National: DOD’s new cyber strategy stresses election security | FCW

The Defense Department’s newly released cyber strategy draws attention to election meddling, infrastructure protection and greater reliance on commercial technology to get ahead of the curve. A summary of the DOD’s cyber strategy released Sept. 18 boasted an assertive stance on election meddling and attribution, calling out cyber “challenges to [U.S.] democratic processes” as a means for Russia, China, North Korea and Iran to inflict damage without engaging in armed conflict. However, the Pentagon remained firm in its infrastructure protection role. DOD will partner with the private sector and other agencies on improved information sharing “to reduce the risk that malicious cyber activity targeting U.S. critical infrastructure could have catastrophic or cascading consequences,”  the document indicated.

National: Cleanup time for tech firms as midterm elections approach | AlphaStreet

Investigations carried out by federal agencies showed that hackers exploited seemingly minor flaws in the electronic voting system to manipulate the vote tally in the last presidential election. The findings might not surprise Americans as much as it would have done a few years ago, because now we know a bigger threat is hanging over the election process. Skeletons of the illegal online campaign launched by Russian agencies a couple of years ago to rig the presidential election are still tumbling out of the closets of technology companies like Facebook (FB) and Google (GOOG). With the midterm polls around the corner, the security agencies are busy plugging all the loopholes in the system to ensure a free and fair election. That the attackers managed to hack important government websites and breached huge volumes of voter data show the severity of the campaign, and that justifies the extra alert this time. Reports show that hackers, with possible Russia connections, are already doing the groundwork to interfere in the November election.

National: Could white hat hackers boost security of voting machines? | Fifth Domain

Government officials and cybersecurity experts are arguing that companies need to embrace vulnerability disclosure programs to guard against hacking amid pushback from the largest voting machine company in the United States, which has portrayed efforts to test their systems as a tactic of foreign spy-craft. Vulnerability disclosure programs that invite hackers to test computer systems are a show of strength, participants in a Sept. 18 event at the Atlantic Council argued. “Not having a vulnerability disclosure program amounts to cybersecurity negligence,” said Marten Mickos, the head of Hacker One. It’s a myth that companies can test their systems on their own, said Chris Nims, chief information security officer at Oath, a cybersecurity company. Even large companies who perform penetration testing on their own products cannot catch all vulnerabilities, he argued. “The reality is that is simply not true.”

National: Wyden: Senators need protection from ongoing Russian hacking campaign | Politico

Russian hackers behind the 2016 Democratic National Committee hack appear to be targeting the personal email of senators and their staffers, according to Sen. Ron Wyden. In a letter today to Senate leaders, the Oregon Democrat urged support for legislation that would allow the Sergeant at Arms to protect those email systems. The letter from Wyden follows reports in January that the Russian hacking group Fancy Bear — which the U.S. intelligence community identified as one group that penetrated the DNC in the lead-up to the 2016 election — was going after Senate offices.

National: The Cyberthreats That Most Worry Election Officials | Wall Street Journal

As Election Day gets closer, one issue looms large for voters and election officials alike: cybersecurity. Hoping to quell fears about foreign hackers and repel potential threats, many states and counties are beefing up their plans to deal with cyberattacks. They’re shoring up systems to protect their voter databases and hiring security experts to assess the strength of their defenses. They’re coordinating with social-media organizations to stamp out deliberately fraudulent messages that could mislead voters about how to cast a ballot. And they’re banding together to share information and simulating how to respond to potential emergencies. One simulation-based exercise, held by the Department of Homeland Security in mid-August, gathered officials from 44 states, the District of Columbia and multiple federal agencies, the DHS says. “There absolutely is more emphasis on contingency planning” since 2016, says J. Alex Halderman, a professor of computer science at the University of Michigan. 

National: Election Equipment Vendors Play a Key, and Underexamined, Role in U.S. Democracy | Take Care

Every vote in the United States — for city council, state representative, or president — is cast using materials and equipment manufactured by third party vendors. There are vendors large and small, but the American election equipment industry is dominated by three vendors: ES&S, Hart, and Dominion. These vendors manufacture the machines that approximately 92% of eligible voters use on election day — and they wield extraordinary power with significant implications for our democracy. Because of this, it’s critical that elected officials and advocates pay attention to the role vendors play in the security and transparency of American election systems. Perhaps most concerning are vendor efforts to keep secret the technology upon which American elections rely while at the same time feteing state and local election officials with expensive trips and meals. Vendors have actively and increasingly pushed back on efforts to study and analyze the equipment that forms the basic foundation of our democratic processes.

National: Symantec takes on election hacking by fighting copycat websites | CNET

Symantec is offering a free tool for US campaigns and election officials to fight fraudulent websites, the company announced Tuesday. The feature could help take away an important weapon in the election hacking arsenal: the spoof website. Lookalike websites could imitate official government sites and report false information about candidates or voting. What’s more, they’ve already been used to imitate a login page to trick campaign workers to enter their valuable usernames and passwords.  That approach, called phishing, was key to letting hackers gain access to the emails and internal documents of important Democratic Party organizations and key figures in Hillary Clinton’s 2016 presidential campaign, according to an indictment of the Russian hackers alleged to have stolen and leaked emails from the groups.

National: Is There Voter Suppression In 2018? Here’s What It Could Look Like In The Midterms | Bustlea

Voter suppression is a serious issue that takes many forms — but it’s a lot more subtle than you might think. When it comes to voter suppression in the midterms, you might not even know it’s happening, but you can bet that a bunch of (strategically placed) red tape will end up blocking some people from voting this year. Basically, any action taken with the goal of preventing or dissuading you from voting is voter suppression. You often hear about voter suppression in the context of policies that have made it harder for certain groups of people, or for people who live in certain areas, to cast their ballots. These barriers are bureaucratic for the most part. Voting rights advocates point to voter ID requirements, decreased early voting opportunities, polling station closures, voter roll purges, and gerrymandering as means of voter suppression. Voting rights groups like the American Civil Liberties Union are challenging most of these obstacles in court, but there’s still the possibility you could run into difficulties at the polls. Don’t panic, though. There are a few simple steps you can take to make sure you (and the people you know) don’t encounter any barriers to voting this year. Let’s walk through some of the hurdles that could prevent you from voting, and then we’ll talk about what you can do about them.

National: Voting Machines: A Weak Link | EE Times

In my community, we vote by filling in circles on a paper sheet that goes into a scanner — we have a paper trail. Can such a process still be hacked? Yes, though paperless voting machines can more easily be hacked. Professors Ronald Rivest of MIT and J. Alex Halderman of the University of Michigan explained on Sept. 13 in a session at EmTech MIT on how hackers can alter elections. According to Rivest, about 80% of voting jurisdictions in the U.S. have some sort of paper trail in the event of voting-machine hacks. If, however, you vote in Delaware, Georgia, Louisiana, New Jersey, South Carolina, or Nevada, there is no way to hand-count the votes should the need arise; votes are electronically recorded. The map below reveals that many other states use a mixture of paper and paperless voting systems. 

National: The Latest Casualty of States’ Rights: Your Vote | WhoWhatWhy

From racial segregation to environmental destruction to voter suppression, the concepts of “federalism” and “states’ rights” have a long-running association with some of the worst outcomes of American conservatism. And we may soon add “endangering American democracy” to that list. These political philosophies are being invoked to sink a key election-security bill — at a time when midterm elections are being actively probed and prodded for weaknesses by potentially hostile nation-states. The Secure Elections Act (SEA), which seemed poised to become a rare bipartisan slam-dunk, may not even make it to a vote now that the bill has been pulled from committee, reportedly under order of the Trump White House.

National: 5 states will vote without paper ballots; experts want that to change | ABC

When voters go to the polls in five states, a verified paper trail will not follow them. At a time of heightened concerns over election interference, election-security experts have called for that to change, suggesting paper results – visually confirmed by voters – would help state officials recover in the event of meddling or simple mistakes. “That presents a greater risk because there’s no way to detect if things have gone wrong,” said Marian Schneider, former deputy secretary of voting and administration in Pennsylvania and the president of the group Verified Voting. Paper ballots – or, at least, auditable paper trails, in which voters can see their choices recorded on a printed roll of paper – have been recommended by experts from Homeland Security Secretary Kirstjen Nielsen to the Brennan Center for Justice’s Democracy Program to the Defending Digital Democracy Project at Harvard’s Belfer Center. A large swath of Americans, however, will vote without them.

National: Lawsuit claims potential voters stuck in naturalization limbo | KABC

Advocates for immigrants and voting rights filed a federal lawsuit Monday demanding information from the U.S. Citizenship and Immigration Service. The groups believe that the Trump administration is engaged in deliberate foot-dragging to potentially slow new citizens from registering as Democrats. According to federal figures, 6.6 million people followed the process and became eligible to vote in the decade before 2012. Plaintiffs said the flow has since hit a roadblock. “They have at least doubled the amount of time it takes to become a citizen,” said Peter Schey, president of the Center for Human Rights and Constitutional Law.

National: Facebook pilots new political campaign security tools — just 50 days before Election Day | TechCrunch

Facebook has rolled out a “pilot” program of new security tools for political campaigns — just weeks before millions of Americans go to the polls for the midterm elections. The social networking giant said it’s targeting campaigns that “may be particularly vulnerable to targeting by hackers and foreign adversaries.” Once enrolled, Facebook said it’ll help campaigns adopt stronger security protections, “like two-factor authentication and monitor for potential hacking threats,” said Nathaniel Gleicher, Facebook’s head of cybersecurity policy, in a Monday blog post.

National: Paul Manafort: Trump’s ex-campaign chair agrees to cooperate with Mueller | The Guardian

Paul Manafort, Donald Trump’s former campaign chairman, has agreed to cooperate with Robert Mueller’s inquiry into Russian interference in the 2016 election, in a move that could cause legal trouble for the president. The dramatic development in the Trump-Russia saga was announced at a court hearing in Washington DC on Friday morning, where Manafort confessed to two criminal charges as part of a plea deal. “I’m guilty,” he said. Manafort signed a 17-page plea agreement that said he would assist government prosecutors with “any and all” matters, and brief officials about “his participation in and knowledge of all criminal activities”. He also agreed to turn over documents and testify in other cases. 

National: How to hack an election—and what states should do to prevent fake votes | MIT Technology Review

Donald Trump won the 2016 presidential election thanks to the votes of just 107,000 people in three states. The intricacies of the Electoral College help create situations where a relatively small number of US citizens can decide who wins the presidency. How susceptible could these votes be to tampering? The answer: a lot more than you might realize. In a live demonstration at MIT Technology Review’s EmTech conference today, J. Alex Halderman, professor of computer science and engineering at the University of Michigan, showed just how easy it would be to meddle with vote tallies to directly change election outcomes. Halderman brought an AccuVote TSX machine to the stage in a live demonstration of the dangers. He had three volunteers use the machine to vote in a mock election between George Washington and Benedict Arnold. Cameras pointing at the screen and projected above the stage showed the three voters casting their ballots for Washington. Yet when Halderman printed the returns from the machine, the reported result was a two-to-one victory for Arnold. 

National: The Overlooked Weak Link in Election Security | ProPublica

More than one-third of counties that are overseeing elections in some of the most contested congressional races this November run email systems that could make it easy for hackers to log in and steal potentially sensitive information. A ProPublica survey found that official email accounts used by 11 county election offices, which are in charge of tallying votes in 12 key U.S. House of Representatives races from California to Ohio, could be breached with only a user name and password – potentially allowing hackers to vacuum up confidential communications or impersonate election administrators. Cybersecurity experts recommend having a second means of verifying a user’s identity, such as typing in an additional code from a smartphone or card, to thwart intruders who have gained someone’s login credentials through trickery or theft. This system, known as two-factor verification, is available on many commercial email services. “Humans are horrific at creating passwords, which is why ‘password’ is the most commonly used password,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., who has pushed for security fixes in the voting process. This means increasingly we need something other than passwords to secure access to our accounts, especially email, which tends to undergird all our other accounts.”

National: Feds brief House Oversight on election security for 2018 midterm elections | Washington Examiner

The House Oversight Committee held a classified briefing on election security and foreign influence on Thursday, with less than two months until the midterm elections. “As we near midterm elections, we must take every step possible to safeguard our electoral process and ensure our fellow citizens have confidence in the security of elections,” said committee Chairman Trey Gowdy, R-S.C., in a statement.

National: Lawmakers warn Trump’s election interference order does not go nearly far enough | The Washington Post

The Trump administration’s latest effort to deter foreign interference in U.S. elections is falling flat with lawmakers, who are prepared to pursue even tougher punishments against Russia and other adversaries who seek to disrupt U.S. politics. Democrats — and at least one Republican — said President Trump’s order Wednesday authorizing additional sanctions against foreign entities that interfere in elections is too weak because it gives Trump discretion over when to impose the harshest penalties, as my colleagues Anne Gearan and Felicia Sonmez reported. The lawmakers seized on the opportunity to renew calls for legislation that they argued would more effectively deter election cyberattacks. 

National: Civil Rights Commission Calls for Action on Voting Rights Fix | Roll Call

The U.S. Commission on Civil Rights urged Congress on Wednesday to update the landmark law that protects voter rights, finding in a new report that a 2013 Supreme Court decision helped lead to elections with voting measures in place that discriminate against minorities. But opposition from Republican lawmakers has stalled legislation to change the Voting Rights Act of 1965 since the 5-4 decision in Shelby County v. Holder that struck down a key enforcement mechanism in the law. Current efforts appear stuck for the same reason.

National: Facebook ‘Better Prepared’ to Fight Election Interference, Mark Zuckerberg Says | The New York Times

Mark Zuckerberg began the year by promising to make Facebook safer from election interference around the world. He has spent most of the rest of the year apologizing for not recognizing the problem earlier. On Wednesday, Mr. Zuckerberg, Facebook’s chief executive, published a roughly 3,300-word blog post cataloging all the steps the company has taken. “In 2016, we were not prepared for the coordinated information operations we now regularly face,” he wrote, alluding to Russian interference in the American presidential election. “But we have learned a lot since then and have developed sophisticated systems that combine technology and people to prevent election interference on our services.” “Today, Facebook is better prepared for these kinds of attacks,” he added.

National: The Voters Who Disappeared From the Rolls | Literary Hub

The story read like something straight out of Stalinist Russia. But this casualty list was in the United States in the 21st century. Virginia: 41,637 purged. Florida: 182,000 purged. Indiana: 481,235 purged. Georgia: 591,549 purged. Ohio: two million purged. With the flick of a bureaucratic wrist, millions of Americans—veterans, congressional representatives, judges, county officials, and most decidedly minorities—were erased. To be clear, they still had their lives, but in the course of simply trying to cast a ballot, they soon learned that as far as the government was concerned, they did not exist. They were electorally dead. Their very right to vote had disappeared into the black hole of voter roll purges, Interstate Crosscheck, and felony disfranchisement. Some of the walking dead were viscerally “angry.” Others fumed, “This is screwed up!” Most felt “like an outcast,” “empty and unimportant,” and one man was actually reduced to “crying right there in the county elections office.” These were the latest casualties in the war on democracy.

National: Protection of Voting Rights for Minorities Has Fallen Sharply, a New Report Finds | The New York Times

Federal actions to enforce voting rights for minorities have declined sharply since the Supreme Court struck down the core of the 1965 Voting Rights Act five years ago, the federal Commission on Civil Rights says in a sweeping new report on voting issues. Even enforcement of the act’s remaining provisions has dropped markedly, the report states. In an interview before the report’s formal release on Wednesday, the head of the commission, Catherine E. Lhamon, called the present state of discrimination against minority voters “enduring and pernicious,” and said it was poorly addressed under federal law. “To be at this point in our history, without either meaningful federal protections in law or in practice from the United States Department of Justice, is a low point” since the passage of the Voting Rights Act, she said. “And that’s dangerous.”

National: How to hack the midterm election with social media | CBS

During the 2016 presidential campaign, Russian cyber-operatives conducted a sustained “influence campaign” cyberattack on the American electoral system by relying on social media to radicalize voters, undermine institutions, and disseminate misleading information. The efforts are ongoing in the weeks leading up to the 2018 midterms — and other countries are doing it, too. Influence campaigns — coordinated efforts to create and propagate misleading and inflammatory content on social media — borrow heavily from modern internet-based marketing techniques. “[Tech] platforms are especially good at helping marketers hit a target audience with a refined message,” says Adweek technology editor Josh Sternberg. “Influence campaigns are no different. They’re effective because social media marketing is effective.”

National: Trump’s New Executive Order Slaps a Bandaid on Election Interference Problems | WIRED

On Wednesday President Donald Trump signed an executive order that would automatically impose sanctions against any person or group attempting to interfere in United States elections. “The proliferation of digital devices and internet-based communications has created significant vulnerabilities and magnified the scope and intensity of the threat of foreign interference [to elections],” Trump writes in the order. “I hereby declare a national emergency to deal with this threat.” The order covers attacks not just on vote integrity and election infrastructure, but also disinformation campaigns, information leaking, propaganda, and other types of interference like what took place during the 2016 presidential campaign. Since then, efforts to improve election infrastructure defenses around the country have been uneven. President Trump himself has sent mixed messages on his willingness to prioritize election security and hold Russia accountable for its interference.

National: New NASEM Report Suggests Blockchain And Online Voting Systems Are No-Go | BitCoinExchange

The United States National Academies of Sciences (NASEM) released a report which asserted that virtual voting systems ought to be shelved. The firm is supporting the use of paper ballots in the entire US electoral system by 2020. According to the report entailed in the 156 page document, NASEM insists that virtual systems of voting ought to be shelved until such a time that the system can be verified to be secure. Authors of the said report are of the view that making use of the blockchain as an irreversible ballot box may appear promising, however, the technology may not be in a position of addressing the essential issues of the electoral process. The report is in essence a conclusion of a study that lasted two years. The committee behind the research comprised of election scholars, cybersecurity experts, as well as social scientists. Over and above, the report campaigns for the use of human-readable paper ballots in the next US elections.

National: Redistricting reformers turn to ballot initiatives | The Hill

Nonpartisan redistricting proponents are turning to midterm election referendums in key states where legislative leaders have signaled no desire to give up their authority on drawing political boundaries. Voters in four states — Michigan, Missouri, Colorado and Utah — will weigh in on ballot measures this November that would radically reshape the way congressional or legislative district lines are drawn. In those states, legislative leaders have the power to draw state legislative and congressional district lines, authority critics say they have used to safeguard incumbents. The initiatives, placed on the ballot by good-government groups and, in some states, by Democratic activists, would vest the power to draw district boundaries in the hands of independent commissions.

National: On The Sidelines Of Democracy: Exploring Why So Many Americans Don’t Vote | NPR

Just in the past few months, elections in the U.S. have been decided by hundreds of votes. The 2016 presidential election tilted to Donald Trump with fewer than 80,000 votes across three states, with a dramatic impact on the country. Yet, only about 6 in 10 eligible voters cast ballots in 2016. Among the other 4 in 10 who did not vote was Megan Davis. The 31-year-old massage therapist in Rhode Island never votes, and she’s proud of her record. “I feel like my voice doesn’t matter,” she said on a recent evening at a park in East Providence, R.I. “People who suck still are in office, so it doesn’t make a difference.”

National: How Money Affects Elections | FiveThirtyEight

To quote the great political philosopher Cyndi Lauper, “Money changes everything.” 1 And nowhere is that proverb more taken to heart than in a federal election, where billions of dollars are raised and spent on the understanding that money is a crucial determinant of whether or not a candidate will win. This year, the money has been coming in and out of political campaigns at a particularly furious pace. Collectively, U.S. House candidates raised more money by Aug. 27 than House candidates raised during the entire 2014 midterm election cycle, and Senate candidates weren’t far behind. Ad volumes are up 86 percent compared to that previous midterm. Dark money — flowing to political action committees from undisclosed donors — is up 26 percent.

National: What election security funding means for state and local CIOs | GCN

For years, cybersecurity was considered an issue for IT teams and was often not prioritized when creating and executing policy. However, recent events have demonstrated the many ways that cyberattacks can impact a country’s critical infrastructure, bringing essential operations to a halt and even endangering citizens. These attacks have come in the form of ransomware at schools and hospitals, data breaches at major financial institutions and large-scale distributed denial-of-service attacks that have knocked organizations of all types offline. As a result, politicians and government bodies have come to recognize the critical importance of cybersecurity in protecting national infrastructure. As digital transformation increases technology use across public infrastructure, the attack surface continues to grow. Government CIOs and IT teams are working to deploy security measures that enable transformation, rather than slow it down. For instance, Fortinet’s latest Global Threat Landscape Report found that government agencies use, on average, 255 different applications a day on their networks.

National: Better cooperation between states and U.S. can help safeguard midterm elections, officials say | St. Louis Post-Dispatch

U.S. Homeland Security Secretary Kirstjen Nielsen during a visit to the St. Louis area on Monday pledged the government’s assistance to states battling threats to election security, calling interference with elections one of the “principal national security threats.” Nielsen was a guest speaker at a two-day seminar on election security that began Monday at the headquarters of World Wide Technology in West Port Plaza. The event, hosted by Missouri Secretary of State Jay Ashcroft, was also attended by 10 other secretaries of state on Monday, and more were expected Tuesday. Nielsen has recently spoken about a growing need for cybersecurity in elections, reversing the course of an administration that has been criticized for not doing enough.