National: Congress to receive classified briefing on election security Tuesday | The Hill

House Speaker Paul Ryan (R-Wis.) has rescheduled a briefing for Congress on election security, which will now be classified, for Tuesday morning. Top U.S. officials are expected to brief lawmakers behind closed doors on current threats and risks to the election process and efforts by the Trump administration to help state officials secure their digital voting assets from hackers. The briefing will take place at 8 a.m. and will be classified, according to an aide for Ryan. The briefing was originally expected to take place last Thursday and be unclassified but closed to the public.

National: We surveyed 100 security experts. Almost all said state election systems were vulnerable. | The Washington Post

We brought together a panel of more than 100 cybersecurity leaders from across government, the private sector, academia and the research community for a new feature called The Network — an ongoing, informal survey in which experts will weigh in on some of the most pressing issues of the field. (You can see the full list of experts here.) Our first survey revealed deep concerns that states aren’t prepared to defend themselves against the types of cyberattacks that disrupted the 2016 presidential election, when Russian hackers targeted election systems in 21 states.  “We are going to need more money and more guidance on how to effectively defend against the sophisticated adversaries we are facing to get our risk down to acceptable levels,” said one of the experts, Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus. Congress in March approved $380 million for all 50 states and five territories to secure their election systems, but Langevin says he wants more. He introduced legislation with Rep. Mark Meadows (R-N.C.) that would provide election security funding to states if they adhere to new federal guidelines for identifying weaknesses in their systems and auditing election results. “I hope Congress continues to work to address this vital national security issue,” Langevin said. 

National: Congress is offering millions in election security. States may not use it by November. | The Washington Post

States are now free to claim their shares of the hundreds of millions of dollars Congress set aside to secure election systems across the country. But for many states, getting their hands on the money – and deciding how to spend it – is easier said than done. In Minnesota, Secretary of State Steve Simon (D) told me he wants to use part of the $6.6 million in federal funds his state was awarded to hire three coders to immediately upgrade the state’s aging voter registration system. The clock is ticking: Minnesota was one of the 21 states that had election systems targeted by Russian hackers during the 2016 presidential race. With U.S. intelligence agencies warning the midterm elections are likely to be hit by another wave of cyberattacks, states are scrambling to secure their voting infrastructure by November. But Simon says he might not get the funds he needs in time. Under Minnesota law, only the Republican-controlled legislature can release that money — and local politics have left lawmakers in a stalemate over how to proceed. Right now, language to approve the funds is tucked in a spending bill the Democratic governor has threatened to veto for an array of unrelated issues. 

National: Just 13 States Have Requested Funds Congress Set Aside to Secure Election Systems | Gizmodo

Thirteen states have withdrawn a total of nearly $88 million from an election security fund established by Congress in March, but more than 75 percent of the funding has yet to be dispersed. The $380 million fund, established as part of Congress’ omnibus appropriations bill, is meant to aid state officials in securing and improving election systems, whether through technical upgrades, cybersecurity audits, or by replacing vulnerable paperless electronic voting machines with paper-based systems. Although it makes up only fraction of what some experts say is needed—the Center for American Progress, for example, has suggested $1.25 billion over a 10-year period, which is close to what Democrats pushed for in February—the funding will ostensibly go a long way toward ensuring the continuation of free and fair elections in the United States, namely by hardening certain systems against hackers who might seek to tamper with the results.

National: Trump Jr. and Other Aides Met With Gulf Emissary Offering Help to Win Election | The New York Times

Three months before the 2016 election, a small group gathered at Trump Tower to meet with Donald Trump Jr., the president’s eldest son. One was an Israeli specialist in social media manipulation. Another was an emissary for two wealthy Arab princes. The third was a Republican donor with a controversial past in the Middle East as a private security contractor. The meeting was convened primarily to offer help to the Trump team, and it forged relationships between the men and Trump insiders that would develop over the coming months — past the election and well into President Trump’s first year in office, according to several people with knowledge of their encounters. Erik Prince, the private security contractor and the former head of Blackwater, arranged the meeting, which took place on Aug. 3, 2016. The emissary, George Nader, told Donald Trump Jr. that the princes who led Saudi Arabia and the United Arab Emirates were eager to help his father win election as president. The social media specialist, Joel Zamel, extolled his company’s ability to give an edge to a political campaign; by that time, the firm had already drawn up a multimillion-dollar proposal for a social media manipulation effort to help elect Mr. Trump.

National: Election hacking puts focus on paperless voting machines | Associated Press

As the midterm congressional primaries heat up amid fears of Russian hacking, an estimated 1 in 5 Americans will be casting their ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say the lack of a hard copy makes it difficult to double-check the results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society. Georgia, which holds its primary on Tuesday, and four other states — Delaware, Louisiana, New Jersey and South Carolina — exclusively use touch-screen machines that provide no paper records that allow voters to confirm their choices.

National: Top Republican Senator Says ‘No Reason to Dispute’ That Russia Favored Trump | The New York Times

The Republican at the helm of the Senate’s investigation into Russian interference in the 2016 presidential election backed on Wednesday the assessment by American intelligence agencies that Moscow favored Donald J. Trump in the race, contradicting both the president and fellow Republicans in the House. Senator Richard M. Burr of North Carolina, the chairman of the Senate Intelligence Committee, said in a statement that he saw “no reason to dispute” the intelligence assessment, which was delivered in the final weeks of the Obama administration. Mr. Burr’s statement, while indirect, offered a clear rebuke to Mr. Trump’s most ardent supporters in the Republican Party and in the right-wing news media, who have sought to cast the assessment as the shoddy work of Obama loyalists bitter over Mr. Trump’s election victory. Russia’s only goal, those supporters have insisted, was to sow chaos, and thus it could not have colluded with a campaign it cared little about.

National: White House Eliminates Cybersecurity Coordinator Role | The New York Times

The White House eliminated the position of cybersecurity coordinator on the National Security Council on Tuesday, doing away with a post central to developing policy to defend against increasingly sophisticated digital attacks and the use of offensive cyber weapons. A memorandum circulated by an aide to the new national security adviser, John R. Bolton, said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team. Cybersecurity experts and members of Congress said they were mystified by the move, though some suggested Mr. Bolton did not want any competitive power centers emerging inside the national security apparatus. The decision was criticized by Mark R. Warner, a senator from Virginia and the ranking Democrat on the Senate Intelligence Committee. “I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats,” he wrote on Twitter.

National: Voting Info in Spanish Often Lost in Translation | WhoWhatWhy

Incorrect translations, hard-to-find details, gibberish, or sometimes no information at all. That’s what many Spanish-speaking American voters encounter when searching for online voting materials in Spanish. In most cities, counties, and states across the nation, there is no federal requirement to present information in anything other than English. But for 263 jurisdictions — the vast majority of which are counties — federal law requires that voter information be presented in a minority language, with Spanish being the most common. California, Texas, and Florida are the only states required to present statewide voter information in Spanish. WhoWhatWhy has examined a number of official government websites across the country, looking at how well English-language voter information is translated into Spanish, how often it’s done, and if there are any major discrepancies between the two. What we discovered is that translated material is often hard to find and sometimes is nonexistent. Also, much of what does exist is poorly translated. In a closely contested election, that could make all the difference. In some instances, certain information just doesn’t get included in Spanish.

National: Jigsaw’s Project Shield Will Protect Campaigns From Online Attacks | WIRED

With midterm elections looming and primaries already underway in many states, anxiety has been building over the possibility of cyberattacks that could impact voting. Though officials and election security researchers alike are adamant that voters can trust the United States election system, they also acknowledge shortcomings of the current security setup. Little time remains to meaningfully improve election security before the midterms. But Google parent company Alphabet’s experimental incubator Jigsaw announced on Tuesday that it will start offering free protection from distributed denial of service attacks to US political campaigns. DDoS attacks overload a site or service with junk traffic so that legitimate users can’t access it. For the last two years, Jigsaw’s Project Shield has focused on fighting DDoS where it might be used for censorship around the world, offering free defenses to journalists, small publications, human rights groups, and election board sites. Now, those tremendous resources and that technical expertise will extend to political campaigns.

National: Judge To Decide Fate Of Civil Lawsuit Alleging Trump Campaign Colluded With Russia | NPR

A federal judge is deciding whether to permit a lawsuit to go forward in which Democrats allege that Donald Trump’s campaign colluded with Russian government’s cyberattacks on the 2016 presidential election. The parties appeared in federal court in Washington, D.C., on Thursday. The three plaintiffs are represented by Protect Democracy, a watchdog group made up primarily of former Obama administration lawyers. Two of the plaintiffs, Eric Schoenberg and Roy Cockrum, had their Social Security numbers dumped online by WikiLeaks; a third plaintiff, former Democratic National Committee staffer Scott Comer, said that his sexual orientation and personal medical details were publicized due to the leak of private emails.

National: Mueller hands judge full memo detailing Russia probe scope | Politico

Special counsel Robert Mueller has provided a federal judge with an unredacted version of the Justice Department memo laying out the scope of his investigation and the potential crimes he’s authorized to pursue. However, the memo — long sought after by President Donald Trump’s allies on Capitol Hill, who regularly accuse Mueller of overstepping his bounds — remains classified and not public, leaving its details hidden. The document was filed as an “unredacted memorandum” under seal with the U.S. District Court’s Eastern District of Virginia, where Mueller is expected to try former Trump campaign chairman Paul Manafort on bank fraud charges.

National: Ryan to delay election security briefing, make it classified | The Hill

Speaker Paul Ryan (R-Wis.) has postponed a briefing for members of Congress on the security of U.S. voting systems so that it can be classified. The move comes after Democrats, including House Minority Leader Nancy Pelosi (D-Calif.), pressed GOP leadership to make the briefing classified so that officials could go into sufficient detail about the scope of the threat and the Trump administration’s efforts to protect digital election systems from hackers.  Sources told The Hill that the briefing, originally scheduled for Thursday evening, has been pushed back as a result of logistical issues that prevented it from being classified. GOP leadership is now working to reschedule the briefing.

National: Cambridge Analytica whistleblower says Bannon wanted to suppress voters | The Guardian

Former White House senior strategist Steve Bannon and billionaire Robert Mercer sought Cambridge Analytica’s political ad targeting technology as part of an “arsenal of weapons to fight a culture war”, according to whistleblower Christopher Wylie. “Steve Bannon believes that politics is downstream from culture. They were seeking out companies to build an arsenal of weapons to fight a culture war,” Wylie said, when asked why investors thought that the political consultancy’s efforts would work, targeting people based on psychological profiles and assessment of their personality. The pink-haired 28-year-old was appearing to give evidence on Capitol Hill for the first time since his decision to blow the whistle on the use of Facebook data by Cambridge Analytica set off shock waves that are still reverberating through Westminster, Washington DC and Silicon Valley.  During his testimony to the Senate judiciary committee, Wylie also confirmed that he believed one of the goals of Steve Bannon while he was vice-president of Cambridge Analytica was voter suppression. “One of the things that provoked me to leave was discussions about ‘voter disengagement’ and the idea of targeting African Americans,” he said, noting he had seen documents referencing this.

National: Homeland Security unveils new cyber security strategy amid threats | Reuters

The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities. “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS chief Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.” The announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.

National: Legislation would force Trump to fill vacant cyber post | Federal Times

Reps. Jim Langevin, D-R.I., and Ted Lieu. D-Calif., aim to mandate that the Trump administration fill its cyber coordinator position left vacant in the wake of Rob Joyce’s departurein early May 2018. The two congressmen introduced the Executive Cyberspace Coordination Act May 15, 2018, which would create a National Office for Cyberspace in the Executive Office of the President, cementing a new cyber advisory role within the White House into law. “We have had three excellent cybersecurity coordinators since the late Howard Schmidt originated the position. It is an enormous step backwards to deemphasize the importance of this growing domain within the White House,” Langevin said in a news release on the bill. “We need a designated expert to harmonize cyber policy across the many agencies in government with responsibility in this space. We also need clear communication of administration positions on cybersecurity challenges, whether during major incidents or when establishing norms of responsible state behavior in cyberspace.”

National: Google rolls out free cyberattack shield for elections and campaigns | CNET

For about an hour on the night of a primary election in May, residents in Knox County, Tennessee, couldn’t tell who was winning. Hackers had taken down the county’s election tracking website, crashing the page at 8 p.m., right as polls were closing. The county’s IT director, Dick Moran, said the website had seen “extremely heavy and abnormal network traffic.” Its mayor called for an investigation into the cyberattack. The incident showed all the signs of a distributed denial-of-service attack — when attackers flood a website’s servers with traffic until they can’t handle the incoming requests and crash. And it was just the kind of thing that Jigsaw, a tech incubator owned by Google’s parent company, Alphabet, wants to prevent. The company is already expecting even more DDoS attacks as Election Day in the US, on Nov. 6, draws closer. “We have seen that attacks spike in election cycles in different parts of the world,” said George Conard, a product manager for Jigsaw’s Project Shield.

National: Homeland Security unveils new cyber security strategy amid threats | Reuters

The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities. “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS chief Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.” The announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.

National: Can Government Protect Our Elections From Cyber-Hacking? | The National Memo

For five days in late March, the computers running most of Atlanta city government were frozen—shut down and held hostage by hackers who used ransomware, a pernicious way of extorting money. The attackers breached networks and hard drives. They locked up and encrypted the data. They changed file names to “I’m sorry” and gave its targets a week to pay with cyber currency. “We are dealing with a hostage situation,” Atlanta Mayor Keisha Lance Bottoms said at the time. That nightmarish scenario is exactly what the officials who run state and local elections are seeking to prevent in spring primaries and especially next fall’s general election: a widespread disruption of voting in key locales and races, where the process is held hostage as the press, candidates, supporters and public impatiently demand results.

National: Justice Department and F.B.I. Are Investigating Cambridge Analytica | The New York Times

The Justice Department and the F.B.I. are investigating Cambridge Analytica, the now-defunct political data firm, and have sought to question former employees and banks that handled its business, according to an American official and other people familiar with the inquiry. Prosecutors have questioned potential witnesses in recent weeks, telling them that there is an open investigation into Cambridge Analytica — which worked on President Trump’s election and other Republican campaigns in 2016 — and “associated U.S. persons.” But the prosecutors provided few other details, and the inquiry appears to be in its early stages, with investigators seeking an overview of the company and its business practices. The investigation compounds the woes of a firm that has come under intense scrutiny from lawmakers and regulators in the United States and Britain since The New York Times and Observer in London reported in March that it had harvested private data from more than 50 million Facebook profiles, and that it may have violated American election laws. This month, Cambridge Analytica announced that it would shut down and declare bankruptcy, saying that negative press and cascading federal and state investigations had driven away customers and made it impossible for the firm to remain in business.

National: Email No Longer a Secure Method of Communication After Critical Flaw Discovered in PGP | Gizmodo

If you use PGP or S/MIME for email encryption you should immediately disable it in your email client. Researchers have discovered a critical vulnerability they’re calling EFAIL that exposes the encrypted emails in plaintext, even for messages sent in the past. “Email is no longer a secure communication medium,” Sebastian Schinzel, a professor of computer security at Germany’s Münster University of Applied Sciences, told the German news outlet Süddeutschen Zeitun. The vulnerability was first reported by the Electronic Frontier Foundation (EFF) in the early hours of Monday morning, and details were released prematurely just before 6am ET today after Süddeutschen Zeitun broke a news embargo. The group of European researchers are warning people to stop using PGP entirely and say that, “there are currently no reliable fixes for the vulnerability.” You can read more about what the researchers are calling the EFAIL vulnerability at https://efail.de/.

National: Mueller’s Probe Is Even More Expansive Than It Seems | The Atlantic

FBI agents working for special counsel Robert Mueller allegedly detained a lawyer with ties to Russia who is closely associated with Joseph Mifsud, the shadowy professor who claimed during the election that Russia had “dirt” on Hillary Clinton. The revelation was made in a book co-written by that lawyer, Stephan Roh, and set to be published next month. “The Faking of RUSSIA-GATE: The Papadopoulos Case” is the latest in a stream of books aiming to capitalize on the chaos of this political moment. But it sheds new light on the expansive nature of Mueller’s investigation into Russia’s election interference and possible ties between President Donald Trump’s campaign team and Moscow. It also highlights Mueller’s interest in answering one of the probe’s biggest outstanding questions: whether the campaign knew in advance that Russia planned to interfere in the election.

National: Russian company charged in Mueller probe seeks grand jury materials | Reuters

A Russian company accused by Special Counsel Robert Mueller of funding a propaganda operation to interfere in the 2016 U.S. presidential election is asking a federal judge for access to secret information reviewed by a grand jury before it indicted the firm. In a court filing on Monday, lawyers for Concord Management and Consulting LLC said Mueller had wrongfully accused the company of a “make-believe crime,” in a political effort by the special counsel to “justify his own existence” by indicting “a Russian-any Russian.” They asked the judge for approval to review the instructions provided to the grand jury, saying they believed the case was deficient because Mueller lacked requisite evidence to show the company knowingly and “willfully” violated American laws.

National: Justice Department Official To Testify On Census Citizenship Question Request | NPR

The acting head of the Justice Department’s civil rights division, John Gore, has agreed to testify about why the department requested a controversial, new citizenship question to be added to 2020 census forms, according to a DOJ official and Amanda Gonzalez, a spokesperson for the chairman of the House Oversight and Government Reform Committee. Lawmakers were planning to issue a subpoena for Gore, who was a no-show after receiving an invitation to appear at the committee’s May 8 hearing about the upcoming national headcount. Gore has now “agreed to appear voluntarily” at a follow-up hearing on May 18, and was not served a subpoena, Gonzalez says.

National: The Facebook ad dump shows the true sophistication of Russia’s influence operation | The Washington Post

The massive trove of Facebook ads House Intelligence Committee Democrats released Tuesday provides a stunning look into the true sophistication of the Russian government’s digital operations during the presidential election. We’ve already heard a lot from the U.S. intelligence community about the hacking operation Russian intelligence services carried out against Democratic party computer networks to influence the election in favor of then-candidate Donald Trump. But this is the first time we have a swath of empirical and visual evidence of Russia’s disinformation campaign, in the form of more than 3,000 incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin.

National: Senate report on Russian hacking highlights threats to election tech vendors | CyberScoop

Lawmakers are concerned about a major blind spot in the government’s ongoing effort to protect U.S. elections from hackers. Agencies like the Homeland Security Department have little insight into the cybersecurity practices of election technology vendors. This lack of visibility opens the door to supply chain attacks, according to the Senate Intelligence Committee, which could be otherwise potentially detected or stopped by government cybersecurity experts. The Senate committee’s first installment of a larger report on Russian targeting of the 2016 presidential election was released late Tuesday night. It focuses on assessing the federal government’s response to security threats and provides recommendations for future elections.

National: U.S. Voting System Still Vulnerable To Cyberattacks 6 Months Before Election Day | NPR

As America heads toward the 2018 midterms, there is an 800-pound gorilla in the voting booth. Despite improvements since Russia’s attack on the 2016 presidential race, the U.S. elections infrastructure is vulnerable — and will remain so in November. Cybersecurity expert Bruce Schneier laid out the problem to an overflowing room full of election directors and secretaries of state — people charged with running and securing elections — at a conference at Harvard University this spring. “Computers are basically insecure,” said Schneier. “Voting systems are not magical in any way. They are computers.” Even though most states have moved away from voting equipment that does not produce a paper trail, when experts talk about “voting systems,” that phrase encompasses the entire process of voting: how citizens register, how they find their polling places, how they check in, how they cast their ballots and, ultimately, how they find out who won. Much of that process is digital.

National: States Await Election Security Reviews as Primaries Heat Up | Associated Press

With the midterm congressional primaries about to go into full swing, the Department of Homeland Security has completed security reviews of election systems in only about half the states that have requested them so far. The government’s slow pace in conducting the reviews has raised concerns that the nation’s voting systems could be vulnerable to hacking, especially after U.S. intelligence agencies warned that Russia plans to continue meddling in the country’s elections. Among those still waiting for Homeland Security to conduct a risk assessment is Indiana, one of four states with primaries on Tuesday. Its ballot includes several hotly contested races, including a Republican primary for U.S. Senate. Indiana Secretary of State Connie Lawson said she is confident state officials have done what they can to safeguard Tuesday’s voting, but acknowledged: “I’ll probably be chewing my fingernails during the entire day on Election Day.”

National: Six States Hit Harder By Cyberattacks Than Previously Known, New Report Reveals | NPR

Two years after Russia’s wave of cyberattacks against American democracy, a Senate committee investigating election interference says those hackers hit more states harder than previously thought. The committee also added that it still doesn’t know with complete certainty exactly how much of U.S. voting infrastructure was compromised. The report summary released this week by the Senate intelligence committee gives an overview of initial findings focused specifically on how Russian government operatives affected U.S. elections systems. The full report is undergoing a review to check for classified information.