cybersecurity and Infrastructure Security Agency were sharply questioned in hearings this week by lawmakers about human resource decisions. The EAC has just a small handful of employees dedicated to testing and certification of voting machines, and the acting director of testing and certification stepped down earlier this month. While the agency quickly hired a new director and has worked to bring on more personnel, there’s concern that EAC staff could be under-resourced heading into the 2020 election cycle and beyond. The agency had nearly 50 full-time employees and a budget of $17 million budget in 2009. Today they have a headcount in the low twenties and a budget of $10 million despite an expanded role in election cybersecurity. Chair Christy McCormick and other commissioners were questioned over a host of perceived staffing and management failures at a May 21 House Administration committee hearing.

National: Foreign election hacking inevitable, say US officials | Eric Tucker and Colleen Long/Associated Press

The hacking of U.S. election systems, including by foreign adversaries, is inevitable, and the real challenge is ensuring the country is resilient enough to withstand catastrophic problems from cyber breaches, government officials said Wednesday. The comments by representatives from the departments of Justice and Homeland Security underscored the challenges for federal and state governments in trying to ward off interference from Russia and other countries in the 2020 election. Special counsel Robert Mueller has documented a sweeping effort by Moscow to meddle in the 2016 election in Donald Trump’s favor by hacking Democrats and spreading disinformation online, and FBI Director Chris Wray said in April that the government regarded last November’s midterm election was “as just kind of a dress rehearsal for the big show in 2020.”

National: Report: U.S. political parties need to shore up cyber | Derek B. Johnson/FCW

Three years after the 2016 election, major political parties in the U.S. are still displaying sloppy digital security practices, according to a report from Security Scorecard. In new research released May 21, the company found vulnerabilities for the public facing, internet-connected digital assets of two major political parties. The Green Party and the Libertarian Party websites also displayed weaknesses. Vulnerabilities range from smaller sins like serving expired security certificates and sending unencrypted data to larger ones like leaking personally identifiable information and failing to put in place anti-spoofing protocols. In one case, an unnamed U.S. party was caught leaking data from a voting validation application containing the names, dates of birth and addresses of voters to the internet.

National: The vote-by-phone tech trend is scaring the life out of security experts | Eric Halper/Los Angeles Times

With their playbook for pushing government boundaries as a guide, some Silicon Valley investors are nudging election officials toward an innovation that prominent coders and cryptographers warn is downright dangerous for democracy. Voting by phone could be coming soon to an election near you. As seasoned disruptors of the status quo, tech pioneers have proven persuasive in selling the idea, even as the National Academies of Science, Engineering and Medicine specifically warn against any such experiment. The fight over mobile voting pits technologists who warn about the risks of entrusting voting to apps and cellphones against others who see internet voting as the only hope for getting most Americans to consistently participate on election day. “There are so many things that could go wrong,” said Marian Schneider, president of Verified Voting, a coalition of computer scientists and government transparency advocates pushing for more-secure elections. “It is an odd time for this to be gaining momentum.”

National: In Congressional Hearing, Election Officials Appear United Yet Divided on Security | Graham Vyse/Governing

Jocelyn Benson and John Merrill are a political odd couple. She’s a Michigan Democrat who backed Hillary Clinton, and he’s a Donald Trump supporter who represents Alabama. But both are secretaries of state, and when they testified side-by-side before Congress on Wednesday — she in a blue dress and he in a red tie — they repeatedly insisted they were friends ready to work together to strengthen the nation’s voting system. Benson and Merrill called on the federal government to provide more funding and resources for states and localities to address the issue. This weekend, they’re leading 18 other secretaries of state on a voting-rights history tour of Alabama with the hope of inspiring further bipartisan collaboration. “It’s the first time in our country’s history where you’ve got the chief election officers collectively, Democrats and Republicans, going to Selma to walk across the Edmund Pettus Bridge together,” Benson told Governing. The question is whether the secretaries can bridge enough of their differences to unite around federal legislation to improve election security. Benson and Merrill appeared alongside cybersecurity experts before the U.S. Committee on House Administration this week, more than two years after Russia’s cyberattack on American election systems during the 2016 presidential campaign.

National: After Russian Election Interference, Americans Are Losing Faith in Elections | Susan Milligan/US News

As lawmakers, state elections officials and social media executives work to limit intervention in the 2020 elections by Russia and other foreign operatives, an unsettling truth is emerging. Vladimir Putin may already be succeeding. The troubling disclosures of Russian meddling in the 2016 campaign – “sweeping and systematic,” special counsel Robert Mueller concluded in his report on the matter – have policymakers on guard for what intelligence officials say is a continuing campaign by Russia to influence American elections. But even if voting machines in all jurisdictions are secured against hacking and social media sites are scrubbed of fake stories posted by Russian bots, the damage may already have been done, experts warn, as Americans’ faith in the credibility of the nation’s elections falters.

National: House Democrats reintroduce bill to protect elections from cyberattacks | Maggie Miller/The Hill

House Democratic chairmen on Friday reintroduced a bill to protect U.S. election systems against cyberattacks, including requiring President Trump to produce a “national strategy for protecting democratic institutions.” The Election Security Act is aimed at reducing risks posed by cyberattacks by foreign entities or other actors against U.S. election systems. The national strategy from President Trump would “protect against cyber attacks, influence operations, disinformation campaigns, and other activities that could undermine the security and integrity of United States democratic institutions.”

National: House Administration Committee to make election security a 'primary focus' | TRegina Zilbermintshe Hill

The secretaries of state of Michigan and Alabama went before the House Administration Committee Wednesday to advocate for more federal resources to secure election systems against cyber attacks and committee leaders vowed to make the issue a “primary focus.” “Federal action is needed now to grasp the scope of the problem and to innovate concrete solutions that can be implemented before the next federal election cycle in 2020,” House Administration Committee Chairwoman Zoe Lofgren (D-Calif.) said at the hearing on election security.

National: Election commission names new lead for testing and certifying voting systems | Sean Lyngaas/CyberScoop

The federal Election Assistance Commission has appointed Jerome Lovato, a former Colorado state election official, as head of the commission’s program for testing and certifying voting systems, according to a commission email obtained by CyberScoop. Lovato replaces Ryan Macias, who was filling the role in an acting capacity and will step down this month. The crucial EAC program works with the country’s top voting equipment vendors to certify and decertify voting system hardware and software.

National: Microsoft offers software tools to secure elections | Associated Press

Microsoft has announced an ambitious effort to make voting secure, verifiable and subject to reliable audits by registering ballots in encrypted form so they can be accurately and independently tracked long after they are cast. Two of the three top U.S elections vendors have expressed interest in potentially incorporating the open-source software into their voting systems. The software is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA. Dubbed “ElectionGuard,” it will be available this summer, Microsoft says, with early prototypes ready to pilot for next year’s U.S. general elections. CEO Satya Nadella announced the initiative Monday at a developer’s conference in Seattle, saying the software development kit would help “modernize all of the election infrastructure everywhere in the world.” Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems. Open-source software is inherently more secure because the underlying code is easily scrutinized by outside experts but has been shunned by the dominant vendors whose customers — the nation’s 10,000 election jurisdictions — are mostly strapped for cash. None offered bids when Travis County, Texas, home to Austin, sought to build a system with the “end-to-end” verification attributes that ElectionGuard promises to deliver. Two of the leading vendors, Election Systems & Software of Omaha, Nebraska, and Hart InterCivic of Austin, Texas, both expressed interest in partnering with Microsoft for ElectionGuard. A spokeswoman for a third vendor, Dominion Voting Systems of Denver, said the company looks forward to “learning more” about the initiative.

National: Democrats focus on election security, voting rights | McClatchy

Democratic leaders are launching a more aggressive push this month that could widen their probe of possible voter suppression into states other than those now under scrutiny, seeking to make it particularly less difficult for minority voters, who tend to vote Democratic, to go to the polls. House Oversight Committee Chairman Elijah Cummings told McClatchy he wants to “make sure we spend significant effort and time, perhaps even looking at even more states and seeing what they’re doing and shining a light on what they may be doing illegally or improperly to stop or hinder people from voting and having those votes counted.” Cummings was already planning to look at possible voter suppression in North Carolina, Georgia, Texas and Kansas. The Maryland Democrat did not name additional states. At the same time, congressional Democrats are stepping up pressure on Republicans to address election security lapses to prevent a repeat of Russian meddling in the 2016 election. The Russian interference, combined with allegations of voter suppression, erode confidence in the electoral system, Democrats argue, and if both are not addressed, voters could be discouraged from participating in the 2020 election. “This is my worry, that we have done very little now to correct the threat of Russian interference with our electoral system,” Cummings said, “which means that it might be that the only way this whole situation that we’re in is corrected is through the ballot, with people voting.”

National: U.S. Cyber Command Bolsters Allied Defenses to Impose Cost on Moscow | The New York Times

American officials are pushing ahead on efforts with allied nations to counter Russia’s interference in democratic elections and other malign activities, military cybercommanders said on Tuesday, an effort intended to allow the United States to better observe and counter Moscow’s newest cyberweapons. American officials deployed last year to Ukraine, Macedonia and Montenegro, and United States Cyber Command officials said that their missions included defending elections and uncovering information about Russia’s newest abilities. Cyber Command will continue some of those partnerships and expand its work to other countries under attack from Russia, officials said Tuesday. The deployments, officials said, are meant to impose costs on Moscow, to make Russia’s attempts to mount online operations in Europe and elsewhere more difficult and to potentially bog down Moscow’s operatives and degrade their ability to interfere in American elections. “We recognize and understand the importance of being in constant contact with the enemy in this space, especially below the level of armed conflict, so we can defend ourselves and we can impose costs,” Maj. Gen. Charles L. Moore, the director of operations for Cyber Command, said Tuesday. “That is it in a nutshell.” With new authorities from the White House, as well as congressional legislation that declared online operations a traditional military activity, Cyber Command stepped up its election defenses last year, allowing commanders to develop a strategy to engage American adversaries.

National: Can open source help safeguard elections? | FCW

Lawmakers and policy experts are demonstrating increased interest in open source technology as a means to solving longstanding challenges and road blocks around election security. State and local governments rely on proprietary software and hardware from a small handful of private vendors to power their voting machines, voter registration systems and other technologies. Those vendors have historically been reluctant or unwilling to allow third-party audits of their products, and when outside researchers have gotten their hands on voting machines or probed commonly used software like voter registration systems, they’ve found extensive and worrying cybersecurity vulnerabilities in nearly every model. That reluctance has led to a number of projects that have sprouted up over the past year from organizations aiming to disrupt the status quo. One such organization, Voting Works, was created last year in partnership with the non-profit Center for Democracy and Technology and seeks to build “secure, usable, affordable and open-source voting machines” that will help to restore trust in the modern election system.

National: Limiting the cyber threat to elections infrastructure | GCN

Voter confidence in the integrity of elections is critical to a vibrant democracy. Recent cyberattacks by foreign state actors accompanied by disinformation campaigns aimed at U.S. voters have contributed to an erosion in the public’s trust of electoral results. But there’s another set of issues just as concerning: persistent, preventable “seams” or vulnerabilities in election system tools, processes and guidelines. E-voting machines are among the most prominent business technology solutions of the 21st century, yet they remain vulnerable to physical and data tampering and weaknesses in the chain of custody. In a 2012 study, the Argonne National Laboratory’s vulnerability assessment team discovered that attackers could exploit the integrity of an e-voting machine chassis with relative ease regardless of tamper-evident seals or locks. Data stored on e-voting machines was not encrypted, leaving it susceptible to interception, modification or deletion by an attacker. In the Argonne study, white-hat hackers used after-market wireless card adapters to intercept and alter communications exchanged between e-voting machines and the elections network infrastructure. The study concluded that successful tampering with just one in three voting machines is enough to change the outcome of an election.

National: What’s Russia still doing to interfere with U.S. politics — and what’s the U.S. doing about it? | The Washington Post

President Trump and Russian President Vladimir Putin spoke by phone Friday morning, covering, according to both sides, a wide range of issues. Included among them, according to a subsequent tweet from Trump, was the “Russian hoax” — apparently a reference to the recently concluded investigation into Russian interference in the 2016 election. It’s a bit uncertain, though: Trump regularly referred to the investigation as a hoax but has also repeatedly claimed that the idea that Russia interfered at all was questionable. The probe led by special counsel Robert S. Mueller III left little doubt about Russia’s role. Mueller obtained indictments against two dozen Russians for the two-pronged effort to steal and publish material from Democratic sources and to foster political divisions through events and on social media. Trump has long argued that the source of the hacking in particular was unknowable, reiterating shorthand allusions to his skepticism as recently as February.

TRUMP on whether he discussed election meddling with PUTIN:
“We discussed it. He actually sort of smiled when he said something to the effect that it started off as a mountain and it ended up being a mouse, but he knew that because he knew there was no collusion, whatsoever.” pic.twitter.com/qlEaWP6Eqy— JM Rieger (@RiegerReport) May 3, 2019

In an interview with Fox News on Thursday, Trump was asked whether he had spoken to Putin about Russia’s efforts to interfere in U.S. politics, an effort that Attorney General William P. Barr said in Senate testimony this week was ongoing. “I don’t think I’ve spoken to him about the 2020, but I certainly have told him you can’t do what you’re doing,” Trump said. “And I don’t believe they will be.”

National: Sen. Klobuchar on Russian interference: Trump ‘makes it worse by calling it a hoax’ | The Washington Post