National: Election Security 2020: States Take Cybersecurity Measures Ahead of November | Adam Stone/StateTech Magazine

In the Buckeye State, officials are doing more than just keeping an eye on the upcoming national elections. As the threat of cyber tampering looms large, state and local leaders are working diligently to ensure voting is secure. “We want to set the tone for the rest of the nation,” says Ohio Secretary of State Frank LaRose, who in June issued a 34-point directive to guide state, county and local efforts on election cyber strategies. It calls for the use of event logging and intrusion detection tools, along with segmentation — disconnecting voting apparatus from external networks. “We want to make sure our boards of elections aren’t leaving a door opened by being attached to other, less secure assets,” LaRose says. Ohio may be out in front, but it is hardly alone. Authorities in all 50 states are taking steps to not only to secure the vote, but to ensure that the public perceives that vote as valid. They are getting help from the federal government, including the Cybersecurity and Infrastructure Security Agency, an operational component under the U.S. Department of Homeland Security. Experts say the aggressive action is justified, given the high likelihood that adversarial nations and other bad actors could try to tamper with the election.

National: Russia engaging in ‘information warfare’ ahead of 2020 election, FBI chief warns | Eric Tucker/Associated Press

The FBI director, Christopher Wray, has warned that Russia is engaged in “information warfare” heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America’s election infrastructure. Wray told the House judiciary committee that Russia, just as it did in 2016, is relying on a covert social media campaign aimed at dividing American public opinion and sowing discord. That effort, which involves fictional personas, bots, social media postings and disinformation, may have an election-year uptick but is also a round-the-clock threat that is in some ways harder to combat than an election system hack, Wray said. “Unlike a cyber-attack on an election infrastructure, that kind of effort – disinformation – in a world where we have a first amendment and believe strongly in freedom of expression, the FBI is not going to be in the business of being the truth police and monitoring disinformation online,” Wray said.

National: Iowa and the grand tradition of election tech mishaps | Andrew Gumbel/The Guardian

The great Iowa caucus meltdown of 2020 may be triggering anguish, anger and, on the Republican side of the political fence, expressions of unalloyed glee; but for one Miami lawyer and voting rights activist it is also bringing back vivid memories of another high-profile primary contest that fell victim to untested new technology and administrative incompetence. The year was 2002, and the race was a hotly contested Florida gubernatorial election in which Janet Reno, the former US attorney general, was vying for the Democratic party nomination against a prominent lawyer from Tampa. A politically connected company called Electronic Systems & Software (ES&S) was rolling out new touchscreen technology to replace the punch card machines that were widely blamed for the meltdown in the presidential election two years earlier between George W Bush and Al Gore. ES&S, though, was very far from ready for prime time. Many of the machines in Miami-Dade county took so long to boot up that polling stations could not open before lunchtime. When a freak storm caused power blackouts, the battery backup on many machines failed. One Miami precinct reported 900% turnout; another showed just one ballot cast. The governor declared a state of emergency, and Reno – who was trailing narrowly – demanded a re-examination of the ballots, only to realize that the new technology made recounts impossible.

National: Caucus Meltdown Tied to Democrats’ Little-Tested Mobile App | Michaela Ross, Kartikay Mehrotra and Chris Strohm/Bloomberg

The breakdown in reporting results from Iowa’s Democratic caucuses appears tied to failures in a mobile application that wasn’t ready for the load of a statewide election and which the head of the Homeland Security Department said wasn’t subjected to a cybersecurity test by his agency. “This is more of a stress or load issue as well as a reporting issue that we’re seeing in Iowa,” acting Department of Homeland Security Secretary Chad Wolf said in a Fox News interview Tuesday. Wolf said there’s little evidence of hacking of the app, which precinct officials struggled to use on Monday night. He said that his department’s cyber division had offered to test the software for vulnerabilities but was declined.… But the failure spotlights the need for hard-copy backups across election systems, as a handful of states are still using voting machines that don’t produce a paper receipt, according to Marian Schneider, president of the voting advocacy group Verified Voting and former deputy secretary for elections of Pennsylvania. “It’s clear that mobile apps are not ready for prime time, but thankfully Iowa has paper records of their vote totals and will be able to release the results from those records,” Schneider said.

National: Iowa’s Lesson: Political Parties Are Not as Good as Government Officials at Counting Votes | Jessica Huseman, Jack Gillum and Derek Willis/ProPublica

Here’s the takeaway from the Iowa fiasco: Beware of caucuses run by political parties. But don’t panic about the integrity of most primaries and the general election, which are run by state and county election administrators. As Tuesday morning wore on without results from Iowa’s Democratic caucuses, the long-awaited first test of the strength of President Donald Trump’s would-be challengers, both public officials and enraged commentators stoked fears that Iowa was a harbinger of chaos for the rest of the 2020 campaign. Some said it raises alarms about the broader condition of election security and the reliability of computer systems that record, tally and publish the votes. Trump campaign manager Brad Parscale even suggested on Twitter Monday, without evidence, that the process was “rigged.” But there’s a marked difference between the Iowa caucuses and the upcoming primaries in New Hampshire and South Carolina, as well as the 14 state primaries on Super Tuesday. The Iowa Democratic Party ran the caucuses, much as its counterparts in Nevada, Wyoming and several territories will do in the next few months. Party officials have less training and experience in administering the vote than do state and local election administrators who oversee most of the primaries.

National: After Iowa Democrats’ caucus app mess, election officials distance themselves | Benjamin Freed/StateScoop

The meltdown Monday night of a new app that the Iowa Democratic Party intended to use to tally the results of its presidential nominating caucuses has famously mucked up the beginning of the race to determine the Democrats’ presidential nominee. But as the candidates wait for the first batch of results to finally be released Tuesday afternoon, election officials around the country are taking pains to distance a political party’s technological bungling from the work that they do on behalf of state and local governments. Iowa Democrats headed into their first-in-the-nation caucuses saying the app — designed by a software firm called Shadow Inc. — would help on-the-ground volunteers report results and the complicated math that determines how many delegates each candidate won. But after not releasing caucus results as expected, the party late Monday night said there were “inconsistencies” in how precinct-level results were reported. And since then, several county party leaders have said that they never received any training on the app from either the state party or Shadow. While caucus-goers’ preferences were recorded on paper, which the Iowa Democrats said Tuesday is being used to verify the data collected by the app, election officials have said this episode may throw a wrench in the public perception of their jobs. “We have a term we call the ‘cicada voter’,” Dave Bjerke, the elections director in Falls Church, Virginia, told StateScoop, referring to the ground-dwelling insects that only emerge once every several years. “The cicada voter is only going to vote in presidential elections. There’s always elections going on, but the presidential is the Super Bowl of our process.”

National: Why 2020 could be a year of election malfunctions | Steven Overly and Eric Geller/Politico

Monday’s caucus app meltdown is just a taste of what may await the rest of America. Iowa wasn’t alone in adopting new technology to run elections in 2020, and the odds are it may not be the last state to suffer the consequences. Counties with tens of millions of people have rolled out new voting machines in recent years to replace hack-prone paperless devices. But new technologies inevitably bring their own hiccups, some more damaging than others. And as the debacle surrounding the Iowa Democrats’ vote-reporting app showed, any confusion can feed divisions and conspiracy theories, fueled by social media, that undermine Americans’ faith in democracy. Marian Schneider, the president of the advocacy group Verified Voting, said technology will always carry some risk, particularly when it’s connected to the internet — noting that even large companies with deep pockets get hacked. She said the problems in Iowa reinforce her organization’s argument that voting and reporting should not be done via mobile app. Another lesson: At least the Iowa caucuses had paper records to back up all of the electronic information. And so should other elections, she said. “So, the takeaway is that having a low-tech backup is really important whenever you’re deploying technology in elections,” she said.

National: Iowa Caucus chaos likely to set back mobile voting | Lucas Mearian/Computerworld

A coding flaw and lack of sufficient testing of an application to record votes in Monday’s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting. While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election. “This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it’s just delayed results and egg on the face of the people who built and purchased the technology.” The vote tallying app used Monday in the Iowa Caucus was created by a small Washington-based vendor called Shadow Inc.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear through a tweet it did not supply the technology for the Iowa Caucus, and it is no more than an investor.

National: DHS creates ‘tabletop in a box’ for local election security drills | Benjamin Freed/StateScoop

For the past few years, the Department of Homeland Security has convened exercises for state election officials to test how they’d respond to a cyberattack against voting systems. At a National Association of Secretaries of State meeting in Washington last weekend, a DHS official introduced a new product that could make it easier for local officials to run those exercises. The tabletop exercises, as the events are known, are designed to give secretaries of state, election directors, IT leaders and other officials a war game-like environment simulating the threats posed by foreign governments and other adversaries that might try to disrupt a real election. And while the exercises have included representatives of some local governments, one of the biggest challenges statewide election officials say they have is making sure new cybersecurity tools and procedures trickle down to even the smallest, most resource-strapped jurisdictions involved in the democratic process. The Cybersecurity and Infrastructure Security Agency on Friday published its “Elections Cyber Tabletop Exercise Package,” a 58-page guide for state and local officials to hold their own drills simulating ransomware, data breaches, disinformation campaigns and attempts to corrupt voting equipment. Matt Masterson, a senior adviser at CISA, described the document as a “tabletop in a box.”

National: Majority of Election Websites in Battleground States Failing in Cybersecurity | Security Magazine

A large majority of election-related websites operated by local governments in battleground states lack a key feature that would help them be more cybersecure — a site that ends in .gov as opposed to .com or other extensions. Research by McAfee found that as many as 83.3 percent of county websites lacked .GOV validation across these states, and 88.9 percent and 90 percent of websites lacked such certification in Iowa and New Hampshire respectively. Such shortcomings could make it possible for malicious actors to establish false government websites and use them to spread false election information that could influence voter behavior and even impact final election results. “Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” said Steve Grobman, McAfee Senior Vice President and Chief Technology Officer. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times. In this way, this malicious actor could impact election results without ever physically or digitally interacting with voting machines or systems.”

National: Election officials confident about security days before first contests of 2020 | Joseph Marks/The Washington Post

Election officials are striking a confident tone about digital security at their final summit before caucus and primary season begins. But they’re also planning for the worst, war-gaming how to handle any major hacks from Russia or other adversaries. “We’re planning as if they’re coming back,” Chris Krebs, the Department of Homeland Security’s top cybersecurity official, said on the sidelines of the conference hosted by the National Association of Secretaries of State. “The playbook’s out there. It’s not just about Russia. It’s about anyone else that may want to get into this space.” Krebs led more than 200 officials through a series of worst-case scenarios during the conference, testing how they’d respond and work together during a cyberattack or misinformation campaign targeting a primary or general election. Among the participants were representatives from 44 states, 15 election vendors and 11 federal departments and agencies, a DHS spokeswoman said. The conclusion: Officials are far better prepared than in 2016 when Russian hackers probed election infrastructure across the nation and upended Hillary Clinton’s campaign by hacking and releasing emails and flooding disinformation onto social media.

National: As Iowa caucuses loom, states drill with feds to protect 2020 elections | Sean Lyngaas/CyberScoop

With the Iowa caucuses just days away, state election officials from around the country gathered this week in Washington, D.C., to drill for cyberattacks, study ransomware and learn how to work with ethical hackers. The level of collaboration was unthinkable four years ago, when Russia-backed hackers and trolls interfered to the electoral process. Then, it took many months for federal officials to notify states that their systems had been targeted, and states bristled at the Department of Homeland Security’s 2017 designation of election systems as critical infrastructure. Now, federal and state officials are mapping out how a foreign adversary might try to undermine the democratic process, and practicing how they would thwart those attacks. “We’re light years ahead today from where we were [in the aftermath of 2016]” Mac Warner, the secretary of state of West Virginia, said Thursday at the National Association of Secretaries of State conference. Warner said that shortly after the U.S. military killed a top Iranian general earlier this month, DHS officials held a call with states to explain the Iranian cyberthreat and what to watch for on their systems.

National: Behind the scenes, states race to shore up 2020 elections | Ben Popken/NBC

The officials in charge of running America’s elections in many states convened in the nation’s capitol this week to test and discuss their preparations for the 2020 U.S. presidential election. On their checklists: Everything. The National Association of Secretaries of State kicked off its biannual conference Thursday, a four-day event which this year has a heavy emphasis on election security. Each state has a chief elections officer and in 24, that’s the secretary of states. In others they may be responsible for only some parts of the electoral process. While praising the new information sharing network between state and federal authorities, officials who spoke with NBC News touched on a wide variety of challenges they continue to face, from disappointment with weak support by the executive branch to persistent concerns about disinformation. “We need to make sure that our operations are as resilient as possible, meaning that our hardware and software prevents attack, and measures are in place to survive an attack so that voters can trust the results of the election,” said Nellie Gorbea, the Rhode Island secretary of state.

National: Election officials get training before 2020 voting begins | Christina A. Cassidy/Associated Press

When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. This year, the main theme is election security. The change since 2016 underscores how election security has become a top concern with presidential nominating contests set to begin next week. Kicking off Thursday’s meeting was a training exercise coordinated by the Department of Homeland Security. Election officials from 44 states joined officials with 11 federal agencies and representatives from more than a dozen voting technology companies to participate in the half-day exercise to help them keep votes secure. “We’ve come a long ways,” said Iowa Secretary of State Paul Pate. “That’s the strength of doing these tabletops: putting everyone in the same room so we have that contact and preparing for whatever scenarios might come up.” The vast majority of panels at the biannual meetings of the National Association of Secretaries of State and the National Association of State Election Directors are dedicated to cybersecurity, from what states can do to disrupt hacking attempts to the threat of ransomware.

National: House GOP introduces bill to secure voter registration systems against foreign hacking | Maggie Miller/The Hill

Republicans on the House Administration Committee on Wednesday introduced legislation that would seek to update a long-standing federal election law and secure voter registration databases from foreign hacking attempts. The Protect American Voters Act (PAVA) would require the Election Assistance Commission (EAC) to establish the Emerging Election Technology Committee (EETC), which would help create voluntary guidelines for election equipment, such as voter registration databases, not covered under the Help America Vote Act (HAVA). HAVA was signed into law in 2002 following problems with voting during the 2000 presidential election. The law established the EAC and set minimum election administration standards.  The EETC would be empowered to bypass the existing Voluntary Voting Systems Guidelines process, which is a voluntary set of voting requirements that voting systems can be tested against to ensure their security and accessibility. The new bill would also establish an Election Cyber Assistance Unit within the EAC, which would help connect state and local election officials across the country with cybersecurity experts who could provide technical support. 

National: Securing elections starts with securing voter registration | Samuel S. Visner/StateScoop

It’s Nov. 3, Election Day: You go to the polls at the school where you’ve cast your ballots for the last 15 years, only to be told you are no longer on the voter registration list. And according to your state’s online database, you’re now supposed to be voting at a church 15 miles away. You’re confused, angry and late for work. So, you don’t vote. And your candidates of choice lose. How would you feel about those who won, much less the democratic process, after that? Attacking voter registration databases is one of the many ways threat actors could attempt to tamper with this year’s presidential election. After the 2016 election cycle, U.S. intelligence officials concluded that hostile nation-state actors attempted to access voter files in all 50 states and succeeded in some states, including Illinois. These and other kinds of compromises, such as ransomware that could deny election officials’ access to critical voter data during the 2020 election, could undermine confidence in U.S. institutions and the perceived legitimacy of those elected.

National: There’s a new cross-country effort to train election and campaign pros on digital security | Joseph Marks/The Washington Post

A team from the University of Southern California has embarked on a 50-state tour to give cybersecurity training to poll workers and state and local campaign staffers who will be the last line of defense against Russian hacking in 2020. The group, called the Election Cybersecurity Initiative, views itself as a bottom-up, grass-roots counterpart to national-level election security efforts led by the Department of Homeland Security in the wake of Russia’s election interference in 2016. It’s hoping to advise local election officials, Election Day volunteers, ground-level campaign door-knockers and even interns in both political parties who national officials are unlikely to reach. The group also wants to build a network of cybersecurity experts at universities across the nation who can help secure local races and polling sites. “There are incredible grass-roots resources and folks who are highly educated,” Justin Griffin, the group’s managing director, told me. “We’re really going to the states to touch those folks who could never take the time or have the budget to come to Washington for a session like this.” The cross-country effort, which launched in Maryland this week, is yet another example of how the threat of hacking and disinformation is affecting every part of the elections and campaign process. The group, which is funded with a grant from Google, is modeling itself after an election campaign and using the tagline: “Our candidate is democracy.”

National: Election Officials To Convene Amid Historic Focus on Voting And Interference | Pam Fessler/NPR

Top election officials from all 50 states are meeting in Washington this week to prepare for 2020 — a gathering amid widespread concern over whether the upcoming elections will be fair and accurate, as well as free of the kind of foreign interference that marred the 2016 campaign. Despite major government efforts to upgrade security, an NPR/PBS NewsHour/Marist poll found that about 41% of Americans surveyed do not think the country is prepared to protect the U.S. election system from another attack. Voters also say their biggest concern is disinformation, followed by voter fraud and voter suppression. Forty-four percent think it’s likely that many votes will not actually be counted in 2020. While most voters have confidence in their state and local governments to run a fair election, 43% do not think those officials have done enough to make sure that there’s no foreign interference. Many more blame President Trump. Fifty-six percent say he has done little or nothing to keep the elections safe. A slim majority think the president, who has repeatedly questioned Russian tampering in 2016, actually encourages foreign interference.

National: It takes too long to detect hacking after elections. Here’s 3 ways to help. | Jeremy Epstein/Fifth Domain

In 33 states in America, millions of voters are still at risk of having their ballots deliberately changed, uncounted, undercounted, misrecorded or otherwise subverted. Why? Simply because these states either permit some form of Internet voting or because one or more parts of their voting processes are connected to the Internet. This should disturb us. What is doubly worrying is the fact that, even if an intrusion is detected in these systems, there is no way to determine with certainty the impact on vote counts from the malicious hacks without paper ballots. There is no paper-based, traceable record of citizens’ votes without paper ballots. This means there is no way to reliably audit the election results. While paper ballots don’t prevent hacks, they can nullify the impacts of hacks because they allow authorities to reliably and accurately recount votes. The ability to retrace elections is critical in many ways: to restore the will of the people by accurately reflecting their votes, and to maintain confidence in our elections and our democracy.

National: FBI breach notice rules lauded by states, but some want more | Derek B. Johnson/FCW

Under a recent policy change, the FBI will notify states if local election systems are hacked, but some state officials and lawmakers want the feds to commit to informing a broader range of stakeholders. The federal government, in particular the FBI, have taken heat for taking three years to notify the Florida state government and members of Congress that voter registration systems in two counties were breached by Russian hackers leading up to the 2016 elections. While U.S. officials have said they do not have any evidence that suggests voting machines or tallies were compromised, security experts say bad actors tampering with registration data can still sow confusion and wreak havoc on election day. Alabama Secretary of State John Merrill said he and his counterparts in other states spent years pressing the federal government to notify states about local election hacks, arguing that many counties and municipalities lack the technical resources to effectively respond to a breach of their election systems. “They’re not in a position to give any attention to what was going on and to try to correct the issue, and so if [the feds aren’t] contacting us, what’s the value of calling anyone?” he told FCW. “And when we explained that to [the federal government,] they understood.”

National: Nonprofit expands free security services for campaigns as election season heats up | Cat Zakrzewski/The Washington Post

Political campaigns might not have the time or money to seek out tech talent and services in their busiest season, even as concerns loom about election hacking and interference. A political odd couple is trying to change that. Defending Digital Campaigns — founded by Robby Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, Mitt Romney’s 2012 campaign manager — is offering campaigns a wide range of free and discounted cybersecurity services. The nonprofit organization, which acts as a clearinghouse between campaigns and the companies, announced yesterday that it broadly expanded its industry partners to include tech heavyweights such as Microsoft and Cloudflare. DDC is designed to be a one-stop shop for campaigns to get protections against phishing, websites and mobile app security, multi-factor authentication through security keys, and more. “DDC will create even more value for campaigns by housing a number of these offerings from different companies,” Ginny Badanes, director of Microsoft’s Defending Democracy Program, tells me. “We think this will help increase adoption of these services and ultimately make campaigns more secure.” Microsoft is offering its suite of Office and business products for campaigns at a discount. It’s also a more expedient way to ensure campaigns can access their services, especially in a complicated regulatory environment, companies say. DDC secured Federal Election Commission approval to provide campaigns with free or discounted services last year. By partnering with the organization, companies don’t have to seek out individual approvals — a process that can take several months.

National: Analysts question whether FBI election cybersecurity changes are robust enough | Jonathan Greig/TechRepublic

The FBI released new guidelines on how it will approach cyberattacks on elections after facing years of criticism from lawmakers across the country for their response to Russian intrusion attempts during the 2016 election. State officials, particularly those in Florida, were incensed when the Mueller Report revealed that two county voting databases were breached by Russian hackers ahead of the 2016 election. The FBI never told state-level officials and only coordinated with people in the counties that had been hit, waiting nearly two years until meeting and explaining the situation to Florida Gov. Ron DeSantis. The new guidelines, explained on a media call last Thursday and in a press release last Friday, say the FBI will notify a state’s chief election official and other local election workers in the event of any cyberattack. “Understanding that mitigation of such incidents often hinges on timely notification, the FBI has established a new internal policy outlining how the FBI will notify state and local officials responsible for administering election infrastructure of cyber activity targeting their infrastructure,” the FBI statement said.

National: Weakening Encryption Could Impact Election Security, Coalition Says | Frank Konkel/Nextgov

A coalition for secure elections sent a letter to Attorney General William Barr Wednesday, criticizing the AG for recent comments he made calling on companies to create a “backdoor” through encryption. The letter, published by the Project on Government Oversight, warns such backdoors—even if expressly for use by law enforcement—would weaken the security of encrypted services and devices, “opening the door” for hackers to harm users. “While encryption does not guarantee safety from all forms of malicious hacking, it is a vital safeguard to minimize risk. The Department of Justice has previously asked companies to create a ‘backdoor’ through encryption that would be accessible to law enforcement—but it is simply not possible to create a ‘backdoor’ that could not also be accessed by malicious hackers,” the letter states.

National: Tech Companies Volunteer to Beef Up Presidential Campaigns’ Cybersecurity | Alexa Corse/Wall Street Journal

Nearly a dozen technology companies said they will provide free or reduced-cost cybersecurity services to presidential campaigns, which experts and intelligence officials have warned are ripe targets for intrusion and disinformation. They join a growing number of firms offering protection on a nonpartisan basis, a trend that has gained steam in the past 18 months or so, since federal regulators eased rules to make such offers permissible under campaign-finance laws. The Federal Election Commission made policy changes after urging from nonprofits and technology companies, including Microsoft Corp. Campaigns have struggled to make their information more secure in part because of budget pressures and the fast-moving nature of a campaign. “Any dollar that a campaign spends on extra levels of cybersecurity is a dollar they’re not spending on voter contact and getting their candidate elected,” noted Matt Rhoades, campaign manager for Republican Mitt Romney in 2012.

National: Hackers Are Coming for the 2020 Election — And We’re Not Ready | Andy Kroll/Rolling Stone

… Four years ago, for an embarrassingly modest price, Russia pulled off one of the more audacious acts of election interference in modern history. The Internet Research Agency, the team of Kremlin-backed online propagandists, spent $15 million to $20 million and wreaked havoc on the psyche of the American voter, creating the impression that behind every Twitter avatar or Facebook profile was a Russian troll. Russian intelligence agents carried out the digital version of Watergate, infiltrating the Democratic Party and the Clinton campaign, stealing tens of thousands of emails, and weaponizing them in the days and weeks before the election. Russian-based hackers tested election websites in all 50 states for weak spots, like burglars casing a would-be target. “The Russians were testing whether our windows were open, rattling our doors to see whether they were locked, and found the windows and doors wide open,” says Sen. Mark Warner (D-Va.), the top Democrat on the Intelligence Committee. “The fact that they didn’t interject themselves more dramatically into our election was, I think, almost luck.”

National: Acting DHS secretary says he expects Russia to attempt to interfere in 2020 elections | Maggie Miller/The Hill

Acting Homeland Security Secretary Chad Wolf said Friday that his agency “fully expects” Russia to attempt to interfere in U.S. elections in 2020. “As we saw in 2016, we fully expect Russia to attempt to interfere in the 2020 elections to sow public discord and undermine our democratic institutions,” Wolf said during an event hosted by the Homeland Security Experts Group in Washington, D.C. Wolf also highlighted cyber threats from China and Iran. According to the report compiled by former special counsel Robert Mueller and to findings by the U.S. intelligence community and the Senate Intelligence Committee, Russia launched a sweeping interference effort in the lead-up to the 2016 presidential election, using both hacking and disinformation tactics.

National: Amid hacking fears, key caucus states to use app for results | Ryan J. Foley and Christina A. Cassidy/Associated Press

Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites — technology intended to make counting easier but that raises concerns of hacking or glitches. Democratic Party activists in Iowa and Nevada will use programs downloaded to their personal phones to report the results of caucus gatherings to the state headquarters. That data will then be used to announce the unofficial winners. Paper records will later be used to certify the results. The party is moving ahead with the technology amid warnings that foreign hackers could target the 2020 presidential campaign to try to sow chaos and undermine American democracy. Party officials say they are cognizant of the threat and taking numerous security precautions. Any errors, they say, will be easily correctable because of backups.

National: US election still vulnerable to attacks, despite security improvements | Cynthia Brumfield/CSO Online

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact. Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements. A spokesperson for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) tells CSO that the agency has seen marked improvements in security over the past few years. “In our work with all 50 states and more than 2,400 local jurisdictions, we’ve seen a maturation in the risk management practices across the sector,” the spokesperson says. “Whether implementing controls like multifactor authentication and intrusion detection systems or exercising incident identification, communications, and response, the progress for election security is real.”

National: FBI will now notify state election officials when any part of their election systems is hacked | Ken Dilanian/NBC

The FBI will now notify state election officials about cyber breaches to election systems in their jurisdictions, even those that only affect a single county, FBI and Justice Department officials said Thursday. The change stems from a belief that the “traditional policy did not work in the election context,” an FBI official told reporters in a background call. Typically, the FBI notifies only the victim of a cyber intrusion. When it comes to election systems, the victim is often a county. But if the FBI only notifies local officials, “it may leave the state officials with incomplete knowledge of the threats,” the official said. The policy shift comes after a 2018 episode in Florida in which Democratic Sen. Bill Nelson said he had been told that Russian hackers gained access to some voting systems in his state, only to be accused of making that up by then-Gov. Rick Scott, the Republican running to unseat Nelson in that year’s election. Scott said state officials had not been notified of any such breach.

National: Security vulnerabilities in voting machines show America still isn’t ready for the 2020 election | Alexandra Ossola/Quartz

Though researchers discovered a fundamental security flaw in voting machines months ago, the company behind the machines may still be advertising them to states in a way that allows the vulnerability to persist, according to a letter sent to the US Election Assistance Commission and reported by NBC News. In Aug 2019, a team of independent security experts found that, contrary to popular belief, many digital voting machines were connected to the internet, sometimes for months on end, Motherboard reported. This, the experts feared, could give hackers a window through which to manipulate votes. The company that makes the machines that the researchers found to be flawed is called Election Systems & Software (ES&S) (company officials disputed this characterization of its systems). About 70 million Americans’ votes are counted using one of ES&S’ machines, which make up about half of the election equipment market, according to ProPublica. ES&S markets its machines to include an optional modem, which can connect them to the internet. Modems allow election officials to get quick preliminary results, and also help ES&S maintain the machines.