In a press briefing just two weeks ago, Deputy Attorney General Rod Rosenstein announced that the grand jury assembled by Special Counsel Robert Mueller had returned an indictment against 12 officers of Russia’s Main Intelligence Directorate of the Russian General Staff (better known as Glavnoye razvedyvatel’noye upravleniye, or GRU). The indictment was for conducting “active cyber operations with the intent of interfering in the 2016 presidential election.” The filing [PDF] spells out the Justice Department’s first official, public accounting of the most high-profile information operations against the US presidential election to date. It provides details down to the names of those alleged to be behind the intrusions into the networks of the Democratic National Committee and the Democratic Congressional Campaign Committee, the theft of emails of members of former Secretary of State Hillary Clinton’s presidential campaign team, and various efforts to steal voter data and undermine faith in voting systems across multiple states in the run-up to the 2016 election.
President Donald Trump on Friday promised an intense, “whole-of-government” focus on securing the nation’s elections from cyberattacks — but a POLITICO survey of states finds ample reasons to worry about both this year’s midterms and 2020. Only 14 states plus Washington, D.C., say they plan to replace their voting machines in time for the next presidential election using their shares of the $380 million in election technology funding that Congress approved in March, according to POLITICO’s survey of election agencies nationwide. At least seven other states have paid for new voting equipment with other money. But 21 states either have decided not to upgrade their machines or are unsure of their plans — with some saying they would need much more federal aid to swap out their equipment.
National: Lacking direction from White House, intelligence agencies scramble to protect midterm elections from hackers | CNN
With the midterm election only a few months away, government officials working to counter election interference from Russia have been operating with no strategy from the top, including from President Donald Trump’s fractured National Security Council, leaving each agency to fend for itself without White House support or direction, according to lawmakers and national security officials who spoke with CNN. On Friday, following bipartisan criticism about the White House’s focus on pressuring Russia on election interference, Trump is expected to convene a meeting of the NSC to discuss election interference efforts where high-ranking officials including Secretary of State Mike Pompeo are expected to attend. Further details, including Trump’s planned remarks, weren’t available.
Defense of America’s electoral system has traditionally centered around the security of election infrastructure, like voting machines and voter rolls. However, as indictments from special counsel Robert Mueller allege, Russian operatives also seek to exploit weaknesses in the cyber infrastructure of individual political campaigns, while weaponizing social media platforms to spread targeted disinformation.
Russia is already trying to hack the 2018 midterm elections, going after Sen. Claire McCaskill (D-MO), one of the most vulnerable Senate Democrats up for reelection this year. That’s the key takeaway from a piece published Thursday afternoon by the Daily Beast. Reporters Andrew Desiderio and Kevin Poulsen used a combination of court records and internet sleuthing to identify that malicious emails to a McCaskill aide were sent from a server that likely belongs to Fancy Bear, the same Russian intelligence group that did the 2016 hacks. The attack, launched in the second half of last year, seems to have failed. The evidence in the Daily Beast piece that this attack was launched by Russians is reasonably compelling. If it’s correct, then this is the first publicly identified case of Russian interference in a specific 2018 election campaign.
House Intelligence Committee Chairman Devin Nunes wants to ban electronic voting systems, calling them “really dangerous.” “The one thing we’ve been warning about for many, many years on the intelligence committee is about the electronic voting systems,” Nunes, R-Calif., told Hill.TV’s Buck Sexton. “Those are really dangerous in my opinion, and should not be used. In California … at least in the counties that I represent, they do not use an electronic system,” he added.
The Russian intelligence agency behind the 2016 election cyberattacks targeted Sen. Claire McCaskill as she began her 2018 re-election campaign in earnest, a Daily Beast forensic analysis reveals. That makes the Missouri Democrat the first identified target of the Kremlin’s 2018 election interference. McCaskill, who has been highly critical of Russia over the years, is widely considered to be among the most vulnerable Senate Democrats facing re-election this year as Republicans hope to hold their slim majority in the Senate. In 2016, President Donald Trump defeated Hillary Clinton by almost 20 points in the senator’s home state of Missouri.
A partisan clash over Russian hacking of state elections systems appears to be coming to a head in the Senate, where a provision to add $250 million to a four-bill spending package for states to beef up election system security may be headed for a floor vote. Democrats are using an announcement from the Election Assistance Commission and President Donald Trump’s comments in Helsinki, Finland, on July 16 to pressure Republicans to allow a floor vote on Sen. Patrick J. Leahy’s amendment to provide $250 million in grant aid to states to secure election systems. “Our states are under attack,” Leahy, ranking member of the Senate Appropriations Committee, said on the floor Thursday. His amendment would provide the $250 million as part of the four-bill fiscal 2019 spending package that is expected to get a floor vote next week.
National: McCaskill introduces bill to prohibit and penalize voter disinformation | St. Louis American
U.S. Senator Claire McCaskill (D-MO) introduced legislation that would prohibit and penalize the knowing spreading of misinformation, such as incorrect polling locations, times, or the necessary forms of identification in order to suppress voter turnout, on Thursday, July 26. “At a time when voting rights are being attacked and chipped away – from state legislatures to the Supreme Court – we’ve got to redouble our efforts to protect every Missourian’s right to vote,” McCaskill said. “Misinformation campaigns intended only to suppress the vote and disenfranchise Missourians are crimes that run counter to our democratic values, and the punishment for those actions should fit the crime.”
House Democrats are prodding their Republican colleagues to examine foreign threats to upcoming U.S. elections, raising concerns that the Trump administration is not adequately tackling the threat. The top Democrats on four House committees demanded Thursday that their Republican counterparts hold a joint hearing on election security featuring top Trump administration officials. “Election security is a national security issue, and it is time this Congress treated it like one,” the Democrats wrote in Thursday’s letter. “We are concerned that the Trump administration is not doing enough to address vulnerabilities to our election systems.”
Commerce Secretary Wilbur Ross had the authority to reintroduce the citizenship question on the 2020 census but, in exercising that authority, may have violated the rights of plaintiffs who are now suing, a federal judge ruled Thursday. U.S. District Judge Jesse M. Furman for the Southern District of New York rejected the government’s attempt to dismiss the lawsuit, which is challenging the Trump administration’s decision to add the question to the census. Furman stated that the plaintiffs “plausibly allege that Secretary Ross’ decision to reinstate the citizenship question on the 2020 census was motivated by discriminatory animus and that its application will result in a discriminatory effect.”
National: The next Russian attack on U.S. elections could be more serious than Facebook memes | Mashable
This is not a drill. Nor, alas, is it the fever dream of a Cold War hack novelist, as much as it sounds like one. In 2017, Russian hackers gained control of the U.S. power grid to the point where they could cause blackouts. And the U.S. government doesn’t know if they’re still able to do it. Worse yet, there’s reason to believe this is part of an attack on the 2018 election — one that could make Russia’s pivotal 2016 shenanigans (its fake news machine, DNC email hacking, voter registration hacking and Facebook meme-making) look like child’s play. We learned about a Russian attack on American infrastructure when the FBI and the Department of Homeland Security released a report in March, but we didn’t know how bad it was until a DHS briefing on Monday. Hundreds of utility companies had fallen victim to the hackers; there may be many more out there that have been hacked and don’t know it. Energetic Bear managed to get into the control rooms of power stations, even into supposedly secure “air-gapped” networks, via vendors. “They got to the point where they could have thrown switches” and blacked out portions of the U.S., one DHS analyst told the Wall Street Journal.
National: GOP Voters Grow More Skeptical of Election Cybersecurity Ahead of 2018 Midterms | The Morning Consult
Majorities of U.S. voters believe state and local officials, as well as political campaigns and committees, are not prepared to combat cyberattacks or hacking efforts targeting the 2018 midterms, according to a new Morning Consult/Politico poll — with Republican voters in particular growing more skeptical about cyber preparedness in advance of the November elections. The survey, conducted July 19-23 among a national sample of 1,996 registered voters, comes after the U.S. Justice Department announced indictments against 12 Russian intelligence officers in the hacking of the Democratic National and Democratic Congressional Campaign committees and Hillary Clinton’s 2016 presidential campaign. Fifty-one percent of survey respondents said both election officials and campaign and committee officials are not prepared to deal with cyberthreats. Thirty-six percent said state and local officials are prepared and 35 percent said the same about political campaigns and committees.
National: Congress isn’t happy with Trump’s cyber strategy. It wants a commission to help. | The Washington Post
Sen. Ben Sasse (R-Neb.) says the Trump administration needs to get serious about cyberdefense. And he’s taking some cues from history with the hope of kicking the administration into action. Tucked in a massive defense policy bill Congress appears poised to pass in the coming weeks is a measure from Sasse that would create a commission of top national security officials, lawmakers and experts to draw up a comprehensive cyberdefense strategy for the country. The proposal is based on the Project Solarium Commission, a Cold War effort President Dwight D. Eisenhower launched in the 1950s to counter the Soviet threat. It’s another way Congress is trying to force President Trump’s hand in developing a clear doctrine for how the United States responds to cyberthreats from nation states like Russia, which Trump refuses to unequivocally state interfered in the 2016 election. As Trump waffles on Russia’s interference in the election, and his White House sheds top cybersecurity talent, the measure would give Congress and its hand-picked experts a more direct role in steering the national discussion.
National: Trump to hold National Security Council meeting on election security Friday | The Washington Post
President Trump will convene a meeting Friday of the National Security Council on election security, a session that could include a discussion of possible Russian interference in November’s midterm elections, according to a White House official. In addition, national security adviser John Bolton plans to hold two NSC Principals Committee meetings this week, one Thursday on Iran and one Friday on North Korea, according to the White House official, who spoke on the condition of anonymity to discuss internal plans. Friday’s NSC meeting comes a week and a half after Trump’s summit with Russian President Vladimir Putin in Helsinki. Trump was roundly criticized for his comments at a news conference there siding with Putin — who has denied that Russia interfered in the 2016 U.S. presidential election — over U.S. intelligence agencies, which have concluded based on evidence that Russia did interfere. In the days that followed, Trump waffled between saying he has full faith in the U.S. intelligence agencies and casting doubt on Russia’s election interference. He tweeted last weekend that “it is all a big hoax.”
National: States and counties are not ‘sitting back’ on election cybersecurity, officials tell Congress | StateScoop
Four state, local and federal officials briefed members of Congress Tuesday on the need to increase cybersecurity around voting infrastructure, a task that grows more urgent for state and local governments as the November midterm elections approach. While the nearly three-hour hearing before the House Oversight Committee was frequently sidetracked by representatives’ diversions into topics including the investigation being conducted by Special Counsel Robert Mueller, federal agencies’ search rankings and President Donald Trump’s latest tweets, the witnesses also got a few words in about how ready election officials are to repel cyberattacks and how well states are partnering with the federal government to make voting more secure.
The underlying mechanism of American democracy–the U.S. election system–has been under attack by foreign hackers. Special Counsel Robert Mueller last week indicted 12 Russian intelligence officers accused of interfering in the 2016 U.S. presidential election. While the Russians are charged with hacking the Democratic National Committee and Hillary Clinton’s campaign, the Department of Homeland Security found that hackers also targeted election systems in 21 states, including battleground states such as Pennsylvania, Virginia, and Florida. And while Congress approved $380 million in grant money for state election officials to upgrade their cybersecurity posture, many American states are ill- equipped to defend against cyberwar waged by nation states. That’s why Cloudflare, a San Francisco-based cybersecurity company, is offering its services free to state and county government websites that support elections, report election results, host voter registration services, and poll location information.
The federal government allocated $380 million to protect and improve election system security. In a June 24 House Oversight Committee hearing, officials and House Democrats made the case for a few dollars more. Thomas Hicks, commissioner of the Election Assistance Commission, confirmed that $335 million of the $380 million in the omnibus spending bill passed in March earmarked for election security assistance has been dispersed to states and that 100 percent of the funds have been requested. The remaining $45 million is expected to be distributed by next month.
National: Judiciary Democrats call for hearings on NRA’s role in Russia’s 2016 election meddling | The Hill
Two Democrats on the Senate Judiciary Committee are calling on the panel to examine whether top officials at the National Rifle Association (NRA) were aware of Russia’s attempts to contribute money to the Trump campaign through the gun rights group. Sens. Richard Blumenthal (Conn.) and Sheldon Whitehouse (R.I.) pressed Judiciary Chairman Chuck Grassley (R-Iowa) in a letter to hold public hearings on the matter, a request that comes after federal authorities indicted a Russian woman last week that they allege acted as a Kremlin agent. Maria Butina was indicted for allegedly working to advance Russia’s interests by cultivating relationships with Republican power players as well as infiltrating “organizations active in U.S. politics.”
National: Trump has now walked back his walk-back on U.S. intelligence and Russia | The Washington Post
Six days ago, President Trump held a news conference to walk back comments he made suggesting that he did not believe that Russian President Vladimir Putin oversaw a plan to interfere in the 2016 presidential election. “Let me be totally clear in saying that — and I’ve said this many times — I accept our intelligence community’s conclusion that Russia’s meddling in the 2016 election took place,” Trump said in that statement. Trump then said he realized, after seeing the backlash to his news conference, that one statement needed clarifying. That’s when he offered his now-infamous “double-negative” defense. “In a key sentence in my remarks, I said the word ‘would’ instead of ‘wouldn’t.’ . . . The sentence should have been, ‘I don’t see any reason why it wouldn’t be Russia.’ Sort of a double negative.” But on Sunday, he suggested that the investigation was “all a big hoax.”
Kathleen Henry, 80, wants all her neighbors to vote, even if they can’t drive, read, or remember as much anymore. Soon after the former civics teacher moved to the Greenspring retirement community here in 2003, she took a leading role in running the campus’s polling place and registering voters. Just this year, Ms. Henry said, she’s registered 72 residents as new voters. If a resident doesn’t have an up-to-date government form of identification – as is the case for 18 percent of citizens over 65 – Henry works to bring in a county official to take their picture to comply with Virginia’s voter ID law.
A few months after he started leading the Commerce Department, Secretary Wilbur Ross became impatient. As a powerful decider for the U.S. census, he had a keen interest in adding a citizenship question to the 2020 census as soon as possible. “I am mystified why nothing [has] been done in response to my months old request that we include the citizenship question. Why not?” he wrote in a May 2017 email to two Commerce Department officials. The email was among the more than 2,400 pages of internal documents the Trump administration filed in federal courts Monday as part of the lawsuits against Ross’ addition of a controversial citizenship question to the 2020 census. NPR has filed Freedom of Information Act requests for similar documents. The court filing also includes census-related articles by NPR and other news organizations compiled by federal agency press offices. The Commerce Department and the Census Bureau are facing six lawsuits from more than two dozen states and cities, plus other groups, that want the question removed.
With primaries underway and less than four months to go until this year’s midterm elections, early signs of attack have already arrived—just as the US intelligence community warned. And yet Congress has still not done everything in its power to defend against them. At the Aspen Security Forum on Thursday, Microsoft executive Tom Burt said that phishing attacks—reminiscent of those carried out in 2016 against Hillary Clinton’s campaign—have targeted three midterm campaigns this year. Burt stopped short of attributing those efforts to Russia, but the disclosure is the first concrete evidence this year that candidates are being actively targeted online. They seem unlikely to be the last. “The 2018 midterms remain a potential target for Russian actors,” said Matt Masterson, a senior cybersecurity adviser to DHS, at a Senate hearing last week. “The risks to elections are real.”
With less than four months to go, how much are this year’s midterm elections at risk for the kind of interference sowed by Russia in 2016? It’s a question that’s coming up again after President Trump’s seemingly shifting positions this week about Russia’s responsibility for the interference in 2016, and after special counsel Robert Mueller’s recent indictments of 12 Russian intelligence officers accused of hacking the Democratic Party and state election computer networks. It would be “foolish” to think Russia is not trying to influence the 2018 elections, said Homeland Security Secretary Kirstjen Nielsen on Thursday at the Aspen Security Forum. “They have the capability and they have the will,” Nielsen also said. But two years after the first tendrils of the Russian influence and disruption campaign were detected, the U.S. response remains incomplete because of partisan politics, bureaucratic confusion and differing priorities among state and local governments.
National: Russian firm indicted in special counsel probe cites Kavanaugh decision to argue that charge should be dismissed | The Washington Post
A Russian company accused by special counsel Robert S. Mueller III of being part of an online operation to disrupt the 2016 presidential campaign is leaning in part on a decision by Supreme Court nominee Brett M. Kavanaugh to argue that the charge against it should be thrown out. The 2011 decision by Kavanaugh, writing for a three-judge panel, concerned the role that foreign nationals may play in U.S. elections. It upheld a federal law that said foreigners temporarily in the country may not donate money to candidates, contribute to political parties and groups, or spend money advocating for or against candidates. But it did not rule out letting foreigners spend money on independent advocacy campaigns. Kavanaugh “went out of his way to limit the decision,” said Daniel A. Petalas, a Washington lawyer and former interim general counsel for the Federal Election Commission.
National: Justice Department plans to alert public to foreign operations targeting U.S. democracy | The Washington Post
he Justice Department plans to alert the public to foreign operations targeting U.S. democracy under a new policy designed to counter hacking and disinformation campaigns such as the one Russia undertook in 2016 to disrupt the presidential election. The government will inform American companies, private organizations and individuals that they are being covertly attacked by foreign actors attempting to affect elections or the political process. “Exposing schemes to the public is an important way to neutralize them,” said Deputy Attorney General Rod J. Rosenstein, who announced the policy at the Aspen Security Forum in Colorado. Rosenstein, who has drawn President Trump’s ire for appointing a special counsel to probe Russian election interference, got a standing ovation.“The American people have a right to know if foreign governments are targeting them with propaganda,” he said.
Microsoft disclosed Thursday that it identified and helped thwart hacking attempts on three congressional candidates earlier this year, marking the first publicly known hacking efforts targeting candidates in the 2018 midterm elections. “Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections,” he added. Burt said that Microsoft and the government were able to take the domain down and block the phishing messages.
The Justice Department on Thursday issued a wide-ranging report describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks. Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling. “That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it,” Deputy Attorney General Rod Rosenstein said in unveiling the report at the Aspen Security Forum.
National: How is it even possible that most state election offices are still security nightmares? | BGR
Well, this is reassuring. The midterms are almost upon us, the country is still reeling from the revelations associated with hackers meddling in the 2016 presidential election. And, somehow, most states still have glaring security holes in their election offices that will probably stay that way through the midterms. That’s according to a new report from Politico, which found via a survey of all 50 states that few are planning to shore up their systems before November. Even after getting their share of $380 million in funding Congress appropriated for election security in March. “Only 13 states said they intend to use the federal dollars to buy new voting machines,” Politico reports. “At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.
Whatever President Trump says or un-says, it’s clear that election authorities in the U.S. and around the world have faced and will continue to face an onslaught of hacking attacks. While it’s unclear if hackers have been able to actually manipulate vote tallies, anyone from a Russian agent to a “400-pound” hacker sitting on his bed can easily seed mayhem and doubt by knocking voter registration sites offline or posting forged announcements of election results. Now San Francisco-based cloud security provider Cloudflare is offering a free service, called the Athenian Project, to any U.S. election authority for the 2018 polls. About 70 agencies, including 10 state election authorities as well as county- and city- level bodies have signed up, the company announced today. (If other companies are also providing pro-bono election security services, please let me know!) Cloudflare CEO Matthew Prince acknowledges that these are just a “drop in the bucket” out of the over 8,500 election authorities in the US, and he said that any other ones are welcome to join.
National: “Don’t count Russia out,” experts warn on election hacking amid relative calm | Fast Company
As the 2018 midterm election season heats up across the country, U.S. government officials say they’ve yet to see digital attacks by Russia on the scale of the 2016 presidential election–but cybersecurity experts warn that it’s too early to tell, noting that it’s still early in the election cycle. “Right now, there are no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016,” Homeland Security Secretary Kirstjen Nielsen told the National Association of Secretaries of State on Saturday.