National: Congress isn’t happy with Trump’s cyber strategy. It wants a commission to help. | The Washington Post

Sen. Ben Sasse (R-Neb.) says the Trump administration needs to get serious about cyberdefense. And he’s taking some cues from history with the hope of kicking the administration into action. Tucked in a massive defense policy bill Congress appears poised to pass in the coming weeks is a measure from Sasse that would create a commission of top national security officials, lawmakers and experts to draw up a comprehensive cyberdefense strategy for the country. The proposal is based on the Project Solarium Commission, a Cold War effort President Dwight D. Eisenhower launched in the 1950s to counter the Soviet threat. It’s another way Congress is trying to force President Trump’s hand in developing a clear doctrine for how the United States responds to cyberthreats from nation states like Russia, which Trump refuses to unequivocally state interfered in the 2016 election. As Trump waffles on Russia’s interference in the election, and his White House sheds top cybersecurity talent, the measure would give Congress and its hand-picked experts a more direct role in steering the national discussion.

National: Trump to hold National Security Council meeting on election security Friday | The Washington Post

President Trump will convene a meeting Friday of the National Security Council on election security, a session that could include a discussion of possible Russian interference in November’s midterm elections, according to a White House official. In addition, national security adviser John Bolton plans to hold two NSC Principals Committee meetings this week, one Thursday on Iran and one Friday on North Korea, according to the White House official, who spoke on the condition of anonymity to discuss internal plans. Friday’s NSC meeting comes a week and a half after Trump’s summit with Russian President Vladi­mir Putin in Helsinki. Trump was roundly criticized for his comments at a news conference there siding with Putin — who has denied that Russia interfered in the 2016 U.S. presidential election — over U.S. intelligence agencies, which have concluded based on evidence that Russia did interfere. In the days that followed, Trump waffled between saying he has full faith in the U.S. intelligence agencies and casting doubt on Russia’s election interference. He tweeted last weekend that “it is all a big hoax.”

National: States and counties are not ‘sitting back’ on election cybersecurity, officials tell Congress | StateScoop

Four state, local and federal officials briefed members of Congress Tuesday on the need to increase cybersecurity around voting infrastructure, a task that grows more urgent for state and local governments as the November midterm elections approach. While the nearly three-hour hearing before the House Oversight Committee was frequently sidetracked by representatives’ diversions into topics including the investigation being conducted by Special Counsel Robert Mueller, federal agencies’ search rankings and President Donald Trump’s latest tweets, the witnesses also got a few words in about how ready election officials are to repel cyberattacks and how well states are partnering with the federal government to make voting more secure.

National: The White Hats in the War Against Election Meddling | Inc.com

The underlying mechanism of American democracy–the U.S. election system–has been under attack by foreign hackers. Special Counsel Robert Mueller last week indicted 12 Russian intelligence officers accused of interfering in the 2016 U.S. presidential election. While the Russians are charged with hacking the Democratic National Committee and Hillary Clinton’s campaign, the Department of Homeland Security found that hackers also targeted election systems in 21 states, including battleground states such as Pennsylvania, Virginia, and Florida. And while Congress approved $380 million in grant money for state election officials to upgrade their cybersecurity posture, many American states are ill- equipped to defend against cyberwar waged by nation states. That’s why Cloudflare, a San Francisco-based cybersecurity company, is offering its services free to state and county government websites that support elections, report election results, host voter registration services, and poll location information.

National: Officials push for more election security dollars | FCW

The federal government allocated $380 million to protect and improve election system security. In a June 24 House Oversight Committee hearing, officials and House Democrats made the case for a few dollars more. Thomas Hicks, commissioner of the Election Assistance Commission, confirmed that $335 million of the $380 million in the omnibus spending bill passed in March earmarked for election security assistance has been dispersed to states and that 100 percent of the funds have been requested. The remaining $45 million is expected to be distributed by next month.

National: Judiciary Democrats call for hearings on NRA’s role in Russia’s 2016 election meddling | The Hill

Two Democrats on the Senate Judiciary Committee are calling on the panel to examine whether top officials at the National Rifle Association (NRA) were aware of Russia’s attempts to contribute money to the Trump campaign through the gun rights group. Sens. Richard Blumenthal (Conn.) and Sheldon Whitehouse (R.I.) pressed Judiciary Chairman Chuck Grassley (R-Iowa) in a letter to hold public hearings on the matter, a request that comes after federal authorities indicted a Russian woman last week that they allege acted as a Kremlin agent. Maria Butina was indicted for allegedly working to advance Russia’s interests by cultivating relationships with Republican power players as well as infiltrating “organizations active in U.S. politics.”

National: Trump has now walked back his walk-back on U.S. intelligence and Russia | The Washington Post

Six days ago, President Trump held a news conference to walk back comments he made suggesting that he did not believe that Russian President Vladimir Putin oversaw a plan to interfere in the 2016 presidential election. “Let me be totally clear in saying that — and I’ve said this many times — I accept our intelligence community’s conclusion that Russia’s meddling in the 2016 election took place,” Trump said in that statement. Trump then said he realized, after seeing the backlash to his news conference, that one statement needed clarifying. That’s when he offered his now-infamous “double-negative” defense. “In a key sentence in my remarks, I said the word ‘would’ instead of ‘wouldn’t.’ . . . The sentence should have been, ‘I don’t see any reason why it wouldn’t be Russia.’ Sort of a double negative.” But on Sunday, he suggested that the investigation was “all a big hoax.”

National: New initiatives make voting more accessible to senior citizens | CS Monitor

Kathleen Henry, 80, wants all her neighbors to vote, even if they can’t drive, read, or remember as much anymore. Soon after the former civics teacher moved to the Greenspring retirement community here in 2003, she took a leading role in running the campus’s polling place and registering voters. Just this year, Ms. Henry said, she’s registered 72 residents as new voters. If a resident doesn’t have an up-to-date government form of identification – as is the case for 18 percent of citizens over 65 – Henry works to bring in a county official to take their picture to comply with Virginia’s voter ID law.

National: Commerce Secretary Grew Impatient Over Census Citizenship Question, Emails Reveal | NPR

A few months after he started leading the Commerce Department, Secretary Wilbur Ross became impatient. As a powerful decider for the U.S. census, he had a keen interest in adding a citizenship question to the 2020 census as soon as possible. “I am mystified why nothing [has] been done in response to my months old request that we include the citizenship question. Why not?” he wrote in a May 2017 email to two Commerce Department officials. The email was among the more than 2,400 pages of internal documents the Trump administration filed in federal courts Monday as part of the lawsuits against Ross’ addition of a controversial citizenship question to the 2020 census. NPR has filed Freedom of Information Act requests for similar documents. The court filing also includes census-related articles by NPR and other news organizations compiled by federal agency press offices. The Commerce Department and the Census Bureau are facing six lawsuits from more than two dozen states and cities, plus other groups, that want the question removed. 

National: The Midterm Elections Are Already Under Attack | WIRED

With primaries underway and less than four months to go until this year’s midterm elections, early signs of attack have already arrived—just as the US intelligence community warned. And yet Congress has still not done everything in its power to defend against them. At the Aspen Security Forum on Thursday, Microsoft executive Tom Burt said that phishing attacks—reminiscent of those carried out in 2016 against Hillary Clinton’s campaign—have targeted three midterm campaigns this year. Burt stopped short of attributing those efforts to Russia, but the disclosure is the first concrete evidence this year that candidates are being actively targeted online. They seem unlikely to be the last. “The 2018 midterms remain a potential target for Russian actors,” said Matt Masterson, a senior cybersecurity adviser to DHS, at a Senate hearing last week. “The risks to elections are real.”

National: Week Of Trump Reversals Puts 2018 Election Security In The Spotlight | NPR

With less than four months to go, how much are this year’s midterm elections at risk for the kind of interference sowed by Russia in 2016? It’s a question that’s coming up again after President Trump’s seemingly shifting positions this week about Russia’s responsibility for the interference in 2016, and after special counsel Robert Mueller’s recent indictments of 12 Russian intelligence officers accused of hacking the Democratic Party and state election computer networks. It would be “foolish” to think Russia is not trying to influence the 2018 elections, said Homeland Security Secretary Kirstjen Nielsen on Thursday at the Aspen Security Forum. “They have the capability and they have the will,” Nielsen also said. But two years after the first tendrils of the Russian influence and disruption campaign were detected, the U.S. response remains incomplete because of partisan politics, bureaucratic confusion and differing priorities among state and local governments.

National: Russian firm indicted in special counsel probe cites Kavanaugh decision to argue that charge should be dismissed | The Washington Post

A Russian company accused by special counsel Robert S. Mueller III of being part of an online operation to disrupt the 2016 presidential campaign is leaning in part on a decision by Supreme Court nominee Brett M. Kavanaugh to argue that the charge against it should be thrown out. The 2011 decision by Kavanaugh, writing for a three-judge panel, concerned the role that foreign nationals may play in U.S. elections. It upheld a federal law that said foreigners temporarily in the country may not donate money to candidates, contribute to political parties and groups, or spend money advocating for or against candidates. But it did not rule out letting foreigners spend money on independent advocacy campaigns. Kavanaugh “went out of his way to limit the decision,” said Daniel A. Petalas, a Washington lawyer and former interim general counsel for the Federal Election Commission.

National: Justice Department plans to alert public to foreign operations targeting U.S. democracy | The Washington Post

he Justice Department plans to alert the public to foreign operations targeting U.S. democracy under a new policy designed to counter hacking and disinformation campaigns such as the one Russia undertook in 2016 to disrupt the presidential election. The government will inform American companies, private organizations and individuals that they are being covertly attacked by foreign actors attempting to affect elections or the political process. “Exposing schemes to the public is an important way to neutralize them,” said Deputy Attorney General Rod J. Rosenstein, who announced the policy at the Aspen Security Forum in Colorado. Rosenstein, who has drawn President Trump’s ire for appointing a special counsel to probe Russian election interference, got a standing ovation.“The American people have a right to know if foreign governments are targeting them with propaganda,” he said.

National: Microsoft discloses first known hacking attempts in midterm elections | The Hill

Microsoft disclosed Thursday that it identified and helped thwart hacking attempts on three congressional candidates earlier this year, marking the first publicly known hacking efforts targeting candidates in the 2018 midterm elections. “Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections,” he added. Burt said that Microsoft and the government were able to take the domain down and block the phishing messages.

National: Justice Department unveils strategy to fight election meddling, cybercrime | Politico

The Justice Department on Thursday issued a wide-ranging report describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks. Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling. “That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it,” Deputy Attorney General Rod Rosenstein said in unveiling the report at the Aspen Security Forum.

National: How is it even possible that most state election offices are still security nightmares? | BGR

Well, this is reassuring. The midterms are almost upon us, the country is still reeling from the revelations associated with hackers meddling in the 2016 presidential election. And, somehow, most states still have glaring security holes in their election offices that will probably stay that way through the midterms. That’s according to a new report from Politico, which found via a survey of all 50 states that few are planning to shore up their systems before November. Even after getting their share of $380 million in funding Congress appropriated for election security in March. “Only 13 states said they intend to use the federal dollars to buy new voting machines,” Politico reports. “At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.

National: Why security company Cloudflare is protecting U.S. election sites for free | Fast Company

Whatever President Trump says or un-says, it’s clear that election authorities in the U.S. and around the world have faced and will continue to face an onslaught of hacking attacks. While it’s unclear if hackers have been able to actually manipulate vote tallies, anyone from a Russian agent to a “400-pound” hacker sitting on his bed can easily seed mayhem and doubt by knocking voter registration sites offline or posting forged announcements of election results. Now San Francisco-based cloud security provider Cloudflare is offering a free service, called the Athenian Project, to any U.S. election authority for the 2018 polls. About 70 agencies, including 10 state election authorities as well as county- and city- level bodies have signed up, the company announced today. (If other companies are also providing pro-bono election security services, please let me know!) Cloudflare CEO Matthew Prince acknowledges that these are just a “drop in the bucket” out of the over 8,500 election authorities in the US, and he said that any other ones are welcome to join.

National: “Don’t count Russia out,” experts warn on election hacking amid relative calm | Fast Company

As the 2018 midterm election season heats up across the country, U.S. government officials say they’ve yet to see digital attacks by Russia on the scale of the 2016 presidential election–but cybersecurity experts warn that it’s too early to tell, noting that it’s still early in the election cycle. “Right now, there are no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016,” Homeland Security Secretary Kirstjen Nielsen told the National Association of Secretaries of State on Saturday.

National: New voting machines are important, but here are three other ways states are investing in election security | StateScoop

In the past eight days, federal officials — including Dan Coats, the director of national intelligence; Kirstjen Nielsen, the homeland security secretary; and Christopher Krebs, the homeland security undersecretary for cybersecurity — have warned that the Russian hackers who attempted to meddle in the 2016 election are on the prowl again. Depending on who you ask, state election officials are either implementing sweeping new security measures or making minimal progress in safeguarding voters ahead of this November’s general election. Every state has claimed its piece of the $380 million the federal Election Assistance Commission offered for new security measures, and several states’ top election officials have told Congress they’re using the money to harden the firewalls around their voter registration files and to replace antiquated ballot equipment with new machines that offer paper records.

National: Who Should Foot the Bill for a Secure Election System? | The Fiscal Times

In a party-line vote, House Republicans on Thursday blocked a Democratic effort to boost election security funding. The vote was on a procedural motion by Democrats intended to add $380 million for state election security grants in 2019 to a larger spending package. That spending legislation, which includes nearly $59 billion for the Interior Department, Environmental Protection Agency and Treasury Department, was approved, 217-199. Democratic lawmakers chanted “USA! USA!” on the House floor as they sought to support the bill, but Republicans insisted that those grants do not need additional funding given that as states have not yet used up all the money previously allocated to the program. “Over the past decade you’ve seen billions of dollars funded, by Republicans and Democrats, in our bipartisan appropriations each year to do exactly that, secure elections here at home,” House Ways and Means Committee Chairman Kevin Brady (R-TX) said, according to The Washington Post.

National: States slow to prepare for hacking threats | Politico

U.S. intelligence officials and security experts have spent years urging states to shore up their elections’ digital defenses, and the latest indictments from special counsel Robert Mueller drew fresh attention to Russia’s cyberattacks on the 2016 presidential election. But less than four months before the midterm elections that will shape the rest of Donald Trump’s presidency, most states’ election offices have failed to fix their most glaring security weaknesses, according to a POLITICO survey of all 50 states. And few states are planning steps that would improve their safeguards before November, even after they receive their shares of the $380 million in election security funding that Congress approved in March. Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.

National: Yes, The Midterms Will Be Hacked – It’s only a question of how, when — and whether we’ll notice | Weekly Standard

Election meddling may not have been the foremost matter on the president’s mind during his hours-long one-on-one with Vladimir Putin in Helsinki, where Putin publicly denied the findings of American intelligence and Trump didn’t disagree. But Moscow’s interference in our national parties, political campaigns, state election boards, and voter registration software have dominated discussions at state elections meetings and in Washington since 2016. After more than a dozen congressional hearings on the subject, a special DHS commission to monitor election security state-by-state, and one $380-million slice of the omnibus later, are our election systems ready to fight off foreign interference in the midterms? The movement to replace every last highly hackable touch-screen voting machine with a less corruptible one that leaves a paper trail has new momentum, thanks to an influx of federal dollars and a loss of public faith in the integrity of our elections systems. “There’s been an attitude shift,” says Lawrence Norden, of NYU Law School’s Brennan Center. But it’s not enough to fix the problem that makes us vulnerable to the persistent threat of election tampering by Russia or perhaps other nefarious actors. National meetings of secretaries of state—like the one this weekend—and other elections directors’ gatherings have all made “cyber hygiene” a topmost priority, Norden said, “Whereas, in the past a lot of people thought of the need for protection against these threats and the warnings about them as hypothetical and exaggerated.”

National: While Trump Reverses on Election Meddling, States Work to Prevent a ‘Digital Watergate’ | Governing

Many of the nation’s secretaries of state were meeting in Philadelphia with federal Department of Homeland Security (DHS) officials about election security last Friday when news broke that a dozen Russian agents had been indicted for interfering with the 2016 election. “Obviously, this is on the forefront of our minds,” says Vermont Secretary of State Jim Condos, who attended the meeting. “All 50 states and territories are focused on security.” But the indictments aren’t the only bit of troubling news election officials have received in recent days. Last week, Maryland officials announced that the FBI had informed them that ByteGrid LLC, an election vendor that handles the state’s voter registration, election management and election night results sites, is financed by a fund whose manager is Russian and whose top investor is a Russian oligarch. Over the weekend, a Russian woman named Maria Butina was arrested and appeared in court Monday on charges that she was a Kremlin agent who worked to infiltrate the National Rifle Association and other conservative groups in an effort to influence U.S. politics.

National: House GOP refuses to renew election security funding as Democrats fume over Russian interference | The Washington Post

“Maybe the special counsel will announce something in two weeks: ‘Oh, here’s what the Russian indictments really are.’ If we learn something, authorizing committees will come right back to it and we’ll go to it,” Sessions said. “But there is no new data or information, it’s at the end of 3½ billion dollars, and there are no requests.” Democrats dismissed the Republicans’ explanations, saying the need for election security funding has never been clearer in the wake of Trump’s summit with Putin, where the president appeared to give credence to Putin’s assertion that Russia did not interfere in the 2016 election, despite the conclusion of U.S. intelligence agencies that he did. The controversy was inflamed anew Wednesday when Trump appeared to declare that Russia was no longer targeting the United States, contrary to the assertions of the intelligence community — although the White House later said the president was just saying “no” to further questions from the press.

National: Election security bill picks up new support in Senate | The Hill

A legislative proposal aimed at securing U.S. election systems from cyberattack is picking up additional support in the Senate as lawmakers grapple with how to respond to Russian election interference. The bill, spearheaded by Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.), is designed to help states upgrade their digital voting systems and boost information sharing between state and federal officials on potential cyber threats to U.S. elections. The bill picked up new cosponsors in Sens. Mike Rounds and Bill Nelson (D-Fla.), the bipartisan leaders of the Senate Armed Services cyber subcommittee, on Tuesday. Lankford is also hoping that Special Counsel Robert Mueller’s recent indictment of 12 Russian intelligence officers for launching cyberattacks in an effort to interfere with the 2016 election will add more urgency to passing the bill.

National: Thousands of US voters’ data exposed by robocall firm | ZDNet

Another cache of US voter data has leaked. A Virginia-based political campaign and robocalling company, which claims it can “reach thousands of voters instantly,” left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password. The bucket contained close to 2,600 files, including spreadsheets and audio recordings, for several US political campaigns. Kromtech Security’s Bob Diachenko, who discovered the exposed data and blogged his findings, shared prior to publication several screenshots of data, packed with voters’ full names, home addresses, and political affiliations.

National: Trump’s intel chiefs fight Russia’s election interference — with or without him | The Washington Post

President Trump’s top intelligence and national security officials are forging ahead with plans to disrupt any Russian interference ahead of the 2018 midterms. But they may be going it alone following Trump’s performance this week at the summit with Russian President Vladimir Putin in Helsinki. Just hours after Trump cast doubt on his own country’s conclusions about Moscow’s 2016 election interference at Monday’s presser, Director of National Intelligence Daniel Coats said the intelligence community “will continue to provide unvarnished and objective intelligence in support of our national security.”  And on Tuesday, the day after Trump suggested he believed Putin’s denials, my colleague Ellen Nakashima reported that the National Security Agency is partnering with the military’s cyberwarfare arm to counter threats from Moscow going into November. “Trump will keep waffling on Russia’s role in the 2016 election. If Russia interferes again, the national security agencies will have no problem running their past playbook: Name and shame, indict, and sanction,” said Stewart Baker, a former Department of Homeland Security assistant secretary and former general counsel for the NSA. But, he added, “the agencies are going to have to get White House approval for anything more, and I’m guessing the president won’t grant it.”

National: ES&S Admits It Installed Remote-Access Software on Systems Sold to States | Motherboard

The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them. The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,” the spokesperson said.

National: ES&S Admits Installing Remote-Access Software on State Voting Systems | ExtremeTech

In February 2018, Election Systems and Software told the press that it had never installed remote-access software in any of the e-voting systems it has sold in the various US states or to local governments. In April, the company told Senator Ron Wyden’s office (D-OR), that it had sold pcAnywhere remote connection software “to a small number of customers between 2000 and 2006.” The good news about this disclosure is that the systems in question have all been retired and are no longer in use across the United States. But the fact that this happened in the first place, combined with ongoing warnings about the generally poor state of e-voting security, speaks to the depth and breadth of the issues facing the United States’ e-voting system as the 2018 midterm election approaches. The fact that ES&S lied about its own previous behavior to the public until pressured by Senator Wyden’s office says little good about the civic responsibility these companies feel towards ensuring that voting is handled safely. It’s important — just not as important as minimizing any hint of corporate liability.

National: The Biggest Spender of Political Ads on Facebook? President Trump | The New York Times

It’s official: President Trump is the single biggest political advertiser on Facebook. Mr. Trump and his political action committee spent $274,000 on ads on the social network since early May, outpacing the second-biggest spender, Planned Parenthood Federation of America, a nonprofit organization that provides reproductive health care. Planned Parenthood spent just over $188,000 on Facebook ads over the same period. The ads bought by Mr. Trump and his PAC were also seen the most by Facebook’s users, having been viewed by at least 37 million people since May. That compared with 24 million people who saw the second-most viewed group of political ads, which were also from Planned Parenthood.