National: Election security in 2020 means a focus on county officials, DHS says | CNET

As special counsel Robert Mueller's investigation on Russian hacking and collusion with the Trump campaign ends, the Department of Homeland Security is gearing up to prevent a repeat for the 2020 US presidential election. The federal agency, which formed the Cybersecurity and Infrastructure Security Agency last November, said that it's "doubling down" on its efforts, calling election security for 2020 a top priority. It hopes to do that by focusing on local election officials, Matt Masterson, a DHS senior adviser on election security, said in an interview with CNET. The emphasis on local represents a new tact as the DHS tries to shut down foreign interference in the US elections. While the agency worked with all 50 states during the 2018 midterm elections, security experts said the outreach needs to zoom in on a county level. There are about 8,800 county election officials across the US, and they are the people responsible for your voting machines, your polling place's security and handling vote auditing.

National: What Will Mueller’s Russia Report Mean For Election Security In 2020? | WMOT

The release of special counsel Robert Mueller's report may provide Americans with the best playbook yet on how to defend democracy in the lead-up to the 2020 presidential election. In the days since Attorney General William Barr's letter to Congress, much of the focus has boiled down to one line from President Trump: "No Collusion, No Obstruction." But judging by Barr's language and the details that have come to light through indictments filed by Mueller's team over the past two years, the report may also reveal more about how Russia attacked the 2016 U.S. presidential election. The report's first section, according to Barr, focuses on Russian "computer hacking operations," which included the theft of emails from the Democratic National Committee and Hillary Clinton's campaign, as well as agitation online to try to exacerbate divisions among Americans. Barr's summary didn't address an aspect of the interference that Mueller has described elsewhere, including the cyberattacks that targeted state elections infrastructure.

National: ‘Russian playbook’ remains after Mueller report wraps up | Associated Press

The collusion question now answered, another one looms ahead of 2020: Will U.S. elections be secure from more Russian interference? The 22-month-long special counsel investigation underscored how vulnerable the U.S. was to a foreign adversary seeking to sow discord on social media, spread misinformation and exploit security gaps in state election systems. With the presidential primaries less than a year away, security experts and elected officials wonder whether the federal government and the states have done enough since 2016 to fend off another attack by Russia or other hostile foreign actors. "Although we believe that Russia didn't succeed in changing any vote totals, the Russian playbook is out there for other adversaries to use," said Virginia Sen. Mark Warner, a Democrat and vice chairman of the Senate Committee on Intelligence. "As we head towards the 2020 presidential elections, we've got to be more proactive in protecting our democratic process." Special counsel Robert Mueller detailed the sweeping conspiracy by the Kremlin to meddle in the 2016 election in an indictment last year, charging 12 Russian military intelligence officers with hacking the email accounts of Clinton campaign officials and breaching the networks of the Democratic Party. The indictment also included allegations the Russians conspired to hack state election systems and stole information on about 500,000 voters from one state board of elections' computers.

National: DARPA Is Building a $10 Million, Open Source, Secure Voting System | Motherboard

For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven’t been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don’t have to blindly trust that the machines and election officials delivered correct results.

National: Voting tech creates growing concern for local officials | The Hill

Some voters in Johnson County, Ind., found themselves waiting for hours to cast their ballots in last year’s midterm elections, but not because of a massive surge in turnout or malfunctioning voting machines. What struggled to work were the electronic poll books used to check a voter's registration, triggering long lines at polling stations. A state investigation determined that the vendor for the e-poll books, Election Systems & Software (ES&S), was responsible for the technical issue, and the Johnson County election board ultimately voted to terminate the contract. ES&S is one of the biggest voting machine vendors in the country. And despite the report's findings, other counties in Indiana have continued to work with it, including some that recently signed new contracts. Experts told The Hill that the scenario underscores the new issues that local election officials have to consider as they juggle the benefits and security risks of voting technology, particularly in light of heightened concerns over election hacking.

National: State election officials opt for 2020 voting machines vulnerable to hacking | Politico

Election officials in some states and cities are planning to replace their insecure voting machines with technology that is still vulnerable to hacking. The machines that Georgia, Delaware, Philadelphia and perhaps many other jurisdictions will buy before 2020 are an improvement over the totally paperless devices that have generated controversy for more than 15 years, election security experts and voting integrity advocates say. But they warn that these new machines still pose unacceptable risks in an election that U.S. intelligence officials expect to be a prime target for disruption by countries such as Russia and China. The new machines, like the ones they’re replacing, allow voters to use a touchscreen to select their choices. But they also print out a slip of paper with the vote both displayed in plain text and embedded in a barcode — a hard copy that, in theory, would make it harder for hackers to silently manipulate the results. Security experts warn, however, that hackers could still manipulate the barcodes without voters noticing. The National Academies of Sciences, Engineering and Medicine has also warned against trusting the barcode-based devices without more research, saying they “raise security and verifiability concerns.”

National: I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming | WIRED

In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay. Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online. If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn’t work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the “Property Of” government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.

National: U.S. Military Steps Up Cyberwarfare Effort | Govenment Technology

The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process. It started with texts in October 2018. Russian hackers operating in the Internet Research Agency – the infamous “troll factory” linked to Russian intelligence, Russian private military contractors and Putin-friendly oligarchs – received warnings via pop-ups, texts and emails not to interfere with U.S. interests. Then, during the day of the election, the servers that connected the troll factory to the outside world went down.

National: Election security threats loom as presidential campaigns begin | TechTarget

Never has it been more important to have a mechanism to audit U.S. voting results, but experts say election security risks combined with the weaponization of social media make the task more difficult than ever. The electronic voting systems used in a number of states are a concern for security experts who have seen serious flaws in these systems. If the 2020 U.S. election results are disputed by a candidate, there must be a clear way to show voting results are accurate to ensure a peaceful transition of government, said Avi Rubin a computer science professor at Johns Hopkins University, during an RSA Conference 2019 session on election hacking. … Ronald Rivest, a professor in MIT's Cryptography and Information Security research group, said during a separate session at RSA Conference that "keeping it simple with low-tech paper ballots" is the lesson learned over the past decade. We still need to know that the tabulation of those ballots is accurate, via audits, and states like Colorado and Rhode Island are piloting new risk-limiting audit systems, Rivest said.

National: New ‘Hybrid’ Voting System Can Change Paper Ballot After It’s Been Cast | WhoWhatWhy

For years, election security experts have assured us that, if properly implemented, paper ballots and routine manual audits can catch electronic vote tally manipulation. Unfortunately, there is no universal definition of “paper ballot,” which has enabled vendors and their surrogates to characterize machine-marked paper printouts from hackable ballot marking devices (BMDs) as “paper ballots.” Unlike hand-marked paper ballots, voters must print and inspect these machine-marked “paper ballots” to try to detect any fraudulent or erroneous votes that might have been marked by the BMD. The machine-marked ballot is then counted on a separate scanner.

Most independent cybersecurity election experts caution against putting these insecure BMDs between voters and their ballots and instead recommend hand-marked paper ballots as a primary voting system (reserving BMDs only for those who are unable to hand mark their ballots). But vendors and many election officials haven’t listened and are now pushing even more controversial “hybrid” systems that combine both a BMD and a scanner into a single unit. These too are now sold for use as a primary voting system.

Unlike hand-marked paper ballots counted on scanners and regular non-hybrid BMDs,  these new hybrid systems can add fake votes to the machine-marked “paper ballot” after it’s been cast, experts warn. Any manual audit based on such fraudulent “paper ballots” would falsely approve an illegitimate electronic outcome. According to experts, the hybrid voting systems with this alarming capability include the ExpressVote hybrid by Election Systems & Software, LLC (ES&S), the ExpressVote XL hybrid by ES&S, and the Image Cast Evolution hybrid by Dominion Voting.

National: ‘We’re doubling down.’ DHS insists it’s not reducing election security efforts | The Washington Post

The Homeland Security Department is actually surging its efforts to protect elections against foreign hackers during the two years leading up to the 2020 elections -- not winding them down, the agency's top cybersecurity official insists. Chris Krebs, who leads DHS’s Cybersecurity and Infrastructure Security Agency, was punching back Thursday against a Daily Beast report citing anonymous staffers who said the department was reducing its election security efforts following the midterms to invest more in border security and other Trump administration priorities. “The department’s election security and countering foreign influence security-related efforts are not going anywhere,” Krebs said. “In fact, we’re doubling down.” The article made waves in the security community because even a perception that the government isn’t serious about securing elections against Russian hackers could damage trust in the result in the 2020 election.  Federal officials — including Krebs himself — have warned Russia may have viewed the midterms as merely a “warm-up” for 2020 when more Americans will be looking for signs of foreign influence. That stakes for officials such as Krebs are especially high because President Trump has wavered on whether he believes Russia was responsible for its hacking and disinformation campaign to influence the 2016 presidential contest.

National: CISA says it’s ramping up election security efforts for 2020 | FCW

The head of the Department of Homeland Security's cybersecurity wing is pushing back on a media report that the agency has scaled back personnel and resources from its combatting foreign election interference. Cybersecurity and Infrastructure Security Agency Director Chris Krebs hosted a conference call with reporters less than 24 hours after The Daily Beast published a story that quoted multiple anonymous DHS officials who said two CISA task forces focused on coordinating the department's response to foreign influence in U.S. elections were significantly downsized shortly after the mid-terms. Krebs didn't deny that personnel levels for the task forces were reduced. He characterized the task forces as temporary vehicles to address an emerging threat while CISA worked to hire staff and build more permanent institutional capacity to tackle the issue.

National: DHS Guts Task Forces Protecting Elections From Foreign Meddling | The Daily Beast

Two teams of federal officials assembled to fight foreign election interference are being dramatically downsized, according to three current and former Department of Homeland Security officials. And now, those sources say they fear the department won’t prepare adequately for election threats in 2020. “The clear assessment from the intelligence community is that 2020 is going to be the perfect storm,” said a DHS official familiar with the teams. “We know Russia is going to be engaged. Other state actors have seen the success of Russia and realize the value of disinformation operations. So it’s very curious why the task forces were demoted in the bureaucracy and the leadership has not committed resources to prepare for the 2020 election.”

National: Lawmakers quiz officials on 2020 election security measures | The Hill

Lawmakers questioned federal officials Wednesday about the importance of passing election security measures ahead of the 2020 contests, pressing witnesses on the threat posed by foreign actors to influence U.S. elections. Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security (DHS), testified during the House Homeland Security Committee hearing Wednesday that the federal government is “lightyears ahead” of where it was in 2016 when it came to communicating with state and local officials. But he said improving outreach and communication with those officials is a top priority for his department ahead of 2020. Krebs also said that being able to audit elections is a pressing issue for his agency, and that records of votes, like paper trails, will help officials confirm election results. The DHS official added that basic cybersecurity remains a crucial issue, saying he fears any gaps could expose vulnerabilities in systems that could be abused by hackers.

National: This key House Republican is open to mandates on states for election security | The Washington Post

As the House Homeland Security Committee meets for the first election security hearing of 2019 today, Congress is still far away from a grand bargain to help protect state election systems from foreign hackers. But the goalposts may be changing with Democrats in charge of the House. The new top Republican on the committee, Rep. Mike Rogers (Ala.), tells me he's ready to impose requirements on states to secure their election systems against hackers. He called for a baseline of security states must meet before receiving money from the government to upgrade outdated and vulnerable voting machines and secure other election infrastructure. “We want to get some minimum standards that have to be adhered to," Rogers tells me. And he says he's willing to work with Democrats to get it done.

National: House Democrats, Republicans cross swords over election security bill | Politico

Democrats and Republicans have clashed before over H.R. 1, the House Dems’ sweeping package of democracy and governance proposals, but today the fight goes directly to the election security provisions of the bill. The House Homeland Security panel holds a hearing today on the measure with testimony from DHS’s top cyber official, Cybersecurity and Infrastructure Security Agency Director Chris Krebs, Election Assistance Commission Chairman Thomas Hicks and others. A CISA official told MC: “Director Krebs will confirm election security remains a priority for CISA in the run up to 2020, laying out the Agency’s plan to work with State and local election officials on broader engagement, better defining risk to election systems, and understanding the resources to manage that risk.” At least one witness — Jake Braun, a former Obama administration official who now works as executive director of the University of Chicago's Cyber Policy Initiative and an organizer of DEF CON's Voting Village — endorses the bill’s election security ideas in his prepared testimony. He praises the provisions mandating auditable paper trails and authorizing voting infrastructure research and development funds.

National: State and Local Elections Experts Weigh-In on Security Concerns | MeriTalk

With the 2020 national election cycle on the horizon, House Homeland Security Committee Chairman Bennie Thompson, D-Miss., convened a hearing Wednesday to examine the how the United States was working to secure its elections. The hearing, broken into two panels, heard from senior Federal election officials, as well as state and local election officials. During the first half of the hearing Christopher Krebs, director of the newly minted Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), stressed that election cybersecurity is on the upswing. However, the second half of the hearing held a slightly different tone, with California Secretary of State Alex Padilla declaring that “our democracy is under attack.”

National: Cyber chief pushes audits as key to election security | FCW

The nation's top cybersecurity official told Congress that the ability to audit voting machines after elections is critical for ballot security. "The area that I think we need to invest the most in the nation is ensuring auditability across infrastructure," Christopher Krebs, head of the Cybersecurity and Infrastructure Security Agency said at a Feb. 13 hearing of the House Homeland Security Committee. "If you don't know what's happening and you can't check back at what's happening in the system -- you don't have security." While 34 states and the District of Columbia have some laws mandating post-election audits, according to the National Conference of State Legislatures, Congress has been unable to agree on how hard or soft to make such language in legislation. Krebs and Election Assistance Commission (EAC) Chair Thomas Hicks endorsed the need for greater auditability, though both deferred to states on the question of whether it should be done digitally or by hand.

National: Manafort Found to Have Lied to Prosecutors While Under a Cooperation Agreement | The New York Times

A federal judge ruled on Wednesday that Paul Manafort, President Trump’s former campaign chairman, had breached his plea agreement by lying multiple times to prosecutors after pledging to cooperate with the special counsel’s investigation into Russia’s interference in the 2016 election. The decision by Judge Amy Berman Jackson of United States District Court in Washington may affect the severity of punishment that awaits Mr. Manafort. Judge Jackson is scheduled to sentence him next month on two conspiracy counts, and he is also awaiting sentencing for eight other counts in a related fraud case. After Mr. Manafort agreed in September to cooperate with the office of the special counsel, Robert S. Mueller III, the judge found, he lied about his contacts with a Russian associate during the campaign and after the election. Prosecutors claim that the associate, Konstantin V. Kilimnik, has ties to Russian intelligence, and have been investigating whether he was involved in Russia’s covert campaign to influence the election results.

National: Senate committee leaders worry no one’s in charge on cybersecurity | The Washington Post

Responsibility for the nation’s cybersecurity is spread piecemeal throughout the government without a single person or agency in charge. That creates dangerous gaps that U.S. adversaries could exploit to hack the government or critical infrastructure, two prominent Senate Republicans told me. Homeland Security Chairman Ron Johnson (Wis.) and Mike Rounds (S.D.), chair of the Armed Services Committee’s cyber panel, are mulling how they might create a centralized government authority for cybersecurity issues. The goal would be an office that could make sure the Homeland Security, Defense and Justice departments are effectively sharing information and working toward common goals, the senators said. For example, the Defense Department, which is authorized to conduct clandestine military activities in cyberspace, might not be as clued in as DHS is to how some of those activities could prompt retaliation against U.S. businesses. Rounds also noted that some parts of the government were concerned for several years that Chinese telecom giant Huawei could use its position inside global telecommunications infrastructure to spy on behalf of the Chinese government -- but the U.S. did not act until recently.

National: Where cybersecurity legislation ‘goes to die’ in Congress | Politico

Wisconsin Republican Sen. Ron Johnson leads the committee with broad oversight over the nation’s most important cybersecurity issues, including protecting consumers and U.S. elections from hackers. But he’s also a major reason little legislation on these topics ever passes, according to lobbyists, cybersecurity policy experts, lawmakers and congressional aides from both parties who spoke with POLITICO. Johnson or members of his staff have derailed many of the most significant cybersecurity-related bills in the past four years, including legislation to secure elections, study whether the growing use of encrypted apps hampers law enforcement, and hold companies accountable for the proliferation of insecure connected devices, people who track the legislation told POLITICO.

National: Supreme Court likely to act this week on census dispute | Constitution Daily

Moving with unusual speed, the Supreme Court on Monday set the stage for acting soon – probably on Friday – on the constitutional controversy over asking everyone living in America about their citizenship, as part of the 2020 census. At issue at this point is whether the Justices will take up directly, without waiting for further action in lower courts, the dispute over the contents of the questionnaire that will go to every household across the nation next year. The outcome of the controversy may have a major influence on dividing up seats in the U.S. House of Representatives, on drawing up new election district maps at all levels of government, and about the distribution of billions of dollars in federal money. Although there is a clear dispute among the two sides in the controversy about the legality of adding the citizenship question, everyone involved has now agreed that an answer needs to be forthcoming before the Supreme Court finishes its current term, probably in late June.

National: Security Experts Uneasy as US Barrels Into 2020 Election | Courthouse News

Cautious about the government’s efforts to safeguard the 2020 presidential race, election-security experts worry that the job is too formidable to finish in the time that remains. One issue at stake is outdated voting machines and technology, but Maurice Turner, a senior technologist with the Center for Democracy and Technology, warned that equipment updates require legislatures to make funding appropriations. With the first 2020 primaries scheduled for February, the process of issuing, receiving and evaluating proposals along can take months. After that comes testing and configuration, another months-long process, before the machines can be delivered on a large scale. “No election official wants to be rolling out new equipment 30 or 60 days before the general election,” Turner said in a phone interview, “so they’re going to need to identify other races, other contests they can test this equipment on.”

National: Asked to Stop Investigations, House Digs In | The New York Times

The House Intelligence Committee on Wednesday began a broad inquiry into whether Russia and other foreign powers may be exercising influence over President Trump, acting only hours after a defiant Speaker Nancy Pelosi declared that the House would not be cowed by the president’s “all-out threat” to drop its investigations of his administration. Other committees were zeroing in on similarly sensitive oversight targets. On Thursday, Democrats will begin their quest to secure the president’s long-suppressed tax returns. The chairman of the Judiciary Committee readied a subpoena for the acting attorney general, Matthew G. Whitaker, in case he tried to avoid Democratic questioning. And a House Appropriations subcommittee chairwoman began an inquiry into administration rule-bending during the 35-day partial government shutdown.

National: Voting Rights, Voter Registration Key For Democrats For 2020 Election | NPR

In her response to President Trump's State of the Union, Stacey Abrams went through some of the top issues for the Democratic Party. Health care. Climate change. Gun safety. Then she brought up a topic Democrats are planning to spend a lot of time on over next two years: voting. "Let's be clear. Voter suppression is real," Abrams said. "From making it harder to register and staying on the rolls, to moving and closing polling places, to rejecting lawful ballots, we can no longer ignore these threats to democracy." The past two federal elections seem to have been a tipping point.

National: The U.S. military is quietly launching efforts to deter Russian meddling | The Washington Post

With little public fanfare, U.S. Cyber Command, the military’s new center for combating electronic attacks against the United States, has launched operations to deter and disrupt Russians who have been interfering with the U.S. political system. Like other U.S. cyberwar activities, the disruption effort against Russia is cloaked in secrecy. But it appears to involve, in part, a warning to suspected Russian hackers that echoes a menacing phrase that’s a staple of many fictional crime and spy thrillers: “We know where you live.” Beginning last fall, before the midterm elections, Cyber Command began directly contacting Russians who were linked to operations, such the Internet Research Agency, that allegedly helped coordinate Moscow’s campaign to subvert the 2016 presidential election. The apparent aim was to put people on notice that their covers had been blown, and that their ability to work and travel freely might be affected.

National: Lawmakers Push for the State Department to Help Secure Foreign Elections | Nextgov

As misinformation campaigns and cyberattacks threaten to undermine democracy around the world, lawmakers want the State Department to play a bigger role in helping other countries secure their elections. Sens. Amy Klobuchar, D-Minn., and Dan Sullivan, R-Alaska, on Tuesday reintroduced legislation that would create a program at State to share information about election threats with other countries. Through the Global Electoral Exchange Program, the department would assist allies in adopting best practices around election cybersecurity, transparency and auditing. It would support work to combat misinformation campaigns and end discriminatory voter registration practices. An earlier version of the bill passed the House in September but was never put to a vote in the Senate. “Our election systems—and those of our allies—have become a target for foreign adversaries,” Klobuchar said in a statement. “Safeguarding our democracies must be a priority for us all.”

National: Debate Over Election Reform Bill Gets Heated in House | Courthouse News

Lawmakers on both sides of the aisle raised their voices Wednesday over whether a sweeping election reform bill proposed by Democrats would drain or fill the Washington swamp. The wide-ranging anti-corruption bill, House Resolution 1, includes a provision that would increase transparency in campaign finance by requiring candidates to report where their campaign money comes from. That measure was the focus of committee members from both parties during the nearly four-hour hearing in the House Oversight Committee. Bradley Smith, an expert witness and chairman of the Institute for Free Speech, repeatedly told committee members that the bill would have a “chilling effect” on citizens’ desire to engage in elections through avenues like campaign donations. “You run the risk of regulations swallowing up the entire discourse in which the public engages,” Smith said.

National: Midterm election infrastructure deemed meddle-free, but states seek equipment funding | GCN

The federal government has determined there is no evidence that foreign interference in the 2018 midterm election "had a material impact on the integrity or security of election infrastructure or political [and] campaign infrastructure," the Justice Department announced. DOJ and the Department of Homeland Security said Feb. 5 that they have submitted a classified report to President Donald Trump in accordance with an executive order issued last year to root out and investigate foreign interference targeting American elections or campaigns. The conclusions represent the second half of an interagency process created late last year to assess whether foreign governments made any efforts to hack into voting machines and election systems or alter voter behavior through covert influence campaigns on social platforms and other media.

National: DHS prioritizes restart of election security programs post-shutdown | CNN

Since the shutdown ended, the Department of Homeland Security has prioritized the resumption of its election security programs, some of which were forced to go on hiatus during the lapse in government funding, according to Cybersecurity and Infrastructure Security Agency Director Chris Krebs. "Coming out of the shutdown, anything that had paused on election security-related activities was put on the top of the priority list for restart," he said. Krebs told CNN that if there was an active threat during the shutdown, the department was able to respond by conducting assessments and hunting down the threat. "What paused was the more routine vulnerability assessments," he said. Those included a "couple of the election security-related" assessments run by the department, specifically focused on state networks.