National: Security experts raise concerns about voting app used by military voters | Brian Fung/CNN

Security researchers are reporting flaws in a smartphone-based voting app that’s been used by military voters overseas and is now being tested for use in the US. The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they’re counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology. The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah. The company called the report “flawed” in a statement posted to its website Thursday. “We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” Voatz said in the statement. “The researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.” The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

National: Smartphone voting stirs interest — and security fears | AFP

West Virginia’s disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears. Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state. West Virginia recently expanded the program to people with physical disabilities. A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz “vulnerabilities” which could allow votes to be altered and potentially allow an attacker to recover a user’s secret ballot.

National: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy | Thomas Claburn/The Register

Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state. Based on their findings, published today in a paper [PDF] titled, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections,” researchers Michael Specter, James Koppel, and Daniel Weitzner conclude that internet voting has yet to meet the security requirements of safe election systems. “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” their paper states. “We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality.” Specifically, the researchers discovered that malware or some miscreant with root access to a voter’s mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK.

National: Researchers Find Security Flaws in Voatz Mobile Voting App | Andrea Noble/Route Fifty

A mobile voting app used by West Virginia and several local governments in the 2018 midterm elections contains vulnerabilities that could allow hackers to determine how someone voted or even change their vote, according to a report released Thursday by security researchers. Researchers from the Massachusetts Institute of Technology found the security flaws in the Voatz voting app, which was originally designed as a way for overseas service members to cast ballots. The researchers said their findings underscore prior security recommendations that the internet not be used for voting. “Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election,” said Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science. “Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.” In addition to West Virginia, several local governments, including ones in Washington state, Colorado, Utah and Oregon, have conducted their own pilots with the Voatz system. Additional states are also considering whether to use the app to assist absentee voters in upcoming elections.

National: MIT researchers find vulnerabilities in Voatz voting app used in multiple states | Maggie Miller/The Hill

A voting app used in multiple states during the 2018 midterms elections to allow for more accessible voting has cyber vulnerabilities that could allow for votes to be changed or exposed, researchers at the Massachusetts Institute of Technology (MIT) found. In a paper published Thursday, three MIT researchers found that Voatz had vulnerabilities that “allow different kinds of adversaries to alter, stop, or expose a user’s vote” and that the app also had several privacy issues due to the use of third-party services to ensure the app functioned. The researchers found that if an individual were able to gain remote access to the device used to vote on the Voatz app, vulnerabilities could have allowed that person to discover and change the votes cast. The researchers described their findings as being part of the first “public security analysis of Voatz” and noted that they used reverse engineering of the Android Voatz app to come to their conclusions. The Voatz app was used during the 2018 midterms in some municipal, state or federal elections in West Virginia, Colorado, Oregon and Utah. The company allows voters to cast their votes via an app and was rolled out in West Virginia as a way for overseas military personnel and other voters unable to physically go to the polls to cast their votes.

National: ‘Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws | Kim Zetter/VICE

A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals. An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday. The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system. The research was conducted by Michael Specter and James Koppel, two graduate students in MIT’s Computer Science and Artificial Intelligence Lab, and Daniel Weitzner, principal research scientist with the lab. Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded.

National: Senate GOP blocks election security bills as intel report warns of Russian meddling in 2020 | Igor Derysh/Salon

en. Marsha Blackburn, R-Tenn., blocked Democratic efforts to unanimously pass three bills related to election security despite warnings that Russia will interfere in the 2020 election. Sen. Mark Warner, D-Va., and Sen. Richard Blumenthal, D-Conn., tried to pass a bill that would require campaigns to report offers of foreign election assistance to the FBI, and another that would require campaigns to report such offers to the Federal Election Commission. “The appropriate response is not to say thank you, the appropriate response is to call the FBI,” Warner said, according to The Hill. “There is no doubt that [Trump] will only be emboldened in his efforts to illegally enlist foreign governments in his reelection campaign,” Blumenthal added. Sen. Ron Wyden, D-Ore., also tried to pass the Securing America’s Federal Elections Act (SAFE Act), which would provide additional funding to the Election Assistance Commission and would ban voting machines from being connected to the internet as well as machines that were manufactured in foreign countries. “America is 266 days away from the 2020 election, and Majority Leader McConnell has yet to take any concrete steps to protect our foreign elections from hacking or foreign interference,” Wyden said.

National: CISA leans into facilitator role in election security plan | Derek B. Johnson/FCW

Officials from the Cybersecurity and Infrastructure Security Agency often describe their role in election security as helping to coordinate and advise the larger ecosystem of election stakeholders. In a newly released strategic plan, the agency lays out its strategy for protecting the 2020 elections by largely leaning into that facilitator role, breaking down its coordination activities across four lines of effort: elections infrastructure, campaigns and political infrastructure, the American electorate and warning and response. To help protect digital and physical elections infrastructure, such as voting machines, election software systems and polling places, CISA views its role as largely complementary to that of states and localities, vendors and others on the front lines of election administration. Thus, getting those organizations to adopt better security practices through outreach and offers of federal resources are its prime tools.

National: Voting on Your Phone: New Elections App Ignites Security Debate | Matthew Rosenberg/The New York Times

For more than a decade, it has been an elusive dream for election officials: a smartphone app that would let swaths of voters cast their ballots from their living rooms. It has also been a nightmare for cyberexperts, who argue that no technology is secure enough to trust with the very basis of American democracy. The debate, long a sideshow at academic conferences and state election offices, is now taking on new urgency. A start-up called Voatz says it has developed an app that would allow users to vote securely from anywhere in the world — the electoral version of a moonshot. Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile voting. But where optimists see a more engaged electorate, critics are warning that the move is dangerously irresponsible. In a new report shared with The New York Times ahead of its publication on Thursday, researchers at the Massachusetts Institute of Technology say the app is so riddled with security issues that no one should be using it.

National: MIT researchers identify security vulnerabilities in voting app | Abby Abazorius/MIT News

In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting. Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.

National: CISA and states tell Senate more cybersecurity resources needed | Benjamin Freed/StateScoop

State IT officials and the federal government’s top civilian cybersecurity official told members of the U.S. Senate Tuesday that the federal government needs to provide state and local governments with more assistance and expertise in protecting their networks and other critical infrastructure. Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency; Michigan Chief Security Officer Chris DeRusha; and Amanda Crawford, executive director of the Texas Department of Information Resources, each told members of the Senate Homeland Security Committee that while collaboration on cybersecurity between states and the federal government has improved in recent years, funding and resources for those activities are still in short supply. Krebs acknowledged his agency was not built to support state and local governments when it became the Department of Homeland Security’s newest branch in late 2018. But with ongoing threats to election security and a spike in ransomware attacks against local governments, he said, “we have had to build out our support to states.”

National: How Can State and Local Agencies Better Collaborate on Cybersecurity? | Phil Goldstein/StateTech Magazine

Some state governments, such as Massachusetts, have established formal plans to work with localities within their states on cybersecurity. However, as ransomware attacks proliferate across the country and strike big cities and small towns alike, state-level organizations say there needs to be greater IT security coordination between states and municipalities. Last month, the National Governors Association and the National Association of State Chief Information Officers released a report, “Stronger Together: State and Local Cybersecurity Collaboration,” designed to showcase best practices for such collaboration. “State governments are increasingly providing services to county and municipal governments, including endpoint protection, shared service agreements for cyber defensive tools, incident response and statewide cybersecurity awareness and training,” the report notes. At a minimum, the report says, increased engagement can provide government agencies with “a more accurate threat picture to enhance state and local governments’ cyber posture.” Yet agencies need to move beyond mere information sharing to “leverage limited resources for enhanced cyber capabilities,” the report notes.

National: Russia will try to meddle in 2020 U.S. election, intelligence report says | Courtney Kube/NBC

Russia interfered in Western elections in 2019 and is likely to do so again in 2020, according to the latest annual threat assessment by the Estonian Foreign Intelligence Service. NBC News obtained an exclusive preview of the annual report from the Baltic nation’s intelligence agency, which warns that Russia will continue to pursue cyber operations that threaten other nations. “Russia’s cyber operations have been successful and, to date, have not been sanctioned enough by the West to force Russia to abandon them,” the report says. Russia will try to interfere in the U.S. presidential election in November and in parliamentary elections in the nation of Georgia in October, it warns, saying, “The main goal is to ensure a more beneficial election result for Russia by favoring Russian-friendly candidates or those who have the most divisive influence in the West.”

National: Senate GOP blocks three election security bills | Jordan Carney/The Hill

Senate Republicans blocked an effort by Democrats to unanimously pass three election security-related bills Tuesday, marking the latest attempt to clear legislation ahead of the November elections. Democrats tried to get consent to pass two bills that require campaigns to alert the FBI and Federal Election Commission (FEC) about foreign offers of assistance, as well as legislation to provide more election funding and ban voting machines from being connected to the internet. But Sen. Marsha Blackburn (R-Tenn.) opposed each of the requests. Under the Senate’s rules, any one senator can ask for unanimous consent to pass a bill, but any one senator can object and block their requests. Blackburn accused Democrats of trying to move the bills knowing that GOP lawmakers would block them and giving them fodder for fundraising efforts. “They are attempting to bypass this body’s Rules Committee on behalf of various bills that will seize control over elections from the states and take it from the states and where do they want to put it? They want it to rest in the hands of Washington, D.C., bureaucrats,” she said.

National: After GAO critique, DHS releases 2020 election security plan | Dean DeChiaro/Roll Call

The government’s top cybersecurity agency will focus on four key objectives to secure this year’s elections from hacking and other interference: protecting election infrastructure, assisting political campaigns, increasing public awareness about foreign intrusion, and facilitating the flow of information on vulnerabilities and potential threats between the public and private sectors. That’s according to the Cybersecurity and Infrastructure Security Agency’s #Protect2020 Strategic Plan, issued by the Homeland Security Department on Friday. The blueprint follows a Government Accountability Office report that said the agency would struggle to execute a nationwide strategy without a finalized agenda. The strategic plan describes the agency’s plans to work with federal law enforcement and state and local election officials on a “whole-of-nation effort” to defend electoral systems. “If we learned anything through 2016 and the Russian interference with our elections, it’s [that] no single organization, no single state, no locality can go at this problem alone,” CISA Director Christopher Krebs said in the report.

National: White House Budget Gives Election Assistance Commission More Funding, But Expert Says It’s Not Enough | Courtney Bublé/Government Executive

Amid growing concern about the integrity of the nation’s election systems, President Trump gave the federal agency charged with coordinating efforts to ensure accurate and secure voting a slight funding increase as part of his fiscal 2021 budget request to Congress, but one expert says it would not be nearly enough. On Monday, the White House sent Congress a $4.8 trillion budget request for fiscal 2021 that would increase military spending by 0.3% and decrease non-defense spending by 5%. For the bipartisan and independent Election Assistance Commission, the plan proposed allocating a little over $13 million, of which $1.5 million would be transferred to the National Institute of Standards and Technology. This would represent a $300,000 increase over fiscal 2020 enacted levels, after subtracting a one-time allocation for relocation expenses from the 2020 total. While some election security experts applauded the slight funding boost in Trump’s proposal, others say more is needed for the agency that certifies voting systems and serves as an information clearinghouse for best practices in election administration.

National: As Targets, States Need to Be Prepared for the 2020 Election | Tom Guarente/StateTech Magazine

With the first 2020 election primaries upon us, state government leaders are faced with the critical question of whether their election systems are prepared for looming cybersecurity threats. Foreign threat actors have shown again and again their interest in undermining one of the most sacred rights Americans hold: the vote. In Florida, it’s been reported, Russian interference in voter roll systems had the potential to alter results during the 2016 midterm elections. In Illinois, media reports show, there’s evidence that hackers working for Russian military intelligence installed malware on the network of a voter registration technology vendor. In fact, all 50 states’ election systems were targeted by Russia in 2016, according to a July 2019 report from the U.S. Senate Select Committee on Intelligence. Cyber-enabled election threats did not end in 2016. In the 2018 midterm elections, FireEye identified multiple social media accounts impersonating congressional candidates and spreading pro-Iran messages.

National: Iowa’s app fiasco worries mobile voting advocates | Tonya Riley/The Washington Post

The fiasco caused by an app that failed to properly transmit votes in the Iowa caucuses is worrying the mobile voting industry, which hoped 2020 would be a banner year. Companies — and proponents of incorporating more technology into elections — are trying to avoid being lumped in with the hastily made app used in Iowa. They’re saying its failure proves serious investment in user-friendly, secure election technology is more critical than ever. “We need to ensure that every new idea is tested, transparent and secure — just like the eight successful mobile voting pilots conducted to date,” Bradley Tusk, the founder and CEO of Tusk Philanthropies, said in a statement. “Enough is enough. 2016 should have been enough of a wake-up call. Iowa just confirmed it.” Tusk Philanthropies has funded pilots for mobile voting across the country, launched in a push to increase participation in elections. Unlike the app used in Iowa, which was developed to relay vote counts, the pilots use technologies that allow voters to easily vote from their mobile phones. So far, the pilots have largely been limited to eligible uniformed and overseas voters and voters with disabilities. But any expansion is sure to fall under an even more critical spotlight. Any malfunction — or hack — of an app used directly for voting in 2020 could have far greater impact in undermining public faith in the Democratic process than one Democratic caucus gone wrong.

National: Bipartisan lawmakers introduce bill to combat cyber attacks on state and local governments | Juliegrace Brufke/The Hill

A bipartisan group of lawmakers on Monday introduced a bill that would establish a $400 million grant program at the Department of Homeland Security (DHS) to help state and local governments combat cyber threats and potential vulnerabilities. Under the legislation — led by Reps. Cedric Richmond (D-La.), John Katko (R-N.Y.), Derek Kilmer (D-Wash.), Mike McCaul (R-Texas), Dutch Ruppersberger (D-Md.), Bennie Thompson (D-Miss.) and Mike Rogers (R-Ala.) — DHS’ Cybersecurity and Infrastructure Security Agency (CISA) would be required to develop a plan to improve localities’ cybersecurity and would create a State and Local Cybersecurity Resiliency Committee to help inform CISA on what jurisdictions need to help protect themselves from breaches. The group noted that state and local governments have become targets for hackers, having seen an uptick in attacks in recent years. “It provides more grant funding to state and locals for cybersecurity my own state of Texas impacted, particularly as tensions rise in Iran, for instance, we are seeing more cyber attacks coming out of Iran,” McCaul told The Hill. “And then of course going into the election we will make sure that our voting machines are secure.”

National: Voting Process Under Spotlight After Iowa Confusion | Alexa Corse/Wall Street Journal

States conducting presidential nominating contests in the weeks ahead are facing new scrutiny of their voting processes, after glitches caused confusion over which candidate prevailed in Iowa’s caucuses last week. Federal and local law-enforcement officials huddled at a Manchester, N.H., conference center on Friday morning, gaming out responses to hypothetical hacking scenarios ahead of New Hampshire’s Tuesday primary. The meeting included representatives from the U.S. Secret Service and from the police forces of Manchester, Concord and Nashua, along with private-sector experts. The Manchester gathering, which had been scheduled for months, is one example of intensified efforts nationwide to secure the voting process since 2016, when Russia was found to have interfered in the U.S. presidential election. But such efforts have taken on a new urgency after Iowa’s debacle. The failure of a results-reporting app, due to what the Iowa Democratic Party called a coding issue and a series of problems cascading from those glitches, showed that foreign meddling isn’t the only risk, experts say.

National: US counterintel strategy emphasizes protection of democracy | Eric Tucker/Associated Press

The U.S. government’s top counterintelligence official said Monday that he was concerned Russia or other foreign adversaries could exploit the chaos of the Iowa caucuses to sow distrust in the integrity of America’s elections. “How can an adversary take what happened in Iowa and pour gasoline on it?” Bill Evanina, the director of the National Counterintelligence and Security Center, told reporters at a briefing. Evanina’s comments came as he unveiled a strategy document aimed at guiding the government’s national security priorities over the next two years. The document identifies the U.S. economy, infrastructure, democracy and supply chains as areas being routinely targeted by foreign governments and in need of heightened protection. Election security, particularly combating foreign influence in U.S. politics, accounts for one of the counterintelligence community’s top priorities as voters head to the polls this year. A malfunctioning app used by the Iowa Democratic Party caused a delay in the reporting of caucus results last week and fueled calls for a recanvassing. Because of the delay and after observing irregularities in the results once they did arrive, The Associated Press says it cannot declare a winner.

National: Senate panel wants politicians to put party aside for election security. Fat chance in 2020. | Joseph Marks/The Washington Post

A long-awaited Senate Intelligence Committee report admonishes politicians to forget about politics when dealing with election interference operations and to exercise maximum restraint before suggesting an election was hacked or corrupted.

Good luck with that.

“Restraint” is not the operative word in the Trump era. The bipartisan report arrived just days after President Trump’s 2020 campaign manager Brad Parscale suggested without evidence on Twitter that a long delay in reporting Iowa caucuses results was because of a #RiggedElection. In fact, the count was marred by technical issues. And while the Republican-run committee states “the President of the United States should take steps to separate himself or herself from political considerations when handling issues related to foreign influence operations,” Trump has not been living by that mantra. Nor has he been “explicitly putting aside politics when addressing the American people on election threats.” The president has openly contemplated accepting dirt on his opponents from foreign nations in the 2020 race — and cast doubt on the intelligence community’s conclusion that Russia interfered on his behalf in 2016. And the Senate acquitted the president just this week after the House impeached him for pressuring Ukraine’s leader to help dig up dirt on the family of a political rival, former vice president Joe Biden.

National: Iowa Breakdown Reveals Broken Election Technology Ecosystem | Alyza Sebenius and Bill Allison/Bloomberg

The chaos at the Iowa caucus has been blamed on a small startup called Shadow Inc., but what happened this week is also emblematic of wider problems plaguing the world of election technology. It’s hard to get sophisticated technology companies to build such technology because most buyers have small budgets, and disappear after Election Day. In a four-year presidential election cycle, one campaign’s killer app is woefully obsolete by the next. So political parties and campaigns often create the technology themselves or hire small firms to do it for them. “The tech companies with depth of knowledge and understanding tend to shy away from building critical voting systems,” said Charles Stewart III, a professor and elections scholar at the Massachusetts Institute of Technology.

National: Gutted Election Assistance Commission struggles to recover | Bill Theobald/The Fulcrum

Nine months from an intensely contested presidential election already clouded by anxiety about the integrity of the results, the main federal agency overseeing the process is struggling to get back on its feet after years in turmoil. The Election Assistance Commission is unknown to most Americans. But it certifies the reliability of the machines most voters will use this fall, and it’s at the epicenter of efforts to protect our election systems from being hacked by foreign adversaries. And since last fall it’s been without an executive director or general counsel to coordinate the government’s limited supervision over how states and thousands of localities plan for the 2020 balloting. In fact, none of eight top officials listed on the agency website in March 2017, when the extent of Russian interference in the last presidential election was just becoming clear, are still with the agency. Neither are eight of the other 16 staff members who worked there then. And years of budget cuts have only recently started to be reversed. The ability of the already tiny operation to do its job in the leadup to November — when turnout and fear of hacking could both reach record levels — could go a long way to determining whether the world believes President Trump was either defeated or re-elected fair and square. It is a tall order that will be left largely to the four politically appointed commissioners, and two of them are new since Trump took office. Only a year ago did the EAC gain a full complement of members for the first time in almost a decade.

National: The Iowa caucus app isn’t the only new election tech | Rebecca Heilweil/Vox

Election security in the United States seems more precarious than ever. As the November 2020 election grows closer, states and counties have charged ahead with their own plans to secure — and improve — their voting systems. Congress, meanwhile, has failed to send much-needed reforms to the president’s desk. Anxiety over the mechanics of this year’s election has spiked following the disaster that was the Iowa Democratic caucus. While there’s no reason to believe that the very poorly developed app used in the caucus was hacked, the fiasco does have lawmakers spooked on a number of fronts, as it’s increasingly becoming clear that the integrity of the nation’s elections can be compromised in a variety of ways. In fact, after the phone number for reporting precinct results was posted online, supporters of President Donald Trump managed to flood phone lines and interfere with the counting of results, according to Bloomberg. You could say the country is more vulnerable to election interference than ever. Some worry, with good reason, that the worst is yet to come.

National: The progress the government has made on election security | Andrew Eversden/Fifth Domain

The latest Senate report on Russian interference in the 2016 election, released Feb. 6, contained several broad recommendations for how the government can improve effectiveness in securing American elections. While the Senate Select Committee on Intelligence’s third volume lists seven recommendations for correcting shortfalls made by the Obama administration in responding to Russian election interference, the federal government has already made progress in several of the recommended areas since the committee started its report. The committee recommends that the executive branch “bolster” partnerships with countries considered “near abroad” to Russia. The bipartisan report states that Russia has been using these countries as a “laboratory” for perfecting information and cyber warfare. For example, in the military conflict between Ukraine and Russian, Russian-backed hackers have targeted the government and shut down the country’s power grid. Expanding partnerships with such countries will “help to prepare defenses for the eventual expansion of interference techniques targeting the West,” the report read.

National: Election Security 2020: States Take Cybersecurity Measures Ahead of November | Adam Stone/StateTech Magazine

In the Buckeye State, officials are doing more than just keeping an eye on the upcoming national elections. As the threat of cyber tampering looms large, state and local leaders are working diligently to ensure voting is secure. “We want to set the tone for the rest of the nation,” says Ohio Secretary of State Frank LaRose, who in June issued a 34-point directive to guide state, county and local efforts on election cyber strategies. It calls for the use of event logging and intrusion detection tools, along with segmentation — disconnecting voting apparatus from external networks. “We want to make sure our boards of elections aren’t leaving a door opened by being attached to other, less secure assets,” LaRose says. Ohio may be out in front, but it is hardly alone. Authorities in all 50 states are taking steps to not only to secure the vote, but to ensure that the public perceives that vote as valid. They are getting help from the federal government, including the Cybersecurity and Infrastructure Security Agency, an operational component under the U.S. Department of Homeland Security. Experts say the aggressive action is justified, given the high likelihood that adversarial nations and other bad actors could try to tamper with the election.

National: Russia engaging in ‘information warfare’ ahead of 2020 election, FBI chief warns | Eric Tucker/Associated Press

The FBI director, Christopher Wray, has warned that Russia is engaged in “information warfare” heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America’s election infrastructure. Wray told the House judiciary committee that Russia, just as it did in 2016, is relying on a covert social media campaign aimed at dividing American public opinion and sowing discord. That effort, which involves fictional personas, bots, social media postings and disinformation, may have an election-year uptick but is also a round-the-clock threat that is in some ways harder to combat than an election system hack, Wray said. “Unlike a cyber-attack on an election infrastructure, that kind of effort – disinformation – in a world where we have a first amendment and believe strongly in freedom of expression, the FBI is not going to be in the business of being the truth police and monitoring disinformation online,” Wray said.

National: Iowa and the grand tradition of election tech mishaps | Andrew Gumbel/The Guardian

The great Iowa caucus meltdown of 2020 may be triggering anguish, anger and, on the Republican side of the political fence, expressions of unalloyed glee; but for one Miami lawyer and voting rights activist it is also bringing back vivid memories of another high-profile primary contest that fell victim to untested new technology and administrative incompetence. The year was 2002, and the race was a hotly contested Florida gubernatorial election in which Janet Reno, the former US attorney general, was vying for the Democratic party nomination against a prominent lawyer from Tampa. A politically connected company called Electronic Systems & Software (ES&S) was rolling out new touchscreen technology to replace the punch card machines that were widely blamed for the meltdown in the presidential election two years earlier between George W Bush and Al Gore. ES&S, though, was very far from ready for prime time. Many of the machines in Miami-Dade county took so long to boot up that polling stations could not open before lunchtime. When a freak storm caused power blackouts, the battery backup on many machines failed. One Miami precinct reported 900% turnout; another showed just one ballot cast. The governor declared a state of emergency, and Reno – who was trailing narrowly – demanded a re-examination of the ballots, only to realize that the new technology made recounts impossible.

National: Caucus Meltdown Tied to Democrats’ Little-Tested Mobile App | Michaela Ross, Kartikay Mehrotra and Chris Strohm/Bloomberg

The breakdown in reporting results from Iowa’s Democratic caucuses appears tied to failures in a mobile application that wasn’t ready for the load of a statewide election and which the head of the Homeland Security Department said wasn’t subjected to a cybersecurity test by his agency. “This is more of a stress or load issue as well as a reporting issue that we’re seeing in Iowa,” acting Department of Homeland Security Secretary Chad Wolf said in a Fox News interview Tuesday. Wolf said there’s little evidence of hacking of the app, which precinct officials struggled to use on Monday night. He said that his department’s cyber division had offered to test the software for vulnerabilities but was declined.… But the failure spotlights the need for hard-copy backups across election systems, as a handful of states are still using voting machines that don’t produce a paper receipt, according to Marian Schneider, president of the voting advocacy group Verified Voting and former deputy secretary for elections of Pennsylvania. “It’s clear that mobile apps are not ready for prime time, but thankfully Iowa has paper records of their vote totals and will be able to release the results from those records,” Schneider said.