National: Justice Department unveils strategy to fight election meddling, cybercrime | Politico

The Justice Department on Thursday issued a wide-ranging report describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks. Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling. “That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it,” Deputy Attorney General Rod Rosenstein said in unveiling the report at the Aspen Security Forum.

National: How is it even possible that most state election offices are still security nightmares? | BGR

Well, this is reassuring. The midterms are almost upon us, the country is still reeling from the revelations associated with hackers meddling in the 2016 presidential election. And, somehow, most states still have glaring security holes in their election offices that will probably stay that way through the midterms. That’s according to a new report from Politico, which found via a survey of all 50 states that few are planning to shore up their systems before November. Even after getting their share of $380 million in funding Congress appropriated for election security in March. “Only 13 states said they intend to use the federal dollars to buy new voting machines,” Politico reports. “At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.

National: Why security company Cloudflare is protecting U.S. election sites for free | Fast Company

Whatever President Trump says or un-says, it’s clear that election authorities in the U.S. and around the world have faced and will continue to face an onslaught of hacking attacks. While it’s unclear if hackers have been able to actually manipulate vote tallies, anyone from a Russian agent to a “400-pound” hacker sitting on his bed can easily seed mayhem and doubt by knocking voter registration sites offline or posting forged announcements of election results. Now San Francisco-based cloud security provider Cloudflare is offering a free service, called the Athenian Project, to any U.S. election authority for the 2018 polls. About 70 agencies, including 10 state election authorities as well as county- and city- level bodies have signed up, the company announced today. (If other companies are also providing pro-bono election security services, please let me know!) Cloudflare CEO Matthew Prince acknowledges that these are just a “drop in the bucket” out of the over 8,500 election authorities in the US, and he said that any other ones are welcome to join.

National: “Don’t count Russia out,” experts warn on election hacking amid relative calm | Fast Company

As the 2018 midterm election season heats up across the country, U.S. government officials say they’ve yet to see digital attacks by Russia on the scale of the 2016 presidential election–but cybersecurity experts warn that it’s too early to tell, noting that it’s still early in the election cycle. “Right now, there are no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016,” Homeland Security Secretary Kirstjen Nielsen told the National Association of Secretaries of State on Saturday.

National: New voting machines are important, but here are three other ways states are investing in election security | StateScoop

In the past eight days, federal officials — including Dan Coats, the director of national intelligence; Kirstjen Nielsen, the homeland security secretary; and Christopher Krebs, the homeland security undersecretary for cybersecurity — have warned that the Russian hackers who attempted to meddle in the 2016 election are on the prowl again. Depending on who you ask, state election officials are either implementing sweeping new security measures or making minimal progress in safeguarding voters ahead of this November’s general election. Every state has claimed its piece of the $380 million the federal Election Assistance Commission offered for new security measures, and several states’ top election officials have told Congress they’re using the money to harden the firewalls around their voter registration files and to replace antiquated ballot equipment with new machines that offer paper records.

National: Who Should Foot the Bill for a Secure Election System? | The Fiscal Times

In a party-line vote, House Republicans on Thursday blocked a Democratic effort to boost election security funding. The vote was on a procedural motion by Democrats intended to add $380 million for state election security grants in 2019 to a larger spending package. That spending legislation, which includes nearly $59 billion for the Interior Department, Environmental Protection Agency and Treasury Department, was approved, 217-199. Democratic lawmakers chanted “USA! USA!” on the House floor as they sought to support the bill, but Republicans insisted that those grants do not need additional funding given that as states have not yet used up all the money previously allocated to the program. “Over the past decade you’ve seen billions of dollars funded, by Republicans and Democrats, in our bipartisan appropriations each year to do exactly that, secure elections here at home,” House Ways and Means Committee Chairman Kevin Brady (R-TX) said, according to The Washington Post.

National: States slow to prepare for hacking threats | Politico

U.S. intelligence officials and security experts have spent years urging states to shore up their elections’ digital defenses, and the latest indictments from special counsel Robert Mueller drew fresh attention to Russia’s cyberattacks on the 2016 presidential election. But less than four months before the midterm elections that will shape the rest of Donald Trump’s presidency, most states’ election offices have failed to fix their most glaring security weaknesses, according to a POLITICO survey of all 50 states. And few states are planning steps that would improve their safeguards before November, even after they receive their shares of the $380 million in election security funding that Congress approved in March. Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.

National: Yes, The Midterms Will Be Hacked – It’s only a question of how, when — and whether we’ll notice | Weekly Standard

Election meddling may not have been the foremost matter on the president’s mind during his hours-long one-on-one with Vladimir Putin in Helsinki, where Putin publicly denied the findings of American intelligence and Trump didn’t disagree. But Moscow’s interference in our national parties, political campaigns, state election boards, and voter registration software have dominated discussions at state elections meetings and in Washington since 2016. After more than a dozen congressional hearings on the subject, a special DHS commission to monitor election security state-by-state, and one $380-million slice of the omnibus later, are our election systems ready to fight off foreign interference in the midterms? The movement to replace every last highly hackable touch-screen voting machine with a less corruptible one that leaves a paper trail has new momentum, thanks to an influx of federal dollars and a loss of public faith in the integrity of our elections systems. “There’s been an attitude shift,” says Lawrence Norden, of NYU Law School’s Brennan Center. But it’s not enough to fix the problem that makes us vulnerable to the persistent threat of election tampering by Russia or perhaps other nefarious actors. National meetings of secretaries of state—like the one this weekend—and other elections directors’ gatherings have all made “cyber hygiene” a topmost priority, Norden said, “Whereas, in the past a lot of people thought of the need for protection against these threats and the warnings about them as hypothetical and exaggerated.”

National: While Trump Reverses on Election Meddling, States Work to Prevent a ‘Digital Watergate’ | Governing

Many of the nation’s secretaries of state were meeting in Philadelphia with federal Department of Homeland Security (DHS) officials about election security last Friday when news broke that a dozen Russian agents had been indicted for interfering with the 2016 election. “Obviously, this is on the forefront of our minds,” says Vermont Secretary of State Jim Condos, who attended the meeting. “All 50 states and territories are focused on security.” But the indictments aren’t the only bit of troubling news election officials have received in recent days. Last week, Maryland officials announced that the FBI had informed them that ByteGrid LLC, an election vendor that handles the state’s voter registration, election management and election night results sites, is financed by a fund whose manager is Russian and whose top investor is a Russian oligarch. Over the weekend, a Russian woman named Maria Butina was arrested and appeared in court Monday on charges that she was a Kremlin agent who worked to infiltrate the National Rifle Association and other conservative groups in an effort to influence U.S. politics.

National: House GOP refuses to renew election security funding as Democrats fume over Russian interference | The Washington Post

“Maybe the special counsel will announce something in two weeks: ‘Oh, here’s what the Russian indictments really are.’ If we learn something, authorizing committees will come right back to it and we’ll go to it,” Sessions said. “But there is no new data or information, it’s at the end of 3½ billion dollars, and there are no requests.” Democrats dismissed the Republicans’ explanations, saying the need for election security funding has never been clearer in the wake of Trump’s summit with Putin, where the president appeared to give credence to Putin’s assertion that Russia did not interfere in the 2016 election, despite the conclusion of U.S. intelligence agencies that he did. The controversy was inflamed anew Wednesday when Trump appeared to declare that Russia was no longer targeting the United States, contrary to the assertions of the intelligence community — although the White House later said the president was just saying “no” to further questions from the press.

National: Election security bill picks up new support in Senate | The Hill

A legislative proposal aimed at securing U.S. election systems from cyberattack is picking up additional support in the Senate as lawmakers grapple with how to respond to Russian election interference. The bill, spearheaded by Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.), is designed to help states upgrade their digital voting systems and boost information sharing between state and federal officials on potential cyber threats to U.S. elections. The bill picked up new cosponsors in Sens. Mike Rounds and Bill Nelson (D-Fla.), the bipartisan leaders of the Senate Armed Services cyber subcommittee, on Tuesday. Lankford is also hoping that Special Counsel Robert Mueller’s recent indictment of 12 Russian intelligence officers for launching cyberattacks in an effort to interfere with the 2016 election will add more urgency to passing the bill.

National: Thousands of US voters’ data exposed by robocall firm | ZDNet

Another cache of US voter data has leaked. A Virginia-based political campaign and robocalling company, which claims it can “reach thousands of voters instantly,” left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password. The bucket contained close to 2,600 files, including spreadsheets and audio recordings, for several US political campaigns. Kromtech Security’s Bob Diachenko, who discovered the exposed data and blogged his findings, shared prior to publication several screenshots of data, packed with voters’ full names, home addresses, and political affiliations.

National: Trump’s intel chiefs fight Russia’s election interference — with or without him | The Washington Post

President Trump’s top intelligence and national security officials are forging ahead with plans to disrupt any Russian interference ahead of the 2018 midterms. But they may be going it alone following Trump’s performance this week at the summit with Russian President Vladimir Putin in Helsinki. Just hours after Trump cast doubt on his own country’s conclusions about Moscow’s 2016 election interference at Monday’s presser, Director of National Intelligence Daniel Coats said the intelligence community “will continue to provide unvarnished and objective intelligence in support of our national security.”  And on Tuesday, the day after Trump suggested he believed Putin’s denials, my colleague Ellen Nakashima reported that the National Security Agency is partnering with the military’s cyberwarfare arm to counter threats from Moscow going into November. “Trump will keep waffling on Russia’s role in the 2016 election. If Russia interferes again, the national security agencies will have no problem running their past playbook: Name and shame, indict, and sanction,” said Stewart Baker, a former Department of Homeland Security assistant secretary and former general counsel for the NSA. But, he added, “the agencies are going to have to get White House approval for anything more, and I’m guessing the president won’t grant it.”

National: ES&S Admits It Installed Remote-Access Software on Systems Sold to States | Motherboard

The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them. The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,” the spokesperson said.

National: ES&S Admits Installing Remote-Access Software on State Voting Systems | ExtremeTech

In February 2018, Election Systems and Software told the press that it had never installed remote-access software in any of the e-voting systems it has sold in the various US states or to local governments. In April, the company told Senator Ron Wyden’s office (D-OR), that it had sold pcAnywhere remote connection software “to a small number of customers between 2000 and 2006.” The good news about this disclosure is that the systems in question have all been retired and are no longer in use across the United States. But the fact that this happened in the first place, combined with ongoing warnings about the generally poor state of e-voting security, speaks to the depth and breadth of the issues facing the United States’ e-voting system as the 2018 midterm election approaches. The fact that ES&S lied about its own previous behavior to the public until pressured by Senator Wyden’s office says little good about the civic responsibility these companies feel towards ensuring that voting is handled safely. It’s important — just not as important as minimizing any hint of corporate liability.

National: The Biggest Spender of Political Ads on Facebook? President Trump | The New York Times

It’s official: President Trump is the single biggest political advertiser on Facebook. Mr. Trump and his political action committee spent $274,000 on ads on the social network since early May, outpacing the second-biggest spender, Planned Parenthood Federation of America, a nonprofit organization that provides reproductive health care. Planned Parenthood spent just over $188,000 on Facebook ads over the same period. The ads bought by Mr. Trump and his PAC were also seen the most by Facebook’s users, having been viewed by at least 37 million people since May. That compared with 24 million people who saw the second-most viewed group of political ads, which were also from Planned Parenthood.

National: NSA and Cyber Command to coordinate actions to counter Russian election interference in 2018 amid absence of White House guidance | The Washington Post

The head of the nation’s largest electronic spy agency and the military’s cyberwarfare arm has directed the two organizations to coordinate actions to counter potential Russian interference in the 2018 midterm elections. The move, announced to staff at the National Security Agency last week by NSA Director Paul Nakasone, is an attempt to maximize the efforts of the two groups and comes as President Trump in Helsinki on Monday said Russian President Vladi­mir Putin was “extremely strong and powerful” in denying Russian involvement in the presidential election two years ago. It is the latest initiative by national security agencies to push back against Russian aggression in the absence of direct guidance from the White House on the issue.

National: Trump says he accepts Russia meddled in election, but still muddies waters | The Guardian

Donald Trump sought to reverse course on Tuesday, after top Republicans scrambled to distance themselves from his behavior in his meeting with Vladimir Putin in Helsinki. Even then, Trump could not resist muddying the waters further. Speaking to reporters in the Roosevelt Room of the White House, the president stated that he accepted the assessment of US intelligence agencies that Russiainterfered in the 2016 US election – and then, moments later, cast doubt on who was responsible. “Let me be totally clear in saying that … I accept our intelligence community’s conclusion that Russia’s meddling in the 2016 election took place,” Trump said, reading from a prepared script. He then added: “It could be other people also. There’s a lot of people out there.” On Monday, Trump met Putin with only interpreters in attendance for two hours then held a press briefing in which he sided with the Kremlin and against US intelligence services.

National: Indicted Russian firm says it was backing free political speech, not disrupting 2016 election | The Washington Post

A Russian company accused of bankrolling a massive online operation to disrupt the 2016 presidential election argued Monday that it had broken no federal laws, that it was merely supporting free political speech and that the fraud charge against it should be thrown out. Concord Management and Consulting was one of 16 Russian individuals or companies indicted by a federal grand jury in February at the behest of special counsel Robert S. Mueller III. The company is accused of defrauding the government by failing to register as foreign agents and failing to report its election-related expenditures to the U.S. government.

National: Tribal leaders tell Senate voting barriers are persistent, systemic | Cronkite News

Native Americans have been “systematically denied access to fair representation” as a result of persistent barriers to voting, advocates and tribal leaders told a Senate roundtable Tuesday. Witnesses told the informal meeting of senators from the Indian Affairs and Rules committees that tribal voters face a range of challenges, from language barriers, to restrictions with mail-in ballots and lack of access to voting locations. Many of those issues are rooted in “blatant discrimination,” one speaker said. “We should not have to talk about blatant discrimination,” said Jackson Brossy, the executive director of the Navajo Nation Washington Office. “Here we are in 2018. We still face many, many unacceptable barriers to voting for Navajo people.”

National: Russian bots, trolls test waters ahead of US midterms | Associated Press

The sponsors of the Russian “troll factory” that meddled in the 2016 U.S. presidential campaign have launched a new American website ahead of the U.S. midterm election in November. A Russian oligarch has links to Maryland’s election services. Russian bots and trolls are deploying increasingly sophisticated, targeted tools. And a new indictment suggests the Kremlin itself was behind previous hacking efforts in support of Donald Trump. As the U.S. leader prepares to meet Russian President Vladimir Putin in Helsinki on Monday, many Americans are wondering: Is the Kremlin trying yet again to derail a U.S. election? While U.S. intelligence officials call it a top concern, they haven’t uncovered a clear, coordinated Russian plot to mess with the campaign. At least so far. It could be that Russian disruptors are waiting until the primaries are over in September and the races become more straightforward – or it could be they are waiting until the U.S. presidential vote in 2020, which matters more for U.S. foreign policy. In the meantime, an array of bots, trolls and sites like USAReally appear to be testing the waters.

National: Trump’s meeting with Putin a pivotal moment for effort to deter Russian cyberattacks | The Washington Post

President Trump’s meeting today with Russian President Vladimir Putin is a pivotal moment for his administration’s efforts to deter future election interference efforts by Moscow and other sophisticated actors. Trump entered his meeting with Putin in Helsinki armed with the sweeping indictment of 12 Russian intelligence officers in connection with the hack on the Democratic Party in 2016, which drew the clearest connection to date between the election cyberattacks and the Kremlin. The intelligence community’s attribution of the attack to Russia — and now, the indictments of specific individuals involved — can be powerful parts of a country’s deterrence strategy. But experts say they could be far less effective if the president doesn’t back up their conclusions. “Trump’s reluctance to admit that the Russians did wrong tends to put a top limit on the kind of retaliation that Russia can expect from a repeat of 2016,” said Martin Libicki, chair of cybersecurity studies at the U.S. Naval Academy. Anything less than a strong demand that Putin back off will likely dull the effects of not just the “naming and shaming” approach the intelligence community has taken but also sanctions, indictments and other punitive measures the administration and Congress have levied.

National: Dominion Voting Systems Acquired by its Management Team and Staple Street Capital

Dominion Voting Systems (“Dominion Voting”) announces that it has been acquired by its management team and Staple Street Capital, a leading New York-based, middle-market private equity firm. Dominion Voting is a top provider of election tabulation solutions to government customers. The company’s scalable and customizable platform holds industry-leading certifications and provides accessibility and efficiency at the state and local levels. Dominion Voting CEO and President John Poulos said, “Our senior management team is extremely pleased to partner with Staple Street Capital, which has a proven track record of successfully investing in growing mid-size businesses. Given the opportunities on our horizon, this is the ideal time for us to add financial resources and an experienced strategic partner to help us meet market demand, better serve customers and invest in evolving security initiatives.”

National: Mueller reveals depth of states’ election vulnerabilities | Poitico

Special counsel Robert Mueller’s latest indictment offers new details of just how deeply Russian operatives have infiltrated state and local election agencies across the U.S. — adding to years of warnings about the technologies that underpin American democracy. Deputy Attorney General Rod Rosenstein said Friday that hackers within Russia’s GRU military intelligence service targeted state and local election boards, infiltrated a Florida-based company that supplies software for voting machines across the country, and broke into a state election website to steal sensitive information on about 500,000 American voters. While the FBI had issued warnings in 2016 about hackers breaching state election websites in Illinois and Arizona, the latest indictments in Mueller’s ongoing Russia probe surfaced the most granular account yet on foreign operatives’ efforts to tamper with U.S. election systems. Sen. James Lankford (R-Okla.) said the charges outline a Russian “attack on our democracy.”

National: Mueller Indictment Adds Urgency to Securing 2018 Midterm Elections | Wall Street Journal

Special counsel Robert Mueller’s latest move briefly hijacked a closed-door meeting of state election officials and federal cybersecurity personnel here last Friday, as phones buzzed with news alerts about his indictment against Russians allegedly behind a spree of hacks before the 2016 election. The interruption, described by several people in attendance, caught the room off guard. Some of the details in the indictment, describing the persistent efforts to compromise both Democratic Party and state election networks, were new to the officials present. That added urgency to the gathering’s mission—protecting the nation’s election machinery in November. It also reflected how tightly the secrets unearthed by Mueller’s investigators are held, even from the officials responsible for preventing a repeat in 2018.

National: States with ‘most vulnerable’ voting systems named in congressional report | StateScoop

Eighteen states made a list of the “most vulnerable” election systems in the country in a report published Thursday by the U.S. House Administration Committee. The states included in the report were faulted for lacking several of the things voting-security advocates frequently call for, including paper records of ballots and post-election audits. The report also states that the $380 million in funds currently being distributed to states by the federal Election Assistance Commission isn’t nearly enough, and that it could cost another $1.4 billion over the next decade for every state to properly secure its election systems. All 50 states plus the District of Columbia have now requested their share of the EAC’s grant money, but the report claims that much more will be needed to upgrade election officials’ information technology, implement cybersecurity training and swap out paper-free Direct Recording Electronic ballot machines, known as DREs.

National: State election officials in US meet amid security concerns | Associated Press

The top state election officials from throughout the U.S. are gathering this weekend in Philadelphia amid fresh revelations of Russia’s interference in the 2016 presidential election and just before President Donald Trump holds one-on-one talks with Russian President Vladimir Putin. The annual gathering has typically been a low-key affair highlighting such things as voter registration and balloting devices. This year’s meetings of the National Association of Secretaries of State and the National Association of State Election Directors are generating far greater interest. The conference is sandwiched between Friday’s indictments of 12 Russian military intelligence officers alleged to have hacked into Democratic party and campaign accounts, and Trump’s long-awaited meeting with Putin.

National: Secretaries of State gavel in at annual conference | Politico

Democratic secretaries of state consider election security a priority and will raise it repeatedly at a gathering of secretaries that begins today — in contrast, they say, to what they call President Donald Trump’s dithering on the subject. “While Trump continues to deny Russia’s interference in the 2016 elections, and his administration neglects the urgent need to better safeguard our elections, it has never been more important for Secretaries of State to lead,” the Democratic Association of Secretaries of State said in a statement. “It is critical that state election officials do everything we can to defend our elections from foreign interference and cyber threats.” The National Association of Secretaries of State’s summer conference, which runs from today through Monday in Philadelphia, includes several sessions focused on cyber threats to elections, including a meeting of the recently created group that coordinates state and federal security efforts.

National: Would Asking People To Hack America’s Election Systems Make Them More Safe? | FiveThirtyEight

There are four months until the midterm elections, and the security of state election systems remains a concern. The clock is ticking to ferret out problems and fix them before Nov. 6. Websites associated with voting continue to have poor cybersecurity hygiene, even after the revelation that hackers probed the systems of 21 states in the lead-up to the 2016 election. And while Congress has increased the funds available to states to improve their election systems, many are still jumping through bureaucratic hoops to actually access the money. One way to supplement much-needed security checks of election systems would be to replicate the security practices of tech-savvy companies. Many private tech companies treat cybersecurity differently than the government does, adapting security practices to deal with inevitable mistakes quickly and through the wisdom of the crowd. They rely partly on outside feedback to suss out vulnerabilities, something that many in the elections community seem allergic to. This could mean that fixable security flaws are left on the table for bad actors to exploit.

National: Election security legislation may be gaining steam in Congress | The Washington Post

Momentum may finally be building in Congress to take new action to secure the elections from cyberthreats as the midterms approach. Lawmakers have struggled to advance election security legislation in the months since they approved a $380 million funding package for states to upgrade their election systems. But a flurry of election-related hearings on Capitol Hill in recent weeks — including a pair of hearings Wednesday that featured testimony from some of the government’s top cybersecurity and election officials — shows they’re sharpening their focus on the issue. And the latest attention could help move bipartisan legislation to combat election cyberthreats closer to the goal line as November nears and intelligence officials warn of ongoing attempts by the Russian government to disrupt the U.S. political system. “The tone has changed so it’s much more forward-looking in terms of, ‘Let’s figure out what we can get done,’ ” said Sen. Amy Klobuchar (D-Minn.), co-sponsor of Secure Elections Act, which would streamline the way state and federal officials exchange threat information and has garnered broad support in the Senate. “Congress, I think, has realized our role has to focus on what’s in front of us, and that’s protecting the 2018 and 2020 elections from foreign interference.”