National: The McCaskill Hack May Have Been Averted, But Cybersecurity Gaps Remain on Capitol Hill | Government Technology

That could mean the money Congress poured into improved training and a more robust information security posture for staff is working. But the legislative branch is still playing catch up to get ahead of threats. McCaskill’s staff may have been better prepared than others on Capitol Hill. She has advocated improved information security fluency and, as the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, she has pushed for a more robust information security workforce. The House mandated information security training for all employees in early 2015. All staffers who have a House network username and password must complete annual training.

National: DHS launches a new cyber hub to coordinate against threats to US infrastructure | TechCrunch

Among the many things the current administration has been criticized for is its lack of a unified strategy to combat cyber threats, especially in light of ongoing election interference and psy ops perpetrated by Russia. The Department of Homeland Security is advancing the ball with the creation of the National Risk Management Center, intended on protecting critical infrastructure from attacks and subversion by online adversaries. The NRMC was announced today at a cyber summit in New York held by the agency, where DHS Secretary Kirstjen Nielsen explained the purpose and justification for this new entity. Remarkably, she directly contradicted the ongoing soft-pedaling by the Executive of Russian operations targeting the country. “Let me be clear: Our intelligence community had it right. It was the Russians. It was directed from the highest levels. And we cannot and will not allow it to happen again,” she said.

National: The 2020 Census Is in Trouble | The Atlantic

Nobody will write songs about the census. Among the fabled pillars underpinning the country’s democracy, the great American head count is often relegated to a dusty corner. In the nine interstitial years between each tally, analysis and development of a more perfect instrument take place mostly hidden from public view. There have been only 22 U.S. censuses—Presidents Ronald Reagan, John F. Kennedy, Abraham Lincoln, and Thomas Jefferson never administered one—but the rarity of the event has not assigned it a special blue-moon-like significance among the public. For most people, the census is a vague, decennial annoyance, nothing more. But the census is vital to the country’s functioning. It’s not just a count of all households or a measure of American characteristics. It’s also an augur of political, economic, and cultural forces—a predictor and an allocator of power. In times of social upheaval—between political parties, whites and nonwhites, urban and rural areas, economic elites and the working class—the census can function almost like an umpire. And today, when each of these intertwined conflicts is escalating, the incentive and ambition for working the ref are greater than they’ve ever been.

National: Pence says ‘Russia meddled’ in 2016 elections, explains security plans | CNBC

Vice President Mike Pence described several new initiatives meant to prevent cyberattacks against U.S. elections systems on Tuesday. The Federal Bureau of Investigation has formed a foreign influence task force, he said, aimed at investigating sources of nation-state backed election influence. DHS has launched the elections information sharing and analysis center, which includes participation from U.S. secretaries of state with the goal of sharing threat information to "help prevent attacks before they happen." Pence said the moves would "elevate American security."

National: The fight over election security comes to the Senate floor | The Washington Post

The Senate could be headed for a showdown this week over funding for state election security. Democrats are pushing for a floor vote on an amendment that would set aside an additional $250 million in grants for states to upgrade their voting systems and make other improvements. But they face firm opposition from Republicans, who say the initial round of funding Congress provided states earlier this year is sufficient. A similar amendment was rejected by the House two weeks ago in a party-line vote. Election security funding is fast emerging as a political hill Democrats are willing to die on. Although the amendment is unlikely to pass in the GOP-controlled Senate, Democrats can use it to hammer President Trump at a time when the White House is frantically trying to patch up the damage from his recent flip-flopping on the threat from Russia. Democrats are also hoping that a floor fight over the merits of grant money could make Republicans look like they’re standing in the way of resources state officials say they need to protect the vote. Whether that will help Democrats come November is unclear, but public polling has showed strong majorities of Americans want to see more action from the administration on election security.

National: A Census Question That Could Change How Power Is Divided in America | The New York Times

A citizenship question on the 2020 census has already drawn challenges from states that fear an undercount of immigrants and a loss of federal funds. But demographers say there could be even deeper consequences: The question could generate the data necessary to redefine how political power is apportioned in America. Republicans officials, red states and conservatives behind a series of recent court cases have argued that districts historically allotted based on total population unfairly favor states and big cities with more undocumented immigrants, tilting power from states like Louisiana and Montana to California and New York. Congressional seats and state legislative districts should equally represent citizens or eligible voters, they say, not everyone.

National: How the Russian government used disinformation and cyber warfare in 2016 election – an ethical hacker explains | phys.org

The Soviet Union and now Russia under Vladimir Putin have waged a political power struggle against the West for nearly a century. Spreading false and distorted information – called "dezinformatsiya" after the Russian word for "disinformation" – is an age-old strategy for coordinated and sustained influence campaigns that have interrupted the possibility of level-headed political discourse. Emerging reports that Russian hackers targeted a Democratic senator's 2018 reelection campaign suggest that what happened in the lead-up to the 2016 presidential election may be set to recur. As an ethical hacker, security researcher and data analyst, I have seen firsthand how disinformation is becoming the new focus of cyberattacks. In a recent talk, I suggested that cyberwarfare is no longer just about the technical details of computer ports and protocols. Rather, disinformation and social media are rapidly becoming the best hacking tools. With social media, anyone – even Russian intelligence officers and professional trolls – can widely publish misleading content. As legendary hacker Kevin Mitnick put it, "it's easier to manipulate people rather than technology."

National: Voting-machine makers are already worried about Defcon | Engadget

Last year, Defcon's Voting Village made headlines for uncovering massive security issues in America's electronic voting machines. Unsurprisingly, voting-machine makers are working to prevent a repeat performance at this year's show. According to Voting Village organizers, they're having a tough time getting their hands on machines for white-hat hackers to test at the next Defcon event in Las Vegas (held in August). That's because voting-machine makers are scrambling to get the machines off eBay and keep them out of the hands of the "good guy" hackers. Village co-organizer Harri Hursti told attendees at the Shmoocon hacking conference this month they were having a hard time preparing for this year's show, in part because voting machine manufacturers sent threatening letters to eBay resellers. The intimidating missives told auctioneers that selling the machines is illegal -- which is false.

National: Russians Are Targeting Private Election Companies, Too — And States Aren’t Doing Much About It | FiveThirtyEight

The American election system is a textbook example of federalism at work. States administer elections, and the federal government doesn’t have much say in how they do it. While this decentralized system has its benefits, it also means that there’s no across-the-board standard for election system cybersecurity practices. This lack of standardization has become all the more apparent over the past two years: Hackers probed 21 state systems during the lead-up to the 2016 election and gained access to one. But the federal government and states don’t appear to have made great strides to ensure that this doesn’t happen again. To do so, they’d need to deal with not only their own cybersecurity deficits but also those of the private companies that help states administer elections.

National: Trump admin has no central strategy for election security, and no one’s in charge | NBC

After nearly two years of calling Russian election interference a hoax and its investigation a witch hunt, President Donald Trump on Friday presided over the first National Security Council meeting devoted to defending American democracy from foreign manipulation. "The President has made it clear that his administration will not tolerate foreign interference in our elections from any nation state or other malicious actors," the White House said in a statement afterward. But current and former officials tell NBC News that 19 months into his presidency, there is no coherent Trump administration strategy to combat foreign election interference — and no single person or agency in charge.

National: Russian Hackers Targeted The Most Vulnerable Part Of U.S. Elections. Again. | NPR

When Russian hackers targeted the staff of Sen. Claire McCaskill, D-Mo., they took aim at maybe the most vulnerable sector of U.S. elections: campaigns. McCaskill's Senate staff received fake emails, as first reported by The Daily Beast, in an apparent attempt by Russia's GRU intelligence agency to gain access to passwords. McCaskill released a statement confirming the attack but said there is no indication the attack was successful. "Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable," McCaskill said. "I will not be intimidated. I've said it before and I will say it again, Putin is a thug and a bully."

National: Jeanne Shaheen: Senators targeted in “widespread” hacking attempts by Russia | CBS

Amid ongoing concern over continued efforts by Russian hackers to infiltrate U.S. election systems, Democratic Sen. Jeanne Shaheen of New Hampshire says that her office has been the subject of at least one phishing attack targeting email accounts and social media profiles. Shaheen's experience comes after fellow Democratic Sen. Claire McCaskill of Missouri said that Russian hackers tried unsuccessfully to infiltrate her office's computer network. Shaheen worries that the issue is more widespread than many think. "There has been one situation that we have turned over to authorities to look into, and we're hearing that this is widespread, with political parties across the country, as well as with members of the Senate," Shaheen told "Face the Nation" on Sunday. 

National: How they did it (and will likely try again): GRU hackers vs. US elections | Ars Technica

In a press briefing just two weeks ago, Deputy Attorney General Rod Rosenstein announced that the grand jury assembled by Special Counsel Robert Mueller had returned an indictment against 12 officers of Russia's Main Intelligence Directorate of the Russian General Staff (better known as Glavnoye razvedyvatel'noye upravleniye, or GRU). The indictment was for conducting "active cyber operations with the intent of interfering in the 2016 presidential election." The filing [PDF] spells out the Justice Department's first official, public accounting of the most high-profile information operations against the US presidential election to date. It provides details down to the names of those alleged to be behind the intrusions into the networks of the Democratic National Committee and the Democratic Congressional Campaign Committee, the theft of emails of members of former Secretary of State Hillary Clinton's presidential campaign team, and various efforts to steal voter data and undermine faith in voting systems across multiple states in the run-up to the 2016 election.

National: Despite Trump’s assurances, states struggling to protect 2020 election | Politico

President Donald Trump on Friday promised an intense, “whole-of-government” focus on securing the nation’s elections from cyberattacks — but a POLITICO survey of states finds ample reasons to worry about both this year’s midterms and 2020. Only 14 states plus Washington, D.C., say they plan to replace their voting machines in time for the next presidential election using their shares of the $380 million in election technology funding that Congress approved in March, according to POLITICO’s survey of election agencies nationwide. At least seven other states have paid for new voting equipment with other money. But 21 states either have decided not to upgrade their machines or are unsure of their plans — with some saying they would need much more federal aid to swap out their equipment.

National: Lacking direction from White House, intelligence agencies scramble to protect midterm elections from hackers | CNN

With the midterm election only a few months away, government officials working to counter election interference from Russia have been operating with no strategy from the top, including from President Donald Trump's fractured National Security Council, leaving each agency to fend for itself without White House support or direction, according to lawmakers and national security officials who spoke with CNN. On Friday, following bipartisan criticism about the White House's focus on pressuring Russia on election interference, Trump is expected to convene a meeting of the NSC to discuss election interference efforts where high-ranking officials including Secretary of State Mike Pompeo are expected to attend. Further details, including Trump's planned remarks, weren't available.
Defense of America's electoral system has traditionally centered around the security of election infrastructure, like voting machines and voter rolls. However, as indictments from special counsel Robert Mueller allege, Russian operatives also seek to exploit weaknesses in the cyber infrastructure of individual political campaigns, while weaponizing social media platforms to spread targeted disinformation.

National: We have the first documented case of Russian hacking in the 2018 election | Vox

Russia is already trying to hack the 2018 midterm elections, going after Sen. Claire McCaskill (D-MO), one of the most vulnerable Senate Democrats up for reelection this year. That’s the key takeaway from a piece published Thursday afternoon by the Daily Beast. Reporters Andrew Desiderio and Kevin Poulsen used a combination of court records and internet sleuthing to identify that malicious emails to a McCaskill aide were sent from a server that likely belongs to Fancy Bear, the same Russian intelligence group that did the 2016 hacks. The attack, launched in the second half of last year, seems to have failed. The evidence in the Daily Beast piece that this attack was launched by Russians is reasonably compelling. If it’s correct, then this is the first publicly identified case of Russian interference in a specific 2018 election campaign.

National: Devin Nunes calls for ban on electronic voting systems | The Washington Examiner

House Intelligence Committee Chairman Devin Nunes wants to ban electronic voting systems, calling them “really dangerous.” "The one thing we've been warning about for many, many years on the intelligence committee is about the electronic voting systems," Nunes, R-Calif., told Hill.TV's Buck Sexton. "Those are really dangerous in my opinion, and should not be used. In California … at least in the counties that I represent, they do not use an electronic system," he added.

National: Russian Hackers’ New Target: a Vulnerable Democratic Senator | Daily Beast

The Russian intelligence agency behind the 2016 election cyberattacks targeted Sen. Claire McCaskill as she began her 2018 re-election campaign in earnest, a Daily Beast forensic analysis reveals. That makes the Missouri Democrat the first identified target of the Kremlin’s 2018 election interference. McCaskill, who has been highly critical of Russia over the years, is widely considered to be among the most vulnerable Senate Democrats facing re-election this year as Republicans hope to hold their slim majority in the Senate. In 2016, President Donald Trump defeated Hillary Clinton by almost 20 points in the senator’s home state of Missouri.

National: Partisan clash over election system security looming in Senate | The Virginian Pilot

A partisan clash over Russian hacking of state elections systems appears to be coming to a head in the Senate, where a provision to add $250 million to a four-bill spending package for states to beef up election system security may be headed for a floor vote. Democrats are using an announcement from the Election Assistance Commission and President Donald Trump’s comments in Helsinki, Finland, on July 16 to pressure Republicans to allow a floor vote on Sen. Patrick J. Leahy’s amendment to provide $250 million in grant aid to states to secure election systems. “Our states are under attack,” Leahy, ranking member of the Senate Appropriations Committee, said on the floor Thursday. His amendment would provide the $250 million as part of the four-bill fiscal 2019 spending package that is expected to get a floor vote next week.

National: McCaskill introduces bill to prohibit and penalize voter disinformation | St. Louis American

U.S. Senator Claire McCaskill (D-MO) introduced legislation that would prohibit and penalize the knowing spreading of misinformation, such as incorrect polling locations, times, or the necessary forms of identification in order to suppress voter turnout, on Thursday, July 26. “At a time when voting rights are being attacked and chipped away – from state legislatures to the Supreme Court – we’ve got to redouble our efforts to protect every Missourian’s right to vote,” McCaskill said. “Misinformation campaigns intended only to suppress the vote and disenfranchise Missourians are crimes that run counter to our democratic values, and the punishment for those actions should fit the crime.”

National: Democrats demand administration officials testify on election security | The Hill

House Democrats are prodding their Republican colleagues to examine foreign threats to upcoming U.S. elections, raising concerns that the Trump administration is not adequately tackling the threat. The top Democrats on four House committees demanded Thursday that their Republican counterparts hold a joint hearing on election security featuring top Trump administration officials. “Election security is a national security issue, and it is time this Congress treated it like one,” the Democrats wrote in Thursday's letter. “We are concerned that the Trump administration is not doing enough to address vulnerabilities to our election systems.”

National: Judge allows lawsuit against citizenship question on the 2020 census to proceed | ABC

Commerce Secretary Wilbur Ross had the authority to reintroduce the citizenship question on the 2020 census but, in exercising that authority, may have violated the rights of plaintiffs who are now suing, a federal judge ruled Thursday. U.S. District Judge Jesse M. Furman for the Southern District of New York rejected the government’s attempt to dismiss the lawsuit, which is challenging the Trump administration’s decision to add the question to the census. Furman stated that the plaintiffs “plausibly allege that Secretary Ross’ decision to reinstate the citizenship question on the 2020 census was motivated by discriminatory animus and that its application will result in a discriminatory effect.”

National: The next Russian attack on U.S. elections could be more serious than Facebook memes | Mashable

This is not a drill. Nor, alas, is it the fever dream of a Cold War hack novelist, as much as it sounds like one. In 2017, Russian hackers gained control of the U.S. power grid to the point where they could cause blackouts. And the U.S. government doesn’t know if they’re still able to do it. Worse yet, there’s reason to believe this is part of an attack on the 2018 election — one that could make Russia’s pivotal 2016 shenanigans (its fake news machine, DNC email hacking, voter registration hacking and Facebook meme-making) look like child’s play.  We learned about a Russian attack on American infrastructure when the FBI and the Department of Homeland Security released a report in March, but we didn't know how bad it was until a DHS briefing on Monday. Hundreds of utility companies had fallen victim to the hackers; there may be many more out there that have been hacked and don’t know it. Energetic Bear managed to get into the control rooms of power stations, even into supposedly secure “air-gapped” networks, via vendors.  “They got to the point where they could have thrown switches” and blacked out portions of the U.S., one DHS analyst told the Wall Street Journal. 

National: GOP Voters Grow More Skeptical of Election Cybersecurity Ahead of 2018 Midterms | The Morning Consult

Majorities of U.S. voters believe state and local officials, as well as political campaigns and committees, are not prepared to combat cyberattacks or hacking efforts targeting the 2018 midterms, according to a new Morning Consult/Politico poll — with Republican voters in particular growing more skeptical about cyber preparedness in advance of the November elections. The survey, conducted July 19-23 among a national sample of 1,996 registered voters, comes after the U.S. Justice Department announced indictments against 12 Russian intelligence officers in the hacking of the Democratic National and Democratic Congressional Campaign committees and Hillary Clinton’s 2016 presidential campaign. Fifty-one percent of survey respondents said both election officials and campaign and committee officials are not prepared to deal with cyberthreats. Thirty-six percent said state and local officials are prepared and 35 percent said the same about political campaigns and committees.

National: Congress isn’t happy with Trump’s cyber strategy. It wants a commission to help. | The Washington Post

Sen. Ben Sasse (R-Neb.) says the Trump administration needs to get serious about cyberdefense. And he’s taking some cues from history with the hope of kicking the administration into action. Tucked in a massive defense policy bill Congress appears poised to pass in the coming weeks is a measure from Sasse that would create a commission of top national security officials, lawmakers and experts to draw up a comprehensive cyberdefense strategy for the country. The proposal is based on the Project Solarium Commission, a Cold War effort President Dwight D. Eisenhower launched in the 1950s to counter the Soviet threat. It’s another way Congress is trying to force President Trump’s hand in developing a clear doctrine for how the United States responds to cyberthreats from nation states like Russia, which Trump refuses to unequivocally state interfered in the 2016 election. As Trump waffles on Russia’s interference in the election, and his White House sheds top cybersecurity talent, the measure would give Congress and its hand-picked experts a more direct role in steering the national discussion.

National: Trump to hold National Security Council meeting on election security Friday | The Washington Post

President Trump will convene a meeting Friday of the National Security Council on election security, a session that could include a discussion of possible Russian interference in November’s midterm elections, according to a White House official. In addition, national security adviser John Bolton plans to hold two NSC Principals Committee meetings this week, one Thursday on Iran and one Friday on North Korea, according to the White House official, who spoke on the condition of anonymity to discuss internal plans. Friday’s NSC meeting comes a week and a half after Trump’s summit with Russian President Vladi­mir Putin in Helsinki. Trump was roundly criticized for his comments at a news conference there siding with Putin — who has denied that Russia interfered in the 2016 U.S. presidential election — over U.S. intelligence agencies, which have concluded based on evidence that Russia did interfere. In the days that followed, Trump waffled between saying he has full faith in the U.S. intelligence agencies and casting doubt on Russia’s election interference. He tweeted last weekend that “it is all a big hoax.”

National: States and counties are not ‘sitting back’ on election cybersecurity, officials tell Congress | StateScoop

Four state, local and federal officials briefed members of Congress Tuesday on the need to increase cybersecurity around voting infrastructure, a task that grows more urgent for state and local governments as the November midterm elections approach. While the nearly three-hour hearing before the House Oversight Committee was frequently sidetracked by representatives’ diversions into topics including the investigation being conducted by Special Counsel Robert Mueller, federal agencies’ search rankings and President Donald Trump’s latest tweets, the witnesses also got a few words in about how ready election officials are to repel cyberattacks and how well states are partnering with the federal government to make voting more secure.

National: The White Hats in the War Against Election Meddling | Inc.com

The underlying mechanism of American democracy--the U.S. election system--has been under attack by foreign hackers. Special Counsel Robert Mueller last week indicted 12 Russian intelligence officers accused of interfering in the 2016 U.S. presidential election. While the Russians are charged with hacking the Democratic National Committee and Hillary Clinton's campaign, the Department of Homeland Security found that hackers also targeted election systems in 21 states, including battleground states such as Pennsylvania, Virginia, and Florida. And while Congress approved $380 million in grant money for state election officials to upgrade their cybersecurity posture, many American states are ill- equipped to defend against cyberwar waged by nation states. That's why Cloudflare, a San Francisco-based cybersecurity company, is offering its services free to state and county government websites that support elections, report election results, host voter registration services, and poll location information.

National: Officials push for more election security dollars | FCW

The federal government allocated $380 million to protect and improve election system security. In a June 24 House Oversight Committee hearing, officials and House Democrats made the case for a few dollars more. Thomas Hicks, commissioner of the Election Assistance Commission, confirmed that $335 million of the $380 million in the omnibus spending bill passed in March earmarked for election security assistance has been dispersed to states and that 100 percent of the funds have been requested. The remaining $45 million is expected to be distributed by next month.

National: Judiciary Democrats call for hearings on NRA’s role in Russia’s 2016 election meddling | The Hill

Two Democrats on the Senate Judiciary Committee are calling on the panel to examine whether top officials at the National Rifle Association (NRA) were aware of Russia's attempts to contribute money to the Trump campaign through the gun rights group. Sens. Richard Blumenthal (Conn.) and Sheldon Whitehouse (R.I.) pressed Judiciary Chairman Chuck Grassley (R-Iowa) in a letter to hold public hearings on the matter, a request that comes after federal authorities indicted a Russian woman last week that they allege acted as a Kremlin agent. Maria Butina was indicted for allegedly working to advance Russia's interests by cultivating relationships with Republican power players as well as infiltrating "organizations active in U.S. politics."