National: Trump’s former homeland security adviser says Russia remains major election hacking threat | Joseph Marks/The Washington Post

President Trump’s former homeland security adviser remains seriously concerned that Russia or another U.S. adversary will exploit weaknesses in U.S. election infrastructure to sow chaos or raise doubts about the outcome of the 2020 contest. Tom Bossert, who left the White House in 2018 when John Bolton became national security adviser, worries adversaries could try to change actual vote tallies or corrupt voter registration data and create confusion at polling places.Adversaries might also interfere with state and county systems that report vote tallies to sow mistrust in official results, said Bossert, who is now president of Trinity Cyber.Bossert’s concerns stand in sharp contrast to Trump, who has largely ignored or downplayed the threat of Russian interference in the election, claiming without evidence that a greater threat is posed by domestic fraud from mail ballots. But foreign interference would pay dividends for adversaries including Russian President Vladimir Putin, Bossert said — even if it doesn’t result in corrupting the entire election process or delivering a reelection victory to Tump, which U.S. intelligence agencies say Putin prefers.

National: FBI says Russia and Iran have interfered with the US presidential election | Jeremy Herb, Zachary Cohen, Evan Perez and Paul P. Murphy/CNN

Director of National Intelligence John Ratcliffe said Wednesday both Iran and Russia have obtained US voter registration information in an effort to interfere in the election, including Iran posing as the far-right group Proud Boys to send intimidating emails to voters. Ratcliffe, appearing alongside FBI Director Chris Wray, said at a hastily arranged news conference Wednesday evening that Iran was responsible for the email campaign, made to look like it came from the Proud Boys, as well as spreading disinformation about voter fraud through a video linked in some of the emails.”This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion, sow chaos and undermine your confidence in American democracy,” Ratcliffe said. “We have already seen Iran sending spoof emails designed to intimidate voters, incite social unrest and damage President (Donald) Trump,” Ratcliffe added. “You may have seen some reporting on this in the last 24 hours, or you may have even been one of the recipients of those emails.” Ratcliffe did not explain what he meant by his statement that the emails — which were sent to registered voters from “info@officialproudboys.com” and warned recipients to “Vote for Trump or else!” — were intended to damage the President.

National: U.S. government concludes Iran was behind threatening emails sent to Democrats | Ellen Nakashima, Amy Gardner, Isaac Stanley-Becker and Craig Timberg/The Washington Post

The U.S. government has concluded that Iran is behind a series of threatening emails arriving this week in the inboxes of Democratic voters, according to two U.S. officials.Department of Homeland Security officials told state and local election administrators on a call Wednesday that a foreign government was responsible for the online barrage, according to the U.S. officials and state and local authorities who participated in the call, who all spoke on the condition of anonymity because of the matter’s sensitivity. A DHS official also said authorities had detected holes in state and local election websites and instructed those participating to patch their online services.The emails claimed to be from the Proud Boys, a far-right group supportive of President Trump, but appeared instead to be a deceptive campaign making use of a vulnerability in the organization’s online network.

National: Hacking federal voting system now a federal crime | Maggie Miller/The Hill

President Trump has signed legislation making it a federal crime to attempt to hack federal voting systems.The Defending the Integrity of Voting Systems Act was unanimously approved by the House last month, over a year after the Senate also unanimously passed the legislation. Trump signed the legislation on Tuesday, just two weeks before the election.The new law empowers the Department of Justice (DOJ) to pursue charges against anyone who attempts to hack a voting system under the Computer Fraud and Abuse Act, commonly used by the agency to pursue charges against malicious hackers. The bill’s original introduction was the result of a 2018 report compiled by the DOJ’s Cyber Digital Task Force, which evaluated ways the federal government could improve its response to cyber threats. The bipartisan bill was introduced by Sens. Richard Blumenthal (D-Conn.), Sheldon Whitehouse (D-R.I.) and Lindsey Graham (R-S.C.) last year.

National: Cybersecurity company finds hacker selling info on 186 million U.S. voters | Ken Dilanian/NBC

A cybersecurity company says it has found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million. The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election. Much of the data identified by Trustwave, a global cybersecurity company, is publicly available, and almost all of it is the kind that is regularly bought and sold by legitimate businesses. But the fact that so many names, email addresses, phone numbers and voter registration records were found for sale in bulk on the so-called dark web underscores how easily criminals and foreign adversaries can deploy it as the FBI said Iran has done recently, by sending emails designed to intimidate voters.

National: US Cyber Command Teams With Microsoft To Limit TrickBot Botnet Ahead of Expected Election Interference | Scott Ikeda/CPO Magazine

Malware-as-a-Service (MaaS) giant TrickBot, a botnet estimated to be about one to three million computers strong, is the world’s largest of its kind and the biggest distributor of ransomware. Already wreaking havoc on the United States for several years, the US Cyber Command is also expecting it to be involved in election interference attempts ahead of the 2020 vote. Both Cyber Command and Microsoft are actively running persistent operations against the Trickbot botnet in an effort to reduce its capability, and there have been some significant successes. Cyber Command is the Pentagon’s offensive force in cyberspace, engaging in active measures against threat actors. The agency has been tracking TrickBot for some time; it came onto the US government’s radar after the Department of Homeland Security (DHS) issued reports indicating that it was a substantial ransomware threat to state and local IT networks. TrickBot not only poses a threat to the 2020 election, but also is an ongoing potential risk to disrupt critical infrastructure such as patient care facilities, financial institutions and utilities.

National: Cybercriminals Step Up Their Game Ahead of U.S. Elections | Lindsey O’Donnell/Threatpost

With the U.S. presidential elections a mere few weeks away, the security industry is hyper-aware of security vulnerabilities in election infrastructure, cyberattacks against campaign staffers and ongoing disinformation campaigns. Past direct hacking efforts, such as the attack on the Democratic National Committee in 2016, have left many nervous that this time around, the actual election results could be compromised in some way. This year, worries about the integrity of voting machines have popped up too, coupled with the expected expansion of mail-in voting due to COVID-19. Perhaps most concerning, according to Matt Olney, director of Talos’ Threat Intelligence and Interdiction at Cisco, is cybercriminals “going after the minds of the American people and their trust in the democratic institutions that we use to select our leaders. ”The good news, Olney, said in a recent video interview with Threatpost, is that awareness of election-security threats has increased since the 2016 elections. That’s been both on the part of the federal government, as well as by U.S. citizens themselves, who have gotten better at calling out content that may be associated with disinformation campaigns.

National: Mid-October numbers indicate increased turnout of military absentee voters | Karen Jowers/Military Times

Some early statistics indicate this year’s absentee voting turnout among military and overseas citizen voters may far surpass the turnout for the 2016 general election.One indicator of the increased military vote is the 51-percent increase in the overseas absentee ballots returning to the U.S. by the Label 11-DoD express mail tracking system, compared to the same time period in the 2016 general election, from the beginning of September through Oct. 14. The U.S. Postal Service has tracked 36,377 of these ballots entering the U.S. mail stream since the tracking began in September, said USPS spokesman David Coleman. That compares to 24,034 through Oct. 14, 2016.The Label 11-DoD is a free express mail tracking system that is used at military post offices overseas, and is available only to service members and family members. It has been used in federal elections since 2010, and is available starting the beginning of September before the election. About three out of four active duty members in the U.S. and overseas are eligible to vote by absentee ballot because they’re stationed away from their voting residence, according to the Federal Voting Assistance Program.

National: As Election Nears, Government and Tech Firms Push Back on Russia (and Trump) | David E. Sanger and Nicole Perlroth/The New York Times

Over the past two weeks, United States Cyber Command and a group of companies led by Microsoft have engaged in an aggressive campaign against a suspected Russian network that they feared could hold election systems hostage come November.Then, on Monday, the Justice Department indicted members of the same elite Russian military unit that hacked the 2016 election for hacking the French elections, cutting power to Ukraine and sabotaging the opening ceremony at the 2018 Olympics. And in Silicon Valley, tech giants including Facebook, Twitter and Google have been sending out statements every few days advertising how many foreign influence operations they have blocked, all while banning forms of disinformation in ways they never imagined even a year ago.It is all intended to send a clear message that whatever Russia is up to in the last weeks before Election Day, it is no hoax. The goal, both federal officials and corporate executives say, is to disrupt Russia’s well-honed information-warfare systems, whether they are poised to hack election systems, amplify America’s political fissures or get inside the minds of voters.But behind the scenes is a careful dance by members of the Trump administration to counter the president’s own disinformation campaign, one that says the outcome on Nov. 3 will be “rigged” unless he wins.

National: States Have Improved Election Cybersecurity, but Still Can Do More | Phil Goldstein/StateTech Magazine

After more than a year of preparations and security enhancements, state and local governments are entering the final weeks of the 2020 election season. With millions of votes already cast, two things are clear: Government agencies have markedly improved their cybersecurity controls in the wake of the 2016 election, and yet they could still be doing more and cannot let their guards down. Outside experts say that state governments, especially those in battleground states, have improved their cybersecurity protections for election infrastructure and voter data. However, there are still cybersecurity measures they should be taking ahead of Election Day on Nov. 3. Meanwhile, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is continuing to coordinate with state and local agencies on election security threats, especially from nation-state actors and cybercriminals. CISA is confident in election security protections that have been put in place but remains on high alert.

National: How US security officials are watching for threats ahead of Election Day | Sean Lyngaas/CyberScoop

FBI Director Christopher Wray once called the 2018 midterm elections a “dress rehearsal for the big show” of protecting the 2020 presidential election from foreign interference. The big show is finally here, and American officials say they are pulling out all the stops to keep it secure.U.S. intelligence, law enforcement and national security agencies have for weeks been in an “enhanced operational posture” to share any election-related threats with state and local officials, said Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The week before Election Day, which is Nov. 3, those security efforts will kick into overdrive.Officials from the Department of Defense, FBI, the Election Assistance Commission, political campaigns and the private sector are scheduled to gather at CISA’s operations center outside of Washington, D.C. The U.S. Postal Service, which is playing an expanded role in this year’s election with the increase in mail-in ballots, will also have a representative on hand.“It gives us an opportunity to share that information in near-real-time to understand what’s happening…detecting issues at the soonest, smallest opportunity, and then making sure that it doesn’t spiral into a bigger issue,” Krebs said during an interview during CyberTalks, the annual summit produced by CyberScoop.

National: Here’s Why Concerns About Absentee Ballot Fraud Are Overhyped | Whose Vote Counts | Pat Beall, Catharina Felke, Sarah Gelbard, Jackie Hajdenberg, Elizabeth Mulvey and Aseem Shukla/Frontline

Leila and Gary Blake didn’t want to miss elk hunting season. It was 2000, and the election conflicted with their plans, so the Wyoming couple requested absentee ballots.But the Blakes had moved from 372 Curtis Street five miles down the road to 1372 Curtis Street, crossing a town line. When they mailed their votes using the old address, they were criminally charged. The misdemeanor case was settled with $700 in fines and a few months’ probation, but two decades later, the Blakes are still listed as absentee ballot fraudsters in the Heritage Foundation’s Election Fraud Database. Far from being proof of organized, large-scale vote-by-mail fraud, the Heritage database presents misleading and incomplete information that overstates the number of alleged fraud instances and includes cases where no crime was committed, an investigation by USA TODAY, Columbia Journalism Investigations and the PBS series FRONTLINE found. Although the list has been used to warn against a major threat of fraud, a deep look at the cases in the list shows that the vast majority put just a few votes at stake.

National: Activists brace for voter intimidation efforts on election day | Chris Megerian and Arit John/Los Angeles Times

As a young lawyer for the New Jersey Democratic Party, Angelo Genova quickly realized something was amiss on election day in 1981.“Our team was getting calls left and right,” he said. “A lot of it was a blur.”In urban Black communities across New Jersey, large signs had appeared warning that polling places were “patrolled by the National Ballot Security Task Force.” Off-duty cops, some armed, wore armbands and demanded voters’ identification before they could cast ballots.The task force was a Republican invention. Though no one could prove how many people were too intimidated to vote, the party viewed it as a success when its candidate, Thomas Kean, won by a 1,797 votes in a recount of more than 2.3 million ballots cast.The Republican National Committee planned to run the same playbook in states around the country, but Democrats obtained a federal court order preventing them. The consent decree has limited the committee’s activities in every election since then — until now.

National: Voter registration deadlines could see more online glitches | Nolan D. McCaskill/Politico

A cut cable, an equipment failure at a data center, an online traffic overload that crashed a website — online voter registration systems have already had their share of snafus this election season, amid record-breaking registration totals in battleground states. With registration deadlines approaching in more than a dozen states, voting rights groups and party officials warn there could be more glitches on the horizon, resulting in the disenfranchisement of would-be voters. Registration deadlines were extended last week in Virginia and two weeks ago in Florida after web outages prevented residents from registering online for hours, prompting lawsuits from voting rights groups and even allegations of voter suppression. Jeanette Senecal, senior director of mission impact at the League of Women Voters, said other states should be taking the outages seriously because online systems in states across the country sometimes fail even on regular days. “It can also forecast problems with the state system to support their polling place finder or their ballot lookup or their voter verification system,” she warned. “All of these systems to tend to be connected to one another.”

National: Why the US absentee ballot is so poorly designed | Anne Quito/Quartz

Complaining about the US ballot is centuries-old American tradition. Every election cycle, critics lament how unwieldy, ugly, or downright confusing the voting form is. With the spike in voting by mail this year amid the Covid-19 pandemic, many more are noticing how puzzling the piece of paper truly is as they fill out their ballots at home. Turns out, the ballot’s confusing design is less a weakness of America’s participatory democracy than a sign of its robustness. Americans can cast a vote several ways. They can go to a polling station on Election Day or do it in advance via a mail-in absentee ballot; many states allow early in-person voting as well.Voting online isn’t widely available for federal elections. This year, 32 states and the District of Columbia are accepting ballots submitted via a mobile app, fax, e-mail, or an online portal, but this method is mostly reserved for military personnel serving overseas or civilians living abroad. While countries like Australia, Brazil, Canada, Estonia, Norway, and Switzerland have have embraced some form of remote voting via the internet, experts caution that it’s not useful to compare them with the American context. That’s because the US operates on a much larger and complicated scale.And so, old-fashioned paper is still the most common and secure voting medium in the US. An estimated 95% of voters will manually fill out and send forms by postal mail, deposit in a drop box, or feed their paper ballots to a machine that produces an auditable paper record at a voting center.

National: Far-Right Trump Supporters Are Infiltrating Polling Stations | David Gilbert/VICE

As threats to disrupt Election Day grow, some members of a far-right Trump superfan group are boasting about securing positions as polling station managers and supervisors while dozens of them are advocating violence on November 3.“Consider this polling station…ON LOCK DOWN” That’s what a member of the far-right message board TheDonald.win posted this week, alongside a picture of a South Carolina poll manager’s handbook. The poster, utahbeachballs1944 responded to other users’ comments, saying “my polling place is gonna be like trying to enter North Korea. Fucking LOCKED DOWN” and added: “I will be honoring the BLM movement by working in Blackface.” Utahbeachballs1944 is among at least four users of TheDonald who have posted pictures showing polling station manuals as evidence that they will be overseeing voting on Election Day next month, according to an investigation by VICE News. VICE News has been unable to independently verify that these people are actually poll workers, but the photos they posted of official materials did not show up on a reverse image search, suggesting that they are photos taken by the posters themselves. The posts on the message board also match a pattern of activity we’ve seen before and come in response to specific suggestions from Trump that his supporters “watch” the vote.

National: How Will the U.S. Combat Election Day Cyberwarfare? With Paper | Kassie Bracken and Alexandra Eaton/The New York Times

The 2016 U.S. election was a game changer for voting technology. Widespread Russian interference in our voting systems spurred new federal scrutiny of the country’s vast and fragmented election infrastructure. Four years later, “The psychological import of what the Russians did may be greater than anything that they actually hacked into, because they have managed to shake the confidence of American voters that their votes will be counted as they cast them,” said David Sanger, national security correspondent for The New York Times. And this lack of trust has led to a renewed examination of the nation’s voting equipment. That, in part, is why some election experts believe that when it comes to the security of election machines, voters should feel more confident than ever in 2020.

National: How officials are protecting the election from ransomware hackers | Patrick Howell O’Neill/MIT Technology Review

Hackers played a significant role in the 2016 election, when the Russian government hacked into the Democratic campaign and ran an information operation that dominated national headlines. American law enforcement, intelligence services, and even Republican lawmakers have concluded, repeatedly, that Moscow sought to interfere with the election in favor of Donald Trump. Meanwhile, in the last four years, ransomware has exploded into a multibillion-dollar business. It’s a type of malware that hackers use to restrict access to data or machines until they’re paid ransoms that can run into the tens of millions of dollars. There’s now a global extortion industry built on the fact that the critical infrastructure and digital systems we rely on are deeply vulnerable. Put those two things together, and you get the nightmare scenario many election security officials are focused on: that ransomware could infect and disrupt election systems in some way, perhaps by targeting voter registration databases on the eve of Election Day. Steps to prevent such attacks are well under way.

National: A ruling against expanding online voting is a win for cybersecurity advocates | Joseph Marks/The Washington Post

A federal judge yesterd
ay dismissed a lawsuit that sought to dramatically expand online voting by military service members and other citizens living overseas, halting an effort that critics say could have made the election far more vulnerable to hacking.The overseas voters who brought the suit hail from seven states and said they fear restrictions and slowdowns between the U.S. Postal Service and the postal services where they live raise dangers their ballots won’t arrive in time to be counted. They wanted an option of submitting the ballots as PDF attachments to emails or using a secure fax system managed by the Defense Department. Similar voting methods are available to overseas voters from 30 other states. The ruling underscores how efforts to make voting easier during the pandemic can sometimes clash with efforts to protect the election against foreign interference.

National: Group warns of gaps in election infrastructure | Mark Rockwell/FCW

The Department of Homeland Security’s (DHS) cybersecurity agency has worked since 2016 to help states protect their election infrastructure from electronic attack, but it only takes one small breach to dent confidence in the systems, according to a digital rights and technology expert.” There has been a ton of effort from [the Cybersecurity and Infrastructure Security Agency] and others,” said William Adler, senior technologist for elections and democracy at the Center for Democracy and Technology (CDT).” But cybersecurity is an active process. Threats are constantly changing and evolving, so we need to keep making the case that election officials need to prioritize cybersecurity and not be complacent,” he said during a conference call with reporters on Oct. 16. On the call, officials at the technology and digital rights advocacy group explained the variety of threats facing the upcoming elections, from voter suppression, to misinformation about mail-in ballots and cybersecurity.

National: Eight-Hour Waits. Machine Glitches. Why Early Voting in Some States Has Had a Rough Start. | Reid J. Epstein, Stephanie Saul and Manny Fernandez/The New York Times

Virginia’s online voter registration portal crashed on the final day it was available when roadside utility workers cut the wrong cable. Texans waited in long lines on the first day of early voting in their state’s biggest cities, and in one county in the Houston suburbs, a programming error took down all of the voting machines for much of the morning. On Georgia’s second day of early voting, long lines again built up at polling places in the Atlanta suburbs. The hurdles to early voting on Tuesday resulted from a combination of intense voter interest that stressed the capacity of overwhelmed local elections officials and the sort of messiness that has long been common in American elections and which is now under a microscope as concerns over voter suppression and the unprecedented dynamics of voting during a pandemic collide.The long lines in Georgia and Texas illustrate how eager voters are to cast ballots in the 2020 election — particularly, but not only, in Democratic-trending urban and suburban areas. By 2 p.m. on Tuesday, Harris County, Texas, which includes Houston, had smashed its first-day early-voting turnout record. In Gwinnett County, Ga., north of Atlanta, even with the long lines there was a 450 percent increase in first-day early voting compared with 2016, according to Ryan Anderson, who tracks Georgia voting data on the Georgia Votes website.

National: Critical swing states push for ‘simple change’ to make counting mail-in ballots easier | Allan Smith/NBC

There’s a “simple change” that makes counting mail-in votes easier but some critical swing states still don’t allow it. Already, 32 states — under both Democratic and Republican control — allow for the county-level election overseers to begin processing ballots before Election Day— a process known as “pre-canvassing.” But in states like Michigan, Wisconsin and Pennsylvania, election officials have not been able to begin doing so until Election Day. Pre-canvassing involves checking the ballots for eligibility, preparing them to be scanned and other manual steps that can be time-consuming. The process does not include counting and tabulating the votes. Election officials, facing record numbers of mail-in ballots, say that if they are able to begin this work before Election Day, they will be able to complete the final vote count much more quickly. President Donald Trump has repeatedly lamented that the counting of ballots may not be completed in some states by the end of Election Day. But pre-canvassing of ballots in those earlier mentioned states will help speed the process, officials said.”It’ll take forever,” Trump said at a new conference last month. “You think Nov. 3? You might not have — I guess, at a certain point, it goes to Congress. You know, at a certain point, it goes to Congress. You know that.”

National: Top Senate Republican pushes back against Trump’s unsubstantiated claims mail-in-voting leads to mass fraud | Manu Raju and Clare Foran/CNN

A Senate GOP leader raised concerns on Wednesday over President Donald Trump’s unsubstantiated claims that mail-in-voting leads to mass fraud, arguing that Republicans should instead be encouraging voters to use the method in order to compete in a consequential election that will determine control of Congress and the White House. “Mail-in voting has been used in a lot of places for a long time,” Senate Majority Whip John Thune, the No. 2 Senate Republican, said in the Capitol. “And honestly, we got a lot of folks, as you know, who are investing heavily to try to win that war, it’s always a war too for mail-in ballots. Both sides compete and it’s always an area where I think our side — at least in my experience — has done pretty well.” The South Dakota Republican added, “I don’t want to discourage — I think we want to assure people it’s going to work. It’s secure and if they vote that way, it’s going to count.” The comments come as a range of Republican officials throughout the country have reacted with growing alarm to the President’s attacks on mail-in ballots, saying his unsubstantiated claims of mass voting fraud are already corroding the views of GOP voters, who may ultimately choose not to vote at all if they can’t make it to the polls come November.

National: Coronavirus creates new election threats, experts warn at Black Hat | Laura Hautala/CNET

Election security, meet the coronavirus pandemic. That was the theme of the Black Hat security conference Wednesday, a meeting of cybersecurity experts from around the world that is taking place virtually this year to help limit the spread of COVID-19. The public health emergency will change voting. As a result, voters will have to plan ahead for Election Day, consider participating as a poll worker or other volunteer and be patient for the final tally of votes, said Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency. His agency, a department of the US Department of Homeland Security, is responsible for programs to secure elections throughout the US. “Be a part of the solution,” Krebs told the audience of security experts. In a keynote address, cybersecurity expert Matt Blaze made a similar call to action. Blaze noted that US elections officials will have to overcome major logistical hurdles to scale up vote-by-mail options while also creating a surplus of in-person voting locations. With fewer than 100 days until the 2020 presidential election, Blaze said it’s imperative for people with tech knowledge to get involved and ask local election officials what help they need.

National: Republicans Aid Kanye West’s Bid to Get on the 2020 Ballot | Danny Hakim and Maggie Haberman/The New York Times

At least four people who have been active in Republican politics are linked to Kanye West’s attempt to get on the presidential ballot this year. The connection raises questions about the aims of the entertainer’s effort and whether it is regarded within the G.O.P. as a spoiler campaign that could aid President Trump, even as those close to Mr. West have expressed concerns about his mental health as he enters the political arena. One operative, Mark Jacoby, is an executive at a company called Let the Voters Decide, which has been collecting signatures for the West campaign in three states. Mr. Jacoby was arrested on voter fraud charges in 2008 while he was doing work for the California Republican Party, and he later pleaded guilty to a misdemeanor. Mr. Jacoby, in a statement, said his company was nonpartisan and worked for all political parties. “We do not comment on any current clients, but like all Americans, anyone who is qualified to stand for election has the right to run,” he said. New York Magazine reported Monday evening on the campaign’s links to two other people with partisan ties. One is Gregg Keller, the former executive director of the American Conservative Union, who has been listed as a contact for the campaign in Arkansas. Mr. Keller, who did not respond to a message seeking comment, is a Missouri-based strategist. He was under consideration to be Mr. Trump’s campaign manager in 2015, a role that was ultimately filled by Corey Lewandowski, according to a former campaign official.

National: Hackers Get Green Light to Test Election Voting Systems | Robert McMillan and Alexa Corse/Wall Street Journal

Election Systems & Software LLC, the top U.S. seller of voting-machine technology, is calling a truce in its feud with computer-security researchers over the ways they probe for vulnerabilities of the company’s systems. With the U.S. presidential election less than three months away, ES&S Chief Information Security Officer Chris Wlaschin on Wednesday will unveil the company’s outreach effort to security researchers at the annual Black Hat hacker convention that is taking place virtually this year, according to ES&S. Mr. Wlaschin will detail a new vulnerability disclosure policy, which spells out, for example, the “safe harbor” protections that ES&S will provide legitimate researchers if they identify and notify the company of bugs in its systems, ES&S said. Those provisions are standard across many industries, from computer equipment to cars to medical devices, as manufacturers seek outside help to ensure their systems are secure. But the makers of election equipment, ES&S in particular, have been reluctant to allow outside security experts to test their systems, researchers have said. The company’s move follows the Department of Homeland Security last week urging increased cooperation between security researchers, election officials and vendors as it released guidance for election administrators on coordinating to address security vulnerabilities.

National: Trump can’t postpone the election, but officials worry he and the GOP could starve it | Evan Halper/Los Angeles Times

The elections chief in the Detroit suburb of Rochester Hills, Mich., a competitive softball player in her younger days, feels like she’s been pushed back into the batting cage. This time, nobody is giving Tina Barton a bat. “It is like I am just standing there without anything to hit the balls back,” Barton said. “Every day I step in, and something new is coming at me at high speed.” Poll workers quitting. A churn of court decisions throwing election rules into tumult. A COVID-19 outbreak at City Hall that could sideline her department at a critical moment. The viral pandemic has put the nation’s election system under a level of stress with little precedent. And, although figures in both parties rejected President Trump’s suggestion of postponing the November election when he flirted with the idea Thursday, they haven’t provided the money that officials like Barton need to get ready for it. The House months ago approved $3.6 billion to aid local and state elections officials in dealing with an expected flood of mail-in ballots this fall, something that threatens to overwhelm elections officials in states where voting by mail is a relative novelty. The money has stalled in the Republican-controlled Senate — part of the larger stalemate over a new round of help for people and businesses devastated by the economic impact of the pandemic.

National: Postal Service backlog sparks worries that ballot delivery could be delayed in November | Michelle Ye Hee Lee and Jacob Bogage/The Washington Post

The U.S. Postal Service is experiencing days-long backlogs of mail across the country after a top Trump donor running the agency put in place new procedures described as cost-cutting efforts, alarming postal workers who warn that the policies could undermine their ability to deliver ballots on time for the November election. As President Trump ramps up his unfounded attacks on mail balloting as being susceptible to widespread fraud, postal employees and union officials say the changes implemented by Trump fundraiser-turned-postmaster general Louis DeJoy are contributing to a growing perception that mail delays are the result of a political effort to undermine absentee voting. The backlog comes as the president, who is trailing presumptive Democratic presidential nominee Joe Biden in the polls, has escalated his efforts to cast doubt about the integrity of the November vote, which is expected to yield record numbers of mail ballots because of the coronavirus pandemic. On Thursday, Trump floated the idea of delaying the Nov. 3 general election, a notion that was widely condemned by Democrats and Republicans alike. He has repeatedly gone after the Postal Service, recently suggesting that the agency cannot be trusted to deliver ballots.

National: Ransomware feared as possible saboteur for November election | Eric Tucker, Christina A. Cassidy and Frank Bajak/Associated Press

Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal. Ransomware attacks targeting state and local governments have been on the rise, with cyber criminals seeking quick money by seizing data and holding it hostage until they get paid. The fear is that such attacks could affect voting systems directly or even indirectly, by infecting broader government networks that include electoral databases. Even if a ransomware attack fails to disrupt elections, it could nonetheless rattle confidence in the vote. On the spectrum of threats from the fantastical to the more probable, experts and officials say ransomware is a particularly realistic possibility because the attacks are already so pervasive and lucrative. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks. “From the standpoint of confidence in the system, I think it is much easier to disrupt a network and prevent it from operating than it is to change votes,” Adam Hickey, a Justice Department deputy assistant attorney general, said in an interview. The scenario is relatively simple: Plant malware on multiple networks that affect voter registration databases and activate it just before an election. Or target vote-reporting and tabulation systems.