National: Secretaries of state plead for more money for election security | Mark Albert/KOCO

The nation’s chief elections officials are pleading for more money from the federal government to shore up the security of crucial voting systems before the presidential contest in 2020, even as such aid appears dead on arrival in the U.S. Senate. Interviews with 10 secretaries of state, conducted by the Hearst Television National Investigative Unit at the annual summer conference of the National Association of Secretaries of State held this year in Santa Fe, New Mexico, found unanimity across party lines. When asked whether their states needed more money for election security, one secretary after another answered in the affirmative. “Absolutely,” responded Pennsylvania Acting Secretary of State Kathy Boockvar, a Democrat. “Absolutely,” seconded Laurel Lee, Florida’s Secretary of State, a member of the Republican party. “Look, we absolutely need more money,” Democrat Alex Padilla, California’s secretary of state, said. “We can always use more money for election security,” said Mac Warner, a Republican who serves as secretary of state in Virginia. But despite the landslide of bipartisan requests, $600 million in additional funding is stuck in the Senate after passing the House last month on a nearly party-line vote.

National: Here’s an overlooked election cybersecurity danger: outdated software | Joseph Marks/The Washington Post

There’s a big hacking danger facing the 2020 election that’s so far been overlooked: software so old that companies aren’t updating it anymore. The “vast majority” of the nation’s 10,000 election jurisdictions rely on Microsoft’s Windows 7 operating system, which was introduced in 2009 and will reach the end of its technological life span in January, according to a report this weekend from the Associated Press’s Tami Abdollah. And some of those jurisdictions are relying on software that’s even older. That means those systems — which are running in numerous swing states’ election systems — won’t get automatically updated to protect against newfound computer bugs, leaving the systems far more vulnerable to hackers who exploit those bugs, Abdollah reports. The report highlights yet another way in which elections remain vulnerable to hacking despite calls for vastly improved election cybersecurity after the 2016 contest was upended by Russian hacking and disinformation operations — and amid warnings from Intelligence officials that Russia and other U.S. adversaries want to similarly compromise the 2020 contest. The vulnerable software is deployed on systems to create ballots, program voting machines, tally votes and report counts, per the AP. It also demonstrates how many election cybersecurity challenges evade easy fixes.

National: Who’s behind voting-machine makers? Money of unclear origins | Emery P. Dalesio/Associated Press

The voting-machine makers that aim to sell their systems in North Carolina are largely owned by private equity firms that don’t disclose their investors. The companies didn’t want the public to know even that much. North Carolina’s statewide elections board demanded the machine-makers’ ownership information last month after special counsel Robert Mueller’s April report into Russian efforts to sway the 2016 presidential election. Their concerns about potential foreign interference have grown since Maryland officials learned last year that a company maintaining that state’s election infrastructure did not disclose its financing by a venture fund whose largest investor is a Russian oligarch. The private-equity backers of the three voting systems vendors seeking approval to sell to county elections boards in North Carolina told The Associated Press they’re controlled by U.S. citizens. They claimed they have no ties to foreign oligarchs or other nefarious persons facing financial sanctions by Washington. But they didn’t provide information about the sources of the money they invest. And they asked the board not to share what they did disclose with the public. The elections board released the companies’ responses — as required by law — under a public records request from The AP. Election security watchdogs remain frustrated.

National: Thousands of election systems running software that will soon be outdated: report | Tal Axelrod/The Hill

The vast majority of the nation’s 10,000 election jurisdictions are using an operating system that will soon be outdated, according to an Associated Press analysis. Those jurisdictions using Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts will reach its “end of life” on Jan. 14 — meaning Microsoft will no longer provide technical support or produce “patches” to deal with vulnerabilities that hackers could possibly exploit. Microsoft told the AP in a statement Friday that it would offer continued Windows 7 security updates for a fee through 2023. The company did not immediately respond to a request for comment from The Hill. Critics told the AP that the obsolescence was an example of what happens when private companies determine the security level of election systems without federal guidelines. Vendors defended themselves, saying they’ve been making consistent improvements on security, but state officials said they were wary of federal involvement in state and local races.

National: Who Will Clean Up America’s Voter Rolls? | Mark Hemingway/RealClearPolitics

Los Angeles County has too many voters. An estimated 1.6 million, according to the latest calculations – which is roughly the population of Philadelphia. That’s the difference between the number of people on the county’s voter rolls and the actual number of voting age residents. This means that L.A. is in violation of federal law, which seeks to limit fraud by requiring basic voter list maintenance to make sure that people who have died, moved, or are otherwise ineligible to vote aren’t still on the rolls. Los Angeles County has made only minimal efforts to clean up its voter rolls for decades. It began sending notices to those 1.6 million people last month to settle a lawsuit brought by the conservative watchdog group Judicial Watch. Los Angeles County may be California’s worst offender, but 10 of the state’s 58 counties also have registration rates exceeding 100% of the voting age population. In fact, the voter registration rate for the entire state of California is 101%. And the Golden State isn’t alone. Eight states, as well as the District of Columbia, have total voter registration tallies exceeding 100%, and in total, 38 states have counties where voter registration rates exceed 100%. Another state that stands out is Kentucky, where the voter registration rate in 48 of its 120 counties exceeded 100% last year. About 15% of America’s counties where there is reliable voter data – that is, over 400 counties out of 2,800 – have voter registration rates over 100%.

National: Election security briefings failed to satisfy congressional critics | Tim Starks/Politico

House members and senators emerged from two election security briefings by top Trump administration officials Wednesday with plenty of questions. “There is real interest on the part of members of Congress to know who is in charge or what are the operating procedures for the process to move forward,” said Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee. “And the answers were not as clear as they need to be.” Some reportedly didn’t get answers about whether President Donald Trump himself has received a comprehensive briefing. Sen. Angus King (I-Maine) told MC that while he was impressed with the 2020 preparation thus far, more needs to be done. “One of the open questions is, what is the responsibility of the intelligence community to notify a campaign if they’re being victimized by a foreign adversary?” he said. As for the administration: “Today we shared with Congress how we continue to bring the full strength, capabilities, and expertise of our departments and agencies to identity and defend against threats to the United States,” agency officials involved in the briefing said in a joint statement. “Just like our successful, whole-of-government approach to securing the 2018 elections, we will work together with our Federal, state, local and private sector partners as well as our foreign allies to protect the 2020 elections and maintain transparency with the American public about our efforts.”

National: As Feds struggle, states create their own anti-election propaganda programs | Kevin Collier/CNN

As the 2020 presidential campaign heats up, individual states are ramping up education efforts to counter the threat posed by foreign disinformation campaigns to US elections. A lack of action at the federal level has prompted many states to craft their own programs designed to counter foreign efforts to undermine American democracy and educate the next generation of voters in schools. “It harms our democratic process when disinformation is at any point fed to voters in our democratic process,” Michigan Secretary of State Jocelyn Benson told CNN. “So I do think as secretaries of state, we have a responsibility to it take to the people.” Declassified intelligence reports on Russian meddling, by design, refuse to analyze the effectiveness of American opinion. And though most of Russia’s known propaganda efforts in the 2016 election were unsophisticated — armies of trolls with often strongly partisan opinions on polarizing subjects — they were effective enough to be widely quoted in the media and cited by a number of political figures, including Texas Republican Sen. John Cornyn, Donald Trump’s then-campaign manager Kellyanne Conway, and Michael Flynn, who went on to briefly serve as Trump’s national security adviser and was later charged and pleaded guilty to lying to the FBI about conversations with Russia’s ambassador.

National: Voting Machine Makers Claim The Names Of The Entities That Own Them Are Trade Secrets | Tim Cushing/Techdirt

Recently, the North Carolina State Board of Elections asked suppliers of electronic voting machines a simple question: who owns you? (h/t Annemarie Bridy) On June 14, 2019, the State Board of Elections requested that your companies disclose any owners or shareholders with a 5% or greater interest or share in each of the vendor’s company, any subsidiary company, of the vendor, and the vendor’s parent company. This seems like very basic information — information the Board should know and should be able to pass on to the general public. After all, these are the makers of devices used by the public while electing their representatives. They should know who’s running these companies and who their majority stakeholders are. If something goes wrong (and something always does), they should know who’s ultimately responsible for the latest debacle. It’s not like the state was asking the manufacturers to cough up code and machine schematics. All it wanted to know is the people behind the company nameplates. But the responses the board received indicate voting system manufacturers believe releasing any info about their companies’ compositions will somehow compromise their market advantage. Hart Intercivic said letting the public know that the company is owned by H.I.G. Hart, LLC and Gregg L. Burt is a fact that would devalue the company if it were made public. Hart InterCivic, a corporation that derives independent actual value from this information not being generally known or readily ascertainable and makes reasonable efforts to maintain the secrecy of this information, requests that it be designated as a trade secret pursuant to G.S. § 132-1.2(1)d. and G.S. § 66-152(3).

National: Disabled voters left behind in push to amp up 2020 security, advocates say | Jordan Wilkie/The Guardian

Russian attacks on American democracy in 2016, carried out over the internet, have triggered a national debate over the use of technology in the United States’ upcoming 2020 elections. But some of the best ways to beef up the security of the voting process and fight off future cyber-attacks could have an unintended consequence: limiting access to the vote for people with disabilities. Voting on hand-marked paper ballots – which by definition can’t be hacked – combined with robust audits of how the elections were carried out and how the votes were counted is widely seen as the most secure way to run an election. Cybersecurity experts want hand-marked paper ballot systems, but disability rights advocates want voting machines to be used for all voters, as they are best for disabled access. The two groups have been butting heads over this since the Help America Vote Act (Hava) of 2002, which gave states $3.9bn to buy new voting technology and required every polling place have at least one accessible voting machine. Rather than operate parallel systems – and since it was on the federal dime – many county and state governments decided to purchase voting machines to be used by all voters – something now seen as a security weakness.

National: FEC allow scampaigns to accept discounted cybersecurity services | Maggie Miller/The Hill

The Federal Election Commission (FEC) on Thursday approved a request from a private company to provide discounted cybersecurity services to political campaigns, saying it did not violate campaign finance rules. The decision came in response to a request from Area 1 Security, a California-based company, to offer cybersecurity services to federal political candidates and political committees at discounted rates. The FEC, which has jurisdiction over campaign finance for presidential and congressional elections, decided the arrangement did not violate campaign contribution rules because the company offers similar discounted services to nonpolitical clients as well. The decision allows the company to sell anti-phishing services to federal candidates and political committees for as little as $1,337 per year, according to the FEC. The agency wrote that “doing so would be in the ordinary course of Area 1’s business and on terms and conditions that apply to similarly situated non-political clients.”

National: Oh, lovely, a bipartisan election hack alert law bill for Mitch McConnell to feed into the shredder | Shaun Nichols/The Register

Two US lawmakers are pushing a bipartisan bill that would force the Department of Homeland Security (DHS) to alert the public of hacking attempts on election computer systems. House reps Mike Waltz (R-FL) and Stephanie Murphy (D-FL) agreed to reach across the aisle to sponsor HR 3259, the Achieving Lasting Electoral Reforms on Transparency and Security (ALERTS Act). The bill, right now resting in the hands of the House Administration Committee, would require Homeland Security officials issue a notification to Congress, state governments, and local officials whenever they, or any other federal agency, “have credible evidence of an unauthorized intrusion into an election system and a basis to believe that such intrusion could have resulted in voter information being altered or otherwise affected.” It seems incredible that this wouldn’t already happen, but then we remembered we’re living in America in 2019. In addition to state and local authorities, the bill would require individual members of the public be notified when any of their personal information – such as information on voter rolls – is thought to have been pilfered by hackers.

National: Top intelligence, homeland and cyber officials brief Congress on election security | Karoun Demirjian/The Washington Post

The full House and Senate were briefed about election security Wednesday by the Trump administration’s top intelligence, homeland security and cybersecurity officials as the parties continue to battle over how to protect the 2020 elections against foreign threats. Director of National Intelligence Daniel Coats; FBI Director Christopher A. Wray; the director of the National Security Agency and commander of U.S. Cyber Command, Gen. Paul M. Nakasone; and acting homeland security secretary Kevin McAleenan were among the senior officials who spoke to the full complement of House members and senators in back-to-back briefings. They told the lawmakers about the state of election security, including the new tools the government has equipped itself with to identify and avert future organized attempts to interfere with federal elections. Democrats and Republicans left the sessions expressing confidence in the officials’ efforts, even while the parties remain bitterly divided as to whether President Trump is taking election security seriously enough. That division has played out in Congress as a standoff between each party’s leaders, who spent Wednesday accusing each other of attempting to politicize election security to achieve partisan objectives.

National: Democrats clash with Republicans over election security | Marianne Levine, Sarah Ferris and Heather Caygle/Politico

House Democrats and Senate Republicans may have attended similar classified briefings on election security Wednesday, but they left with opposite conclusions. House Democrats expressed deep concerns about the White House’s ability to protect voting systems in 2020, drawing fresh scrutiny to the administration’s efforts to prevent foreign meddling in another election. But Senate Republicans said they had faith in the administration’s handling of the issue and saw no need for further legislation on election security. The divergent reactions suggests that while both parties acknowledge the role of Russian interference in the 2016 election, detailed in former special counsel Robert Mueller’s report this spring, Congress is unlikely to take any further legislative action. Leaving the hour-long House briefing, several senior Democrats said they still had key questions about the Trump administration’s work ahead of next November’s election, including which agency is leading the effort to combat foreign interference. “There is real interest on the part of members of Congress to know who is in charge or what are the operating procedures for the process to move forward,” said Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee. “And the answers were not as clear as they need to be.”

National: Republicans say they’re satisfied with 2020 election security after classified briefings | Jordain Carney/The Hill

Congressional Republicans are expressing confidence that the 2020 elections will be secure, despite strong protests from Democrats that more needs to be done. House and Senate members received separate classified briefings from senior administration officials on Wednesday, during which the plans for securing the 2020 elections were outlined in the wake of Russia’s extensive interference ahead of the 2016 vote. House Minority Whip Steve Scalise (R-La.) told reporters that while the U.S. must be “very vigilant” against election threats from foreign governments, “the agencies have the tools they need, and I am confident they are addressing the threats.”Sen. Lindsey Graham (R-S.C.), a close ally of President Trump who has previously supported additional election security legislation, said that he was “very impressed” by the administration’s efforts ahead of 2020. “They all said the president is giving them every authority they’ve asked for. No interference from the White House,” Graham said.  While none of the administration officials involved spoke with the press, several lawmakers confirmed that they said during the closed-door meetings they didn’t need additional legislation or extra funding from Congress.

National: Trump officials warn of ‘active threats’ to US elections | Matthew Daly/Associated Press

The Trump administration warned of unspecified “active threats” to U.S. elections as top security officials briefed Congress Wednesday on steps the government has taken to improve election security in the wake of Russian interference in 2016. Director of National Intelligence Dan Coats, FBI Director Christopher Wray and other officials “made it clear there are active threats and they’re doing everything they can” to stop them, said Rep. Debbie Dingell, D-Mich. Dingell called the closed-door presentation “very impressive” and said the issue was “one we all need to take seriously.” Coats, Wray and other officials, including acting Homeland Security Secretary Kevin McAleenan, met separately with the House and Senate in classified briefings at the Capitol. Democrats requested the sessions as they press legislation to keep Russia and other foreign adversaries from interfering with the U.S. political system. House Minority Whip Steve Scalise, R-La., called the briefing helpful and said it reinforced the importance of remaining vigilant against outside threats to U.S. elections. Federal agencies “continue to learn from the mistakes of the 2016 election, when the (Obama) administration was flat-footed in their response” to Russian interference, Scalise said. “We need to stay vigilant.”

National: No new legislative momentum after election security briefings | Niels Lesniewski/Roll Call

Sen. Marco Rubio emerged from a closed briefing on the Trump administration’s efforts to secure elections and made a renewed push for his own bipartisan deterrence legislation, even as he acknowledged there has not been momentum. “In my view, they’re doing everything you can do,” Rubio said of the administration efforts. “Election interference is a broadly used term, and understand this is psychological warfare. It’s designed to weaken America from the inside out, to drive divisions internally so we fight with each other, to undermine our confidence in the elections and in our democracy and particularly to undermine individual candidates either because they don’t like that candidate or because they know someone else.” Rubio, a Florida Republican, then plugged the DETER Act, a bipartisan bill he introduced with Maryland Democratic Sen. Chris Van Hollen, that is designed to provide for new sanctions to be imposed against Russia or other adversaries in the event of future interference.

National: Feds Don’t Regulate Election Equipment, So States Are On Their Own | Matt Vasilogambros/Stateline

Behind nearly every voter registration database, voting machine and county website that posts results on Election Day, there’s an election technology company that has developed those systems and equipment. By targeting one of those private vendors, Russia, China or some other U.S. adversary could tamper with voter registration rolls, the ballot count or the publicly released results, potentially casting doubt on the legitimacy of the final tally. Nevertheless, there are no federal rules requiring vendors to meet security standards, test equipment for vulnerabilities or publicly disclose hacking attempts. With the 2020 presidential election approaching, security experts, lawmakers and even election vendors themselves are calling for more rigorous testing of election equipment and stricter security standards for the private companies that provide election-related services. “The lack of vendor regulation in the election technology space is a big gap that needs to be addressed,” said Edgardo Cortés, an election security expert at the Brennan Center for Justice at New York University Law School.

National: Portland cybersecurity company aims to design, protect the future | Pat Dooris/KGW

Step inside Galois in downtown Portland and you’ll see a lot of smart people working with computers, circuit boards and more. A group of professors from the Oregon Institute of Technology started the company 20 years ago. The company says it performs computer science research and development for commercial, defense and intelligence industries, and that its employees are among the world’s foremost experts in computer science and mathematics, which allows Galois to take on the world’s most difficult challenges in computer science. They are now inventing, creating, testing and protecting against the future. The Ping-Pong table in one room is covered with parts from high-tech components. Soldering irons sit nearby ready for action. At the end of the table is a black box. It’s a prototype optical scanner for voting. The company built it from scratch. CEO Rob Wiltbank said the prototype is an attempt to answer a simple, but tough question. “How can you build a voting system that you can actually trust? A lot of computing systems function, but they don’t do only what you want them to do. So, the big experiment we’re doing here is, can you build a system that you can prove will only work as it’s supposed to work?” Wiltbank said. When it comes to elections, that’s a troubling idea.

National: Senate to be briefed on election security Wednesday | Jordain Carney/The Hill

The Senate will get an election security briefing on Wednesday, as Democrats clamor for Congress to pass new legislation ahead of the 2020 election. Senators will have a closed-door meeting with Trump administration officials, including briefers from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence, according to a senior Senate aide.  The House is also expected to be briefed on Wednesday, with Speaker Nancy Pelosi (D-Calif.) announcing late last month that the lower chamber would also have an “all members” briefing. The back-to-back briefings come as Democrats have been pushing for months for Congress to pass new legislation ahead of the 2020 elections. They also follow former special counsel Robert Mueller’s report on Russia’s interference in the 2016 election. House Democrats passed a massive election and ethics reform bill earlier this year and have followed it up with smaller bills as they’ve tried to put pressure on the GOP-controlled Senate to take action.

National: NAACP hosts election security teleconference call, highlights ongoing threats to African American community | The Philadelphia Sunday Sun

In his extensive investigation of Russian interference in the 2016 U.S. presidential election — which revealed that Russia had interfered “in a sweeping and systemic fashion” — Special Counsel Robert Mueller uncovered evidence which surprised many – that the African American community in particular was singled out and targeted by Russian-based troll farms and propaganda campaigns. These destructive forces took their cues from historic, home grown voter suppression tactics, entrenched American racism and tensions amongst Black people themselves. The Russians — not unlike the GOP — recognized the sheer power of this voting block and set out to disenfranchise it, largely through the use of digital and social media. They are determined to do so again, employing even more sophisticated technology and real time tactics. The NAACP recently held a teleconference featuring policymakers and thought leaders that addressed these challenges frankly and boldly.

National: Senate Democrats asking Republicans to help pass new election safeguards | Lyanne Melendez/KGO

The Democrats vowed to turn up the heat to force Republicans in the Senate to approve new election security bills. Speaker Nancy Pelosi insisted Monday the new safeguards are necessary to defend itself against any possible voter meddling-like what the country saw in 2016. “People have said to us, ‘ok, the Russians disrupted our elections, they made a difference in our elections, what are you going to do about it?’ SAFE,” said Speaker Pelosi. Democrats have proposed a few bills that, they say, would help protect our elections from future foreign interference. One of them is called the Securing America’s Federal Election Act, known as SAFE. SAFE would upgrade or replace electronic voting machines, hire information technology staff and give financial assistance to states to secure and maintain their election infrastructure.

National: Vulnerabilities in US Defense Could Lead to Major Breach in Two Years, Says Black Hat Survey | Luana Pascu/Security Boulevard

After Russians used techniques such as spearphishing emails and troll farms to inundate social media and influence the 2016 US election, concerns that the 2020 election is up for similar compromise are increasing. US intelligence and officials from the Democratic party are concerned that “Donald Trump and a powerful Senate ally are downplaying these concerns and not doing enough to thwart interfering,” according to The Guardian. “Russia would be remiss not to try again, given how successful they were in 2016,” said Steven Hall, former member of CIA Senior Intelligence Service. Upcoming US elections and critical infrastructure security were among heated discussion topics at Black Hat USA 2019. According to 40 percent of Black Hat USA’s 2019 survey respondents, “large nation-states” are the number one threat that US critical infrastructures will have to fight. When specifically asked about the US election, more than 60 percent expect Kremlin-supported hackers will compromise voting machines to influence the outcome. 77 percent expect a critical attack on US critical infrastructure to succeed in the next two years, up 10 percent since 2018. US elections and critical infrastructures face imminent compromise partially due to “a lack of coordination between US government entities and private industry” as well as a dearth of IT security professionals. These factors were named the most significant risks by 16 percent, and 15 percent of respondents, respectively.

National: Time’s running out if Congress wants to boost 2020 election security | Joseph Marks/The Washington Post

If Congress wants to deliver more money for states to secure the 2020 election against hackers, it had better get moving. That’s the message from Vermont’s top election official, Jim Condos (D), who ends his term as president of the National Association of Secretaries of State this week. There are just about six months left during which states could responsibly spend a big infusion of federal money aimed at protecting the 2020 contest, Condos told me. If Congress approves new funding after that, most of it won’t be spent until the next federal election cycle, he said. The warning comes as intelligence officials are cautioning that Russia and other U.S. adveraries are likely to try to interfere in the 2020 election in a repeat of the Russian hacking and disinformation operation that upended the 2016 contest. “It takes time to plan, to do assessments. We all have procurement rules we have to follow … and we want to be responsible stewards of congressional money,” Condos told me by phone from the National Association of Secretaries of States’s summer conference in Santa Fe, N.M. The prospects of Congress delivering new money in that timeframe don’t look good.

National: Hacking, Glitches, Disinformation: Why Experts Are Worried About the 2020 Census | Chris Hamby/The New York Times

In the run-up to the 2020 census, the government has embraced technology as never before, hoping to halt the ballooning cost of the decennial head count. For the first time, households will have the option of responding online, and field workers going door to door will be equipped with smartphones to log the information they collect. To make it all work, the Census Bureau needed more computing power and digital storage space, so it turned to cloud technology provided by Amazon Web Services. What the bureau didn’t realize — until an audit last year — was that there was an unsecured door to sensitive data left open. Access credentials for an account with virtually unlimited privileges had been lost, potentially allowing a hacker to view, alter or delete information collected during recent field tests. The Census Bureau says that it has closed off this vulnerability and that no information was compromised. But the discovery of the problem highlights the myriad risks facing next year’s all-important head count.

National: US Cyber Command issues alert about hackers exploiting Outlook vulnerability | Catalin Cimpanu/ZDNet

US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system. The bug was privately reported by SensePost researchers in the fall of 2017, but by 2018, it had been weaponized by an Iranian state-sponsored hacking group known as APT33 (or Elfin), primarily known for developing the Shamoon disk-wiping malware. At the time, in late December 2018, ATP33 hackers were deploying backdoors on web servers, which they were later using to push the CVE-2017-11774 exploit to users’ inboxes, so they can infect their systems with malware.

National: Will hacked voting machines decide the 2020 election? | Andrew Eversden/Fifth Domain

Cybersecurity professionals are concerned about foreign cyber operations and vulnerabilities in voting machines as the days tick down to the first 2020 primaries in February. According to a new survey of 345 cybersecurity professionals by Black Hat USA, 63 percent of respondents said that the hacking of voting machines in the next election is “very likely” or “somewhat likely” to have a “significant impact” on election results. U.S. government leaders, however, stress that they have prioritized the security of election systems, with one senior administration official on a June 24 press call referring to the defense against hacking of election infrastructure “our highest priority.” “We do believe that the 2020 elections are a potential target for state and non-state cyber actors and we continue to observe unknown actors attempt suspicious and malicious activity against internet-connected infrastructure periodically,” a senior intelligence official said.

National: US election security official highlights email threat | Morgan Lee/Associated Press

Beware the phishing attempts. An election security official with the U.S. Department of Homeland Security on Tuesday warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers. The emails appear as if they come from a legitimate source and contain links that, if clicked, can open up election data systems to manipulation or attacks. Geoff Hale, director of the department’s Election Security Initiative, told a gathering of secretaries of state that the nation’s decentralized voting systems remain especially vulnerable to emails that can trick unsuspecting workers into providing access to elections databases. “We know that phishing is how a significant number of state and local government networks become exploited,” Hale told scores of secretaries of state gathered in the New Mexico capital city. “Understanding your organization’s susceptibility to phishing is one of the biggest things you can do.”

National: New study shows Russian propaganda may really have helped Trump | Ken Dilanian/NBC

President Donald Trump and his allies have long insisted that Russian’s 2016 propaganda campaign on social media had no impact on the presidential election. A new statistical analysis says it may well have. The study, by researchers at the University of Tennessee, Knoxville, does not prove that Russian interference swung the election to Trump. But it demonstrates that Trump’s gains in popularity during the 2016 campaign correlated closely with high levels of social media activity by the Russian trolls and bots of the Internet Research Agency, a key weapon in the Russian attack. “Our results show that the weeks when Russian trolls were accumulating likes and retweets on Twitter, that activity reliably foreshadowed gains for Trump in the opinion polls,” wrote Damian Ruck, the study’s lead researcher, in an article explaining his findings. The study found that every 25,000 re-tweets by accounts connected to the IRA predicted a 1 percent increase in opinion polls for Trump. In an interview with NBC News, Ruck said the research suggests that Russian trolls helped shift U.S public opinion in Trump’s favor. As to whether it affected the outcome of the election: “The answer is that we still don’t know, but we can’t rule it out.” Given that the election turned on 75,000 votes in Michigan, Wisconsin and Pennsylvania, “it is a prospect that should be taken seriously,” Ruck wrote, adding that more study was needed in those swing states.

National: DOD’s cyber policy deputy clarifies homeland support role | Lauren C. Williams/FCW

The Defense Department is settling into its support role when it comes to defending national infrastructure from cyberattacks. B. Edwin Wilson, the deputy assistant secretary of defense for cyber policy, said during a panel talk at the Defense One Tech Summit June 27 that DOD doesn’t replace Homeland Security but has a clear, firm role in relaying intelligence and providing support during elections. “The department does have a role in the defense of the homeland,” Wilson said. “We’re not trying to do DHS’ job … we’re here to support” in areas such as the midterm elections. He added that while DHS’ primary role is securing election infrastructure, DOD shares intelligence on threats to it and help update sensors to compromised systems. “We want to bring the weight, the scale, the scope of the Department of Defense to be able to defend the homeland, our critical infrastructure, and key national interests,” he said.