National: State elections officials stress the importance of paper trails | StateScoop

Having verifiable paper trails for votes has proven to be a useful tactic, officials from three states told senators Wednesday, but they said states still have a long way to go in securing elections. Secretaries of State Steve Simon of Minnesota, Jay Ashcroft of Missouri and Jim Condos of Vermont testified before the Senate Rules and Administration Committee about their security precautions going into this November’s midterm elections, and to lobby for more federal support for upgrading voting equipment and cybersecurity practices. States across the country have been scrambling to batten down how they conduct elections in the wake of intelligence officials’ reports that hackers linked to the Russian government attempted to penetrate the voting systems in 21 states during the 2016 presidential election. But states that are moving toward more paper trails of ballots and stronger security around voter files are going in the right direction, the secretaries of state said. “It’s very hard to hack paper,” Simon said.

National: Officials at Odds Over Real, Perceived Threats to State Voting Systems | Government Technology

Sen. Roy Blunt, R-Mo., said Wednesday that the United States is in “a much better place” than it was in 2016 in defending against cyberattacks on election systems, but a hearing he convened on that threat devolved into fiery exchanges over voter fraud between Democratic senators and Missouri Secretary of State Jay Ashcroft. The Republican Ashcroft set off Sens. Dick Durbin, D-Ill., Tom Udall, D-N.M., and Catherine Cortez Masto, D-Nev., when he declared that election fraud was “exponentially” a bigger threat than attempts to hack U.S. election infrastructures by Russians or any other bad actors.

National: States Seek More Money to Secure Elections After Russian Meddling | Bloomberg

State election officials said they haven’t received as much federal funding as they need to secure their election systems even after U.S. intelligence officials concluded that Russia meddled in the 2016 election and the federal government called on states to step up efforts to prevent hacking. Officials from Minnesota and Vermont asked lawmakers for more money at a hearing Wednesday by the Senate Rules and Administration Committee in Washington. “Our upgrades to equipment and cybersecurity will be an ongoing challenge for many states; the federal funding received will, regrettably, be insufficient to do all we want, or need,” said Vermont Secretary of State Jim Condos, who is president-elect of the National Association of Secretaries of State.

National: $150M in federal funds for election security is already out the door | FCW

The initially turbulent relationship between federal agencies and state and local election officials in the wake of the 2016 election season has cleared to some extent as the groups work together ahead of upcoming elections, federal and state government officials told a Senate panel on election security. States are using up a pool of federal money to bolster their election systems, and the Department of Homeland Security is honing its threat sharing data to better fit the needs of states, the officials said at a June 20 Senate Rules and Administration Committee hearing on election cybersecurity. “As of this week, 38 states have requested $250 million” of the $380 million appropriation in the 2018 omnibus spending bill, panel Chairman Sen. Roy Blunt (R-Mo.) said. He added that $150 million has already been distributed.

National: Obama cybersecurity czar: Russian hackers likely scanned election systems in all 50 states | USA Today

Russian hackers likely scanned the election systems of all 50 states for vulnerabilities in 2016 — not just the 21 states confirmed as targets by homeland security officials last year, the cybersecurity czar for former President Barack Obama told a Senate panel Wednesday. “I think it is highly likely,” Michael Daniel replied in answer to a question from Sen. Susan Collins, R-Maine, about whether Russian cyber actors at least scanned the election systems of every state. “It is more likely that we hadn’t detected it than that it didn’t occur.” States have been scrambling to improve their cyber security after Homeland Security officials revealed last year that Russian hackers tried to breach election systems in at least 21 states in 2016. Although no actual votes were changed, hackers broke into Illinois’ voter registration database.

National: State Election Officials Didn’t Know About Russian Hacking Threat Until They Read It in the News, Emails Show | HuffPost

Voters across the country were shocked to learn last year, through the disclosure of a top-secret NSA document, details of an intricate plot by Russian military hackers to infiltrate American electoral systems. New emails obtained by The Intercept through public records requests illustrate the disturbing extent to which potential targets of the attack were caught unaware, having apparently remained in the dark alongside the voting public. On June 5, 2017, The Intercept published a top-secret National Security Agency assessment that detailed and diagramed a Russian governmental plot to breach VR Systems, an e-voting vendor that makes poll book software used by several pivotal electoral battleground states, such as North Carolina and Virginia. The report attributed the scheme to the Russian General Staff Main Intelligence Directorate, or GRU. GRU’s plan, the NSA claimed, was to roll any success with VR Systems into a subsequent email attack against state voting officials across the country.

National: Sherrod Brown introduces bill to stop voter purges | The Columbus Dispatch

Sen. Sherrod Brown has reacted to the U.S. Supreme Court’s 5-4 decision supporting the Ohio secretary of state’s policy of purging inactive voters from the rolls with a bill aimed at stopping the practice. Brown, D-Ohio, and Sen. Amy Klobuchar, D-Minn., announced Wednesday they are introducing a bill to amend the National Voter Registration Act to clarify that a state may not use someone’s failure to vote or respond to a state notice as a reason to remove them from active voter rolls. The bill is a direct reaction the Supreme Court’s ruling on the Husted v. A. Philip Randolph Institute case, in which the high court ruled that states may remove registered voters from rolls if they do not vote in multiple federal elections or if they don’t return a mailed address confirmation form. Brown is a former Ohio secretary of state, while Klobuchar is the top Democrat on the Senate Rules Committee, which has oversight jurisdiction over federal elections.

National: Bill to help states secure election absent from defense spending package | StateScoop

The sponsors of a bill designed to help state election officials be briefed on threat information failed to insert any of their provisions in a defense spending package approved Monday by the U.S. Senate. Sens. James Lankford, a Republican from Oklahoma, and Amy Klobuchar, a Democrat from Minnesota, had pushed to get parts of their bill, the Secure Elections Act, included in the National Defense Authorization Act. Brought on by concerns from the intelligence community that the Russian government will repeat its 2016 efforts to influence U.S. voters ahead of this November’s midterm elections, the Secure Elections Act was designed to make it easier for state elections officials to get the security clearances necessary to be briefed on threats. It would also direct the Department of Homeland Security to share threat information with state elections officials.

National: New Government Reports Shows Federal Agencies Facing Significant Cyber Security Risks | CPO Magazine

With all the talk about cyber security risks in the news, you would think that the U.S. federal government would be doing a better job of protecting its data from cyber attacks, including the very real threat of state-sponsored hackers. Yet, as a new Office of the Management and Budget (OMB) report points out, nearly 75 percent of federal agencies are still woefully unprepared to handle cyber security risks of any kind. This all comes on the heels of the United States government eliminating the position of federal cybersecurity czar earlier this year. While the report, which was prepared in collaboration of the Department of Homeland Security (DHS), did not specifically call out which agencies were failing to respond to global cyber threats, it did suggest that the failures, gaps and inadequacies were relatively evenly distributed across the entire federal government. In fact, 71 of the 96 federal agencies reviewed were deemed to be “at risk” or “at high risk” of a cyber attack. The report defined “at risk” to mean that there were significant gaps in security preparedness, while “at high risk” means that fundamental processes were not even in place to deal with cyber security risks.

National: Senate defense bill pushes Trump to get tougher on Russian hacking | The Washington Post

The Senate wants to turn up the pressure on President Trump and his military chiefs to strike back against Russian hacking. The massive defense policy bill the Senate approved Monday night calls on Trump to curb Russian aggression in cyberspace. It gives Trump the green light to direct U.S. Cyber Command to “disrupt, defeat and deter” cyberattacks by the Russian government, conduct surveillance on Kremlin-backed hackers and partner with social media organizations to crack down on disinformation campaigns such as the ones that disrupted the 2016 election. It would also require the administration to send quarterly reports to Congress about the progress of its efforts.

National: Bureaucracy And Politics Slow Election Security Funding To States | NPR

When Congress approved giving $380 million to states to bolster the security of their elections, state officials were caught off guard but extremely grateful. Elections are notoriously underfunded and haven’t seen a windfall like this from the federal government in more than a decade. But getting that money out to all the states, and then into the hands of localities that run the elections, with enough time to have a meaningful effect on the 2018 midterm elections is a difficult proposition. Three months after receiving congressional approval, and now less than five months from November’s midterm elections, 33 states have filed the necessary paperwork to begin receiving money. That number may seem “disconcertingly low” to some, especially when it was just 11 in mid-May, but there is mixed consensus on what it actually says about the country’s seriousness when it comes to handling threats leading up to the 2018 election.

National: Supreme Court Avoids an Answer on Partisan Gerrymandering | The New York Times

The Supreme Court declined on Monday to address the central questions in two closely watched challenges to partisan gerrymandering, putting off for another time a ruling on the constitutionality of voting districts designed by legislatures to amplify one party’s political power. In a challenge to a redistricting plan devised by the Republican Legislature in Wisconsin, the court unanimously said that the plaintiffs had not proved that they had suffered the sort of direct injury that would give them standing to sue. The justices sent the case back to a trial court to allow the plaintiffs to try again to prove that their voting power had been directly affected by the way state lawmakers drew voting districts for the State Assembly. In the second case, the court unanimously ruled against the Republican challengers to a Democratic plan to redraw a Maryland congressional district. In a brief unsigned opinion, the court said the challengers had waited too long to seek an injunction blocking the district, which was drawn in 2011.

National: U.S. Cyber Policy, Beyond Ones and Zeros | International Policy Digest

Critics have derided the White House’s decision this past May to scrap its Cyber Coordinator post—created by the Obama administration to consolidate policy courses of action on cybersecurity issues—as short-sighted and tone-deaf, particularly at the height of concern over Russia’s nefarious activity toward U.S. political processes. However, the move creates an opportunity to examine whether the overall U.S. approach to cybersecurity has been overly narrow relative to the Russian threat—which itself has demonstrated the need for Washington to forge partnerships with industry and to expand beyond the network-centric aspects of information warfare.

National: Lack of paper trail a concern amid fears of election hacking | Associated Press

As the midterm congressional primaries heat up amid fears of Russian hacking, roughly 1 in 5 Americans will cast ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say lack of a hard copy makes it difficult to double-check results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say, ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society.

National: Dozens of states tighten election security — by going back to paper | UPI

As key midterm elections approach, contests that could set off an enormous shift in Washington, D.C., U.S. authorities are taking measures to make sure they are secure and free of foreign influence. For years, a number of polling places have gone more high tech with electronic voting machines. Fears about vulnerabilities in the systems in an increasingly interconnected world, however, is now turning eyes to a strikingly original idea — paper ballots. The United States largely moved away from paper ballots after the 2004 Help America Vote Act replaced lever and punch-card voting machines with Direct Recording Electronic, or DRE, systems. The reform was a direct result of the notoriously contested 2000 presidential election, which triggered weeks of recounts and multiple complaints about the paper ballots in Florida.

National: Politicians wary that hackers could swipe emails, upend their campaigns | The Sacramento Bee

A new reality has set in to political campaigns: Candidates must expect that their private email accounts will be hacked, and the contents splashed onto the internet, possibly squandering their chances of victory or exposing personal secrets. Email hacking is now an entrenched tactic for practitioners of political sabotage. “I think it’s here to stay. I don’t see it changing,” said Richard Ford, chief scientist at Forcepoint, an Austin, Texas, cybersecurity company. Whether politicians are swapping tales of town halls, dishing on their opponents or sharing intimacies with spouses — or others — they now know that a private conversation can explode on to the internet.

National: Sessions will keep Rosenstein in charge of Russia investigation | CNN

Attorney General Jeff Sessions is taking responsibility for authorizing Deputy Attorney General Rod Rosenstein to remain in charge of the Russia investigation, and detailed the process by which former FBI Director James Comey was fired. The comments come amid criticism from Republicans for the Justice Department’s decision to keep Rosenstein in charge of the special counsel investigation into Russian election meddling in 2016, and any possible collusion with President Donald Trump’s campaign. Sessions said in an interview released Thursday that he was the one who made the decision to recommend to Trump that he fire Comey, not Rosenstein — and that therefore Rosenstein isn’t disqualified from his role in the Russia investigation. “That decision … really fell to me, ultimately, on the Comey matter,” Sessions, who recused himself from the Russia investigation, told Hill.TV’s “Rising.” “And that’s not a disqualifying thing.”

National: Voter confidence is the biggest election security challenge, DHS cybersecurity official says | The Washington Post

A top cybersecurity official at the Department of Homeland Security says the biggest election security challenge going into the midterms isn’t a technical one. It’s convincing voters that their ballots are secure. “To me the No. 1 threat is around public confidence in the process,” said Matt Masterson, who coordinates a range of DHS election security efforts as senior cybersecurity adviser within the department’s National Protection and Programs Directorate. “How are we talking about this? How are we educating the public so they have confidence in the process and will show up and vote? Because the best response to any attempts to undermine confidence in the process is to vote.” Now that voters know that nation-states such as Russia want to disrupt U.S. elections, it’s going to take a continuous effort from DHS and other government agencies at all levels to make sure they keep turning out at the polls, Masterson told me in a recent interview in his office in Arlington, Va. And that won’t go away come November. 

National: National labs will probe election tech for vulnerabilities under planned DHS program | CyberScoop

The government is currently planning a cybersecurity program that would allow federally funded national scientific laboratories to privately probe and then document security flaws existing in U.S. election technology, most of which is developed and sold by private companies, according to a senior U.S. official. Rob Karas, director of the National Cybersecurity Assessments and Technical Service team at the Homeland Security Department, said that multiple election technology vendors had already shown an interest in engaging on the effort. Karas declined to name the firms, but said the initiative will begin later this summer. The outreach process is still ongoing.

National: Here’s How That $380 Million in Election Security Funding Is Being Spent | Nextgov

Homeland Security Department inspectors aren’t turning up anything shocking when they assess state and local election systems for cybersecurity vulnerabilities in advance of the 2018 midterms, an official said Tuesday. Most of what Homeland Security is turning up in the risk and vulnerability assessments are the same issues you’d see in any information technology environment, Matthew Masterson, a senior cybersecurity adviser, told members of the Senate Judiciary Committee. That includes unpatched software, outdated equipment and misconfigured systems. Homeland Security has conducted risk and vulnerability assessments of 17 states and 10 localities so far, Masterson said.

National: Foreign interference in U.S. elections still going on, Mueller says | Euronews

Foreign efforts to interfere in U.S. elections are still going on just five months before the midterm elections, special counsel Robert Mueller told a judge on Tuesday. Mueller made the assertion in a filing in U.S. District Court in Washington, D.C., in his prosecution of 13 Russian nationals and three companies who were indicted in February on charges including interference in the 2016 presidential election. It says the government believes foreign “individuals and entities” are continuing to “engage in interference operations like those charged in the present indictment.” The filing seeks to protect evidence requested by one of the companies, Concord Management and Consulting LLC, which provides food services at the Kremlin and is run by Yevgeny Prigozhin, who prosecutors allege is close to Russian President Vladimir Putin and has had “extensive dealings” with the Russian Defense Ministry.

National: Democrats unveil push to secure state voting systems | The Hill

A group of Democratic senators is introducing a bill aimed at securing U.S. elections from hacking efforts, the latest response to attempted Russian interference in the 2016 presidential vote. The bill introduced Tuesday is specifically designed to ensure the integrity of and bolster confidence in the federal vote count. It would require state and local governments to take two steps to ensure that votes are counted correctly. Under the legislation, states would have to use voting systems that use voter-verified paper ballots that could be audited in the event a result is called into question. State and local officials would also be required to implement what are known as “risk-limiting audits” — a method that verifies election outcomes by comparing a random sample of paper ballots with their corresponding digital versions — for all federal elections.

National: Congress struggles with ‘more than 30 proposals’ to combat foreign election meddling | Washington Times

Congress is wrestling with more than 30 proposals “to combat different angles of the foreign election meddling issue,” according to Senate Judiciary chairman Chuck Grassley. The logjam of legislation — much of it pushed by House and Senate bipartisan efforts — comes as the 2018 midterm election season accelerates toward its November finale that will determine the balance of power in Congress and in statehouses across the nation. “There have been no fewer than 18 pieces of legislation proposed to combat different angles of the foreign election meddling issue in the Senate alone,” Mr. Grassley, Iowa Republican, said Tuesday during a Senate Judiciary Committee hearing exploring election safety and foreign influence.

National: DHS steps up security assistance for states’ election systems | GCN

State and local elections officials  preparing for the 2018 elections are strapped for time and resources, but the Department of Homeland Security’s National Protection and Programs Directorate is stepping in to help. Two weeks ago, at the request of the Elections Government Coordinating Council, NPPD released guidance on what states and localities should do with their share of the $382 million from 2018 Help America Vote Act Security Fund, said Matt Masterson, NPPD senior cybersecurity advisor, during a June 12 Senate Judiciary Committee hearing. NPPD provided insights on where the money should be used to address risks in the election process. “We focused first on common IT vulnerabilities that exist across elections — things like patching, training for phishing campaigns as well as manpower,” Masterson said.

National: Democrats and Republicans split over using hacked material in campaigns | CyberScoop

Another Democrat-Republican feud is showing that when it comes to politically charged hacking, politics may not stop at the water’s edge. The divide is focused on whether political parties should be allowed to use insider information that’s provided by hackers; similar to what occurred at the state level in 2016. Last week, a Democratic lawmaker on the House Intelligence Committee introduced a bill that would punish federal candidates if they fail to notify the FBI whenever a suspected hacking group offers them political dirt. On Thursday, Rep. Eric Swalwell introduced the “Duty to Report Act.” The proposed law would make it a crime for campaign staffers to not tip the government off to certain suspected hacking activities.

National: Senators introduce election security amendment to defense bill | The Hill

Senators are trying to pass legislation aimed at securing U.S. election systems from cyberattacks by inserting the measure into annual defense policy legislation. Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.) have introduced a new version of the Secure Elections Act as an amendment to the National Defense Authorization Act (NDAA), which the upper chamber is poised to take up next week. The lawmakers, backed by a bipartisan group of co-sponsors, originally introduced the legislation last December amid rising fears over threats to voter registration databases and other digital systems as a result of Russian interference in the 2016 presidential election.

National: Web of elite Russians met with NRA execs during 2016 campaign | McClatchy

Several prominent Russians, some in President Vladimir Putin’s inner circle or high in the Russian Orthodox Church, now have been identified as having contact with National Rifle Association officials during the 2016 U.S. election campaign, according to photographs and an NRA source. The contacts have emerged amid a deepening Justice Department investigation into whether Russian banker and lifetime NRA member Alexander Torshin illegally channeled money through the gun rights group to add financial firepower to Donald Trump’s 2016 presidential bid. Other influential Russians who met with NRA representatives during the campaign include Dmitry Rogozin, who until last month served as a deputy prime minister overseeing Russia’s defense industry, and Sergei Rudov, head of one of Russia’s largest philanthropies, the St. Basil the Great Charitable Foundation. The foundation was launched by an ultra-nationalist ally of Russian President Putin.

National: Documents Show Political Lobbying in Census Question About Citizenship | The New York Times

Documents released in a lawsuit attempting to block the inclusion of a question about citizenship in the 2020 census show lobbying by anti-immigration hard-liners for the question’s inclusion, and resistance on the part of some census officials to asking it. The Kansas secretary of state, Kris W. Kobach, who has taken a strong position against illegal immigration and was appointed by President Trump to a now-defunct panel on voter fraud, had advocated to include the question directly with the secretary of commerce, Wilbur Ross, according to the documents. In a July 2017 email to an aide to Mr. Ross, Mr. Kobach said that he had reached out to the secretary a few months earlier “on the direction of Steve Bannon,” then the White House chief strategist.

National: Industry Report Cites Mounting Threats to Election Infrastructure | Bloomberg

U.S. election systems are increasingly at risk for cyberattacks ahead of the November midterms as Russia continues information operations to sow political division, according to cybersecurity firm FireEye Inc. State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyberespionage actors, the Milpitas, California-based company said in a recent report, outlining risks to voter registration, polling places and ballot submission systems. Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,” the report said.

National: Why Federal Agencies Face an Array of Cybersecurity Threats | FedTech

The federal government needs to take “bold” appraoches to increasing the cybersecurity of agencies, according to a report the White House released a report last week, which found serious deficiencies in the government’s risk management abilities. In the “Federal Cybersecurity Risk Determination Report and Action Plan,” the Office of Management and Budget and Department of Homeland Security determined that 71 of 96 agencies (74 percent) participating in a federal risk assessment process “have cybersecurity programs that are either at risk or high risk.” OMB and DHS also found that agencies are “not equipped to determine how threat actors seek to gain access to their information.” … Malicious software, or malware, is perhaps the oldest cybersecurity threat, with viruses and worms tracing their roots back to the 1980s. The authors of malware keep pace with improvements in security technologies, and in an ongoing cat-and-mouse game, go to great lengths to keep a foothold in upgraded operating systems and applications by developing stealthier and more effective malware.