National: FBI breach notice rules lauded by states, but some want more | Derek B. Johnson/FCW

Under a recent policy change, the FBI will notify states if local election systems are hacked, but some state officials and lawmakers want the feds to commit to informing a broader range of stakeholders. The federal government, in particular the FBI, have taken heat for taking three years to notify the Florida state government and members of Congress that voter registration systems in two counties were breached by Russian hackers leading up to the 2016 elections. While U.S. officials have said they do not have any evidence that suggests voting machines or tallies were compromised, security experts say bad actors tampering with registration data can still sow confusion and wreak havoc on election day. Alabama Secretary of State John Merrill said he and his counterparts in other states spent years pressing the federal government to notify states about local election hacks, arguing that many counties and municipalities lack the technical resources to effectively respond to a breach of their election systems. “They’re not in a position to give any attention to what was going on and to try to correct the issue, and so if [the feds aren’t] contacting us, what’s the value of calling anyone?” he told FCW. “And when we explained that to [the federal government,] they understood.”

National: Nonprofit expands free security services for campaigns as election season heats up | Cat Zakrzewski/The Washington Post

Political campaigns might not have the time or money to seek out tech talent and services in their busiest season, even as concerns loom about election hacking and interference. A political odd couple is trying to change that. Defending Digital Campaigns — founded by Robby Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, Mitt Romney’s 2012 campaign manager — is offering campaigns a wide range of free and discounted cybersecurity services. The nonprofit organization, which acts as a clearinghouse between campaigns and the companies, announced yesterday that it broadly expanded its industry partners to include tech heavyweights such as Microsoft and Cloudflare. DDC is designed to be a one-stop shop for campaigns to get protections against phishing, websites and mobile app security, multi-factor authentication through security keys, and more. “DDC will create even more value for campaigns by housing a number of these offerings from different companies,” Ginny Badanes, director of Microsoft’s Defending Democracy Program, tells me. “We think this will help increase adoption of these services and ultimately make campaigns more secure.” Microsoft is offering its suite of Office and business products for campaigns at a discount. It’s also a more expedient way to ensure campaigns can access their services, especially in a complicated regulatory environment, companies say. DDC secured Federal Election Commission approval to provide campaigns with free or discounted services last year. By partnering with the organization, companies don’t have to seek out individual approvals — a process that can take several months.

National: Analysts question whether FBI election cybersecurity changes are robust enough | Jonathan Greig/TechRepublic

The FBI released new guidelines on how it will approach cyberattacks on elections after facing years of criticism from lawmakers across the country for their response to Russian intrusion attempts during the 2016 election. State officials, particularly those in Florida, were incensed when the Mueller Report revealed that two county voting databases were breached by Russian hackers ahead of the 2016 election. The FBI never told state-level officials and only coordinated with people in the counties that had been hit, waiting nearly two years until meeting and explaining the situation to Florida Gov. Ron DeSantis. The new guidelines, explained on a media call last Thursday and in a press release last Friday, say the FBI will notify a state’s chief election official and other local election workers in the event of any cyberattack. “Understanding that mitigation of such incidents often hinges on timely notification, the FBI has established a new internal policy outlining how the FBI will notify state and local officials responsible for administering election infrastructure of cyber activity targeting their infrastructure,” the FBI statement said.

National: Weakening Encryption Could Impact Election Security, Coalition Says | Frank Konkel/Nextgov

A coalition for secure elections sent a letter to Attorney General William Barr Wednesday, criticizing the AG for recent comments he made calling on companies to create a “backdoor” through encryption. The letter, published by the Project on Government Oversight, warns such backdoors—even if expressly for use by law enforcement—would weaken the security of encrypted services and devices, “opening the door” for hackers to harm users. “While encryption does not guarantee safety from all forms of malicious hacking, it is a vital safeguard to minimize risk. The Department of Justice has previously asked companies to create a ‘backdoor’ through encryption that would be accessible to law enforcement—but it is simply not possible to create a ‘backdoor’ that could not also be accessed by malicious hackers,” the letter states.

National: Tech Companies Volunteer to Beef Up Presidential Campaigns’ Cybersecurity | Alexa Corse/Wall Street Journal

Nearly a dozen technology companies said they will provide free or reduced-cost cybersecurity services to presidential campaigns, which experts and intelligence officials have warned are ripe targets for intrusion and disinformation. They join a growing number of firms offering protection on a nonpartisan basis, a trend that has gained steam in the past 18 months or so, since federal regulators eased rules to make such offers permissible under campaign-finance laws. The Federal Election Commission made policy changes after urging from nonprofits and technology companies, including Microsoft Corp. Campaigns have struggled to make their information more secure in part because of budget pressures and the fast-moving nature of a campaign. “Any dollar that a campaign spends on extra levels of cybersecurity is a dollar they’re not spending on voter contact and getting their candidate elected,” noted Matt Rhoades, campaign manager for Republican Mitt Romney in 2012.

National: Hackers Are Coming for the 2020 Election — And We’re Not Ready | Andy Kroll/Rolling Stone

… Four years ago, for an embarrassingly modest price, Russia pulled off one of the more audacious acts of election interference in modern history. The Internet Research Agency, the team of Kremlin-backed online propagandists, spent $15 million to $20 million and wreaked havoc on the psyche of the American voter, creating the impression that behind every Twitter avatar or Facebook profile was a Russian troll. Russian intelligence agents carried out the digital version of Watergate, infiltrating the Democratic Party and the Clinton campaign, stealing tens of thousands of emails, and weaponizing them in the days and weeks before the election. Russian-based hackers tested election websites in all 50 states for weak spots, like burglars casing a would-be target. “The Russians were testing whether our windows were open, rattling our doors to see whether they were locked, and found the windows and doors wide open,” says Sen. Mark Warner (D-Va.), the top Democrat on the Intelligence Committee. “The fact that they didn’t interject themselves more dramatically into our election was, I think, almost luck.”

National: Acting DHS secretary says he expects Russia to attempt to interfere in 2020 elections | Maggie Miller/The Hill

Acting Homeland Security Secretary Chad Wolf said Friday that his agency “fully expects” Russia to attempt to interfere in U.S. elections in 2020. “As we saw in 2016, we fully expect Russia to attempt to interfere in the 2020 elections to sow public discord and undermine our democratic institutions,” Wolf said during an event hosted by the Homeland Security Experts Group in Washington, D.C. Wolf also highlighted cyber threats from China and Iran. According to the report compiled by former special counsel Robert Mueller and to findings by the U.S. intelligence community and the Senate Intelligence Committee, Russia launched a sweeping interference effort in the lead-up to the 2016 presidential election, using both hacking and disinformation tactics.

National: Amid hacking fears, key caucus states to use app for results | Ryan J. Foley and Christina A. Cassidy/Associated Press

Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites — technology intended to make counting easier but that raises concerns of hacking or glitches. Democratic Party activists in Iowa and Nevada will use programs downloaded to their personal phones to report the results of caucus gatherings to the state headquarters. That data will then be used to announce the unofficial winners. Paper records will later be used to certify the results. The party is moving ahead with the technology amid warnings that foreign hackers could target the 2020 presidential campaign to try to sow chaos and undermine American democracy. Party officials say they are cognizant of the threat and taking numerous security precautions. Any errors, they say, will be easily correctable because of backups.

National: US election still vulnerable to attacks, despite security improvements | Cynthia Brumfield/CSO Online

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact. Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements. A spokesperson for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) tells CSO that the agency has seen marked improvements in security over the past few years. “In our work with all 50 states and more than 2,400 local jurisdictions, we’ve seen a maturation in the risk management practices across the sector,” the spokesperson says. “Whether implementing controls like multifactor authentication and intrusion detection systems or exercising incident identification, communications, and response, the progress for election security is real.”

National: FBI will now notify state election officials when any part of their election systems is hacked | Ken Dilanian/NBC

The FBI will now notify state election officials about cyber breaches to election systems in their jurisdictions, even those that only affect a single county, FBI and Justice Department officials said Thursday. The change stems from a belief that the “traditional policy did not work in the election context,” an FBI official told reporters in a background call. Typically, the FBI notifies only the victim of a cyber intrusion. When it comes to election systems, the victim is often a county. But if the FBI only notifies local officials, “it may leave the state officials with incomplete knowledge of the threats,” the official said. The policy shift comes after a 2018 episode in Florida in which Democratic Sen. Bill Nelson said he had been told that Russian hackers gained access to some voting systems in his state, only to be accused of making that up by then-Gov. Rick Scott, the Republican running to unseat Nelson in that year’s election. Scott said state officials had not been notified of any such breach.

National: Security vulnerabilities in voting machines show America still isn’t ready for the 2020 election | Alexandra Ossola/Quartz

Though researchers discovered a fundamental security flaw in voting machines months ago, the company behind the machines may still be advertising them to states in a way that allows the vulnerability to persist, according to a letter sent to the US Election Assistance Commission and reported by NBC News. In Aug 2019, a team of independent security experts found that, contrary to popular belief, many digital voting machines were connected to the internet, sometimes for months on end, Motherboard reported. This, the experts feared, could give hackers a window through which to manipulate votes. The company that makes the machines that the researchers found to be flawed is called Election Systems & Software (ES&S) (company officials disputed this characterization of its systems). About 70 million Americans’ votes are counted using one of ES&S’ machines, which make up about half of the election equipment market, according to ProPublica. ES&S markets its machines to include an optional modem, which can connect them to the internet. Modems allow election officials to get quick preliminary results, and also help ES&S maintain the machines.

National: Cloudflare is giving away its security tools to US political campaigns | Zack Whittaker/TechCrunch

Network security giant Cloudflare said it will provide its security tools and services to U.S. political campaigns for free, as part of its efforts to secure upcoming elections against cyberattacks and election interference. The company said its new Cloudflare for Campaigns offering will include distributed denial-of-service attack mitigation, load balancing for campaign websites, a website firewall and anti-bot protections. It’s an expansion of the company’s security offering for journalists, civil rights activists and humanitarian groups under its Project Galileo, which aims to protect against disruptive cyberattacks. The project later expanded to smaller state and local government sites in 2018, with an aim of protecting from attacks servers containing voter registration data and other election infrastructure.

National: Schiff schedules public hearing with US intel chief  | Rebecca Klar/The Hill

House Intelligence Committee Chairman Adam Schiff (D-Calif.) has called on the acting Director of National Intelligence (DNI) to testify at a public hearing next month over security threats facing the U.S. and its allies. The invitation seeking testimony from acting DNI Joseph Maguire comes amid reports that intelligence officials are trying to persuade Congress from dropping the public portion of the annual Worldwide Threat hearing after backlash from President Trump last year. Schiff sent a letter Thursday inviting Maguire to testify at a public hearing before the Intelligence Committee on Feb. 12, followed by a closed hearing for the panel later the same day. Schiff said the committee will inquire about unclassified assessments regarding threats to the nation during the public hearing. He added that the committee “expects” Maguire and intelligence officials to “delve further into classified details about these threats” in the classified portion.

National: Internet voting Is happening now and it could destroy our elections | Rachel Goodman and J. Alex Halderman/Slate

Russian hackers will try to disrupt American voting systems during the 2020 election cycle, as they did in 2016. This time, they’ll be joined by hackers from all over the world, including some within the United States. What unites them all is an eagerness to undermine free and fair elections, the most basic mechanism of American democracy. There are some hard questions about what to do about all this, but one piece is surprisingly straightforward: We need to keep voting systems as far away from the internet as possible. There’s a growing and clear consensus on this point. Federal guidelines for new voting machines might soon prohibit voting systems from connecting to the internet and even using Bluetooth. At the same time, though, voter turnout in this country remains abysmal. Allowing people to vote on their phones seems intuitively like it could help, especially for young people who vote at especially low rates. It could also be helpful for some military and overseas voters, as well as some voters with disabilities, who face challenges getting a physical ballot cast, returned, and counted. So why not try it? Well, put mildly, security vulnerabilities introduced by internet voting could destroy elections.

National: U.S. election security czar says attempts to hack the 2020 election will be more sophisticated | Ken Dilanian/NBC

The U.S. government is geared up as never before to combat foreign election interference, but there are limits to what American intelligence agencies can do, even as determined adversaries build on their 2016 playbook, the nation’s election security czar said Tuesday. In prepared remarks before an elections group, and in an exclusive interview afterward with NBC News, Shelby Pierson, the election security threats executive at the Office of the Director of National Intelligence, said a number of adversaries may be poised to attempt election interference. “The threats as we go into 2020 are more sophisticated,” she said. “This is not a Russia-only problem. Russia, China, Iran, North Korea, non-state hacktivists all have opportunity, means and potentially motive to come after the United States in the 2020 election to accomplish their goals.” Pierson spoke at an election summit sponsored by the U.S. Election Assistance Commission, an independent, bipartisan agency that certifies voting systems and serves as a national clearinghouse of information on election administration.

National: State election officials will get fresh intelligence briefing after Iran tensions | Sean Lyngaas/CyberScoop

In the wake of the U.S.-Iran standoff and just weeks before the first Democratic primary, the intelligence community’s lead official for election security will brief state officials on the top cyberthreats to the U.S. electoral process. Shelby Pierson, the intelligence community’s election threats executive, said that the briefing this Thursday will cover the full gamut of digital threats to U.S. elections, including those emanating from Iran. Asked if Iran is more likely to interfere in the 2020 election after the U.S. military killed Tehran’s top general earlier this month, Pierson told reporters Tuesday that “it certainly is something that we’re prepared for.” “As our adversaries look to the political climate … it wouldn’t surprise me at all that this is part of the calculus,” she added.

National: Democrats sound election security alarm after Russia’s Burisma hack | Maggie Miller/The Hill

Congressional Democrats are raising fresh concerns about 2020 election security following a report this week that Russian military officers hacked Burisma Holdings, the Ukrainian gas company at the center of President Trump’s impeachment. Several Democratic lawmakers are viewing the incident, reported by The New York Times on Monday night, as the first major sign that Moscow is gearing up for a repeat of its 2016 election interference. They cited what they call similarities between the Burisma attack and the Democratic National Committee hack four years ago. Sen. Gary Peters (Mich.), the top Democrat on the Senate Homeland Security Committee, said the hack confirmed that Russia will be back to interfere in U.S. elections this year. “The Russians are actively engaged in hacking all sorts of sites and businesses, and I am sure there was a political motivation behind it. We know the Russians are going to be actively involved in trying to cause problems in the 2020 election, and this is just a further confirmation of their active involvement in American politics,” Peters told The Hill.

National: Paperless voting machines pose risk to US’s election infrastructure | Ash-har Quraishi/Scripps Media

Could foreign parts in voting machines be putting the U.S. election at risk for hacking? It’s a question that lawmakers have been exploring as they seek answers from top bosses at three major voting manufacturers. Tom Burt, the President and CEO OF Election Systems & Software, appeared confident as he testified before the House Administration Committee last week. “We’ve seen no evidence that our voting systems have been tampered with in any way,” said Burt. The companies that make vote tabulation systems say they welcome federal oversight of election infrastructure and need help securing their supply chains, especially for voting machine parts made in foreign countries. “Several of those components, to our knowledge, there is no option for manufacturing those in the United States,” explained Dominion Voting Systems CEO John Poulos. Cyber and national security experts say antiquated and paperless voting machines pose the most significant risk to the U.S.’s election infrastructure.

National: Election officials are watching how their states respond to cyberattacks | Benjamin Freed/StateScoop

State election officials said Tuesday that they’ve been watching how their state governments have responded to incidents like ransomware attacks as lessons on what they would do if the voter registration databases, vote-total reporting systems and other components of election infrastructure that they manage were targeted. Though the ransomware incidents that have spread through state and local governments across the United States have largely spared election systems from the worst, debilitating effects, the Department of Homeland Security last year said that local officials could be targeted by viruses that lock them out of voter rolls unless they pay a financial demand. And at a conference in Washington hosted by the Election Assistance Commission, state officials said they are paying attention to ransomware wave.

National: Millions of Americans have been purged from voter rolls – and may not even realize it | Natasha Bach/Fortune

Millions of Americans have been purged from the voter rolls in recent years, as state governments seek to remove the names of individuals who have died, relocated, or have otherwise become ineligible to vote. But such purges have been widely criticized due to instances in which states have relied on bad information, unregistering eligible voters who are often unaware until they attempt to cast their ballots on Election Day. “The most important thing people get wrong is they forget that purges are a necessary and important part of administering our elections,” Myrna Pérez, director of the Brennan Center’s Voting Rights and Elections Program, told Fortune. “We all benefit when our rolls are clean, and sometimes we forget that purges—when done properly—are a good thing.” But large-scale systematic purges that remove hundreds of thousands of names at a time are more likely to round up individuals who should not be removed from the rolls.

National: ‘Online and vulnerable’: Experts find nearly three dozen U.S. voting systems connected to internet | Kevin Monahan, Cynthia McFadden and Didi Martinez/NBC

It was an assurance designed to bolster public confidence in the way America votes: Voting machines “are not connected to the internet.” Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security Jeanette Manfra said those words in 2017, testifying before Congress while she was responsible for the security of the nation’s voting system. So many government officials like Manfra have said the same thing over the last few years that it is commonly accepted as gospel by most Americans. Behind it is the notion that if voting systems are not online, hackers will have a harder time compromising them. But that is an overstatement, according to a team of 10 independent cybersecurity experts who specialize in voting systems and elections. While the voting machines themselves are not designed to be online, the larger voting systems in many states end up there, putting the voting process at risk. That team of election security experts say that last summer, they discovered some systems are, in fact, online. “We found over 35 [voting systems] had been left online and we’re still continuing to find more,” Kevin Skoglund, a senior technical advisor at the election security advocacy group National Election Defense Coalition, told NBC News.

National: Chinese Technology in Voting Machines Seen as Emerging Threat | Michaela Ross/Bloomberg

The infiltration by foreign countries like China into election voting equipment is emerging as a growing concern among vendors, who are actually asking for more federal regulation as they grapple with a lack of domestic suppliers producing critical technologies. Top executives of the three largest voting machine vendors—Hart InterCivic, Dominion Voting Systems and Election Systems & Software—told the House Administration Committee Thursday they are hoping for guidance and support from the Department of Homeland Security on how to secure their subcontractors. Committee Chairwoman Zoe Lofgren (D-Calif.) said the hearing marked the first time all three CEOs of the largest companies supplying voting machines in the U.S. agreed under oath that they’d welcome comprehensive regulations from the federal government. The executives told committee members they have no choice but to rely on components from China due to a lack of U.S.-made equivalents, a problem facing developers of other technology products including 5G telecommunications and drones.

National: U.S. Probes If Russia Targeting Biden in 2020 Election Meddling | Chris Strohm/Bloomberg

U.S. intelligence and law enforcement officials are assessing whether Russia is trying to undermine Joe Biden in its ongoing disinformation efforts with the former vice president still the front-runner in the race to challenge President Donald Trump, according to two officials familiar with the matter. The probe comes as senior U.S. officials are warning that Russia’s election interference in 2020 could be more brazen than in the 2016 presidential race or the 2018 midterm election. Part of the inquiry is to determine whether Russia is trying to weaken Biden by promoting controversy over his past involvement in U.S. policy toward Ukraine while his son worked for an energy company there. Trump was impeached by the House and faces a trial in the Senate over his pressure on Ukraine’s president to investigate Biden, the early front-runner for the Democratic presidential nomination, as well as an unsupported theory that Ukraine, not Russia, interfered in the 2016 election.

National: Keeping US elections safe from hackers | Maggie Miller/The Hill

Robert Mueller’s former chief of staff from his time at the FBI says Washington isn’t doing nearly enough to secure U.S. election systems in the wake of the special counsel report on Russian interference in 2016. John Carlin, who now chairs the law firm Morrison & Foerster’s global risk and crisis management group and co-chairs its national security practice group, told The Hill in a recent interview that foreign threats against elections are “here and present,” adding that he “absolutely” expects Moscow to attempt to interfere in this year’s vote. “The overall message that the seriousness of what they found in terms of the Russian government interfering in our elections in a sweeping and systematic action, you would hope that this is the type of report that would drive in a bipartisan way all Americans to see what we can do to prevent it from occurring again,” said Carlin. “I wish there would be more of a bipartisan focus on what Russia did and holding them [to] account.” Carlin noted that while “there have been improvements” from the federal government to address election security concerns — most notably $425 million Congress designated to states for election security as part of the recent appropriations cycle — the ongoing “plague” of ransomware attacks poses a new threat.

National: Cyber Threats to Elections Reported Nationwide | Associated Press

West Virginia reported unusual cyber activity targeting its election systems. The Texas governor said the state was encountering attempted “attacks” at the rate of “10,000 times a minute” from Iran. Information technology staff in Las Vegas responded to an intrusion, though the city says no data was stolen. All told, state election officials in at least two dozen states saw suspicious cyber activity last week, although it’s unclear who was behind the efforts and no major problems were reported. Long before a U.S. drone strike assassinated a top Iranian general, there were already concerns about foreign efforts to hack American institutions and its elections. The conflict with Iran has exacerbated those fears. Yet as the recent spate of reports makes clear, not all suspicious cyber activities are equally troublesome, the work of a foreign government or a precursor to the type of Russian interference seen in the 2016 election on behalf of Donald Trump.

National: Russians Hacked Ukrainian Gas Company at Center of Impeachment | Nicole Perlroth and Matthew Rosenberg/The New York Times

With President Trump facing an impeachment trial over his efforts to pressure Ukraine to investigate former Vice President Joseph R. Biden Jr. and his son Hunter Biden, Russian military hackers have been boring into the Ukrainian gas company at the center of the affair, according to security experts. The hacking attempts against Burisma, the Ukrainian gas company on whose board Hunter Biden served, began in early November, as talk of the Bidens, Ukraine and impeachment was dominating the news in the United States. It is not yet clear what the hackers found, or precisely what they were searching for. But the experts say the timing and scale of the attacks suggest that the Russians could be searching for potentially embarrassing material on the Bidens — the same kind of information that Mr. Trump wanted from Ukraine when he pressed for an investigation of the Bidens and Burisma, setting off a chain of events that led to his impeachment. The Russian tactics are strikingly similar to what American intelligence agencies say was Russia’s hacking of emails from Hillary Clinton’s campaign chairman and the Democratic National Committee during the 2016 presidential campaign. In that case, once they had the emails, the Russians used trolls to spread and spin the material, and built an echo chamber to widen its effect.

National: Voting vendors, security pros still far apart on protecting 2020 election | Joseph Marks/The Washington Post

Voting machine companies and cybersecurity advocates are still miles apart on what it will take to secure 2020 against Russian hackers. During a nearly three-hour congressional hearing yesterday, security advocates sounded alarm bells about possible election hacks, warning machines in use today can be easily compromised. Companies, meanwhile, mostly defended the status quo. At one point, the chief executive of Hart InterCivic, one of three major companies that control more than 80 percent of the voting machine market, even defended selling paperless voting machines that can’t be audited and that top security experts and the Department of Homeland Security have warned are far too vulnerable in an era when elections are being targeted by sophisticated Russian hackers. “We actually believe our [machines] are secure,” said Hart CEO Julie Mathis, describing a number of internal defensive measures and security reviews they passed – primarily before 2016. The divisions highlighted how, despite three years of surging congressional attention to election security since Russia’s 2016 hacking efforts, there has been almost no government oversight of voting machine makers themselves. … Mathis’s comments were panned by security advocates. “It’s very simple. No matter how secure that device is, there’s no way to know whether the choice that’s recorded matches what the voter intended. It’s rightly called a black box,” Edward Perez, a former Hart executive who’s now global director of technology development at OSET Institute, a nonprofit election technology organization, said in an interview. 

National: Voting machine makers face questions from House lawmakers — but more remain | Ben Popken/NBC

For decades, the companies that dominated the U.S. voting machine industry operated in relative anonymity. Now, lawmakers want answers and transparency. The CEOs of the three companies that make more than 80 percent of the country’s voting machines testified before Congress Thursday for the first time, marking a new and bipartisan effort to ensure the security of the 2020 election. The three companies, Election Systems & Software (ES&S), Dominion Voting Systems and Hart InterCivic, are almost entirely unregulated. But in recent years, policymakers and election advocates have begun to question who owns the companies, how they make their machines and whether they could be susceptible to remote hacking. Zoe Lofgren, D-Calif., chair of the congressional subcommittee that oversees federal elections, said in her opening remarks that they need more information from the companies. “Despite their outsized role in the mechanics of our democracy, some have accused these companies with obfuscating, and in some cases misleading election administrators and the American public,” said. “There is much work to do, and much for Congress to learn about this industry.”

National: Voting equipment companies throw weight behind enhanced disclosures | Maggie Miller/The Hill

The CEOs of the three largest U.S. voting equipment companies on Thursday supported more disclosure requirements, marking a major step for an industry that has come under close scrutiny in recent years due to election security concerns. The leaders of Election Systems and Software (ES&S), Dominion Voting Systems and Hart InterCivic testified before the House Administration Committee during a House hearing, marking the first time leaders from the three major voting equipment manufacturers testified together before Congress. Committee Chairwoman Rep. Zoe Lofgren (D-Calif.) kicked off the hearing by asking whether the CEOs of these companies, which are estimated to control at least 80 percent of the market for voting equipment in the U.S., would support legislation mandating more disclosures.  Specifically, Lofgren asked if they would support requirements to disclose company cybersecurity practices, cyberattacks experienced by the companies, background checks done on employees, foreign investments in the companies, as well as information on the supply chain involved in building the voting equipment. Tom Burt, the president and CEO of ES&S, which has the largest individual share of the voting equipment market, answered that he “would support a requirement for all five of those requirements.” Julie Mathis, the CEO and president of Hart InterCivic, and John Poulos, the CEO and president of Dominion, both also agreed with Lofgren’s listed disclosure requirements.

National: ‘Chaos Is the Point’: Russian Hackers and Trolls Grow Stealthier in 2020 | Matthew Rosenberg, Nicole Perlroth and David E. Sanger/The New York Times

The National Security Agency and its British counterpart issued an unusual warning in October: The Russians were back and growing stealthier. Groups linked to Russia’s intelligence agencies, they noted, had recently been uncovered boring into the network of an elite Iranian hacking unit and attacking governments and private companies in the Middle East and Britain — hoping Tehran would be blamed for the havoc. For federal and state officials charged with readying defenses for the 2020 election, it was a clear message that the next cyberwar was not going to be like the last. The landscape is evolving, and the piggybacking on Iranian networks was an example of what America’s election-security officials and experts face as the United States enters what is shaping up to be an ugly campaign season marred by hacking and disinformation. American defenses have vastly improved in the four years since Russian hackers and trolls mounted a broad campaign to sway the 2016 presidential election. Facebook is looking for threats it barely knew existed in 2016, such as fake ads paid for in rubles and self-proclaimed Texas secessionists logging in from St. Petersburg. Voting officials are learning about bots, ransomware and other vectors of digital mischief. Military officials are considering whether to embrace information warfare and retaliate against election interference by hacking senior Russian officials and leaking their personal emails or financial information.