National: As Targets, States Need to Be Prepared for the 2020 Election | Tom Guarente/StateTech Magazine

With the first 2020 election primaries upon us, state government leaders are faced with the critical question of whether their election systems are prepared for looming cybersecurity threats. Foreign threat actors have shown again and again their interest in undermining one of the most sacred rights Americans hold: the vote. In Florida, it’s been reported, Russian interference in voter roll systems had the potential to alter results during the 2016 midterm elections. In Illinois, media reports show, there’s evidence that hackers working for Russian military intelligence installed malware on the network of a voter registration technology vendor. In fact, all 50 states’ election systems were targeted by Russia in 2016, according to a July 2019 report from the U.S. Senate Select Committee on Intelligence. Cyber-enabled election threats did not end in 2016. In the 2018 midterm elections, FireEye identified multiple social media accounts impersonating congressional candidates and spreading pro-Iran messages.

National: Iowa’s app fiasco worries mobile voting advocates | Tonya Riley/The Washington Post

The fiasco caused by an app that failed to properly transmit votes in the Iowa caucuses is worrying the mobile voting industry, which hoped 2020 would be a banner year. Companies — and proponents of incorporating more technology into elections — are trying to avoid being lumped in with the hastily made app used in Iowa. They’re saying its failure proves serious investment in user-friendly, secure election technology is more critical than ever. “We need to ensure that every new idea is tested, transparent and secure — just like the eight successful mobile voting pilots conducted to date,” Bradley Tusk, the founder and CEO of Tusk Philanthropies, said in a statement. “Enough is enough. 2016 should have been enough of a wake-up call. Iowa just confirmed it.” Tusk Philanthropies has funded pilots for mobile voting across the country, launched in a push to increase participation in elections. Unlike the app used in Iowa, which was developed to relay vote counts, the pilots use technologies that allow voters to easily vote from their mobile phones. So far, the pilots have largely been limited to eligible uniformed and overseas voters and voters with disabilities. But any expansion is sure to fall under an even more critical spotlight. Any malfunction — or hack — of an app used directly for voting in 2020 could have far greater impact in undermining public faith in the Democratic process than one Democratic caucus gone wrong.

National: Bipartisan lawmakers introduce bill to combat cyber attacks on state and local governments | Juliegrace Brufke/The Hill

A bipartisan group of lawmakers on Monday introduced a bill that would establish a $400 million grant program at the Department of Homeland Security (DHS) to help state and local governments combat cyber threats and potential vulnerabilities. Under the legislation — led by Reps. Cedric Richmond (D-La.), John Katko (R-N.Y.), Derek Kilmer (D-Wash.), Mike McCaul (R-Texas), Dutch Ruppersberger (D-Md.), Bennie Thompson (D-Miss.) and Mike Rogers (R-Ala.) — DHS’ Cybersecurity and Infrastructure Security Agency (CISA) would be required to develop a plan to improve localities’ cybersecurity and would create a State and Local Cybersecurity Resiliency Committee to help inform CISA on what jurisdictions need to help protect themselves from breaches. The group noted that state and local governments have become targets for hackers, having seen an uptick in attacks in recent years. “It provides more grant funding to state and locals for cybersecurity my own state of Texas impacted, particularly as tensions rise in Iran, for instance, we are seeing more cyber attacks coming out of Iran,” McCaul told The Hill. “And then of course going into the election we will make sure that our voting machines are secure.”

National: Voting Process Under Spotlight After Iowa Confusion | Alexa Corse/Wall Street Journal

States conducting presidential nominating contests in the weeks ahead are facing new scrutiny of their voting processes, after glitches caused confusion over which candidate prevailed in Iowa’s caucuses last week. Federal and local law-enforcement officials huddled at a Manchester, N.H., conference center on Friday morning, gaming out responses to hypothetical hacking scenarios ahead of New Hampshire’s Tuesday primary. The meeting included representatives from the U.S. Secret Service and from the police forces of Manchester, Concord and Nashua, along with private-sector experts. The Manchester gathering, which had been scheduled for months, is one example of intensified efforts nationwide to secure the voting process since 2016, when Russia was found to have interfered in the U.S. presidential election. But such efforts have taken on a new urgency after Iowa’s debacle. The failure of a results-reporting app, due to what the Iowa Democratic Party called a coding issue and a series of problems cascading from those glitches, showed that foreign meddling isn’t the only risk, experts say.

National: US counterintel strategy emphasizes protection of democracy | Eric Tucker/Associated Press

The U.S. government’s top counterintelligence official said Monday that he was concerned Russia or other foreign adversaries could exploit the chaos of the Iowa caucuses to sow distrust in the integrity of America’s elections. “How can an adversary take what happened in Iowa and pour gasoline on it?” Bill Evanina, the director of the National Counterintelligence and Security Center, told reporters at a briefing. Evanina’s comments came as he unveiled a strategy document aimed at guiding the government’s national security priorities over the next two years. The document identifies the U.S. economy, infrastructure, democracy and supply chains as areas being routinely targeted by foreign governments and in need of heightened protection. Election security, particularly combating foreign influence in U.S. politics, accounts for one of the counterintelligence community’s top priorities as voters head to the polls this year. A malfunctioning app used by the Iowa Democratic Party caused a delay in the reporting of caucus results last week and fueled calls for a recanvassing. Because of the delay and after observing irregularities in the results once they did arrive, The Associated Press says it cannot declare a winner.

National: Senate panel wants politicians to put party aside for election security. Fat chance in 2020. | Joseph Marks/The Washington Post

A long-awaited Senate Intelligence Committee report admonishes politicians to forget about politics when dealing with election interference operations and to exercise maximum restraint before suggesting an election was hacked or corrupted.

Good luck with that.

“Restraint” is not the operative word in the Trump era. The bipartisan report arrived just days after President Trump’s 2020 campaign manager Brad Parscale suggested without evidence on Twitter that a long delay in reporting Iowa caucuses results was because of a #RiggedElection. In fact, the count was marred by technical issues. And while the Republican-run committee states “the President of the United States should take steps to separate himself or herself from political considerations when handling issues related to foreign influence operations,” Trump has not been living by that mantra. Nor has he been “explicitly putting aside politics when addressing the American people on election threats.” The president has openly contemplated accepting dirt on his opponents from foreign nations in the 2020 race — and cast doubt on the intelligence community’s conclusion that Russia interfered on his behalf in 2016. And the Senate acquitted the president just this week after the House impeached him for pressuring Ukraine’s leader to help dig up dirt on the family of a political rival, former vice president Joe Biden.

National: Iowa Breakdown Reveals Broken Election Technology Ecosystem | Alyza Sebenius and Bill Allison/Bloomberg

The chaos at the Iowa caucus has been blamed on a small startup called Shadow Inc., but what happened this week is also emblematic of wider problems plaguing the world of election technology. It’s hard to get sophisticated technology companies to build such technology because most buyers have small budgets, and disappear after Election Day. In a four-year presidential election cycle, one campaign’s killer app is woefully obsolete by the next. So political parties and campaigns often create the technology themselves or hire small firms to do it for them. “The tech companies with depth of knowledge and understanding tend to shy away from building critical voting systems,” said Charles Stewart III, a professor and elections scholar at the Massachusetts Institute of Technology.

National: Gutted Election Assistance Commission struggles to recover | Bill Theobald/The Fulcrum

Nine months from an intensely contested presidential election already clouded by anxiety about the integrity of the results, the main federal agency overseeing the process is struggling to get back on its feet after years in turmoil. The Election Assistance Commission is unknown to most Americans. But it certifies the reliability of the machines most voters will use this fall, and it’s at the epicenter of efforts to protect our election systems from being hacked by foreign adversaries. And since last fall it’s been without an executive director or general counsel to coordinate the government’s limited supervision over how states and thousands of localities plan for the 2020 balloting. In fact, none of eight top officials listed on the agency website in March 2017, when the extent of Russian interference in the last presidential election was just becoming clear, are still with the agency. Neither are eight of the other 16 staff members who worked there then. And years of budget cuts have only recently started to be reversed. The ability of the already tiny operation to do its job in the leadup to November — when turnout and fear of hacking could both reach record levels — could go a long way to determining whether the world believes President Trump was either defeated or re-elected fair and square. It is a tall order that will be left largely to the four politically appointed commissioners, and two of them are new since Trump took office. Only a year ago did the EAC gain a full complement of members for the first time in almost a decade.

National: The Iowa caucus app isn’t the only new election tech | Rebecca Heilweil/Vox

Election security in the United States seems more precarious than ever. As the November 2020 election grows closer, states and counties have charged ahead with their own plans to secure — and improve — their voting systems. Congress, meanwhile, has failed to send much-needed reforms to the president’s desk. Anxiety over the mechanics of this year’s election has spiked following the disaster that was the Iowa Democratic caucus. While there’s no reason to believe that the very poorly developed app used in the caucus was hacked, the fiasco does have lawmakers spooked on a number of fronts, as it’s increasingly becoming clear that the integrity of the nation’s elections can be compromised in a variety of ways. In fact, after the phone number for reporting precinct results was posted online, supporters of President Donald Trump managed to flood phone lines and interfere with the counting of results, according to Bloomberg. You could say the country is more vulnerable to election interference than ever. Some worry, with good reason, that the worst is yet to come.

National: The progress the government has made on election security | Andrew Eversden/Fifth Domain

The latest Senate report on Russian interference in the 2016 election, released Feb. 6, contained several broad recommendations for how the government can improve effectiveness in securing American elections. While the Senate Select Committee on Intelligence’s third volume lists seven recommendations for correcting shortfalls made by the Obama administration in responding to Russian election interference, the federal government has already made progress in several of the recommended areas since the committee started its report. The committee recommends that the executive branch “bolster” partnerships with countries considered “near abroad” to Russia. The bipartisan report states that Russia has been using these countries as a “laboratory” for perfecting information and cyber warfare. For example, in the military conflict between Ukraine and Russian, Russian-backed hackers have targeted the government and shut down the country’s power grid. Expanding partnerships with such countries will “help to prepare defenses for the eventual expansion of interference techniques targeting the West,” the report read.

National: Election Security 2020: States Take Cybersecurity Measures Ahead of November | Adam Stone/StateTech Magazine

In the Buckeye State, officials are doing more than just keeping an eye on the upcoming national elections. As the threat of cyber tampering looms large, state and local leaders are working diligently to ensure voting is secure. “We want to set the tone for the rest of the nation,” says Ohio Secretary of State Frank LaRose, who in June issued a 34-point directive to guide state, county and local efforts on election cyber strategies. It calls for the use of event logging and intrusion detection tools, along with segmentation — disconnecting voting apparatus from external networks. “We want to make sure our boards of elections aren’t leaving a door opened by being attached to other, less secure assets,” LaRose says. Ohio may be out in front, but it is hardly alone. Authorities in all 50 states are taking steps to not only to secure the vote, but to ensure that the public perceives that vote as valid. They are getting help from the federal government, including the Cybersecurity and Infrastructure Security Agency, an operational component under the U.S. Department of Homeland Security. Experts say the aggressive action is justified, given the high likelihood that adversarial nations and other bad actors could try to tamper with the election.

National: Russia engaging in ‘information warfare’ ahead of 2020 election, FBI chief warns | Eric Tucker/Associated Press

The FBI director, Christopher Wray, has warned that Russia is engaged in “information warfare” heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America’s election infrastructure. Wray told the House judiciary committee that Russia, just as it did in 2016, is relying on a covert social media campaign aimed at dividing American public opinion and sowing discord. That effort, which involves fictional personas, bots, social media postings and disinformation, may have an election-year uptick but is also a round-the-clock threat that is in some ways harder to combat than an election system hack, Wray said. “Unlike a cyber-attack on an election infrastructure, that kind of effort – disinformation – in a world where we have a first amendment and believe strongly in freedom of expression, the FBI is not going to be in the business of being the truth police and monitoring disinformation online,” Wray said.

National: Iowa and the grand tradition of election tech mishaps | Andrew Gumbel/The Guardian

The great Iowa caucus meltdown of 2020 may be triggering anguish, anger and, on the Republican side of the political fence, expressions of unalloyed glee; but for one Miami lawyer and voting rights activist it is also bringing back vivid memories of another high-profile primary contest that fell victim to untested new technology and administrative incompetence. The year was 2002, and the race was a hotly contested Florida gubernatorial election in which Janet Reno, the former US attorney general, was vying for the Democratic party nomination against a prominent lawyer from Tampa. A politically connected company called Electronic Systems & Software (ES&S) was rolling out new touchscreen technology to replace the punch card machines that were widely blamed for the meltdown in the presidential election two years earlier between George W Bush and Al Gore. ES&S, though, was very far from ready for prime time. Many of the machines in Miami-Dade county took so long to boot up that polling stations could not open before lunchtime. When a freak storm caused power blackouts, the battery backup on many machines failed. One Miami precinct reported 900% turnout; another showed just one ballot cast. The governor declared a state of emergency, and Reno – who was trailing narrowly – demanded a re-examination of the ballots, only to realize that the new technology made recounts impossible.

National: Caucus Meltdown Tied to Democrats’ Little-Tested Mobile App | Michaela Ross, Kartikay Mehrotra and Chris Strohm/Bloomberg

The breakdown in reporting results from Iowa’s Democratic caucuses appears tied to failures in a mobile application that wasn’t ready for the load of a statewide election and which the head of the Homeland Security Department said wasn’t subjected to a cybersecurity test by his agency. “This is more of a stress or load issue as well as a reporting issue that we’re seeing in Iowa,” acting Department of Homeland Security Secretary Chad Wolf said in a Fox News interview Tuesday. Wolf said there’s little evidence of hacking of the app, which precinct officials struggled to use on Monday night. He said that his department’s cyber division had offered to test the software for vulnerabilities but was declined.… But the failure spotlights the need for hard-copy backups across election systems, as a handful of states are still using voting machines that don’t produce a paper receipt, according to Marian Schneider, president of the voting advocacy group Verified Voting and former deputy secretary for elections of Pennsylvania. “It’s clear that mobile apps are not ready for prime time, but thankfully Iowa has paper records of their vote totals and will be able to release the results from those records,” Schneider said.

National: Iowa’s Lesson: Political Parties Are Not as Good as Government Officials at Counting Votes | Jessica Huseman, Jack Gillum and Derek Willis/ProPublica

Here’s the takeaway from the Iowa fiasco: Beware of caucuses run by political parties. But don’t panic about the integrity of most primaries and the general election, which are run by state and county election administrators. As Tuesday morning wore on without results from Iowa’s Democratic caucuses, the long-awaited first test of the strength of President Donald Trump’s would-be challengers, both public officials and enraged commentators stoked fears that Iowa was a harbinger of chaos for the rest of the 2020 campaign. Some said it raises alarms about the broader condition of election security and the reliability of computer systems that record, tally and publish the votes. Trump campaign manager Brad Parscale even suggested on Twitter Monday, without evidence, that the process was “rigged.” But there’s a marked difference between the Iowa caucuses and the upcoming primaries in New Hampshire and South Carolina, as well as the 14 state primaries on Super Tuesday. The Iowa Democratic Party ran the caucuses, much as its counterparts in Nevada, Wyoming and several territories will do in the next few months. Party officials have less training and experience in administering the vote than do state and local election administrators who oversee most of the primaries.

National: After Iowa Democrats’ caucus app mess, election officials distance themselves | Benjamin Freed/StateScoop

The meltdown Monday night of a new app that the Iowa Democratic Party intended to use to tally the results of its presidential nominating caucuses has famously mucked up the beginning of the race to determine the Democrats’ presidential nominee. But as the candidates wait for the first batch of results to finally be released Tuesday afternoon, election officials around the country are taking pains to distance a political party’s technological bungling from the work that they do on behalf of state and local governments. Iowa Democrats headed into their first-in-the-nation caucuses saying the app — designed by a software firm called Shadow Inc. — would help on-the-ground volunteers report results and the complicated math that determines how many delegates each candidate won. But after not releasing caucus results as expected, the party late Monday night said there were “inconsistencies” in how precinct-level results were reported. And since then, several county party leaders have said that they never received any training on the app from either the state party or Shadow. While caucus-goers’ preferences were recorded on paper, which the Iowa Democrats said Tuesday is being used to verify the data collected by the app, election officials have said this episode may throw a wrench in the public perception of their jobs. “We have a term we call the ‘cicada voter’,” Dave Bjerke, the elections director in Falls Church, Virginia, told StateScoop, referring to the ground-dwelling insects that only emerge once every several years. “The cicada voter is only going to vote in presidential elections. There’s always elections going on, but the presidential is the Super Bowl of our process.”

National: Why 2020 could be a year of election malfunctions | Steven Overly and Eric Geller/Politico

Monday’s caucus app meltdown is just a taste of what may await the rest of America. Iowa wasn’t alone in adopting new technology to run elections in 2020, and the odds are it may not be the last state to suffer the consequences. Counties with tens of millions of people have rolled out new voting machines in recent years to replace hack-prone paperless devices. But new technologies inevitably bring their own hiccups, some more damaging than others. And as the debacle surrounding the Iowa Democrats’ vote-reporting app showed, any confusion can feed divisions and conspiracy theories, fueled by social media, that undermine Americans’ faith in democracy. Marian Schneider, the president of the advocacy group Verified Voting, said technology will always carry some risk, particularly when it’s connected to the internet — noting that even large companies with deep pockets get hacked. She said the problems in Iowa reinforce her organization’s argument that voting and reporting should not be done via mobile app. Another lesson: At least the Iowa caucuses had paper records to back up all of the electronic information. And so should other elections, she said. “So, the takeaway is that having a low-tech backup is really important whenever you’re deploying technology in elections,” she said.

National: Iowa Caucus chaos likely to set back mobile voting | Lucas Mearian/Computerworld

A coding flaw and lack of sufficient testing of an application to record votes in Monday’s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting. While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election. “This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it’s just delayed results and egg on the face of the people who built and purchased the technology.” The vote tallying app used Monday in the Iowa Caucus was created by a small Washington-based vendor called Shadow Inc.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear through a tweet it did not supply the technology for the Iowa Caucus, and it is no more than an investor.

National: DHS creates ‘tabletop in a box’ for local election security drills | Benjamin Freed/StateScoop

For the past few years, the Department of Homeland Security has convened exercises for state election officials to test how they’d respond to a cyberattack against voting systems. At a National Association of Secretaries of State meeting in Washington last weekend, a DHS official introduced a new product that could make it easier for local officials to run those exercises. The tabletop exercises, as the events are known, are designed to give secretaries of state, election directors, IT leaders and other officials a war game-like environment simulating the threats posed by foreign governments and other adversaries that might try to disrupt a real election. And while the exercises have included representatives of some local governments, one of the biggest challenges statewide election officials say they have is making sure new cybersecurity tools and procedures trickle down to even the smallest, most resource-strapped jurisdictions involved in the democratic process. The Cybersecurity and Infrastructure Security Agency on Friday published its “Elections Cyber Tabletop Exercise Package,” a 58-page guide for state and local officials to hold their own drills simulating ransomware, data breaches, disinformation campaigns and attempts to corrupt voting equipment. Matt Masterson, a senior adviser at CISA, described the document as a “tabletop in a box.”

National: Majority of Election Websites in Battleground States Failing in Cybersecurity | Security Magazine

A large majority of election-related websites operated by local governments in battleground states lack a key feature that would help them be more cybersecure — a site that ends in .gov as opposed to .com or other extensions. Research by McAfee found that as many as 83.3 percent of county websites lacked .GOV validation across these states, and 88.9 percent and 90 percent of websites lacked such certification in Iowa and New Hampshire respectively. Such shortcomings could make it possible for malicious actors to establish false government websites and use them to spread false election information that could influence voter behavior and even impact final election results. “Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” said Steve Grobman, McAfee Senior Vice President and Chief Technology Officer. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times. In this way, this malicious actor could impact election results without ever physically or digitally interacting with voting machines or systems.”

National: Election officials confident about security days before first contests of 2020 | Joseph Marks/The Washington Post

Election officials are striking a confident tone about digital security at their final summit before caucus and primary season begins. But they’re also planning for the worst, war-gaming how to handle any major hacks from Russia or other adversaries. “We’re planning as if they’re coming back,” Chris Krebs, the Department of Homeland Security’s top cybersecurity official, said on the sidelines of the conference hosted by the National Association of Secretaries of State. “The playbook’s out there. It’s not just about Russia. It’s about anyone else that may want to get into this space.” Krebs led more than 200 officials through a series of worst-case scenarios during the conference, testing how they’d respond and work together during a cyberattack or misinformation campaign targeting a primary or general election. Among the participants were representatives from 44 states, 15 election vendors and 11 federal departments and agencies, a DHS spokeswoman said. The conclusion: Officials are far better prepared than in 2016 when Russian hackers probed election infrastructure across the nation and upended Hillary Clinton’s campaign by hacking and releasing emails and flooding disinformation onto social media.

National: As Iowa caucuses loom, states drill with feds to protect 2020 elections | Sean Lyngaas/CyberScoop

With the Iowa caucuses just days away, state election officials from around the country gathered this week in Washington, D.C., to drill for cyberattacks, study ransomware and learn how to work with ethical hackers. The level of collaboration was unthinkable four years ago, when Russia-backed hackers and trolls interfered to the electoral process. Then, it took many months for federal officials to notify states that their systems had been targeted, and states bristled at the Department of Homeland Security’s 2017 designation of election systems as critical infrastructure. Now, federal and state officials are mapping out how a foreign adversary might try to undermine the democratic process, and practicing how they would thwart those attacks. “We’re light years ahead today from where we were [in the aftermath of 2016]” Mac Warner, the secretary of state of West Virginia, said Thursday at the National Association of Secretaries of State conference. Warner said that shortly after the U.S. military killed a top Iranian general earlier this month, DHS officials held a call with states to explain the Iranian cyberthreat and what to watch for on their systems.

National: Behind the scenes, states race to shore up 2020 elections | Ben Popken/NBC

The officials in charge of running America’s elections in many states convened in the nation’s capitol this week to test and discuss their preparations for the 2020 U.S. presidential election. On their checklists: Everything. The National Association of Secretaries of State kicked off its biannual conference Thursday, a four-day event which this year has a heavy emphasis on election security. Each state has a chief elections officer and in 24, that’s the secretary of states. In others they may be responsible for only some parts of the electoral process. While praising the new information sharing network between state and federal authorities, officials who spoke with NBC News touched on a wide variety of challenges they continue to face, from disappointment with weak support by the executive branch to persistent concerns about disinformation. “We need to make sure that our operations are as resilient as possible, meaning that our hardware and software prevents attack, and measures are in place to survive an attack so that voters can trust the results of the election,” said Nellie Gorbea, the Rhode Island secretary of state.

National: Election officials get training before 2020 voting begins | Christina A. Cassidy/Associated Press

When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. This year, the main theme is election security. The change since 2016 underscores how election security has become a top concern with presidential nominating contests set to begin next week. Kicking off Thursday’s meeting was a training exercise coordinated by the Department of Homeland Security. Election officials from 44 states joined officials with 11 federal agencies and representatives from more than a dozen voting technology companies to participate in the half-day exercise to help them keep votes secure. “We’ve come a long ways,” said Iowa Secretary of State Paul Pate. “That’s the strength of doing these tabletops: putting everyone in the same room so we have that contact and preparing for whatever scenarios might come up.” The vast majority of panels at the biannual meetings of the National Association of Secretaries of State and the National Association of State Election Directors are dedicated to cybersecurity, from what states can do to disrupt hacking attempts to the threat of ransomware.

National: House GOP introduces bill to secure voter registration systems against foreign hacking | Maggie Miller/The Hill

Republicans on the House Administration Committee on Wednesday introduced legislation that would seek to update a long-standing federal election law and secure voter registration databases from foreign hacking attempts. The Protect American Voters Act (PAVA) would require the Election Assistance Commission (EAC) to establish the Emerging Election Technology Committee (EETC), which would help create voluntary guidelines for election equipment, such as voter registration databases, not covered under the Help America Vote Act (HAVA). HAVA was signed into law in 2002 following problems with voting during the 2000 presidential election. The law established the EAC and set minimum election administration standards.  The EETC would be empowered to bypass the existing Voluntary Voting Systems Guidelines process, which is a voluntary set of voting requirements that voting systems can be tested against to ensure their security and accessibility. The new bill would also establish an Election Cyber Assistance Unit within the EAC, which would help connect state and local election officials across the country with cybersecurity experts who could provide technical support. 

National: Securing elections starts with securing voter registration | Samuel S. Visner/StateScoop

It’s Nov. 3, Election Day: You go to the polls at the school where you’ve cast your ballots for the last 15 years, only to be told you are no longer on the voter registration list. And according to your state’s online database, you’re now supposed to be voting at a church 15 miles away. You’re confused, angry and late for work. So, you don’t vote. And your candidates of choice lose. How would you feel about those who won, much less the democratic process, after that? Attacking voter registration databases is one of the many ways threat actors could attempt to tamper with this year’s presidential election. After the 2016 election cycle, U.S. intelligence officials concluded that hostile nation-state actors attempted to access voter files in all 50 states and succeeded in some states, including Illinois. These and other kinds of compromises, such as ransomware that could deny election officials’ access to critical voter data during the 2020 election, could undermine confidence in U.S. institutions and the perceived legitimacy of those elected.

National: There’s a new cross-country effort to train election and campaign pros on digital security | Joseph Marks/The Washington Post

A team from the University of Southern California has embarked on a 50-state tour to give cybersecurity training to poll workers and state and local campaign staffers who will be the last line of defense against Russian hacking in 2020. The group, called the Election Cybersecurity Initiative, views itself as a bottom-up, grass-roots counterpart to national-level election security efforts led by the Department of Homeland Security in the wake of Russia’s election interference in 2016. It’s hoping to advise local election officials, Election Day volunteers, ground-level campaign door-knockers and even interns in both political parties who national officials are unlikely to reach. The group also wants to build a network of cybersecurity experts at universities across the nation who can help secure local races and polling sites. “There are incredible grass-roots resources and folks who are highly educated,” Justin Griffin, the group’s managing director, told me. “We’re really going to the states to touch those folks who could never take the time or have the budget to come to Washington for a session like this.” The cross-country effort, which launched in Maryland this week, is yet another example of how the threat of hacking and disinformation is affecting every part of the elections and campaign process. The group, which is funded with a grant from Google, is modeling itself after an election campaign and using the tagline: “Our candidate is democracy.”

National: Election Officials To Convene Amid Historic Focus on Voting And Interference | Pam Fessler/NPR

Top election officials from all 50 states are meeting in Washington this week to prepare for 2020 — a gathering amid widespread concern over whether the upcoming elections will be fair and accurate, as well as free of the kind of foreign interference that marred the 2016 campaign. Despite major government efforts to upgrade security, an NPR/PBS NewsHour/Marist poll found that about 41% of Americans surveyed do not think the country is prepared to protect the U.S. election system from another attack. Voters also say their biggest concern is disinformation, followed by voter fraud and voter suppression. Forty-four percent think it’s likely that many votes will not actually be counted in 2020. While most voters have confidence in their state and local governments to run a fair election, 43% do not think those officials have done enough to make sure that there’s no foreign interference. Many more blame President Trump. Fifty-six percent say he has done little or nothing to keep the elections safe. A slim majority think the president, who has repeatedly questioned Russian tampering in 2016, actually encourages foreign interference.

National: It takes too long to detect hacking after elections. Here’s 3 ways to help. | Jeremy Epstein/Fifth Domain

In 33 states in America, millions of voters are still at risk of having their ballots deliberately changed, uncounted, undercounted, misrecorded or otherwise subverted. Why? Simply because these states either permit some form of Internet voting or because one or more parts of their voting processes are connected to the Internet. This should disturb us. What is doubly worrying is the fact that, even if an intrusion is detected in these systems, there is no way to determine with certainty the impact on vote counts from the malicious hacks without paper ballots. There is no paper-based, traceable record of citizens’ votes without paper ballots. This means there is no way to reliably audit the election results. While paper ballots don’t prevent hacks, they can nullify the impacts of hacks because they allow authorities to reliably and accurately recount votes. The ability to retrace elections is critical in many ways: to restore the will of the people by accurately reflecting their votes, and to maintain confidence in our elections and our democracy.

National: FBI breach notice rules lauded by states, but some want more | Derek B. Johnson/FCW

Under a recent policy change, the FBI will notify states if local election systems are hacked, but some state officials and lawmakers want the feds to commit to informing a broader range of stakeholders. The federal government, in particular the FBI, have taken heat for taking three years to notify the Florida state government and members of Congress that voter registration systems in two counties were breached by Russian hackers leading up to the 2016 elections. While U.S. officials have said they do not have any evidence that suggests voting machines or tallies were compromised, security experts say bad actors tampering with registration data can still sow confusion and wreak havoc on election day. Alabama Secretary of State John Merrill said he and his counterparts in other states spent years pressing the federal government to notify states about local election hacks, arguing that many counties and municipalities lack the technical resources to effectively respond to a breach of their election systems. “They’re not in a position to give any attention to what was going on and to try to correct the issue, and so if [the feds aren’t] contacting us, what’s the value of calling anyone?” he told FCW. “And when we explained that to [the federal government,] they understood.”