National: Limited election security funds pose risk for 2020 | Kimberly Adams/Marketplace

As presidential candidates vie for voters’ attention, there’s another group getting ready for 2020: state and local election officials. Congress sent $380 million to states after attempts, some successful, to hack voter lists and election machines in the 2016 election. But elections security experts say that’s unlikely to be enough to fix the patchwork of voting machines, voter lists, and state or county computer systems that make up America’s voting infrastructure. Efforts to shore up that infrastructure happen in quiet offices like that of Chris Piper, commissioner for the Virginia Department of Elections. “The irony of being an election official is that if you’ve done your job right, nobody notices,” he said. Virginia was among the states probed by foreign hackers in 2016, and Piper said the commonwealth is working to ensure that doesn’t happen again. “Virginia was obviously one of the states that was scanned, but we were not breached,” Piper said. “We’ve taken an incredible number of steps to improve that security posture.”

National: More election security funds headed to states as 2020 looms | Christina A. Cassidy/NPR

Congress is giving states a last-minute infusion of federal funds to help boost election security with voting in early caucus and primary states slated to begin in February. Under a huge spending bill, states would receive $425 million for upgrading voting equipment, conducting post-election audits, cybersecurity training and other steps to secure elections. To receive the funds, states must match 20% of their allocation. The Senate approved the bill Thursday, sending it to President Donald Trump for his signature. States have been scrambling to shore up their systems ahead of the 2020 election. The nation’s intelligence chiefs have warned that Russia and others remain interested in attempting to interfere in U.S. elections and undermine democracy. For many who have been advocating for more congressional action on election security, the money is welcome, but they say more must still be done to ensure elections are secure. Sen. Ron Wyden, a Democrat from Oregon, has been among those pushing Congress to require states to implement rigorous post-election audits and use paper ballots in exchange for federal funds. “I’m afraid this bill will widen the gulf between states with good election security and those with perilously weak election security,” Wyden said in a statement. “I appreciate the intent behind this provision, but until Congress takes steps to secure the entire election system, our democracy will continue to be vulnerable to foreign interference.”

National: 2019’s top cybersecurity story is still what Russia did in 2016 | Joseph Marks/The Washington Post

The historic House vote to impeach President Trump last night also marked the most recent turn in a cybersecurity saga that’s gripped the nation since 2016 and consumed much of the past year. Russia’s hacking and disinformation operation in 2016 has occupied lawmakers, election officials and cybersecurity pros for three years now as they try to hold the Kremlin accountable and to prevent a repeat in 2020. It was also Trump’s obsession with poking holes in the official narrative about that operation – by urging Ukraine’s president to investigate a baseless conspiracy theory about Russia’s Democratic National Committee hack and the cybersecurity firm CrowdStrike — that helped spark an impeachment trial that promises to grip the nation for weeks to come. “This impeachment is, to a great degree, a cyber story,” Jon Bateman, a Cyber Policy Initiative fellow at the Carnegie Endowment for International Peace and a former Pentagon cybersecurity official, told me. “It’s the president’s inability to grasp what really happened in a series of cyber incidents that’s led to our current political crisis.” Election hacking was a key battleground for lawmakers this year as Democrats demanded Congress provide $600 million for states and localities to secure their voting machines and impose strict mandates to ensure elections are as secure as possible. They also pummeled Republicans who blocked those efforts, accusing them of being complicit with Russia, and even branding Senate Majority Leader Mitch McConnell (R-Ky.) as “Moscow Mitch” before he relented this week and endorsed sending $425 million to states. Homeland Security Department officials, meanwhile, crisscrossed the country vetting election equipment and running cybersecurity training for local officials. But they were regularly undermined by the president’s wavering on whether Russia was actually responsible for the 2016 interference, helping spark concern the Kremlin will do it again.

National: Pressure still on McConnell after $425 million election security deal | Joseph Marks/The Washington Post

Democrats and activists plan to keep pressing Senate Majority Leader Mitch McConnell (R-Ky.) for major election security reforms — even after he endorsed delivering an additional $425 million to state and local election officials. That money, which was part of a last-minute government funding deal, marks a major turnaround for McConnell, who for months refused to consider any new election security spending and only recently endorsed a far smaller cash infusion of $250 million. But it doesn’t include any of the election security mandates that McConnell has long resisted and that cybersecurity experts say are vital, such as paper ballots and post-election audits. Without those mandates, Democrats worry the Kremlin will still be able to upend the 2020 election by attacking the least-protected voting districts. Those concerns are also hyper-charged as intelligence and law enforcement agencies are already warning that not just Russia but also “China, Iran, and other foreign malicious actors” are all eager to compromise the election. “Mitch McConnell refused to agree to safeguards for how this funding is spent, which means state and local governments will continue buying machines with major security problems,” said Sen. Ron Wyden (D-Ore.), who has called for strict security mandates on states. “Until Congress takes steps to secure the entire election system, our democracy will continue to be vulnerable to foreign interference.” Sen. Mark Warner (D-Va.) applauded the new funding on Twitter, but warned it is “*not* a substitute for passing election security reform legislation that Senate GOP leadership has been blocking all year.”

National: $425M allocated for election security in government funding deal | Maggie Miller and Jordain Carney/The Hill

The spending deal agreed upon by House and Senate negotiators includes $425 million for states to improve their election security, two congressional source confirmed to The Hill on Monday. According to the sources, the appropriations deal, set to be made public later Monday, will also include a requirement for states to match 20 percent of the federal funds, meaning the eventual amount given to election officials to improve election security would reach $510 million. The federal funds set to be given to states through the Election Assistance Commission (EAC) represent a compromise between the amounts separately offered by the House and Senate earlier this year for election security purposes. The House included $600 million for election security efforts in its version of the fiscal 2020 Financial Services and General Government Bill, which the chamber passed earlier this year.

National: Spending Deal Allots Millions for Election Security, but Democrats Say It Isn’t Enough | Alexa Corse/Wall Street Journal

The U.S. House voted Tuesday to provide more funding to help states secure their election systems as part of a sweeping budget agreement, but Democrats argued that the compromise still doesn’t do enough to protect U.S. elections from hacking or other interference. A budget agreement would provide $425 million to help states upgrade their voting systems, lawmakers said, the largest amount for a single fiscal year in over a decade. That is part of nearly $1.4 trillion in spending which cleared the House on Tuesday and is expected to win approval from the Senate and from President Trump, preventing a possible government shutdown after Friday. The new funding represents a rare moment of agreement between top Democrats and Republicans concerning how to secure U.S. elections in the run-up to the 2020 contests, which U.S. intelligence officials repeatedly have said hostile powers remain intent on disrupting. But the issue is likely to continue to face partisan headwinds. Key Democrats continued to call for more funding and stricter standards. “This is a welcome development after months of pressure, but this money is no substitute for a permanent funding mechanism for securing and maintaining elections systems,” said Sen. Mark Warner (D., Va.), the top-ranking Democrat on the Senate Intelligence Committee. He also called for comprehensive election-security legislation that would mandate stronger standards, which he said top Republicans had blocked.

National: New federal funds for election security garner mixed reactions on Capitol Hill | Maggie Miller/The Hill

The inclusion of $425 million for election security purposes in the House and Senate-negotiated annual appropriations bill garnered mixed reactions on Capitol Hill on Tuesday, with Democrats taking issue with how states will be allowed to spend the funds. Sen. Ron Wyden (D-Ore.), one of the key Senate Democrats who has advocated strongly this year for the Senate to take action on election security, told reporters on Tuesday that it was a “huge mistake” for Congress to allow the new funds to be spent on items including voting machines that experts might not deem as secure. “Under this language they can basically spend it on a whole variety of things apparently that really don’t go to the heart of modern security,” Wyden said. “As a member of the [Senate] Intelligence Committee, I won’t talk about anything classified, but I will say that the threats we face in 2020 will make what we saw in 2016 look like small potatoes.” The funds were included in the government appropriations deal following negotiations between the House and Senate, along with a requirement that states match the federal funds by 20 percent, meaning the final amount available for election security upgrades will total $510 million.

National: Democrats want tougher language on election security in defense bill | Maggie Miller/The Hill

Democrats are complaining that the annual National Defense Authorization Act (NDAA) set for a Senate vote this week doesn’t go far enough to protect election security. The bill includes a number of provisions that would tighten security, but Democrats — who for much of the year have targeted Senate Majority Leader Mitch McConnell (R-Ky.) on the issue of election security — say it lacks key safeguards that would help prevent foreign meddling, including post-election audits of the results and requirements for states that do not use paper ballots. While the concerns won’t prevent the Senate from approving the massive bill, they are likely to lead to complaints as Democrats continue to press the issue of election security next year. “We can’t mandate that, but we could say if you want to take the federal money, you’ve got to meet these prerequisites,” Sen. Mark Warner (D-Va.), the top Democrat on the Senate Intelligence Committee, said of the paper ballot issue. “I still don’t think we’re as protected as we should be going into the 2020 election.”

National: Election, grid security provisions in defense bill | Tim Starks/Politico

Via inclusion of a multi-year intelligence authorization measure, the defense legislation issues numerous election security edicts. The legislation would establish briefings and notifications from the Director of National Intelligence and DHS to Congress, state and local governments, campaigns and parties when there’s a significant cyber intrusion or attack campaign. It would take steps to expand and speed up security clearances for election officials. It would require development of a strategy for countering foreign influence. And ODNI would have to designate a lead counterintelligence official for election security. Intel officials (often in partnership with other agencies) would have to deliver reports and assessments to Congress on past attempted and successful cyberattacks on the 2016 elections, as well as those anticipated in the future; how prepared intel agencies are to counter Russian election influence; foreign intelligence threats to U.S. elections; and Russian influence campaigns in foreign elections. The grid: House and Senate negotiators included a proposal (S. 174) from Sens. Angus King (I-Maine) and Jim Risch (R-Idaho) that would establish a program to test analog and other methods of protecting the grid from cyberattack. It would authorize the use of military construction funding to make cyber and other improvements to utility systems that serve military installations.

National: Voting-Machine Parts Made by Foreign Suppliers Stir Security Concerns | Alexa Corse/Wall Street Journal

A voting machine that is widely used across the country contains some parts made by companies with ties to China and Russia, researchers found, fueling questions about the security of using overseas suppliers, which has also sparked scrutiny in Washington. Voting-machine vendors could be at risk of using insecure components from such overseas suppliers, which generally are difficult to vet and monitor, said a report being released Monday by Interos Inc., an Arlington, Va.-based supply-chain monitoring company that has consulted for government agencies and Fortune 500 companies. The findings are likely to fan worries about whether voting-machine vendors are doing enough to defend themselves against foreign interference ahead of the 2020 U.S. elections, which U.S. intelligence officials say hostile powers could try to disrupt. Voting-machine vendors assailed the research, which Interos conducted independently, saying the report failed to note existing safeguards, such as testing done at the federal, state and local levels, and the vendors’ internal protocols. The report comes as U.S. lawmakers and national-security officials increasingly have sounded alarms about supply-chain risks. Although supply chains that span the globe are common in the tech industry, Russia and China pose concerns because of how, according to U.S. officials, they press companies for access to technology within their borders. Washington lawmakers have specifically cited voting machines as an area of concern, among such other products as telecom equipment made by Chinese firm Huawei and antivirus software from Russia-based Kaspersky Lab. Russia and China historically have denied interfering in U.S. politics. The report examined one voting machine as a case study. In that machine, around 20% of the components in the supply chain that Interos was able to identify came from China-based companies, including processors, software and touch screens, according to the Interos research. Those components weren’t necessarily made in China, as the suppliers may have several locations globally, and the Interos data doesn’t necessarily cover the entire supply chain, the researchers noted. Researchers declined to name the particular model of voting machine they examined, or its maker, citing the sensitivity of the issue. They said only that it is “widely used” in the U.S. Two major vendors, Election Systems & Software LLC and Dominion Voting Systems Corp., said they didn’t think it was one of their products.

National: The biggest tech threats to 2020 elections | Roi Carmel/VentureBeat

As our election system modernizes, securing our democratic process has become a chief concern for both U.S. legislators and voters. Just last month, the House passed the SHIELD Act, which is focused on securing our elections. But that’s not going to be enough in an era when technology is turning out entirely new attack surfaces. In 2016, the Pew Research Center put the number of electronic voting machines — also known as direct-recording electronic (DRE) devices — at 28%. The 2020 election cycle will likely show an uptick in that number. But attacking American voting booths is an obvious move, and attackers consistently follow the path of least resistance. In the case of election security, the weakest point today is critical infrastructure. It’s the framework that supports our modern democratic process, and it runs deep, from traffic light systems and mass transit to the way we receive vital news and information.

National: GOP Senator Blocks Bipartisan Election Security Bill, claims protecting election security is an ‘attack’ on Trump | Emily Singer/The American Independent

Sen. Mike Crapo (R-ID) blocked a bipartisan bill aimed at protecting elections, saying it’s ‘designed more to attack the Trump administration.’A bipartisan bill to protect American elections from foreign interference was once again blocked on Tuesday, this time by a Republican senator who claimed that the legislation was an “attack” on Donald Trump. “The mechanisms in this bill have been designed more to attack the Trump administration and Republicans than to attack the Russians and those who would attack our country and our elections,” Sen. Mike Crapo (R-ID) said of the Defending Elections from Threats by Establishing Redlines Act. The DETER Act — introduced by Sens. Chris Van Hollen (D-MD) and Marco Rubio (R-FL) — directs the head of the U.S. intelligence community to expose any foreign interference in federal elections and sanction the countries that were determined to have interfered. The bill is a response to Russia’s hacking and disinformation campaign in the 2016 election.

National: Secretaries of State Unite to Fight Election Misinformation | Jessica Mulholland/Government Technology

There’s no question — the U.S. election system is vulnerable. In fact, it’s even more vulnerable than originally reported following the 2016 election. Government executives at all levels know, and they’re working on the problem, focusing on cybersecurity, inter-agency communication, paper trails and  audits. And the National Association of Secretaries of State (NASS) is working another angle: In mid-November, it launched  #TrustedInfo2020, an education campaign that aims to fight election misinformation by encouraging citizens to“to look to their state and local election officials as the trusted sources for election information,” according to the press release. The nation’s secretaries of state, 40 of whom serve as their state’s chief election official, will guide voters directly to election officials’ websites and verified social media pages to ensure they get accurate election information. In a NASS-led Twitter chat held Dec. 12, secretaries of state from California to West Virginia — along with various groups and associations — discussed the initiative and how likely it is to make an impact.

National: Several election security provisions are in the massive defense bill | Andrew Eversden/The Fifth Domain

The National Defense Authorization Act released Dec. 9 contains several provisions aimed at securing U.S. election infrastructure months before presidential primary season is in full-swing. The provisions in the compromised conference report mandate a broad range of election-related steps, from an assessment of foreign intelligence threats to U.S. elections to allowing top state election officials to receive Top Secret security clearances. The security clearance language is good news for the information-sharing relationship between the the federal government and state election officials, who don’t have proper clearance to view high-level intelligence related to election infrastructure cyberthreats. Throughout the 2016 election, the Department of Homeland Security and the FBI had a fraught information-sharing relationship with the states. In the years since, top federal election officials have consistently said information sharing needed to be improved, and while officials say it has been, the clearance problem was still a hindrance.

National: RNC, DNC bank on Duo authentication ahead 2020 election | Shannon Vavra/CyberScoop

The Republican National Committee is relying on authentication tools and careful social media behavior in order to avoid a devastating data breach like the kind that derailed its Democratic counterparts in 2016. The RNC, which develops and promotes the party’s platform and currently supports President Donald Trump’s re-election campaign, is banking on Duo Security, which specializes in multi-factor authentication, to keep state-sponsored hackers out of party accounts, according to recent Federal Election Commission filings. Even if a user’s password credentials are stolen, an extra layer of authentication can ensure that only the legitimate account holder could access his or her communications. Since March of this year, the RNC has paid just over $1,000 per month to Duo, according to FEC filings. The RNC started using Duo in 2016, just days before the election. And it’s not just email account access the RNC is trying to protect — the RNC uses multiple layers of authentication to protect other user accounts, both personal and professional, too, according to Mike Gilding, the deputy director of information technology at the RNC. The approach reflects the urgency with which both major political U.S. parties must adopt even basic cybersecurity measures after Russian hackers accessed email accounts belonging to key members of the Democratic National Committee in 2016. Another similar attack against either party could disrupt what is shaping up to be a particularly contentious U.S. election season, as impeachment proceedings against the president move forward. The DNC and RNC have a lot to safeguard, including polling data, candidate research, campaign funding, and election strategies.

National: Russia’s efforts to target U.K. elections a stark warning for 2020 | Joseph Marks/The Washington Post

An alleged Russian influence campaign to undermine this week’s British elections shows how tough it will be to keep foreign influence out of the 2020 U.S. contest. Russian-backed accounts on Reddit actively worked to boost the trove of documents appearing to detail key U.S.-U.K. trade negotiations that have been gaining traction over the internet for months, the social sharing site revealed Saturday. It’s not clear whether the documents were leaked or hacked, but Britain’s opposition Labour Party, has been using the seemingly genuine documents to slam the ruling conservative party for considering giving U.S. companies far more influence over Britain’s popular state-run National Health Service as part of a post-Brexit trade deal. It’s yet another example of Russia’s powerful digital army allegedly seeking to influence the outcome of a Western election — and it offers a stark reminder of how influence operations can be highly effective even before they’re identified. This dramatically undermines government and industry efforts to blunt their power or hold off their spread.

National: Multistate voter database suspended in lawsuit settlement | Roxana Hegeman/Associated Press

A much-criticized database that checks whether voters are registered in multiple states has been suspended “for the foreseeable future” until security safeguards are put in place as part of a settlement of a federal lawsuit, a civil rights group said Tuesday. The Interstate Crosscheck program was the subject a class-action lawsuit by the American Civil Liberties Union of Kansas on behalf of 945 voters whose partial Social Security numbers were exposed by Florida officials through an open records request. Kansas has operated the multistate program since 2005, although the program hasn’t been used since 2017 when a Homeland Security audit discovered security vulnerabilities. The settlement includes a list of safeguards the state has agreed to implement to protect voter’s personal information before the program can resume, the ACLU said in a news release.

National: Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing | Byron Tau and Dustin Volz/Wall Street Journal

Two top government officials with broad cybersecurity and election-integrity portfolios have announced they are stepping down this month, a loss of expertise in a critical area less than a year before the 2020 presidential election. Amy Hess, the executive assistant director of the Criminal, Cyber, Response, and Services Branch of the Federal Bureau of Investigation will depart for a job as the chief of public services in Louisville, Ky. Jeanette Manfra, the most senior official dedicated exclusively to cybersecurity at the Department of Homeland Security, will leave her post at year’s end for a job in the private sector. Both women have announced their departure in recent weeks. Senior U.S. intelligence officials have warned the elections are likely to be targeted online by Russia and other foreign adversaries following Moscow’s success in disrupting the 2016 race. The FBI and DHS are two of the primary agencies responsible for combating foreign influence operations online, along with intelligence agencies including the National Security Agency. The FBI established a Foreign Influence Task Force in 2017 and has made investments to deepen its cybersecurity capabilities. DHS is the lead federal partner for state and local election officials with a focus on safeguarding voting systems from hackers.

National: The voting machine certification process is making it harder to secure elections | Chris Iovenko/Slate

A judicial election in Northampton County, Pennsylvania, in November produced a literally unbelievable result. About 55,000 votes were cast on newly purchased electronic voting machines, but only 164 votes were registered for the Democratic candidate. Luckily, the touch-screen machines produced a backup paper trail, which allowed for an accurate recount. Ultimately, the Democrat won by some 5,000 votes. The root cause of this systemic vote switching is still under investigation. Whatever the case, though, the mass malfunction of these machines highlights the reliability and security issues around electronic voting systems that are mostly already primed for use in the 2020 elections. As disturbing as the Northampton County miscount is in its own right, it throws into relief a grave general issue that applies to voting systems across the country. One would hope that whatever glitch or virus, once identified, that caused the massive malfunction will be quickly and easily fixed, patched, or updated so that those machines can be relied upon to work properly going forward. Further, one would also assume that other vulnerable voting systems around the country will be updated prophylactically to prevent similar malfunctions in next year’s elections. However, neither of those things is very likely to happen. Our current regimen for certifying electronic voting systems makes changing or updating election systems in the run-up to an election very difficult—and as Election Day 2020 gets closer, that maintenance becomes virtually impossible.

National: Just How Regulated Are Our Nation’s Elections? | Hadley Hitson/Fortune

The U.S. federal government subjects nearly every industry to a slew of operational rules and regulations. Defense contractors are prohibited from utilizing certain Chinese telecommunications companies like Huawei in order to prevent theft of the nation’s military technology. Power companies must abide by mandatory reliability standards and report any attempted or successful breaches of their systems to a federal commission. National banks implement federally required security procedures to prevent robberies. These sectors are meticulously managed with hundreds of requirements specifically because the Department of Homeland Security considers them so vital that their incapacitation would have a “debilitating effect” on the country as a whole.  But when it comes to elections, a cornerstone of American democracy, the vendors whose voting equipment is used throughout the country largely lack the level of federal oversight and direction that protect other critical infrastructure industries from domestic and foreign interference.

National: What Is Election Hacking, and Can It Change Who Wins? | Kartikay Mehrotra & Andrew Martin/Bloomberg

Americans have relied on computers to tally votes since at least 1964, when two Georgia counties used them to count punch-card ballots in a primary election. Over time, high-tech election systems largely supplanted paper ballots and gear-and-lever machinary, a trend hastened by the contested 2000 presidential election between George W. Bush and Al Gore. (Remember hanging chads?) But ever-greater reliance on digital voter registration, electronic voting and computerized tabulation have created the opportunity, at least, for hackers to sabotage elections, and Americans aren’t the only ones who are fearful.

1. What is meant by ‘election hacking’?

It’s sometimes used as a catch-all phrase to encompass all sorts of underhanded efforts to subvert elections, including the type of social media disinformation campaign undertaken by Russia to taint elections in the U.S., Europe and Africa. But in its most literal form, election hacking refers to computer breaches that are intended to manipulate voter data, change a vote tally or otherwise discredit tabulated results.

National: In a bid for better security, elections are going analog | Christian Buckler/Marketplace

ary Scott can tell you a lot about the internet. Or rather, how little of it his machines are connected to. “There’s always some barrier between these machines and any online systems,” said Scott, the general registrar and director of elections for Fairfax County, Virginia. Standing next to one of several DS200 voting machines set up for training purposes in the Office of Elections in Fairfax County, he emphasized that none of the fleet of voting machines he oversees have ever been connected to the internet. Neither have any of the computers used to program them, nor the machines that will receive the final vote count. The most surprising piece of technology involved in Fairfax’s voting approach might well be the oldest one: paper. “We got a lot of resistance from the public because they wanted to know why we were going ‘backwards’ to paper, but it’s a much more secure method of doing it,” Scott said.  Fairfax County initiated a move toward paper ballots years before Virginia decertified paperless voting machines across the state, aligning with the latest shifts in thinking about election security—both in the U.S. and abroad. The embrace of paper by districts like Fairfax marks a change in the nationwide trend toward electronic voting infrastructure that can be traced back to the Help America Vote Act of 2002.

National: Ukraine claims threaten Senate consensus on Russian hacking | Joseph Marks/The Washington Post

A tenuous Senate consensus on the dangers of Russian election hacking is being threatened by the GOP’s embrace of President Trump’s debunked argument that Ukraine also interfered in 2016. Numerous Senate Republicans promoted that argument this week, bucking the conclusion of U.S. intelligence officials and ignoring warnings the claims are part of a Kremlin-backed effort to muddy the waters on Russia’s own interference. “There’s no question in my mind Ukraine did try to influence the election,” Sen. John Neely Kennedy (R-La.), one of Trump’s most vocal supporters on the issue, said yesterday. Senate Democrats also struck back. “The only people who are advancing the discredited theory about Ukraine and intervention are part of the continuing Russian disinformation campaign,” Sen. Mark R. Warner (Va.), ranking Democrat on the Senate Intelligence Committee, said. The conflict is a sea change for the Senate, which has generally maintained a bipartisan consensus on the singular damage caused by Russia’s 2016 hacking and disinformation campaign and the danger of a repeat in 2020 — even as House GOP lawmakers have proved far more willing to follow Trump’s lead in questioning Russia’s role in the attacks and embrace conspiracy theories. The shift could prove especially damaging as the legislative clock ticks down to 2020. The Senate is still considering election security measures, including providing more money for states to upgrade their voting systems and to impose new transparency requirements on political advertisements.

National: Email Infrastructure Seen as Lingering Vulnerability for Elections | MeriTalk

New research shows that email is still a weak link in U.S. election infrastructure, with only five percent of the nation’s largest counties protecting election officials from impersonation attempts. The latest research from Valimail finds that an “overwhelming majority of cyberattacks can be traced to impersonation-based phishing emails,” with 90 percent of attacks involving phishing, and 89 percent of phishing involving impersonation. Valimail looked at Sender Privacy Framework (SPF) and Domain-based Message Authentication, Reporting & Conformance (DMARC) status for 187 domains that were used by election officials in each state’s three largest counties. The researchers then sought to determine whether each domain is protected from impersonation attacks by a correctly configured DMARC record with a policy of enforcement.

National: Why we can expect more voting machine headaches in 2020 | Steven Rosenfeld/Salon

Still-incomplete explanations of problematic aspects of new voting systems that debuted in November 2019 and will be used in 2020 suggest that voters will likely see random delays in voting and vote counting during next year’s presidential primaries and fall election. The new voting systems were being tested or deployed in advance of 2020. While the machinery did not widely fail across all jurisdictions, there were diverse and serious problems that could undermine public trust if they recur in 2020. However, the official responses, thus far, have not been reassuring. Take Georgia, for example. There, new systems were tested in nine counties on November 5 before statewide use in 2020’s primaries. In four counties, the start of voting was delayed by more than one hour, according to a secretary of state summary that mostly blamed the users, but not the technology. The users would be poll workers and other officials (who underwent training) and private contractors who program the system checking in voters. The opening of the polls is one of the busiest times at polling places, when people come to vote on their way to work. “We had 45 incidents out of 27,482 votes or an incident rate of 0.164 percent,” the secretary of state’s report summary said. “Nearly all issues were caused by human error or interaction which can be mitigated through training or identified through testing.” That statistical assessment is breezy. The report’s fine print describes poll openings delayed by an hour, but does not say how many voters were kept waiting. The apparent reason was that the electronic poll book system had “an additional field within the dataset erroneously.” If that analysis is correct, that is an amateur programming error. The report said that private vendors used Wi-Fi to access and reprogram it. But that wasn’t the only problem.

National: Pennsylvania voting debacle gives ammunition to paper ballot push | Joseph Marks/The Washington Post

Massive voting machine failures in a Pennsylvania county in November are giving election security advocates fresh ammunition to call for nationwide paper ballots. The problems, which may have been caused by a software glitch, resulted in some Northampton County residents who tried to vote straight-ticket Democrat initially registering as straight-ticket Republican. It also incorrectly showed a Republican judicial candidate winning by a nearly statistically impossible margin, the New York Times’ Nick Corasaniti reports. In this case, voters got lucky. The county had paper backups for all the votes the machine counted incorrectly. They showed the Democrat judicial candidate Abe Kassis — who the computer tally said got just 164 votes out of 55,000 ballots — actually narrowly won the race. But about 16 million Americans spread across eight states won’t have a paper backup for their votes in 2020. That means a similar software glitch or a malicious hack by Russia or another U.S. adversary could cause mass uncertainty about an election’s outcome or even result in the wrong candidate taking office. Even in Pennsylvania, it could have been different. The machines that malfunctioned in November were just purchased this year in response to a statewide mandate to upgrade to new voting machines with paper records.

National: Election Security Push Ahead Of 2020 Could Be Blunted By Wave Of Retirements | Pam Fessler/NPR

Between possible foreign interference, potentially record-high turnout, new voting equipment in many parts of the country and what could be a razor-close outcome, the 2020 election was already shaping up to be one of the most challenging elections to administer in U.S. history. On top of those challenges, a number of top election officials who oversaw voting in 2016 won’t be around next year. Some are retiring after long careers, but others are feeling the strain of an increasingly demanding and politicized job. Among those who’ve left are former Virginia Election Commissioner, Edgardo Cortes, now an election security adviser with the Brennan Center for Justice. He decided to move on last year when the governor he worked for was heading out of office. Cortes also had a new baby on the way and a three hour commute, and says he needed a break from his 24/7 job. “In Virginia in particular, there are elections going on every year, multiple times a year, so it was definitely a huge time commitment,” says Cortes. Running elections can be difficult work, with long hours, low pay and an electorate that isn’t always appreciative. Most officials say they love the work and believe they’re performing a key democratic function, but several high-profile election officials have recently announced that they’re leaving, in part to give their replacements time to prepare for 2020.

National: As the 2020 US election nears, voter systems still vulnerable | Lydia Emmanouilidou/BBC

With a little less than a year to go before the 2020 US presidential election, security experts and lawmakers say progress has been made to guard against foreign interference. But they warn the country’s election infrastructure could be vulnerable to the types of hacking operations that took place in the lead-up to the 2016 election. One such attack was directed at the Illinois State Board of Elections, an agency that oversees and facilitates parts of election processes in the state, including a statewide voter registration system. “One of our IT people noticed that our [voter registration] system was running extremely slowly,” said Matt Dietrich, a spokesperson for the agency. “It had practically shut down.” The IT member inspected the system, and discovered that an intruder had exploited a vulnerability on the board’s online voter application, broken into the statewide voter registration database and gained access to voter information, including names, addresses and drivers’ license numbers. “It was terrifying. … We took the entire system down,” Mr Dietrich said. In the immediate aftermath of the incident – which took place in July 2016 – Mr Dietrich said the agency didn’t know who was behind the intrusion. But in July 2018, then-Special Counsel Robert Mueller indicted 12 Russian military officers over alleged cyber operations to interfere with the 2016 US presidential election.

National: Ahead of 2020, Democrats wrestle with how to disavow disinformation tactics | Stephen Montemayor/Minneapolis Star Tribune

Democratic Party leaders are engaged in an internal struggle over whether to explicitly disavow the use of disinformation tactics in the 2020 election. State party leaders, led by Minnesota DFL Chairman Ken Martin, have urged the Democratic National Committee to adopt such a pledge, but others are privately worried that it would put the party at a disadvantage against a president who has repeatedly trafficked in doctored videos and retweeted false stories since winning the presidency in 2016. Former Vice President Joe Biden is so far one of the only candidates to publicly sign a pledge not to use manipulated videos, content from fake social media accounts or other increasingly common disinformation tactics. Minnesota U.S. Sen. Amy Klobuchar has not signed a pledge, but she has personally vowed not to traffic in disinformation tactics. But the National Committee has refused to take action. The Republican National Committee also has declined to take a formal stance.

National: Russia’s 2016 Election Meddling Was a ‘Well-Choreographed Military Operation,’ Former FBI Counterintelligence Expert Says | David Brenna/Newsweek

former FBI expert in counterintelligence and cyberwarfare has warned that Russia’s meddling in the 2016 election was not a one-off, and that Moscow’s dedicated network of operatives never stopped their malign activities after President Donald Trump’s victory. Robert Anderson worked for the FBI for 21 years, rising to oversee the bureau’s efforts to identify, track and disrupt foreign intelligence and cyberwarfare efforts—including those originating from Russia. In a 60 Minutes interview broadcast Sunday, Anderson told CBS News’ Bill Whitaker that Russia’s cyberwarfare arm remains a significant threat to the American political system. “The Russians never left,” Anderson said. “I can guarantee you in 2016 after this all hit the news, they never left. They didn’t stop doing what they’re doing.” Asked by Whitaker if 2016 could have been “a one-time thing,” Anderson bluntly replied, “No way. Russia doesn’t do it that way.”