National: Why Federal Agencies Face an Array of Cybersecurity Threats | FedTech

The federal government needs to take “bold” appraoches to increasing the cybersecurity of agencies, according to a report the White House released a report last week, which found serious deficiencies in the government’s risk management abilities. In the “Federal Cybersecurity Risk Determination Report and Action Plan,” the Office of Management and Budget and Department of Homeland Security determined that 71 of 96 agencies (74 percent) participating in a federal risk assessment process “have cybersecurity programs that are either at risk or high risk.” OMB and DHS also found that agencies are “not equipped to determine how threat actors seek to gain access to their information.” … Malicious software, or malware, is perhaps the oldest cybersecurity threat, with viruses and worms tracing their roots back to the 1980s. The authors of malware keep pace with improvements in security technologies, and in an ongoing cat-and-mouse game, go to great lengths to keep a foothold in upgraded operating systems and applications by developing stealthier and more effective malware.

National: ACLU Sues over Plans for Citizenship Question on 2020 Census | Associated Press

Civil rights lawyers sued the U.S. Commerce Department on Wednesday to try to stop plans to add a citizenship question to the 2020 census. The Manhattan federal court lawsuit on behalf of immigrants’ rights groups says racial animus was behind a recent announcement that the census will include a citizenship question for the first time since 1950. The lawsuit, filed by the American Civil Liberties Union and others, claims the question intentionally discriminates against immigrants and will increase fear in their communities. It alleges census participation will be depressed, diluting the economic and political power of residents.

National: Voters’ distrust of election security is just as powerful as an actual hack, officials worry | The Washington Post

As millions of people across the country vote in eight different primaries today, state officials are working hard to secure the elections from hackers. But officials say there’s a more pressing, albeit abstract, challenge: Keeping voters confident that their vote is safe. The U.S. intelligence community has concluded that a major goal of Russia’s campaign to interfere in the 2016 presidential election through cyberattacks on 21 states and national political organizations was to undermine public faith in the U.S. democratic process. By that count, election officials say, they’re already succeeding in this cycle — without breaching a single system. Just the fear of digital sabotage — and the perception that voting machines are hackable — is enough to scare voters into a lack of confidence in the democratic process, election officials lament.

National: DHS official: States will probably know first if malicious cyber-activity hits primaries | CyberScoop

The Department of Homeland Security is on standby to alert state officials about any malicious cyber-activity during Tuesday’s primary elections, but the states themselves will likely know first if something is amiss, Matthew Masterson, a senior cybersecurity adviser at DHS, told CyberScoop. With voters going to the polls in eight states, Tuesday’s primaries are a chance for DHS to test the communication protocols it has sought to ingrain in election personnel across the country. State officials, who generally have the best views of their networks, will flag potentially malicious activity for DHS, which can in turn alert other states, according to Masterson. “If we see or have information to suggest something is going on, we have the ability to immediately share it with the states,” he said in an interview. Ahead of the midterm elections, DHS has looked to “ramp up” its cyberthreat reports to state officials to get them information that is easily understood and not overly technical, Masterson added.

National: Election Assistance Commission says 26 states have received cybersecurity funding ahead of midterms | The Hill

The Election Assistance Commission (EAC) on Tuesday released a list of 26 states that have requested and received cybersecurity funding, money that aims to ensure state’s voting systems are properly secured ahead of the 2018 midterm elections. An EAC press release broke down which states have requested the cyber funds as well as how much they received. To date, these states have requested nearly $210 million in newly available funds, or about 55 percent of the total amount available. The funds were distributed under the Consolidated Appropriations Act of 2018, a bill passed by Congress that allocated $380 million in funds to the Help America Vote Act (HAVA).

National: Synack offers free penetration testing for election systems ahead of 2018 midterms | CyberScoop

One of the largest bug bounty firms in the business has launched an initiative that will allow states’ election officials to test the security of election systems ahead of the 2018 midterm elections. Redwood City, California-based Synack announced Tuesday its offering free crowdsourced remote penetration testing services to state and local governments until November. Synack co-founder Jay Kaplan told CyberScoop the idea came together after a series of meetings with government officials, including top executives at the Department of Homeland Security, that discussed how the private sector could be doing more to ward off digital meddling. After Synack’s services are completed, states and localities can harden their systems based on the test’s results.

National: In seconds, we faked our way into a political campaign, got unsecured voter data | Ars Technica

On Tuesday, polls will be open to voters in eight states, including California, which holds gubernatorial primaries among many other national, state, and local elections. Under California law (Section 2194 of the Election Code), voter data (name, address, phone, age, party affiliation) is supposed to be “confidential and shall not appear on any computer terminal… or other medium routinely available to the public.” However, there’s a big exception to that law: this data can be made available to political campaigns, including companies that provide digital analysis services to campaigns. In other words, candidates and their contractors can get voter data, but there’s little definition in the law about how those parties are required to be custodians of that data and how that data ought to be secured.

National: Are Tuesday’s primaries safe from hackers? A state-by-state election security breakdown | The Washington Post

Tomorrow is a big test for election security coast to coast, as eight states including California hold primaries in one of the most consequential voting days since the presidential election. It’s the largest block of states to do so before the November midterms, and election officials hope they have the right safeguards in place to stave off the kinds of cyberattacks that occurred in 2016. That year, Russian hackers targeted election systems in 21 states. “We’ve done everything that we could think of doing — not to just assess what happened in 2016 but to fortify our defenses,” California Secretary of State Alex Padilla told me.  “Cybersecurity concerns are equally top-of-mind in the primary as they are in November,” he said. “We’re not considered a swing state, but we’re still California and from a security standpoint a high-value target, so we’re taking it very seriously, to protect our election process and the integrity of elections.”

National: Intel officials warn of Russian cyberattacks as 7 states set to hold primaries | Washington Times

Candidates won’t be the only ones sweating the vote as California and six other states hold primaries Tuesday, as election security officials say they are bracing to see how their systems hold up against an expected wave of cyberattacks. U.S. intelligence agencies say Russian hackers tried to disrupt both the campaign and vote-counting in 2016 and that they fully expect another wave of online attacks this year. Hackers last month sabotaged an online debate among congressional candidates by streaming gay pornography. Federal officials say Russian hackers targeted election systems in 21 states two years ago, although no evidence surfaced that any result was corrupted by the incursions. Tuesday’s primaries will be the largest single block of states voting on one day ahead of November’s fiercely contested midterm elections and the largest election day since November 2016.

National: Bill Clinton: US should return to paper voting to stop election hacks | Business Insider

All US states should return to a paper ballot system because they were at too much risk from cyberterrorism, former President Bill Clinton has said. While it isn’t yet clear how much of the 2016 presidential election was compromised by cyberattacks, all US citizens should return to pen and paper to vote for now, the 42nd president told the BBC on Monday. “Until we get this straightened out, every state should go to some sort of paper ballot system,” Clinton said. He specifically cited Virginia’s decision last year to return to a paper ballot system, in which manual votes are counted and processed by electronic scanners.

National: New cybersecurity funding won’t make U.S. election technology less vulnerable | Axios

The recent $380 million of federal funding to replace paperless voting machinery and improve cybersecurity is desperately needed, but it is unlikely to ensure the long-term cybersecurity of U.S. election technology. The big picture: At best, the one-time spending will provide a catalyst for election organizations to gain basic cybersecurity competence. At worst, though, the money will be spent on discretionary purchases (e.g., digital pollbooks or new PC hardware) that only appear helpful and that, without proper security-centric integration, may increase the systems’ exposure to attacks.

National: Trump’s lack of cyber leader may make U.S. vulnerable | Politico

The absence of senior cybersecurity leaders in President Donald Trump’s administration may be leaving the United States more vulnerable to digital warfare and less prepared for attacks on election systems, according to lawmakers and experts worried about White House brain drain under national security adviser John Bolton. Both Republicans and Democrats are expressing concern that the White House is rudderless on cybersecurity at a time when hostile nations’ hackers are moving aggressively, inspiring fears about disruptive attacks on local governments, power plants, hospitals and other critical systems. POLITICO spoke with nearly two dozen cyber experts, lawmakers and former officials from the White House, the intelligence community and the departments of Justice, Homeland Security, Defense and State about Bolton’s decisions to oust the White House’s homeland security adviser and eliminate its cyber coordinator position. The overwhelming consensus is that Bolton’s moves are a major step backward for the increasingly critical and still-evolving world of cyber policy.

National: States Want Voters to Start Young | Associated Press

Since his 2012 election to the Washington state legislature, Rep. Steve Bergquist had been trying to persuade his colleagues to support a bill allowing 16- and 17-year-olds to pre-register to vote — and requiring schools to help get them on the rolls, a move the Democratic lawmaker was sure would improve voter turnout among young people when they turned 18. There was opposition and concern: Was it an unfair burden on schools? Did it open the registration and voting process up to fraud? And wasn’t it already pretty easy to register in Washington, which has a “motor voter” law, as well as registration by mail and online? So Bergquist used his experience as a former high school social studies teacher to his advantage. 

National: Here’s the Email Russian Hackers Used to Try to Break Into State Voting Systems | The Intercept

Just days the 2016 presidential election, hackers identified by the National Security Agency as working for Russia attempted to breach American voting systems. Among their specific targets were the computers of state voting officials, which they had hoped to compromise with malware-laden emails, according to an intelligence report published previously by The Intercept. Now we know what those emails looked like. An image of the malicious email, provided to The Intercept in response to a public records request in North Carolina, reveals precisely how hackers, who the NSA believed were working for Russian military intelligence, impersonated a Florida-based e-voting vendor and attempted to trick its customers into opening malware-packed Microsoft Word files.

National: New website is Russian op designed to sway U.S. voters, experts say | McClatchy

A new Russian influence operation has surfaced that mirrors some of the activity of an internet firm that the FBI says was deeply involved in efforts to sway the 2016 U.S. elections, a cybersecurity firm says. A website called usareally.com appeared on the internet May 17 and called on Americans to rally in front of the White House June 14 to celebrate President Donald Trump’s birthday, which is also Flag Day. FireEye, a Milpitas, Calif., cybersecurity company, said Thursday that USA Really is a Russian-operated website that carries content designed to foment racial division, harden feelings over immigration, gun control and police brutality, and undermine social cohesion. The website’s operators once worked out of the same office building in St. Petersburg, Russia, where the Kremlin-linked Internet Research Agency had its headquarters, said Lee Foster, manager of information operations analysis for FireEye iSIGHT Intelligence.

National: FBI’s Aristedes Mahairas: These nations pose biggest cyber risk to US | Business Insider

An FBI agent has mapped out the nation states that pose the biggest cyber threat to the US. Business Insider spoke to Aristedes Mahairas, a special agent in charge of the New York FBI’s Special Operations/Cyber Division, about the cybersecurity landscape in America. He said the US is always alive to threats from cyber criminals, cyber terrorists, and renegade hacktivists, but nation states are at the “very top” of the threat list. Mahairas said there has been a “significant increase in state-sponsored computer intrusions” over the past 12 years as it has become a potent way of unsettling an adversary alongside traditional espionage.

National: Ahead of November election, old voting machines stir concerns among U.S. officials | Reuters

U.S. election officials responsible for managing more than a dozen close races this November share a fear: Outdated voting machines in their districts could undermine confidence in election results that will determine which party controls the U.S. Congress. In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned, according to a Reuters analysis of data from six states and the Verified Voting Foundation, a non-political group concerned about verifiable elections. These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows. While something could go wrong in any of those districts, it is in the close elections where a miscount or a perception of a miscount matters most.

National: State Websites Are Hackable — And That Could Compromise Election Security | FiveThirtyEight

Not every election hack is a blockbuster — but even small-scale attacks on states’ cyber infrastructure have the potential for catastrophic effects. After receiving a tip from a small cyber firm called Appsecuri, FiveThirtyEight has confirmed that two states, Alabama and Nevada, had vulnerabilities that left them open to potential compromises of their state web presences. Earlier this month, Appsecuri approached FiveThirtyEight and said it found potential flaws on several states’ websites that would allow for information to be tampered with. It provided a number of vulnerabilities to FiveThirtyEight; FiveThirtyEight is only reporting those it could verify with the states affected.

National: State Election Systems Increasingly at Risk for Cyberattacks, FireEye Says | Bloomberg

U.S. election systems are increasingly at risk for cyberattacks ahead of the November midterms as Russia continues information operations to sow political division, according to cyber firm FireEye Inc. State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyber espionage actors, the Milpitas, California-based company said in a report Thursday, outlining risks to voter registration, polling places and ballot submission systems. Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,’’ the report said.

National: Trump claims, without evidence, that Mueller team plans to meddle in midterm elections | The Washington Post

President Donald Trump on Tuesday accused prosecutors working on the investigation into Russian interference in the 2016 election of planning to meddle in this year’s midterm elections, escalating his attack on the probe while offering no evidence to back up his assertion. In several morning tweets, Trump attempted to cast himself as the victim of a partisan assault, part of a pattern of political deflection in recent days where the president has made false or exaggerated statements in defending his policies or attacking his perceived enemies. Over the weekend, Trump blamed Democrats for his policy of separating migrant families at the border, falsely said that the New York Times made up a source for a story on negotiations between the United States and North Korea, and continued to claim that the FBI’s use of a source to interact with members of his 2016 election team was an attempt to spy on the campaign.

National: How has the Senate Intel committee stayed united on Russia probe? | USA Today

Congress’s last chance to tell Americans — in a bipartisan way — about Russia’s alleged interference in the 2016 election rests with 15 senators who meet twice a week behind closed doors. The Senate Intelligence Committee has become a rare symbol of unity on the divisive issue of Russia’s role in the presidential race — quite a feat for a panel with members ranging from conservative Trump ally Tom Cotton, R-Ark., to liberal Trump critic Kamala Harris, D-Calif. While bitter partisan fighting ripped apart the House Intelligence Committee and ended its Russia investigation in March with no agreement between Republicans and Democrats, the Senate panel managed to stay united.

National: Trump Asked Sessions to Retain Control of Russia Inquiry After His Recusal | The New York Times

By the time Attorney General Jeff Sessions arrived at President Trump’s Mar-a-Lago resort for dinner one Saturday evening in March 2017, he had been receiving the presidential silent treatment for two days. Mr. Sessions had flown to Florida because Mr. Trump was refusing to take his calls about a pressing decision on his travel ban.  When they met, Mr. Trump was ready to talk — but not about the travel ban. His grievance was with Mr. Sessions: The president objected to his decision to recuse himself from the Russia investigation. Mr. Trump, who had told aides that he needed a loyalist overseeing the inquiry, berated Mr. Sessions and told him he should reverse his decision, an unusual and potentially inappropriate request. Mr. Sessions refused.

National: Inside the Pro-Trump Effort to Keep Black Voters From the Polls | Bloomberg

Breitbart News landed an election scoop that went viral in August 2016: “Exclusive: ‘Black Men for Bernie’ Founder to End Democrat ‘Political Slavery’ of Minority Voters… by Campaigning for Trump.” If the splashy, counterintuitive story, which circulated on such conservative websites as Truthfeed and Infowars, wasn’t exactly fake news, it was carefully orchestrated. The story’s writer—an employee of the conservative website run by Steve Bannon before he took over Donald Trump’s campaign—spent weeks courting activist Bruce Carter to join Trump’s cause. He approached Carter under the guise of interviewing him. The writer eventually dropped the pretense altogether, signing Carter up for a 10-week blitz aimed at convincing black voters in key states to support the Republican real estate mogul, or simply sit out the election. Trump’s narrow path to victory tightened further if Hillary Clinton could attract a Barack Obama-level turnout. Bannon’s deployment of the psychological-operations firm Cambridge Analytica in the 2016 campaign drew fresh attention this month, when a former Cambridge employee told a U.S. Senate panel that Bannon tried to use the company to suppress the black vote in key states. Carter’s story shows for the first time how an employee at Bannon’s former news site worked as an off-the-books political operative in the service of a similar goal.

National: First Line of Defense in U.S. Elections Has Critical Weaknesses | Bloomberg

A software sensor with a knack for detecting intrusions like those from Russian hackers is being embraced by U.S. states determined to protect their election systems, though cybersecurity experts warn of the tool’s limits. The Department of Homeland Security is working with a growing number of state election officials to install “Albert sensors,” which detect traffic coming into and out of a computer network. The system can’t block a suspected attack, but it funnels suspicious information to a federal-state information-sharing center near Albany, New York, that’s intended to help identify malign behavior and alert states quickly. “Every sensor we’re able to add is another in what was previously a dark spot” that federal authorities “couldn’t see into,” said Brian Calkin, vice president of operations for the Multi-State Information Sharing and Analysis Center, the Homeland Security-funded group that created the sensor in 2010 and upgraded it in 2014.

National: Goofy, Elephant, Squid: How Political Gamesmanship Distorts Voters’ Power | The New York Times

They sound like possible program titles for the Cartoon Network: Goofy Kicking Donald Duck, The Earmuffs, The Broken-Winged Pterodactyl, The Upside-Down Elephant, The Fat Squid, A Steamed Crab Hit by a Mallet. Actually, they were the shapes some people saw when looking at federal and state legislative districts that had been gerrymandered to within an inch of their lives. For the record, Goofy was in Pennsylvania, the earmuffs in Illinois, the pterodactyl in Maryland, the elephant in Texas, and the squid and steamed crab in North Carolina. About all they had in common with cartoons was that critics dismissed these squiggly and lumpy legislative lines as loony tunes, and courts rejected some of them as unconstitutional. Gerrymandering — the manipulation of political boundaries by the party in office in hopes of ensuring its enduring primacy — is almost as old as the republic.

National: Supreme Court to rule soon on partisan gerrymander cases: Last, best chance for fair elections? | Salon

It’s almost decision day for partisan gerrymandering. Fewer than four weeks remain in this U.S. Supreme Court session, so rulings in two crucial cases from Maryland and Wisconsin will arrive sometime between this Tuesday and mid-June. There’s national momentum towards fair districts. Judges and citizens have been slowly fighting back against the most extreme partisan manipulations of the system. Rigged maps in Florida, Virginia, North Carolina, Texas, Wisconsin and Pennsylvania have been struck down. A bipartisan commission won an overwhelming victory in Ohio this month, and an even stronger commission seems likely to be on the ballot in Michigan this fall. Ballot initiatives have also advanced in Colorado, Utah, Missouri and Arkansas. Nevertheless, no one should expect a grand democracy-saving gesture from the Supreme Court. Yes, justices from across the court’s ideological spectrum have agreed that partisan gerrymandering is “distasteful.” They have expressed revulsion over naked power grabs, entrenched majorities insulated from the ballot box, and real fear that new technology and Big Data could make everything even worse when the next redistricting occurs after the 2020 census.

National: F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware | The New York Times

Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies. The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.

National: Election officials need more than just paper-based ballots to secure votes | StateScoop

Many experts on election security say the key to more secure ballots is to move away from electronic voting machines toward models that produce paper records of votes. But it takes more than just that, a former federal cybersecurity strategist said Wednesday at a conference for city and county officials. Mike Garcia, now a consultant with the Center for Internet Security, told the group of about 40 that attempts to undermine the U.S. electoral process are going to target more than just ballot boxes. “Voting machines aren’t the only place you can undermine the election process,” Garcia said at the Public Technology Institute event in Washington. “Adversaries are going to find weaknesses anywhere.”

National: Federal Election Commission Can’t Decide If Russian Interference Violated Law | NPR

As tech companies and government agencies prepare to defend against possible Russian interference in the midterm elections, the Federal Election Commission has a different response: too soon. The four commissioners on Thursday deadlocked, again, on proposals to consider new rules, for example, for foreign-influenced U.S. corporations and for politically active entities that don’t disclose their donors. “We have reason to think there are foreign actors who are looking for every single avenue to try and influence our elections,” said Commissioner Ellen Weintraub, a Democrat who offered two proposals for new regulations. Both proposals failed on partisan 2-2 votes.

National: The FBI is trying to thwart a massive Russia-linked hacking campaign | The Washington Post

U.S. law enforcement is trying to seize control of a network of hundreds of thousands of wireless routers and other devices infected by malicious software and under the control of a Russian hacking group that typically targets government, military and security organizations. In a statement issued late Wednesday, the Justice Department said the FBI had received a court order to seize a domain at the core of the massive botnet, which would allow the government to protect victims by redirecting the malware to an FBI-controlled server. The DOJ attributed the hacking campaign to the group known as Sofacy, also known as Fancy Bear. While the statement did not explicitly name Russia, Fancy Bear is the Russian military-linked group that breached the Democratic National Committee in the presidential election.