National

Homeland Security Department inspectors aren’t turning up anything shocking when they assess state and local election systems for cybersecurity vulnerabilities in advance of the 2018 midterms, an official said Tuesday. Most of what Homeland Security is turning up in the risk and vulnerability assessments are the same issues you’d see in any information technology environment, Matthew Masterson, a senior cybersecurity adviser, told members of the Senate Judiciary Committee. That includes unpatched software, outdated equipment and misconfigured systems. Homeland Security has conducted risk and vulnerability assessments of 17 states and 10 localities so far, Masterson said.

National: Foreign interference in U.S. elections still going on, Mueller says | Euronews

Foreign efforts to interfere in U.S. elections are still going on just five months before the midterm elections, special counsel Robert Mueller told a judge on Tuesday. Mueller made the assertion in a filing in U.S. District Court in Washington, D.C., in his prosecution of 13 Russian nationals and three companies who were indicted in February on charges including interference in the 2016 presidential election. It says the government believes foreign “individuals and entities” are continuing to “engage in interference operations like those charged in the present indictment.” The filing seeks to protect evidence requested by one of the companies, Concord Management and Consulting LLC, which provides food services at the Kremlin and is run by Yevgeny Prigozhin, who prosecutors allege is close to Russian President Vladimir Putin and has had “extensive dealings” with the Russian Defense Ministry.

National: Democrats unveil push to secure state voting systems | The Hill

A group of Democratic senators is introducing a bill aimed at securing U.S. elections from hacking efforts, the latest response to attempted Russian interference in the 2016 presidential vote. The bill introduced Tuesday is specifically designed to ensure the integrity of and bolster confidence in the federal vote count. It would require state and local governments to take two steps to ensure that votes are counted correctly. Under the legislation, states would have to use voting systems that use voter-verified paper ballots that could be audited in the event a result is called into question. State and local officials would also be required to implement what are known as “risk-limiting audits” — a method that verifies election outcomes by comparing a random sample of paper ballots with their corresponding digital versions — for all federal elections.

National: Congress struggles with ‘more than 30 proposals’ to combat foreign election meddling | Washington Times

Congress is wrestling with more than 30 proposals “to combat different angles of the foreign election meddling issue,” according to Senate Judiciary chairman Chuck Grassley. The logjam of legislation — much of it pushed by House and Senate bipartisan efforts — comes as the 2018 midterm election season accelerates toward its November finale that will determine the balance of power in Congress and in statehouses across the nation. “There have been no fewer than 18 pieces of legislation proposed to combat different angles of the foreign election meddling issue in the Senate alone,” Mr. Grassley, Iowa Republican, said Tuesday during a Senate Judiciary Committee hearing exploring election safety and foreign influence.

National: DHS steps up security assistance for states’ election systems | GCN

State and local elections officials preparing for the 2018 elections are strapped for time and resources, but the Department of Homeland Security’s National Protection and Programs Directorate is stepping in to help. Two weeks ago, at the request of the Elections Government Coordinating Council, NPPD released guidance on what states and localities should do with their share of the $382 million from 2018 Help America Vote Act Security Fund, said Matt Masterson, NPPD senior cybersecurity advisor, during a June 12 Senate Judiciary Committee hearing. NPPD provided insights on where the money should be used to address risks in the election process. “We focused first on common IT vulnerabilities that exist across elections — things like patching, training for phishing campaigns as well as manpower,” Masterson said.

National: Democrats and Republicans split over using hacked material in campaigns | CyberScoop

Another Democrat-Republican feud is showing that when it comes to politically charged hacking, politics may not stop at the water’s edge. The divide is focused on whether political parties should be allowed to use insider information that’s provided by hackers; similar to what occurred at the state level in 2016. Last week, a Democratic lawmaker on the House Intelligence Committee introduced a bill that would punish federal candidates if they fail to notify the FBI whenever a suspected hacking group offers them political dirt. On Thursday, Rep. Eric Swalwell introduced the “Duty to Report Act.” The proposed law would make it a crime for campaign staffers to not tip the government off to certain suspected hacking activities.

National: Senators introduce election security amendment to defense bill | The Hill

June 12, 2018

Senators are trying to pass legislation aimed at securing U.S. election systems from cyberattacks by inserting the measure into annual defense policy legislation. Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.) have introduced a new version of the Secure Elections Act as an amendment to the National Defense Authorization Act (NDAA), which the upper chamber is poised to take up next week. The lawmakers, backed by a bipartisan group of co-sponsors, originally introduced the legislation last December amid rising fears over threats to voter registration databases and other digital systems as a result of Russian interference in the 2016 presidential election.

National: Web of elite Russians met with NRA execs during 2016 campaign | McClatchy

June 12, 2018

Several prominent Russians, some in President Vladimir Putin’s inner circle or high in the Russian Orthodox Church, now have been identified as having contact with National Rifle Association officials during the 2016 U.S. election campaign, according to photographs and an NRA source. The contacts have emerged amid a deepening Justice Department investigation into whether Russian banker and lifetime NRA member Alexander Torshin illegally channeled money through the gun rights group to add financial firepower to Donald Trump’s 2016 presidential bid. Other influential Russians who met with NRA representatives during the campaign include Dmitry Rogozin, who until last month served as a deputy prime minister overseeing Russia’s defense industry, and Sergei Rudov, head of one of Russia’s largest philanthropies, the St. Basil the Great Charitable Foundation. The foundation was launched by an ultra-nationalist ally of Russian President Putin.

National: Documents Show Political Lobbying in Census Question About Citizenship | The New York Times

June 12, 2018

Documents released in a lawsuit attempting to block the inclusion of a question about citizenship in the 2020 census show lobbying by anti-immigration hard-liners for the question’s inclusion, and resistance on the part of some census officials to asking it. The Kansas secretary of state, Kris W. Kobach, who has taken a strong position against illegal immigration and was appointed by President Trump to a now-defunct panel on voter fraud, had advocated to include the question directly with the secretary of commerce, Wilbur Ross, according to the documents. In a July 2017 email to an aide to Mr. Ross, Mr. Kobach said that he had reached out to the secretary a few months earlier “on the direction of Steve Bannon,” then the White House chief strategist.

National: Industry Report Cites Mounting Threats to Election Infrastructure | Bloomberg

June 7, 2018

U.S. election systems are increasingly at risk for cyberattacks ahead of the November midterms as Russia continues information operations to sow political division, according to cybersecurity firm FireEye Inc. State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyberespionage actors, the Milpitas, California-based company said in a recent report, outlining risks to voter registration, polling places and ballot submission systems. Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,” the report said.

National: Why Federal Agencies Face an Array of Cybersecurity Threats | FedTech

June 7, 2018

The federal government needs to take “bold” appraoches to increasing the cybersecurity of agencies, according to a report the White House released a report last week, which found serious deficiencies in the government’s risk management abilities. In the “Federal Cybersecurity Risk Determination Report and Action Plan,” the Office of Management and Budget and Department of Homeland Security determined that 71 of 96 agencies (74 percent) participating in a federal risk assessment process “have cybersecurity programs that are either at risk or high risk.” OMB and DHS also found that agencies are “not equipped to determine how threat actors seek to gain access to their information.” … Malicious software, or malware, is perhaps the oldest cybersecurity threat, with viruses and worms tracing their roots back to the 1980s. The authors of malware keep pace with improvements in security technologies, and in an ongoing cat-and-mouse game, go to great lengths to keep a foothold in upgraded operating systems and applications by developing stealthier and more effective malware.

National: ACLU Sues over Plans for Citizenship Question on 2020 Census | Associated Press

June 7, 2018

Civil rights lawyers sued the U.S. Commerce Department on Wednesday to try to stop plans to add a citizenship question to the 2020 census. The Manhattan federal court lawsuit on behalf of immigrants’ rights groups says racial animus was behind a recent announcement that the census will include a citizenship question for the first time since 1950. The lawsuit, filed by the American Civil Liberties Union and others, claims the question intentionally discriminates against immigrants and will increase fear in their communities. It alleges census participation will be depressed, diluting the economic and political power of residents.

National: Voters’ distrust of election security is just as powerful as an actual hack, officials worry | The Washington Post

As millions of people across the country vote in eight different primaries today, state officials are working hard to secure the elections from hackers. But officials say there’s a more pressing, albeit abstract, challenge: Keeping voters confident that their vote is safe. The U.S. intelligence community has concluded that a major goal of Russia’s campaign to interfere in the 2016 presidential election through cyberattacks on 21 states and national political organizations was to undermine public faith in the U.S. democratic process. By that count, election officials say, they’re already succeeding in this cycle — without breaching a single system. Just the fear of digital sabotage — and the perception that voting machines are hackable — is enough to scare voters into a lack of confidence in the democratic process, election officials lament.

National: DHS official: States will probably know first if malicious cyber-activity hits primaries | CyberScoop

The Department of Homeland Security is on standby to alert state officials about any malicious cyber-activity during Tuesday’s primary elections, but the states themselves will likely know first if something is amiss, Matthew Masterson, a senior cybersecurity adviser at DHS, told CyberScoop. With voters going to the polls in eight states, Tuesday’s primaries are a chance for DHS to test the communication protocols it has sought to ingrain in election personnel across the country. State officials, who generally have the best views of their networks, will flag potentially malicious activity for DHS, which can in turn alert other states, according to Masterson. “If we see or have information to suggest something is going on, we have the ability to immediately share it with the states,” he said in an interview. Ahead of the midterm elections, DHS has looked to “ramp up” its cyberthreat reports to state officials to get them information that is easily understood and not overly technical, Masterson added.

National: Election Assistance Commission says 26 states have received cybersecurity funding ahead of midterms | The Hill

The Election Assistance Commission (EAC) on Tuesday released a list of 26 states that have requested and received cybersecurity funding, money that aims to ensure state’s voting systems are properly secured ahead of the 2018 midterm elections. An EAC press release broke down which states have requested the cyber funds as well as how much they received. To date, these states have requested nearly $210 million in newly available funds, or about 55 percent of the total amount available. The funds were distributed under the Consolidated Appropriations Act of 2018, a bill passed by Congress that allocated $380 million in funds to the Help America Vote Act (HAVA).

National: Synack offers free penetration testing for election systems ahead of 2018 midterms | CyberScoop

One of the largest bug bounty firms in the business has launched an initiative that will allow states’ election officials to test the security of election systems ahead of the 2018 midterm elections. Redwood City, California-based Synack announced Tuesday its offering free crowdsourced remote penetration testing services to state and local governments until November. Synack co-founder Jay Kaplan told CyberScoop the idea came together after a series of meetings with government officials, including top executives at the Department of Homeland Security, that discussed how the private sector could be doing more to ward off digital meddling. After Synack’s services are completed, states and localities can harden their systems based on the test’s results.

National: In seconds, we faked our way into a political campaign, got unsecured voter data | Ars Technica

On Tuesday, polls will be open to voters in eight states, including California, which holds gubernatorial primaries among many other national, state, and local elections. Under California law (Section 2194 of the Election Code), voter data (name, address, phone, age, party affiliation) is supposed to be “confidential and shall not appear on any computer terminal… or other medium routinely available to the public.” However, there’s a big exception to that law: this data can be made available to political campaigns, including companies that provide digital analysis services to campaigns. In other words, candidates and their contractors can get voter data, but there’s little definition in the law about how those parties are required to be custodians of that data and how that data ought to be secured.

National: Are Tuesday’s primaries safe from hackers? A state-by-state election security breakdown | The Washington Post

Tomorrow is a big test for election security coast to coast, as eight states including California hold primaries in one of the most consequential voting days since the presidential election. It’s the largest block of states to do so before the November midterms, and election officials hope they have the right safeguards in place to stave off the kinds of cyberattacks that occurred in 2016. That year, Russian hackers targeted election systems in 21 states. “We’ve done everything that we could think of doing — not to just assess what happened in 2016 but to fortify our defenses,” California Secretary of State Alex Padilla told me. “Cybersecurity concerns are equally top-of-mind in the primary as they are in November,” he said. “We’re not considered a swing state, but we’re still California and from a security standpoint a high-value target, so we’re taking it very seriously, to protect our election process and the integrity of elections.”

National: Intel officials warn of Russian cyberattacks as 7 states set to hold primaries | Washington Times

Candidates won’t be the only ones sweating the vote as California and six other states hold primaries Tuesday, as election security officials say they are bracing to see how their systems hold up against an expected wave of cyberattacks. U.S. intelligence agencies say Russian hackers tried to disrupt both the campaign and vote-counting in 2016 and that they fully expect another wave of online attacks this year. Hackers last month sabotaged an online debate among congressional candidates by streaming gay pornography. Federal officials say Russian hackers targeted election systems in 21 states two years ago, although no evidence surfaced that any result was corrupted by the incursions. Tuesday’s primaries will be the largest single block of states voting on one day ahead of November’s fiercely contested midterm elections and the largest election day since November 2016.

National: Bill Clinton: US should return to paper voting to stop election hacks | Business Insider

All US states should return to a paper ballot system because they were at too much risk from cyberterrorism, former President Bill Clinton has said. While it isn’t yet clear how much of the 2016 presidential election was compromised by cyberattacks, all US citizens should return to pen and paper to vote for now, the 42nd president told the BBC on Monday. “Until we get this straightened out, every state should go to some sort of paper ballot system,” Clinton said. He specifically cited Virginia’s decision last year to return to a paper ballot system, in which manual votes are counted and processed by electronic scanners.

National: New cybersecurity funding won’t make U.S. election technology less vulnerable | Axios

The recent $380 million of federal funding to replace paperless voting machinery and improve cybersecurity is desperately needed, but it is unlikely to ensure the long-term cybersecurity of U.S. election technology. The big picture: At best, the one-time spending will provide a catalyst for election organizations to gain basic cybersecurity competence. At worst, though, the money will be spent on discretionary purchases (e.g., digital pollbooks or new PC hardware) that only appear helpful and that, without proper security-centric integration, may increase the systems’ exposure to attacks.

National: Trump’s lack of cyber leader may make U.S. vulnerable | Politico

The absence of senior cybersecurity leaders in President Donald Trump’s administration may be leaving the United States more vulnerable to digital warfare and less prepared for attacks on election systems, according to lawmakers and experts worried about White House brain drain under national security adviser John Bolton. Both Republicans and Democrats are expressing concern that the White House is rudderless on cybersecurity at a time when hostile nations’ hackers are moving aggressively, inspiring fears about disruptive attacks on local governments, power plants, hospitals and other critical systems. POLITICO spoke with nearly two dozen cyber experts, lawmakers and former officials from the White House, the intelligence community and the departments of Justice, Homeland Security, Defense and State about Bolton’s decisions to oust the White House’s homeland security adviser and eliminate its cyber coordinator position. The overwhelming consensus is that Bolton’s moves are a major step backward for the increasingly critical and still-evolving world of cyber policy.

National: States Want Voters to Start Young | Associated Press