National: Cybersecurity proposal pits cyber pros against campaign finance hawks | The Washington Post

The Federal Election Commission could decide today whether nonpartisan groups can offer political campaigns free cybersecurity services, an issue that has made bedfellows of Republicans and Democrats but divided cyber pros and campaign finance hawks. The proposal’s authors, Hillary Clinton’s 2016 campaign manager Robby Mook and Mitt Romney’s 2012 campaign manager Matt Rhoades, come to the issue from bitter experience. The Romney campaign was targeted by Chinese hackers, and Clinton’s campaign was upended by a Russian hacking and disinformation operation aimed at helping  Donald Trump. The bipartisan duo want to help presidential and congressional campaigns steer clear of similar hacking operations by allowing nonprofits to provide cybersecurity free of charge. But first they need the FEC to say those services don’t amount to an illegal campaign contribution. “This is warfare,” Mook told FEC commissioners during a review of the proposal April 11. “People are trying to disrupt our democracy.” The plan is a hit with many cybersecurity pros who say campaigns aren’t equipped to defend themselves against sophisticated, government-backed hacking operations from Russia and China, and think this might level the playing field. 

National: Managing unknown risks in the next election | GCN

As the nation heads into the 2020 election cycle, experts disagree over whether the nation should expect the same type of cyber threats and influence campaigns experienced in 2016 or if we should expect the unexpected. Matthew Masterson, a senior advisor at the Department of Homeland Security focusing on election security, said that he spends “a lot of time thinking through that undermining confidence [angle] and ways that we can build that resilience.” Speaking at an April 23 cybersecurity conference, he told the audience that “the reality is you don’t actually even have to touch a system to push a narrative that undermines confidence in the elections process.” Liisa Past, former chief research officer at the Cyber Security Branch of the Estonian Information System Authority, said at the same event that election influence campaigns operate on multiple fronts. “It really illustrates the adversarial activity, which is that they’re throwing spaghetti at the walls,” said Past. “Cyber is one wall, misinformation, disinformation and social media is another wall. We’re having to assume that using proxies and … useful idiots is another wall, and I’m afraid that behind it there might also be an element of blackmail and personal manipulation.” The challenge, she said, is “how do you come up with a risk management model that clearly has the same degree of flexibility as the adversary’s tactics have?”

National: In Push for 2020 Election Security, Top Official Was Warned: Don’t Tell Trump | The New York Times

In the months before Kirstjen Nielsen was forced to resign, she tried to focus the White House on one of her highest priorities as homeland security secretary: preparing for new and different Russian forms of interference in the 2020 election. President Trump’s chief of staff told her not to bring it up in front of the president. Ms. Nielsen left the Department of Homeland Security early this month after a tumultuous 16-month tenure and tensions with the White House. Officials said she had become increasingly concerned about Russia’s continued activity in the United States during and after the 2018 midterm elections — ranging from its search for new techniques to divide Americans using social media, to experiments by hackers, to rerouting internet traffic and infiltrating power grids. But in a meeting this year, Mick Mulvaney, the White House chief of staff, made it clear that Mr. Trump still equated any public discussion of malign Russian election activity with questions about the legitimacy of his victory. According to one senior administration official, Mr. Mulvaney said it “wasn’t a great subject and should be kept below his level.” Even though the Department of Homeland Security has primary responsibility for civilian cyberdefense, Ms. Nielsen eventually gave up on her effort to organize a White House meeting of cabinet secretaries to coordinate a strategy to protect next year’s elections. As a result, the issue did not gain the urgency or widespread attention that a president can command. And it meant that many Americans remain unaware of the latest versions of Russian interference.

National: ‘They think they are above the law’: the firms that own America’s voting system | The Guardian

Maryland congressman Jamie Raskin is a newcomer to the cause of reforming America’s vote-counting machines, welcomed through baptism by fire. In 2015, Maryland’s main election system vendor was bought by a parent company with ties to a Russian oligarch. The state’s election officials did not know about the purchase until July 2018, when the FBI notified them of the potential conflict. The FBI investigated and did not find any evidence of tampering or sharing of voter data. But the incident was a giant red flag as to the potential vulnerabilities of American democracy – especially as many states have outsourced vote-counting to the private sector. After all, the purchase happened while Russian agents were mounting multiple disinformation and cybersecurity campaigns to interfere with America’s 2016 general election. “To say that they don’t have any evidence of any wrongdoing is not to say that nothing untoward happened,” Raskin said. “It’s simply to say that we don’t have the evidence of it.” The fact is that democracy in the United States is now largely a secretive and privately-run affair conducted out of the public eye with little oversight. The corporations that run every aspect of American elections, from voter registration to casting and counting votes by machine, are subject to limited state and federal regulation. The companies are privately-owned and closely held, making information about ownership and financial stability difficult to obtain. The software source code and hardware design of their systems are kept as trade secrets and therefore difficult to study or investigate.

National: Election security offers leading edge in CISA’s funding push as budget hearings approach | InsideCyberSecurity

Leaders of the Cybersecurity and Infrastructure Security Agency argue that ensuring the security of the 2020 election will require increased funds for the new agency, and are citing the recent Mueller report as new evidence of CISA’s critical role in countering Russian interference. The Mueller report released last week, and renewed CISA assertions about election security, come as House lawmakers kick off review of the DHS budget for fiscal 2020 next week. CISA Director Christopher Krebs said the redacted report by special counsel Robert Mueller on Russian interference reinforces ongoing concerns about election security, while he emphasized that CISA will continue asking for more funding in this area. “When I look at the Mueller report, I think it’s an extension of prior law enforcement intelligence activity, it was pretty consistent with the intelligence community assessment,” Krebs said to Inside Cybersecurity following his speech at the AFCEA meeting of government and largely defense industry officials today. “It’s just a reinforcement that they were incredibly active in 2016, they were active in 2018, and we’re going to be ready for them in 2020,” Krebs said.

National: Mueller report: Russia hacked state databases and voting machine companies | Roll Call

The Russian military intelligence unit known by its initials GRU targeted U.S. state election offices as well as U.S. makers of voting machines, according to Mueller’s report. Victims of the Russian hacking operation “included U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and county governments, as well as individuals who worked for those entities,” the report said. “The GRU also targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter registration software and electronic polling stations.” The Russian intelligence officers at GRU exploited known vulnerabilities on websites of state and local election offices by injecting malicious SQL code on such websites that then ran commands on underlying databases to extract information. Using those techniques in June 2016, “the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website,” the report said. “The GRU then gained access to a database containing information on millions of registered Illinois voters, and extracted data related to thousands of U.S. voters before the malicious activity was identified.”

National: Jared Kushner Dismisses Russian Election Interference as ‘Couple of Facebook Ads’ | The New York Times

Jared Kushner, President Trump’s son-in-law and senior adviser, dismissed Russia’s interference in the 2016 presidential campaign on Tuesday as a “couple of Facebook ads” and said the investigation of it was far more damaging to the country than the intrusion itself. “You look at what Russia did — you know, buying some Facebook ads to try to sow dissent and do it — and it’s a terrible thing,” Mr. Kushner said during a panel sponsored by Time magazine. “But I think the investigations, and all of the speculation that’s happened for the last two years, has had a much harsher impact on our democracy than a couple of Facebook ads.” “Quite frankly, the whole thing is just a big distraction for the country,” Mr. Kushner said in his first public comments since the release of the report of the special counsel, Robert S. Mueller III, last week. Facebook estimated that Russia-backed ads and social media posts reached 126 million Americans during the election, only about 10 million fewer than voted in 2016. Moreover, Russians hacked accounts of the Democratic National Committee and leaked damaging information about Mr. Trump’s opponent, Hillary Clinton, at critical moments during the campaign. In his report, Mr. Mueller concluded that “the Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.”

National: Russia’s hack into the US election was surprisingly inexpensive, Mueller report shows | CNBC

Techniques used by state-backed Russian hackers to interfere in the 2016 U.S. elections were apparently inexpensive, experts told CNBC, highlighting the ease at which a foreign government was able to meddle in a Western democracy. The report released by special counsel Robert Mueller lays out how Russian trolls used social media to try to influence the outcome of the election in which Donald Trump was made president and outlines the way in which hackers stole documents from the campaign of Hillary Clinton. Beginning in March 2016, units of Russia’s military intelligence unit known as GRU hacked the computers and email accounts of organizations, employees and volunteers supporting the Clinton presidential campaign, including the email account of campaign chairman John Podesta, the Mueller report said. The Russian group also hacked the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). Initially, the GRU employed a hacking technique known as spearphishing. That’s when a hacker sends an email to a person that contains something like a link to a fake website or an attachment. When a person clicks that link or downloads that document, it could lead to malicious software being installed on that person’s computer or mobile device. The spoof website might ask for personal details about a person, which could include passwords to certain services they use.

National: Threats known and unknown loom in 2020 elections | FCW

U.S. cybersecurity officials are gearing up to prevent foreign malign influence campaigns from impacting the 2020 vote. Experts are divided over whether local election officials and federal agencies should expect the same type of threats targeting election infrastructure and online discourse as they experienced in 2016 or if they should expect the unexpected. On Election Day in 2018, federal officials said they had no indication that voting infrastructure was successfully targeted by cyberattacks or other efforts at manipulation designed to strike voters from the rolls, change vote counts or hinder officials from completing election tallies. But the issue of influence campaigns and as yet unknown vectors of attack remain ripe for discussion as the nation heads into the 2020 vote. Matthew Masterson, a senior advisor at DHS who focuses on election security, said at an April 23 cybersecurity conference that he spends “a lot of time thinking through that undermining confidence [angle] and ways that we can build that resilience, because the reality is you don’t actually even have to touch a system to push a narrative that undermines confidence in the elections process.” Liisa Past, former Chief Research Officer at the Cyber Security Branch of the Estonian Information System Authority, said at the same event that election influence campaigns operate on multiple fronts.

National: America’s new voting machines bring new fears of election tampering | The Guardian

By design, tens of millions of votes are cast across America on machines that cannot be audited, where the votes cannot be verified, and there is no meaningful paper trail to catch problems – such as a major error or a hack. For almost 17 years, states and counties around the country have conducted elections on machines that have been repeatedly shown to be vulnerable to hacking, errors, breakdowns, and that leave behind no proof that the votes counted actually match the votes that were cast. Now, in a climate of fear and suspicion over attacks to America’s voting system sparked by Russia’s attacks on the 2016 elections, states and counties across the country are working to replace these outdated machines with new ones. The goal is to make the 2020 elections secure. “There’s a lot of work to do before 2020 but I think there’s definitely opportunities to make sure that the reported outcomes are correct in 2020,” said Marian Schneider, president of the election integrity watchdog Verified Voting. “I think that people are focusing on it in a way that has never happened before. It’s thanks to the Russians.” The purchases replace machines from the turn of the century that raise serious security concerns. But the same companies that made and sold those machines are behind the new generation of technology, and a history of distrust between election security advocates and voting machine vendors has led to a bitter debate over the viability of the new voting equipment – leaving some campaigners wondering if America’s election system in 2020 might still be just as vulnerable to attack.

National: Mueller report highlights scope of election security challenge | The Washington Post

Special counsel Robert S. Mueller III’s investigation of the “sweeping and systematic fashion” in which Russia interfered in the 2016 election highlights the breadth and complexity of the U.S. voting infrastructure that needs protecting. From voter registration to the vote itself to election night tabulation, there are countless computers and databases that offer avenues for foreign adversaries to try to create havoc and undermine trust in the democratic process. In addition to targeting the Democratic Party and Clinton campaign in 2016, Mueller noted in his report, Russian hackers also went after election technology firms and county officials who administer the vote — officials often without the resources to hire information technology staffs. [Through email leaks and propaganda, Russians sought to elect Trump, Mueller finds] “The Mueller report makes clear that there’s a much larger infrastructure that we have to protect,” said Lawrence Norden, an election security expert at New York University Law School’s Brennan Center for Justice. “There’s clearly a lot to do before 2020.”

National: Cyber aspects of Mueller report tread familiar ground on ’16 election hacks | InsideCyberSecurity

The redacted Mueller report on Russia and the 2016 elections contains politically contentious elements on collusion and obstruction of justice, but the aspects directly related to cybersecurity largely have been released and absorbed through earlier reports and indictments. The document released Thursday by the Justice Department is in a format that’s not searchable, but there are parts on cyber issues such as botnets, which is heavily redacted, and lengthy discussion of what Russian agents did to hack into computers associated with the presidential campaign of Democrat Hillary Clinton. The basic cybersecurity issues involved have been known for some time and were reflected in the Senate Intelligence Committee’s election-security recommendations issued in March 2018. Intelligence Chairman Richard Burr (R-NC) said Thursday that final reports from his committee’s Russia probe will begin coming out in a matter of “weeks.”

National: Mueller Report: Russia Funded US Election Snooping, Manipulation with Bitcoin | GCN

It is no news by now that the long-awaited Mueller Report has revealed extensive Russian efforts to interfere with the 2016 U.S. presidential election. While much attention has been focused on whether or not president Donald Trump was in any way complicit with these efforts, what is less reported is that the report showed that state-backed Russian operatives used bitcoin extensively in their attempts to impede Hilary Clinton and help Donald Trump’s campaign. According to the report, agents working on behalf of Russian military intelligence used bitcoin to do everything from purchasing VPNs to buying domains hosting political propaganda. This was part of a wide-reaching and apparently successful attempt to hack the 2016 election that saw Trump emerge victorious against all expectations. While this may not be news to anyone familiar with cryptocurrencies, the Russian agents apparently worked under the mistaken assumption that the mere fact of their transactions being carried out using cryptocurrency made them anonymous and untraceable. In fact, as has been demonstrated several times, bitcoin transactions are not that difficult to trace, given the presence of some key data.

National: 2020 Campaigns Are Still Vulnerable to Cyber Attacks | Time

Most Americans aren’t yet paying a lot of attention to the 2020 presidential campaign. The same can’t be said for Russian spies. Aides and advisers to the vast field of Democratic hopefuls are ringing alarm bells, telling their bosses they should assume that Moscow is laying the groundwork to disrupt, if not derail, their campaigns, just as Russian intelligence did to Hillary Clinton’s in 2016. But interviews with the campaigns show cyber security is a secondary concern, with most of the campaigns contacted by TIME say they have not “finalized” their tech plan or hired a security chief. The biggest problem is money. Every campaign focuses vast amounts of effort raising money to compete on ground troops, ads and campaign offices in key locations. Spending precious cash on cyber tools, whose successful deployment results in a non-event, is hard to defend. “There’s nothing sexy about it,” says Mike Sager, the chief technology officer at EMILY’s List, a group that works to elect women who support abortion rights. But, he says, “the folks who have been through it, who know what happens when you don’t do this, get it.” Nobody disputes the threat. Russia’s larger goals remain the same as they were in 2016: making American democracy look bad. “It is about the legitimacy of democracy and about the trust people have in their democracy,” said Eric Rosenbach, a former Pentagon chief of staff who now heads Harvard’s Defending Digital Democracy program. “Unfortunately, there are a lot of different ways in the information age that bad actors and nefarious nation-states can undermine that.”

National: Democrats Urge Judge Not to Dismiss Russian Hacking Suit | Bloomberg

While much of the U.S. was poring over the Mueller Report, the Democratic National Committee argued Thursday that its civil suit against President Donald Trump, the Russian Federation, WikiLeaks and members of the Trump campaign and White House should go forward. The DNC claims the defendants violated U.S. racketeering, computer fraud and other laws by conspiring to hack emails from DNC computers and leak them in advance of the 2016 election in a “brazen attack on American democracy.” The conspiracy sought to help Trump become president and continued into his presidency, according to the DNC. “After securing Trump’s grip on power, defendants worked tirelessly to keep it, lying to the American public, Congress, the Justice Department and the FBI to conceal any misconduct that jeopardized Trump’s presidency,” the DNC said in court papers filed late Thursday in Manhattan federal court.

National: Mueller report is a reminder that Russian hack hit House races, too | Roll Call

Special counsel Robert S. Mueller III’s report provided new details Thursday about how Russian agents hacked into Democratic Congressional Campaign Committee computers in 2016, renewing the question of whether the two parties would agree not to use stolen material in future political attacks. Leaders of the DCCC and the National Republican Congressional Committee came close to such an an agreement in late 2018, but talks broke down. The two committees, which have new leaders for the 2020 cycle, have not restarted discussions. The DCCC is interested in re-engaging in talks, according to a source familiar with the committee’s thinking. The NRCC declined to comment. The group’s new chairman, Minnesota Rep. Tom Emmer, was more focused Thursday on attacking the politics of investigating President Donald Trump. “It is time for the emotional, socialist Democrats to knock it off with their childish temper tantrums, accept reality and get back to work,” he said in a statement. DCCC Chairwoman Cheri Bustos could not be reached immediately for comment.

National: Mueller Report Raises New Questions About Russia’s Hacking Targets In 2016 | NPR

While the headlines about special counsel Robert Mueller’s report have focused on the question of whether President Trump obstructed justice, the report also gave fresh details about Russian efforts to hack into U.S. election systems. In particular, the report said, “We understand the FBI believes that this operation enabled [Russian military intelligence] to gain access to the network of at least one Florida county government” during the 2016 campaign. That came as news to Paul Lux, president of the Florida State Association of Supervisors of Elections — which has been working closely with federal authorities to protect their election systems against such attacks. “I haven’t heard even a whisper” about such a breach, Lux told NPR, noting that the report referred to a county “government” office network, not specifically to an “elections” office, although the two are frequently connected. It’s unusual that such a breach would occur and Florida officials would not know about it. For the past two years, election officials around the country have been working with both the Department of Homeland Security and the FBI to share information about potential security threats. They have set up several national communications networks specifically for that purpose.

National: House Homeland Committee wants more cyber funding for DHS | FCW

Twenty-eight members of the House Homeland Security Committee are urging appropriators to boost cyber funding at the Department of Homeland Security above what the White House has requested. In a letter sent to the House Appropriations Committee, the signatories — including Chairman Bennie Thompson (D-Miss.) and ranking member Mike Rogers (R-Ala.) — asked for a raise in the spending cap for DHS cyber spending, saying years of flat funding levels at the department will not be enough to “properly resource” the newly established Cybersecurity and Infrastructure Security Agency and its mission. “We urge the committee to break from the status quo and increase the Homeland Security Subcommittee’s 302(b) allocation commensurate with the threat,” the members wrote. “It is imperative that [the allocation] enable CISA to mature and grow the services it provides to secure federal and critical infrastructure networks.” The letter cited increasing threats to federal data, election infrastructure, critical infrastructure sectors and “long-standing threats from nation-states, terrorists, transnational criminal organizations and other malicious actors” to justify an elevation in funding. Members highlighted how past funding increases have helped DHS and CISA expand their services to state and local governments to secure election and voting systems and incorporate additional federal agencies into cybersecurity programs like Einstein and Continuous Diagnostics and Mitigation.

National: How Will Cybersecurity Influence the 2020 US Election Cycle? | HeadStuff

The air is undeniably tense surrounding the next United States presidential race. Not only does the Land of the Free currently have one of the most controversial commanders-in-chief in its history, but the issues at stake are being approached from more partisan, polarised angles than ever before. Whether it’s women’s rights, the tax plan, or guns and public health, you cannot deny the stiff atmosphere in politics today. There’s a topic that’s become a bigger issue than it was four years ago, however: data protection. Cybersecurity is already a hot topic in the media. Of course, data security was previously a concern to the people who knew a thing or two about it, but the public was largely focused on other issues. But now, cybersecurity has become a public cause of concern. With the emerging news in the last few years about Russia’s attempts to tamper with the 2016 election, the American people are skeptical like never before. This begs a few questions: What role is cybersecurity going to play in our upcoming presidential debates? How will it be discussed in the media? And how will the public come down on these important issues?

National: The cyber teams that helped stop Russian election interference | Fifth Domain

When Pentagon leaders tasked Air Force cyber teams with helping prevent Russian trolls from influencing the 2018 midterm elections, it marked the first time those forces were tasked with such a mission under new authorities. Department of Defense has openly discussed their success in keeping the midterm elections free from Russian interference, but officials have provided few details about which teams were tasked with doing so. During an April 11 event at Langley Air Force Base, Gen. James Holmes, commander of Air Combat Command, said Maj. Gen. Robert Skinner, the head of Air Forces Cyber, was ordered and given the authority to defeat Russian influence operations. “It’s the first time we’ve really had the authority to go operate and do that in the cyber environment,” Holmes said. Cyber authorities have typically been held at the highest levels of government making them difficult to be approved for rapid use, but over the last year the Trump administration has begun to loosen those restrictions in an attempt to make it easier for commanders to employ cyber tools faster and react more quickly to adversaries in a domain that is measured in milliseconds.

National: Feds say Russian 2016 election meddling spanned all US states | Naked Security

A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race. The report is called a joint intelligence bulletin (JIB), and it comes from the Department of Homeland Security and the FBI. It is an unclassified document intended for internal distribution to state and local authorities. Intelligence newsletter OODA Loop reports that the JIB reveals stronger evidence of Russian interference. Agencies believe that Russian agents targeted more than the 21 states initially suspected. According to the bulletin:

Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified, bringing the number of states known to be researched by Russian actors to greater than 40.

Although there are some gaps in the data, the bulletin claims “moderate confidence” that Russia conducted “at least reconnaissance” against all US states because its research was so methodical, it added.

National: Inside the Russian effort to target Sanders supporters — and help elect Trump | The Washington Post

After Bernie Sanders lost his presidential primary race against Hillary Clinton in 2016, a Twitter account called Red Louisiana News reached out to his supporters to help sway the general election. “Conscious Bernie Sanders supporters already moving towards the best candidate Trump! #Feel the Bern #Vote Trump 2016,” the account tweeted. The tweet was not actually from Louisiana, according to an analysis by Clemson University researchers. Instead, it was one of thousands of accounts identified as based in Russia, part of a cloaked effort to persuade supporters of the senator from Vermont to elect Trump. “Bernie Sanders says his message resonates with Republicans,” said another Russian tweet. While much attention has focused on the question of whether the Trump campaign encouraged or conspired with Russia, the effort to target Sanders supporters has been a lesser-noted part of the story. Special counsel Robert S. Mueller III, in a case filed last year against 13 Russians accused of interfering in the U.S. presidential campaign, said workers at a St. Petersburg facility called the Internet Research Agency were instructed to write social media posts in opposition to Clinton but “to support Bernie Sanders and then-candidate Donald Trump.” That strategy could receive new attention with the release of Mueller’s report, expected within days.  

National: DHS, FBI say election systems in all 50 states were targeted in 2016 | Ars Technica

A joint intelligence bulletin (JIB) has been issued by the Department of Homeland Security and Federal Bureau of Investigation to state and local authorities regarding Russian hacking activities during the 2016 presidential election. While the bulletin contains no new technical information, it is the first official report to confirm that the Russian reconnaissance and hacking efforts in advance of the election went well beyond the 21 states confirmed in previous reports. As reported by the intelligence newsletter OODA Loop, the JIB stated that, while the FBI and DHS “previously observed suspicious or malicious cyber activity against government networks in 21 states that we assessed was a Russian campaign seeking vulnerabilities and access to election infrastructure,” new information obtained by the agencies “indicates that Russian government cyber actors engaged in research on—as well as direct visits to—election websites and networks in the majority of US states.” While not providing specific details, the bulletin continued, “The FBI and DHS assess that Russian government cyber actors probably conducted research and reconnaissance against all US states’ election networks leading up to the 2016 Presidential elections.” DHS-FBI JIBs are unclassified documents, but they’re usually marked “FOUO” (for official use only) and are shared through the DHS’ state and major metropolitan Fusion Centers with state and local authorities. The details within the report are mostly well-known. “The information contained in this bulletin is consistent with what we have said publicly and what we have briefed to election officials on multiple occasions,” a DHS spokesperson told Ars. “We assume the Russian government researched and in some cases targeted election infrastructure in all 50 states in an attempt to sow discord and influence the 2016 election.”

National: Election machine vendors back legislation requiring post-election audits, vulnerability disclosure | InsideCyberSecurity

Two major election machine vendors stated their support for requiring post-election audits to ensure the validity of election results in the case of a cyber attack or other tampering, in response to questions recently posed by senior Senate Democrats. Sens. Amy Klobuchar (D-MN), Gary Peters (D-MI), Jack Reed (D-RI), and Mark Warner (D-VA) sent letters last month to the three largest election machine vendors asking whether the companies would support legislation around post-election audits and what cyber controls are in place to secure the vote. In its response submitted on Tuesday, Hart InterCivic wrote that “robust post-election audits are the most compelling response” to threats posed by outdated technology. “Auditing is the most transparent and effective means to demonstrate that election outcomes accurately reflect the intention of voters,” Hart wrote. “Hart unequivocally supports state efforts to strengthen auditing procedures.” Tom Burt, the president and CEO of Election Systems and Software, also supported the idea of legislation around post-election audits, writing that the company “strongly supports legislation that would expand the use of routine post-election audits. ES&S believes that successful post-election audits, including risk-limiting audits such as those which have recently occurred in several jurisdictions, will increase confidence in our country’s election process.”

National: Cybersecurity Campaign Aid Delayed by Corporate Money Fears | Bloomberg

The Federal Election Commission delayed a vote on a plan to provide free cybersecurity assistance for campaigns, with the panel’s chairwoman voicing concerns it could the open the door to corporate money in campaigns. Ellen Weintraub said she supported the goal of cybersecurity but questioned whether the proposal could grant broad leeway for providing aid to campaigns outside the limits and restrictions of campaign finance law, including a longstanding ban on corporate contributions to candidates. “We do not want to inadvertently blow a hole in the corporate contribution ban,” the Democratic chairwoman said at a commission meeting today. The nonprofit watchdog Campaign Legal Center, which had voiced similar concern about the initial proposal, has signed off on a compromise that includes language emphasizing the aid is tied to the imminent threat of illegal foreign interference in elections. The commission may take up the issue again at its scheduled April 25 meeting.

National: After Arrest of Julian Assange, the Russian Mysteries Remain | The New York Times

In June 2016, five months before the American presidential election, Julian Assange made a bold prediction during a little-noticed interview with a British television show. “WikiLeaks has a very big year ahead,” he said, just seconds after announcing that the website he founded would soon be publishing a cache of emails related to Hillary Clinton. He was right. But an indictment unsealed on Thursday charging Mr. Assange with conspiring to hack into a Pentagon computer in 2010 makes no mention of the central role that WikiLeaks played in the Russian campaign to undermine Mrs. Clinton’s presidential chances and help elect President Trump. It remains unclear whether the arrest of Mr. Assange will be a key to unlocking any of the lingering mysteries surrounding the Russians, the Trump campaign and the plot to hack an election. The Justice Department spent years examining whether Mr. Assange was working directly with the Russian government, but legal experts point out that what is known about his activities in 2016 — including publishing stolen emails — is not criminal, and therefore it would be difficult to bring charges against him related to the Russian interference campaign. Numerous significant questions are left unanswered, including what, if anything, Mr. Assange knew about the identity of Guccifer 2.0, a mysterious hacker who American intelligence and law enforcement officials have identified as a front for Russian military intelligence operatives.

National: Comey Says Trump’s Silence Invites Another Russia Election Hack | Bloomberg

Former FBI Director James Comey said the U.S. remains unprepared for another attack on its elections and faulted the attorney general for suggesting that the government was “spying” on Donald Trump’s presidential campaign in 2016. Echoing the findings of U.S. intelligence agencies, Comey said Russia intervened in the 2016 election to damage American democracy, undermine Democratic nominee Hillary Clinton and bolster Trump. Russian officials have denied the accusations. But Comey said Trump’s “denial of a fundamental attack” on the U.S. means “we’re inviting it to happen again with our president’s silence.” The former FBI leader also said he was concerned by Attorney General William Barr’s comments on Wednesday that he’s starting his own inquiry into counterintelligence decisions that may have amounted to political espionage, including actions taken during the Russia probe in 2016. “I really don’t know what he’s talking about when he talks about spying on the campaign,” Comey said. “The FBI and Department of Justice conduct court-ordered surveillance. If the attorney general has come to the belief that that should be called spying, wow, that’s going to inspire a whole lot of conversations in the Department of Justice.”

National: Divided Congress can’t agree on fix for ‘dangerous’ Russian election meddling | McClatchy

Despite clear and compelling evidence of a Russian plot to disrupt the 2016 presidential election, partisanship has all but killed any chance that Congress will pass legislation to shore up election security before voters cast their ballots next year. Republicans and Democrats in Congress largely agree with Special Counsel Robert Mueller’s finding that Russia tried to meddle in U.S. democracy — and that foreign interference remains a serious threat. “Russia’s ongoing efforts to interfere with our democracy are dangerous and disturbing,” said Senate Majority Leader Mitch McConnell, R-Kentucky, after Mueller finalized his investigation last month. But McConnell has made it clear that he’s unlikely to allow the Senate to vote on any election-related legislation for the foreseeable future. Republican Sen. Roy Blunt of Missouri, who chairs the Senate Rules Committee that has jurisdiction over election security legislation, blames House Democrats for McConnell’s hardline stance. Blunt said Democrats overreached in January when they passed H.R. 1, a sweeping measure focused on voting rights, campaign finance, and government ethics.

National: Registered to vote? Your state may be posting personal information about you online. | The Washington Post

Americans routinely hemorrhage personally identifiable information (PII) across social media and other websites. On almost a weekly basis, PII bleeds out in dramatic breaches like the recent one at Toyota that exposed 3.1 million customers or another at Georgia Tech in which an “unknown outside entity” illegally accessed data for more than 1 million students, faculty members and alumni. Some 26 million Americans were victims of identity theft in 2016, according to the Bureau of Justice Statistics. One way thieves, scammers and psychopaths perform reconnaissance on their victims is to find them via Google or social media. A fair start — but information on the Internet is often inaccurate. If I were a malicious actor looking for a victim’s PII, I’d begin where the data is government-certified. Tax records and housing data are PII treasure troves but not all records are digitized. Political contributions can be valuable — if a person gave money to a candidate over a certain amount. Yet, an exposed area still exists. States hold important personal records of American voters through their secretary of state (SOS) websites. In most states, some or all of this information is accessible to anyone with an Internet connection. I have an Internet connection. And until recently, I ran the open source intelligence division at a cybersecurity firm. So, I tried to access all 50 states’ (and the District’s) online voter registration systems. In the process, I was able to obtain personal information about the citizens of 40 different states, from Alaska to Arkansas, West Virginia to Wisconsin, New Mexico to North Carolina. In some states, that PII included personal addresses, historic voter data and race.

National: Cybersecurity toolkits ahead for elections and media people | Politico

The founder of Craigslist and the Global Cyber Alliance are teaming up to provide free cyber defense toolkits to election officials, nonprofit election rights groups and the media modeled after the ones GCA recently pioneered for small businesses. Craig Newmark Philanthropies is offering GCA more than $1 million for the project, and GCA is netting $1.5 million from other sources, the groups are announcing today. “Elections bodies and the media are facing increasingly sophisticated cyberattacks that can impair the exercise of democracy and affect election results, and they are not prepared to deal with the threat,” Phil Reitinger, president and CEO of the GCA, told MC. The idea is to assemble a set of immediately available resources, rather than just advice. “I’ve been lucky enough to do well and put my money where my mouth is and help protect the people who protect our country,” Newmark told MC.