National: DHS creates ‘tabletop in a box’ for local election security drills | Benjamin Freed/StateScoop

For the past few years, the Department of Homeland Security has convened exercises for state election officials to test how they’d respond to a cyberattack against voting systems. At a National Association of Secretaries of State meeting in Washington last weekend, a DHS official introduced a new product that could make it easier for local officials to run those exercises. The tabletop exercises, as the events are known, are designed to give secretaries of state, election directors, IT leaders and other officials a war game-like environment simulating the threats posed by foreign governments and other adversaries that might try to disrupt a real election. And while the exercises have included representatives of some local governments, one of the biggest challenges statewide election officials say they have is making sure new cybersecurity tools and procedures trickle down to even the smallest, most resource-strapped jurisdictions involved in the democratic process. The Cybersecurity and Infrastructure Security Agency on Friday published its “Elections Cyber Tabletop Exercise Package,” a 58-page guide for state and local officials to hold their own drills simulating ransomware, data breaches, disinformation campaigns and attempts to corrupt voting equipment. Matt Masterson, a senior adviser at CISA, described the document as a “tabletop in a box.”

National: Majority of Election Websites in Battleground States Failing in Cybersecurity | Security Magazine

A large majority of election-related websites operated by local governments in battleground states lack a key feature that would help them be more cybersecure — a site that ends in .gov as opposed to .com or other extensions. Research by McAfee found that as many as 83.3 percent of county websites lacked .GOV validation across these states, and 88.9 percent and 90 percent of websites lacked such certification in Iowa and New Hampshire respectively. Such shortcomings could make it possible for malicious actors to establish false government websites and use them to spread false election information that could influence voter behavior and even impact final election results. “Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” said Steve Grobman, McAfee Senior Vice President and Chief Technology Officer. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times. In this way, this malicious actor could impact election results without ever physically or digitally interacting with voting machines or systems.”

National: Election officials confident about security days before first contests of 2020 | Joseph Marks/The Washington Post

Election officials are striking a confident tone about digital security at their final summit before caucus and primary season begins. But they’re also planning for the worst, war-gaming how to handle any major hacks from Russia or other adversaries. “We’re planning as if they’re coming back,” Chris Krebs, the Department of Homeland Security’s top cybersecurity official, said on the sidelines of the conference hosted by the National Association of Secretaries of State. “The playbook’s out there. It’s not just about Russia. It’s about anyone else that may want to get into this space.” Krebs led more than 200 officials through a series of worst-case scenarios during the conference, testing how they’d respond and work together during a cyberattack or misinformation campaign targeting a primary or general election. Among the participants were representatives from 44 states, 15 election vendors and 11 federal departments and agencies, a DHS spokeswoman said. The conclusion: Officials are far better prepared than in 2016 when Russian hackers probed election infrastructure across the nation and upended Hillary Clinton’s campaign by hacking and releasing emails and flooding disinformation onto social media.

National: As Iowa caucuses loom, states drill with feds to protect 2020 elections | Sean Lyngaas/CyberScoop

With the Iowa caucuses just days away, state election officials from around the country gathered this week in Washington, D.C., to drill for cyberattacks, study ransomware and learn how to work with ethical hackers. The level of collaboration was unthinkable four years ago, when Russia-backed hackers and trolls interfered to the electoral process. Then, it took many months for federal officials to notify states that their systems had been targeted, and states bristled at the Department of Homeland Security’s 2017 designation of election systems as critical infrastructure. Now, federal and state officials are mapping out how a foreign adversary might try to undermine the democratic process, and practicing how they would thwart those attacks. “We’re light years ahead today from where we were [in the aftermath of 2016]” Mac Warner, the secretary of state of West Virginia, said Thursday at the National Association of Secretaries of State conference. Warner said that shortly after the U.S. military killed a top Iranian general earlier this month, DHS officials held a call with states to explain the Iranian cyberthreat and what to watch for on their systems.

National: Behind the scenes, states race to shore up 2020 elections | Ben Popken/NBC

The officials in charge of running America’s elections in many states convened in the nation’s capitol this week to test and discuss their preparations for the 2020 U.S. presidential election. On their checklists: Everything. The National Association of Secretaries of State kicked off its biannual conference Thursday, a four-day event which this year has a heavy emphasis on election security. Each state has a chief elections officer and in 24, that’s the secretary of states. In others they may be responsible for only some parts of the electoral process. While praising the new information sharing network between state and federal authorities, officials who spoke with NBC News touched on a wide variety of challenges they continue to face, from disappointment with weak support by the executive branch to persistent concerns about disinformation. “We need to make sure that our operations are as resilient as possible, meaning that our hardware and software prevents attack, and measures are in place to survive an attack so that voters can trust the results of the election,” said Nellie Gorbea, the Rhode Island secretary of state.

National: Election officials get training before 2020 voting begins | Christina A. Cassidy/Associated Press

When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. This year, the main theme is election security. The change since 2016 underscores how election security has become a top concern with presidential nominating contests set to begin next week. Kicking off Thursday’s meeting was a training exercise coordinated by the Department of Homeland Security. Election officials from 44 states joined officials with 11 federal agencies and representatives from more than a dozen voting technology companies to participate in the half-day exercise to help them keep votes secure. “We’ve come a long ways,” said Iowa Secretary of State Paul Pate. “That’s the strength of doing these tabletops: putting everyone in the same room so we have that contact and preparing for whatever scenarios might come up.” The vast majority of panels at the biannual meetings of the National Association of Secretaries of State and the National Association of State Election Directors are dedicated to cybersecurity, from what states can do to disrupt hacking attempts to the threat of ransomware.

National: House GOP introduces bill to secure voter registration systems against foreign hacking | Maggie Miller/The Hill

Republicans on the House Administration Committee on Wednesday introduced legislation that would seek to update a long-standing federal election law and secure voter registration databases from foreign hacking attempts. The Protect American Voters Act (PAVA) would require the Election Assistance Commission (EAC) to establish the Emerging Election Technology Committee (EETC), which would help create voluntary guidelines for election equipment, such as voter registration databases, not covered under the Help America Vote Act (HAVA). HAVA was signed into law in 2002 following problems with voting during the 2000 presidential election. The law established the EAC and set minimum election administration standards.  The EETC would be empowered to bypass the existing Voluntary Voting Systems Guidelines process, which is a voluntary set of voting requirements that voting systems can be tested against to ensure their security and accessibility. The new bill would also establish an Election Cyber Assistance Unit within the EAC, which would help connect state and local election officials across the country with cybersecurity experts who could provide technical support. 

National: Securing elections starts with securing voter registration | Samuel S. Visner/StateScoop

It’s Nov. 3, Election Day: You go to the polls at the school where you’ve cast your ballots for the last 15 years, only to be told you are no longer on the voter registration list. And according to your state’s online database, you’re now supposed to be voting at a church 15 miles away. You’re confused, angry and late for work. So, you don’t vote. And your candidates of choice lose. How would you feel about those who won, much less the democratic process, after that? Attacking voter registration databases is one of the many ways threat actors could attempt to tamper with this year’s presidential election. After the 2016 election cycle, U.S. intelligence officials concluded that hostile nation-state actors attempted to access voter files in all 50 states and succeeded in some states, including Illinois. These and other kinds of compromises, such as ransomware that could deny election officials’ access to critical voter data during the 2020 election, could undermine confidence in U.S. institutions and the perceived legitimacy of those elected.

National: There’s a new cross-country effort to train election and campaign pros on digital security | Joseph Marks/The Washington Post

A team from the University of Southern California has embarked on a 50-state tour to give cybersecurity training to poll workers and state and local campaign staffers who will be the last line of defense against Russian hacking in 2020. The group, called the Election Cybersecurity Initiative, views itself as a bottom-up, grass-roots counterpart to national-level election security efforts led by the Department of Homeland Security in the wake of Russia’s election interference in 2016. It’s hoping to advise local election officials, Election Day volunteers, ground-level campaign door-knockers and even interns in both political parties who national officials are unlikely to reach. The group also wants to build a network of cybersecurity experts at universities across the nation who can help secure local races and polling sites. “There are incredible grass-roots resources and folks who are highly educated,” Justin Griffin, the group’s managing director, told me. “We’re really going to the states to touch those folks who could never take the time or have the budget to come to Washington for a session like this.” The cross-country effort, which launched in Maryland this week, is yet another example of how the threat of hacking and disinformation is affecting every part of the elections and campaign process. The group, which is funded with a grant from Google, is modeling itself after an election campaign and using the tagline: “Our candidate is democracy.”

National: Election Officials To Convene Amid Historic Focus on Voting And Interference | Pam Fessler/NPR

Top election officials from all 50 states are meeting in Washington this week to prepare for 2020 — a gathering amid widespread concern over whether the upcoming elections will be fair and accurate, as well as free of the kind of foreign interference that marred the 2016 campaign. Despite major government efforts to upgrade security, an NPR/PBS NewsHour/Marist poll found that about 41% of Americans surveyed do not think the country is prepared to protect the U.S. election system from another attack. Voters also say their biggest concern is disinformation, followed by voter fraud and voter suppression. Forty-four percent think it’s likely that many votes will not actually be counted in 2020. While most voters have confidence in their state and local governments to run a fair election, 43% do not think those officials have done enough to make sure that there’s no foreign interference. Many more blame President Trump. Fifty-six percent say he has done little or nothing to keep the elections safe. A slim majority think the president, who has repeatedly questioned Russian tampering in 2016, actually encourages foreign interference.

National: It takes too long to detect hacking after elections. Here’s 3 ways to help. | Jeremy Epstein/Fifth Domain

In 33 states in America, millions of voters are still at risk of having their ballots deliberately changed, uncounted, undercounted, misrecorded or otherwise subverted. Why? Simply because these states either permit some form of Internet voting or because one or more parts of their voting processes are connected to the Internet. This should disturb us. What is doubly worrying is the fact that, even if an intrusion is detected in these systems, there is no way to determine with certainty the impact on vote counts from the malicious hacks without paper ballots. There is no paper-based, traceable record of citizens’ votes without paper ballots. This means there is no way to reliably audit the election results. While paper ballots don’t prevent hacks, they can nullify the impacts of hacks because they allow authorities to reliably and accurately recount votes. The ability to retrace elections is critical in many ways: to restore the will of the people by accurately reflecting their votes, and to maintain confidence in our elections and our democracy.

National: FBI breach notice rules lauded by states, but some want more | Derek B. Johnson/FCW

Under a recent policy change, the FBI will notify states if local election systems are hacked, but some state officials and lawmakers want the feds to commit to informing a broader range of stakeholders. The federal government, in particular the FBI, have taken heat for taking three years to notify the Florida state government and members of Congress that voter registration systems in two counties were breached by Russian hackers leading up to the 2016 elections. While U.S. officials have said they do not have any evidence that suggests voting machines or tallies were compromised, security experts say bad actors tampering with registration data can still sow confusion and wreak havoc on election day. Alabama Secretary of State John Merrill said he and his counterparts in other states spent years pressing the federal government to notify states about local election hacks, arguing that many counties and municipalities lack the technical resources to effectively respond to a breach of their election systems. “They’re not in a position to give any attention to what was going on and to try to correct the issue, and so if [the feds aren’t] contacting us, what’s the value of calling anyone?” he told FCW. “And when we explained that to [the federal government,] they understood.”

National: Nonprofit expands free security services for campaigns as election season heats up | Cat Zakrzewski/The Washington Post

Political campaigns might not have the time or money to seek out tech talent and services in their busiest season, even as concerns loom about election hacking and interference. A political odd couple is trying to change that. Defending Digital Campaigns — founded by Robby Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, Mitt Romney’s 2012 campaign manager — is offering campaigns a wide range of free and discounted cybersecurity services. The nonprofit organization, which acts as a clearinghouse between campaigns and the companies, announced yesterday that it broadly expanded its industry partners to include tech heavyweights such as Microsoft and Cloudflare. DDC is designed to be a one-stop shop for campaigns to get protections against phishing, websites and mobile app security, multi-factor authentication through security keys, and more. “DDC will create even more value for campaigns by housing a number of these offerings from different companies,” Ginny Badanes, director of Microsoft’s Defending Democracy Program, tells me. “We think this will help increase adoption of these services and ultimately make campaigns more secure.” Microsoft is offering its suite of Office and business products for campaigns at a discount. It’s also a more expedient way to ensure campaigns can access their services, especially in a complicated regulatory environment, companies say. DDC secured Federal Election Commission approval to provide campaigns with free or discounted services last year. By partnering with the organization, companies don’t have to seek out individual approvals — a process that can take several months.

National: Analysts question whether FBI election cybersecurity changes are robust enough | Jonathan Greig/TechRepublic

The FBI released new guidelines on how it will approach cyberattacks on elections after facing years of criticism from lawmakers across the country for their response to Russian intrusion attempts during the 2016 election. State officials, particularly those in Florida, were incensed when the Mueller Report revealed that two county voting databases were breached by Russian hackers ahead of the 2016 election. The FBI never told state-level officials and only coordinated with people in the counties that had been hit, waiting nearly two years until meeting and explaining the situation to Florida Gov. Ron DeSantis. The new guidelines, explained on a media call last Thursday and in a press release last Friday, say the FBI will notify a state’s chief election official and other local election workers in the event of any cyberattack. “Understanding that mitigation of such incidents often hinges on timely notification, the FBI has established a new internal policy outlining how the FBI will notify state and local officials responsible for administering election infrastructure of cyber activity targeting their infrastructure,” the FBI statement said.

National: Weakening Encryption Could Impact Election Security, Coalition Says | Frank Konkel/Nextgov

A coalition for secure elections sent a letter to Attorney General William Barr Wednesday, criticizing the AG for recent comments he made calling on companies to create a “backdoor” through encryption. The letter, published by the Project on Government Oversight, warns such backdoors—even if expressly for use by law enforcement—would weaken the security of encrypted services and devices, “opening the door” for hackers to harm users. “While encryption does not guarantee safety from all forms of malicious hacking, it is a vital safeguard to minimize risk. The Department of Justice has previously asked companies to create a ‘backdoor’ through encryption that would be accessible to law enforcement—but it is simply not possible to create a ‘backdoor’ that could not also be accessed by malicious hackers,” the letter states.

National: Tech Companies Volunteer to Beef Up Presidential Campaigns’ Cybersecurity | Alexa Corse/Wall Street Journal

Nearly a dozen technology companies said they will provide free or reduced-cost cybersecurity services to presidential campaigns, which experts and intelligence officials have warned are ripe targets for intrusion and disinformation. They join a growing number of firms offering protection on a nonpartisan basis, a trend that has gained steam in the past 18 months or so, since federal regulators eased rules to make such offers permissible under campaign-finance laws. The Federal Election Commission made policy changes after urging from nonprofits and technology companies, including Microsoft Corp. Campaigns have struggled to make their information more secure in part because of budget pressures and the fast-moving nature of a campaign. “Any dollar that a campaign spends on extra levels of cybersecurity is a dollar they’re not spending on voter contact and getting their candidate elected,” noted Matt Rhoades, campaign manager for Republican Mitt Romney in 2012.

National: Hackers Are Coming for the 2020 Election — And We’re Not Ready | Andy Kroll/Rolling Stone

… Four years ago, for an embarrassingly modest price, Russia pulled off one of the more audacious acts of election interference in modern history. The Internet Research Agency, the team of Kremlin-backed online propagandists, spent $15 million to $20 million and wreaked havoc on the psyche of the American voter, creating the impression that behind every Twitter avatar or Facebook profile was a Russian troll. Russian intelligence agents carried out the digital version of Watergate, infiltrating the Democratic Party and the Clinton campaign, stealing tens of thousands of emails, and weaponizing them in the days and weeks before the election. Russian-based hackers tested election websites in all 50 states for weak spots, like burglars casing a would-be target. “The Russians were testing whether our windows were open, rattling our doors to see whether they were locked, and found the windows and doors wide open,” says Sen. Mark Warner (D-Va.), the top Democrat on the Intelligence Committee. “The fact that they didn’t interject themselves more dramatically into our election was, I think, almost luck.”

National: Acting DHS secretary says he expects Russia to attempt to interfere in 2020 elections | Maggie Miller/The Hill

Acting Homeland Security Secretary Chad Wolf said Friday that his agency “fully expects” Russia to attempt to interfere in U.S. elections in 2020. “As we saw in 2016, we fully expect Russia to attempt to interfere in the 2020 elections to sow public discord and undermine our democratic institutions,” Wolf said during an event hosted by the Homeland Security Experts Group in Washington, D.C. Wolf also highlighted cyber threats from China and Iran. According to the report compiled by former special counsel Robert Mueller and to findings by the U.S. intelligence community and the Senate Intelligence Committee, Russia launched a sweeping interference effort in the lead-up to the 2016 presidential election, using both hacking and disinformation tactics.

National: Amid hacking fears, key caucus states to use app for results | Ryan J. Foley and Christina A. Cassidy/Associated Press

Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites — technology intended to make counting easier but that raises concerns of hacking or glitches. Democratic Party activists in Iowa and Nevada will use programs downloaded to their personal phones to report the results of caucus gatherings to the state headquarters. That data will then be used to announce the unofficial winners. Paper records will later be used to certify the results. The party is moving ahead with the technology amid warnings that foreign hackers could target the 2020 presidential campaign to try to sow chaos and undermine American democracy. Party officials say they are cognizant of the threat and taking numerous security precautions. Any errors, they say, will be easily correctable because of backups.

National: US election still vulnerable to attacks, despite security improvements | Cynthia Brumfield/CSO Online

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact. Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements. A spokesperson for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) tells CSO that the agency has seen marked improvements in security over the past few years. “In our work with all 50 states and more than 2,400 local jurisdictions, we’ve seen a maturation in the risk management practices across the sector,” the spokesperson says. “Whether implementing controls like multifactor authentication and intrusion detection systems or exercising incident identification, communications, and response, the progress for election security is real.”

National: FBI will now notify state election officials when any part of their election systems is hacked | Ken Dilanian/NBC

The FBI will now notify state election officials about cyber breaches to election systems in their jurisdictions, even those that only affect a single county, FBI and Justice Department officials said Thursday. The change stems from a belief that the “traditional policy did not work in the election context,” an FBI official told reporters in a background call. Typically, the FBI notifies only the victim of a cyber intrusion. When it comes to election systems, the victim is often a county. But if the FBI only notifies local officials, “it may leave the state officials with incomplete knowledge of the threats,” the official said. The policy shift comes after a 2018 episode in Florida in which Democratic Sen. Bill Nelson said he had been told that Russian hackers gained access to some voting systems in his state, only to be accused of making that up by then-Gov. Rick Scott, the Republican running to unseat Nelson in that year’s election. Scott said state officials had not been notified of any such breach.

National: Security vulnerabilities in voting machines show America still isn’t ready for the 2020 election | Alexandra Ossola/Quartz

Though researchers discovered a fundamental security flaw in voting machines months ago, the company behind the machines may still be advertising them to states in a way that allows the vulnerability to persist, according to a letter sent to the US Election Assistance Commission and reported by NBC News. In Aug 2019, a team of independent security experts found that, contrary to popular belief, many digital voting machines were connected to the internet, sometimes for months on end, Motherboard reported. This, the experts feared, could give hackers a window through which to manipulate votes. The company that makes the machines that the researchers found to be flawed is called Election Systems & Software (ES&S) (company officials disputed this characterization of its systems). About 70 million Americans’ votes are counted using one of ES&S’ machines, which make up about half of the election equipment market, according to ProPublica. ES&S markets its machines to include an optional modem, which can connect them to the internet. Modems allow election officials to get quick preliminary results, and also help ES&S maintain the machines.

National: Cloudflare is giving away its security tools to US political campaigns | Zack Whittaker/TechCrunch

Network security giant Cloudflare said it will provide its security tools and services to U.S. political campaigns for free, as part of its efforts to secure upcoming elections against cyberattacks and election interference. The company said its new Cloudflare for Campaigns offering will include distributed denial-of-service attack mitigation, load balancing for campaign websites, a website firewall and anti-bot protections. It’s an expansion of the company’s security offering for journalists, civil rights activists and humanitarian groups under its Project Galileo, which aims to protect against disruptive cyberattacks. The project later expanded to smaller state and local government sites in 2018, with an aim of protecting from attacks servers containing voter registration data and other election infrastructure.

National: Schiff schedules public hearing with US intel chief  | Rebecca Klar/The Hill

House Intelligence Committee Chairman Adam Schiff (D-Calif.) has called on the acting Director of National Intelligence (DNI) to testify at a public hearing next month over security threats facing the U.S. and its allies. The invitation seeking testimony from acting DNI Joseph Maguire comes amid reports that intelligence officials are trying to persuade Congress from dropping the public portion of the annual Worldwide Threat hearing after backlash from President Trump last year. Schiff sent a letter Thursday inviting Maguire to testify at a public hearing before the Intelligence Committee on Feb. 12, followed by a closed hearing for the panel later the same day. Schiff said the committee will inquire about unclassified assessments regarding threats to the nation during the public hearing. He added that the committee “expects” Maguire and intelligence officials to “delve further into classified details about these threats” in the classified portion.

National: Internet voting Is happening now and it could destroy our elections | Rachel Goodman and J. Alex Halderman/Slate

Russian hackers will try to disrupt American voting systems during the 2020 election cycle, as they did in 2016. This time, they’ll be joined by hackers from all over the world, including some within the United States. What unites them all is an eagerness to undermine free and fair elections, the most basic mechanism of American democracy. There are some hard questions about what to do about all this, but one piece is surprisingly straightforward: We need to keep voting systems as far away from the internet as possible. There’s a growing and clear consensus on this point. Federal guidelines for new voting machines might soon prohibit voting systems from connecting to the internet and even using Bluetooth. At the same time, though, voter turnout in this country remains abysmal. Allowing people to vote on their phones seems intuitively like it could help, especially for young people who vote at especially low rates. It could also be helpful for some military and overseas voters, as well as some voters with disabilities, who face challenges getting a physical ballot cast, returned, and counted. So why not try it? Well, put mildly, security vulnerabilities introduced by internet voting could destroy elections.

National: U.S. election security czar says attempts to hack the 2020 election will be more sophisticated | Ken Dilanian/NBC

The U.S. government is geared up as never before to combat foreign election interference, but there are limits to what American intelligence agencies can do, even as determined adversaries build on their 2016 playbook, the nation’s election security czar said Tuesday. In prepared remarks before an elections group, and in an exclusive interview afterward with NBC News, Shelby Pierson, the election security threats executive at the Office of the Director of National Intelligence, said a number of adversaries may be poised to attempt election interference. “The threats as we go into 2020 are more sophisticated,” she said. “This is not a Russia-only problem. Russia, China, Iran, North Korea, non-state hacktivists all have opportunity, means and potentially motive to come after the United States in the 2020 election to accomplish their goals.” Pierson spoke at an election summit sponsored by the U.S. Election Assistance Commission, an independent, bipartisan agency that certifies voting systems and serves as a national clearinghouse of information on election administration.

National: State election officials will get fresh intelligence briefing after Iran tensions | Sean Lyngaas/CyberScoop

In the wake of the U.S.-Iran standoff and just weeks before the first Democratic primary, the intelligence community’s lead official for election security will brief state officials on the top cyberthreats to the U.S. electoral process. Shelby Pierson, the intelligence community’s election threats executive, said that the briefing this Thursday will cover the full gamut of digital threats to U.S. elections, including those emanating from Iran. Asked if Iran is more likely to interfere in the 2020 election after the U.S. military killed Tehran’s top general earlier this month, Pierson told reporters Tuesday that “it certainly is something that we’re prepared for.” “As our adversaries look to the political climate … it wouldn’t surprise me at all that this is part of the calculus,” she added.

National: Democrats sound election security alarm after Russia’s Burisma hack | Maggie Miller/The Hill

Congressional Democrats are raising fresh concerns about 2020 election security following a report this week that Russian military officers hacked Burisma Holdings, the Ukrainian gas company at the center of President Trump’s impeachment. Several Democratic lawmakers are viewing the incident, reported by The New York Times on Monday night, as the first major sign that Moscow is gearing up for a repeat of its 2016 election interference. They cited what they call similarities between the Burisma attack and the Democratic National Committee hack four years ago. Sen. Gary Peters (Mich.), the top Democrat on the Senate Homeland Security Committee, said the hack confirmed that Russia will be back to interfere in U.S. elections this year. “The Russians are actively engaged in hacking all sorts of sites and businesses, and I am sure there was a political motivation behind it. We know the Russians are going to be actively involved in trying to cause problems in the 2020 election, and this is just a further confirmation of their active involvement in American politics,” Peters told The Hill.

National: Paperless voting machines pose risk to US’s election infrastructure | Ash-har Quraishi/Scripps Media

Could foreign parts in voting machines be putting the U.S. election at risk for hacking? It’s a question that lawmakers have been exploring as they seek answers from top bosses at three major voting manufacturers. Tom Burt, the President and CEO OF Election Systems & Software, appeared confident as he testified before the House Administration Committee last week. “We’ve seen no evidence that our voting systems have been tampered with in any way,” said Burt. The companies that make vote tabulation systems say they welcome federal oversight of election infrastructure and need help securing their supply chains, especially for voting machine parts made in foreign countries. “Several of those components, to our knowledge, there is no option for manufacturing those in the United States,” explained Dominion Voting Systems CEO John Poulos. Cyber and national security experts say antiquated and paperless voting machines pose the most significant risk to the U.S.’s election infrastructure.

National: Election officials are watching how their states respond to cyberattacks | Benjamin Freed/StateScoop

State election officials said Tuesday that they’ve been watching how their state governments have responded to incidents like ransomware attacks as lessons on what they would do if the voter registration databases, vote-total reporting systems and other components of election infrastructure that they manage were targeted. Though the ransomware incidents that have spread through state and local governments across the United States have largely spared election systems from the worst, debilitating effects, the Department of Homeland Security last year said that local officials could be targeted by viruses that lock them out of voter rolls unless they pay a financial demand. And at a conference in Washington hosted by the Election Assistance Commission, state officials said they are paying attention to ransomware wave.