National: Key House Republican demands answers on federal election security efforts | Maggie Miller/The Hill

Illinois Rep. Rodney Davis, the top Republican on the House Administration Committee, demanded answers from the Election Assistance Commission (EAC) on Monday regarding election security oversight issues. In a letter to the EAC, Davis posed a series of questions, citing the committee “Majority’s inadequate oversight of your Commission” during an EAC oversight hearing on May and the recent testimony by former special counsel Robert Mueller as key factors in sending the letter.  “I remain committed to ensuring that local election officials have every resource they need to provide for a secure election in 2020,” Davis wrote. “Effective and focused oversight over the EAC is critically important in this mission.” Questions included what steps the EAC is taking to ensure there is a plan in place to coordinate with the Department of Homeland Security in the event of a threat to election infrastructure in 2020, how the EAC is communicating its activities to the public, and details around the new Voluntary Voting Systems Guidelines 2.0, which are a national voluntary set of standards for voting systems. Davis gave the EAC until Sept. 2 to respond. A spokesperson for the EAC told The Hill the commission has “received the letter and will respond to Congress within the agreed upon deadline.”

National: Judge signals interest in removing Mueller report redactions | Darren Samuelsohn/Politico

A federal judge signaled Monday he’s considering removing the Mueller report’s redactions. During more than two hours of oral arguments in Washington, District Judge Reggie Walton appeared on several occasions to side with attorneys for BuzzFeed and the nonprofit Electronic Privacy Information Center, which are seeking to remove the black bars covering nearly 1,000 items in former special counsel Robert Mueller’s final 448-page final report. Walton didn’t issue an opinion from the bench on the case, which centers on a pair of consolidated lawsuits filed against the Justice Department under the Freedom of Information Act. But the judge, an appointee of President George W. Bush, sounded increasingly skeptical of the government’s arguments pressing him to leave the redactions untouched. “That’s what open government is about,” Walton said during one exchange, citing the resolution of a 2008 sex crimes case against financier Jeffrey Epstein as an example of how obfuscating the reasons behind not prosecuting high-profile people generates public distrust in the country’s criminal justice system.

National: Bipartisan Agreement on Election Security—And a Partisan Fight Anyway | Scott R. Anderson, Eugenia Lostri, Quinta Jurecic, Margaret Taylor/Lawfare

The good news is that national security bipartisanship in Congress lives. The bad news is that the only place it lives is in the pages of the Senate Intelligence Committee report on Russian election interference. The report, released on July 25, offers a thorough—if often redacted—assessment of Russian threats against U.S. voting infrastructure in 2016. It paints an alarming picture of the scope and scale of Russia’s efforts and an equally alarming picture of the degree of vulnerability that persists in U.S. election systems heading into the 2020 election. While it describes no evidence of vote tallies being manipulated or votes being changed, it does describe how “Russian government-affiliated cyber actors conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. elections.” The report is a serious work and reflects a level of bipartisan cooperation that is vanishingly rare in Washington these days. The committee and its staff should be commended for that. The problem is that while both sides appear to agree on the nature of the threat, Republicans and Democrats remain sharply divided over what, if anything, to do about it. And that division became painfully apparent the very day the committee released the report.

National: Former DHS, intelligence leaders launch group to protect presidential campaigns from foreign interference | Maggie Miller/The Hill

Two former Homeland Security secretaries, along with other former top intelligence officials, launched a non-profit group on Tuesday intended to protect presidential campaigns from foreign interference, such as cyber attacks, at no cost. The new U.S. CyberDome group’s Board of Advisors will be chaired by former Department of Homeland Security (DHS) Secretary Jeh Johnson, who served under former President Obama. Other members of the board will include former DHS Secretary Michael Chertoff, who served under President George W. Bush, former CIA Director Michael Morell, former Director of National Intelligence Lt. Gen. James Clapper, and Brig. Gen. Francis Taylor, the former DHS under secretary of Intelligence and Analysis. The former leaders put together the organization due to alarm over how exposed political campaigns were to cyber interference and the lack of protection available to campaigns and voters to protect against these threats. It will work with charities and other donors to provide funding for cyber protections for presidential campaigns.

National: Voting machines run on antiquated operating systems | Grant Gross/Washington Examiner

As the presidential election nears, lawmakers and security experts are raising questions about the security of electronic voting machines used in many parts of the country. The latest concerns focus on devices running Windows 7 and other older operating systems. The Associated Press reports that the “vast majority” of the nation’s 10,000 election jurisdictions use Windows 7 or older operating systems to create ballots, program voting machines, tally votes, and report counts. … Meanwhile, some election security experts say the use of old operating systems is only one concern of many. Electronic voting machines are vulnerable to security risks, claimed Marian Schneider, president of Verified Voting, a group pushing for paper audits of electronic voting machines.

“Software can present risks,” she said. “This is a software issue.”

Electronic voting machines should undergo regular security audits, suggested Jamie Cambell, a security consultant and founder of GoBestVPN, which is a site that reviews virtual private networks. Those security audits should be open-sourced so that multiple security experts can review them, he recommended.

“There are many things that can make electronic voting machines insecure,” Cambell added. “It’s not just the machines or operating systems. It can be the way that the machines store and transmit the data.”

National: 5 big takeaways from Politico’s national survey of election offices | Eric Geller/Politico

Paperless voting machines are a glaring weakness in U.S. election infrastructure. They are dangerous, experts say, because they lack paper voting records, making them vulnerable to malfunctions or intrusions that could undetectably change votes. With top U.S. intelligence officials predicting the return of Russian hackers in 2020, cybersecurity experts have urged state and local governments to replace their paperless machines as soon as possible. Since March, POLITICO has been tracking their progress. The nationwide picture is mixed: Some states and counties are moving quickly to buy paper-based machines and others are doing nothing at all. Here are the five big takeaways from POLITICO’s nationwide survey:

1) Many counties don’t have enough money to upgrade

In hundreds of small counties, election officials can’t afford to buy new voting machines, however insecure their current systems are. Between schools, infrastructure, police, environmental protection and emergency services, counties have enough on their plate without having to worry about their voting machines.

The fact that these machines are used so infrequently is another reason they often slip down the list of counties’ spending priorities. It’s hard to justify buying new voting machines when there are overcrowded schools or crumbling hospitals. “It is a huge expense for small rural counties,” said Cheri Hawkins, the clerk in Shackelford, Texas. “I would love to be able to update!”

National: Russian Election Hacking Could Be Much Worse in 2020 | Jonathan Chait/New York Magazine

What if Trump fails to win the Electoral College in 2020? Would he refuse to accept the results of an election? The first thing to remember is that he already has. Back when Hillary Clinton was viewed as 2016’s likely victor, one widely expressed fear was that Donald Trump would not abide by the outcome, threatening the tradition of peaceful transfer of power that has survived more than two centuries. What happened instead was something nobody anticipated: Trump won — and still refused to accept the election results. He has never stopped insisting that the national vote, which his opponent carried by nearly 3 million ballots, was stolen. He has periodically charged that millions of undocumented immigrants cast votes for Clinton and that this fraud was carried out, for some reason, in California, rather than in states where it might have had some bearing on the outcome. In a recent address to the Turning Point USA Teen Summit, Trump went further. “Don’t kid yourself, those numbers in California and numerous other states, they’re rigged,” he said to applause. “You got people voting that shouldn’t be voting. They vote many times, not just twice, not just three times. They vote — it’s like a circle. They come back; they put a new hat on. They come back; they put a new shirt. And in many cases, they don’t even do that. You know what’s going on. It’s a rigged deal.”

National: EAC plans Windows 7 confab | Tim Starks/Politico

The EAC will convene state and local election supervisors, federal officials and cyber experts to discuss the ramifications of Microsoft sunsetting support for Windows 7, which is still used in many voting systems. “It is essential that the election community and the EAC have a full appreciation not only for the scope of this specific software issue, but also the issues of patching and internet connectivity more broadly,” EAC Chairwoman Christy McCormick told Sen. Ron Wyden (D-Ore.) in a July 26 letter. Wyden had asked how the EAC was handling the issue, including whether it would decertify machines running Windows 7 before the Jan. 15, 2020, sunset. McCormick didn’t answer that question but noted that decertification “has wide-reaching consequences” and that the EAC has an established policy for when to initiate it. Election Systems & Software, one of the companies still selling Windows 7-based voting systems, has submitted new technology for certification that runs on Windows 10 and Windows Server 2016, McCormick told Wyden. “The test plan has been approved by the EAC,” she wrote, “and testing is underway.” Based on the EAC’s conversations with vendors, she said, “we are confident that they are working to address” the Windows 7 issue. The vendors “are in direct contact with Microsoft,” she added, and “have received commitments from Microsoft regarding software support.” She did not say whether Microsoft had promised free updates for these products; the company plans to charge everyone else for continued Windows 7 support.

National: DARPA wants help cracking the election security problem | Kelsey D. Atherton/Fifth Domain

If election security is an engineering problem, the Defense Advanced Research Projects Agency is heading to the right place to solve it. The Pentagon’s blue skies projects agency is taking its System Security Integrated Through Hardware and Firmware (SSITH) to the 2019 DEF CON hacking conference to demonstrate its capabilities before the dark lords and apprentices of the underground community. SSITH will be on display as part of the conference’s Voting Village, where researchers will explore what can and cannot be done to interfere with voting machines and, by extension, elections. “We expect the voting booth demonstrator to provide tools, concepts and ideas that the election enterprise can use to increase security; however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices and beyond,” said Dr. Linton Salmon, the program manager leading SSITH, in a release from DARPA. DARPA sees securing faith in the literal machinery of elections as a national security issue. To prove that faith in the security systems is warranted, they have prepped the “SSITH voting system demonstrator,” with processors mounted on programmable arrays and installed in a ballot box. To get to the system, hackers can enter via either an Ethernet port or a USB port, loading software to try and get past the system’s hardware gatekeeping and security functions.

National: Experts’ Views On NSA Launching New Cyber-Security Directorate | Sophanith Song/The Organization for World Peace

The National Security Agency (NSA) has announced its intention to create “cybersecurity directorate” in order to defend against foreign cyber interference. The cyber defense arm launch date is currently set to be this fall.  According to the NSA, Anne Neuberger, who is currently the Director’s Senior Advisor, will be leading the Cybersecurity Directorate. The advisor also used to serve as NSA assistant deputy director of operations, chief risk officer and head of the NSA/US Cybercom Election Security Small Group that involved in working to prevent foreign interference with 2018 US midterm elections. The launch of this initiative was believed to be motivated by the upcoming 2020 general election. The NSA continued by stating that this approach to this cybersecurity objective will prepare the NSA in a suitable state to corporate with a key partner across the United States government such as the US Cyber Command, Department of Homeland Security and Federal Bureau of Investigation. The initiative will also prepare the NSA to easily share information with the customer with equipped security measure against malicious attacks. According to the Wall Street Journal, the NSA recently concur with a “broader fusion” of intelligence agency’s offensive and defensive portfolio.

National: Congress’ fight over election security bills | Mary Clare Jalonick/Associated Press

While House Democrats are haggling over whether to consider impeachment of President Donald Trump, Senate Democrats are focusing on a different angle in former special counsel Robert Mueller’s report — securing future elections from foreign interference. Democrats have tried to pass several election security bills in recent weeks only to have them blocked by Republicans, who say they are partisan or unnecessary. The federal government has stepped up its efforts to secure elections since Russians intervened in the 2016 presidential election, but Democrats say much more is needed, given ongoing threats from Russia and other countries. Senate Majority Leader Mitch McConnell has seethed in response to criticism over the issue, including some Democrats’ new moniker for him: “Moscow Mitch.” In an angry floor speech on Monday, he noted that Congress has already passed some bills on the subject, including ones that give money to the states to try to fix security problems. McConnell also left the door open to additional action, saying “I’m sure all of us will be open to discussing further steps.” Senate Minority Leader Chuck Schumer predicted that Democrats’ “relentless pushing” will work. “We’re forcing his hand,” Schumer said. The top Democrat on the Senate intelligence committee, Virginia Sen. Mark Warner, said Thursday that he’s “much more optimistic than even 10 days ago” that the Senate will ultimately pass something on election security. Warner said he believes that in his home state, at least, the issue “has broken through” with voters more than other aspects of Mueller’s probe. But action will have to wait until at least September, with senators having scattered from Washington for the summer recess.

National: Inside the DEF CON hacker conference’s election security-focused Voting Village | Joe Uchill/Axios

The DEF CON hacker conference’s Voting Village event has become a testing ground for our national debate over voting security, referenced by Senate reports, several congressmen and even a presidential candidate (albeit incorrectly, see below). This year’s version, happening next week, comes with some upgrades. The big picture: Now in its third year, the event is traditionally one of the only places where many security researchers get a chance to audit the security of election systems.

Background: Voting Village burst onto the scene in 2017, when it took hackers only a matter of minutes to discover serious problems with machines. That was despite it being the first time many of the hackers had seen the systems.

National: Schumer predicts McConnell will take up election security | Burgess Everett/Politico

Mitch McConnell rarely budges in the face of political pressure. But Chuck Schumer thinks election security is an exception. The Senate minority leader predicted on Thursday that the majority leader will buckle and take up federal election security, a once-bipartisan issue. But though Democrats have continued their push in the House and Senate, McConnell (R-Ky.) has thus far resisted. “I predict that the pressure will continue to mount on Republican senators, especially Leader McConnell, and they will be forced to join us and take meaningful action on election security this fall,” Schumer said. “My prediction is our relentless push is going to produce results.” Though McConnell rarely rethinks opposition to legislation, he did allow criminal justice reform legislation on the Senate floor last year that he initially declined to take up. But that pressure came from President Donald Trump, not the party trying to oust him as majority leader.

National: DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking | Kelly Jackson Higgins/Dark Reading

US Defense Advanced Research Projects Agency (DARPA) researchers will set up three new smart electronic ballot-box prototypes at DEF CON’s famed Voting Village next week in Las Vegas, but they won’t be challenging hackers at the convention to crack them: They’ll be helping them do so. “We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices],” explains Daniel Zimmerman, principal researcher with Galois, a DARPA contractor working on the project. “We’re not daring them but actually helping them break this.” DARPA’s smart ballot box is the Defense Department agency’s prototype, featuring a secure, open source hardware platform that could be used not only in voting platforms, but also in military systems. It’s part of a broader DARPA project called System Security Integrated Through Hardware and Firmware (SSITH), which is developing hardware security architectures and tools that are better protected from hardware vulnerabilities exploited in software. DARPA ultimately hopes to build secure chip-level processors that thwart hardware hacks as well as software-borne attacks.

National: Will A Trump Trade Move Create An Election Mess For Overseas U.S. Voters? | Tierney Sneed/TPM

The Trump administration has supported plenty of moves to make it harder to vote. But an under-the-radar action President Trump took last year, as part of his trade war with China, may be a case of him just stumbling into that outcome, election experts fear. Trump is threatening to withdraw from the international body that oversees global mail delivery, putting at risk the stability and reliability of the current system of sending and receiving mail internationally. Any disruption to the international postal service, voter advocates say, could make an already difficult process of casting ballots for Americans abroad even more complicated. Among those who stand to be affected are members of the military overseas, whose ability to vote while serving their country has always been a politically sensitive issue.

National: Senator Feinstein introduces bill limiting use of voter data by political campaigns | Emily Birnbaum/The Hill

Sen. Diane Feinstein (D-Calif.) introduced a bill on Wednesday that would limit the use of voter data by political campaigns. The legislation is being touted as the first bill “directly responding to Cambridge Analytica,” the 2018 scandal that saw a right-wing political consulting firm use data on millions of American to target pro-Trump messaging at swing voters. Feinstein’s Voter Privacy Act seeks to give voters more control over the data collected on them by political campaigns and organizations. Under the legislation, voters would be allowed to access that data, ask political campaigns to delete it and instruct social media platforms like Google and Facebook to stop sharing personal data with those political entities. The legislation would intervene in the large and growing business around voter data, which campaigns increasingly use to direct their messaging.

National: Activists to Congress: Secure Elections or Risk a Repeat of 2016 | Gabriella Novello/WhoWhatWhy

The 2020 election could be vulnerable to another attack by hostile foreign actors if Senate Majority Leader Mitch McConnell (R-KY) continues to block election security legislation. Election integrity activists are urging Congress to take action after a bombshell report by the Senate Intelligence Committee found widespread attacks by the Russian government in the 2016 election. … Marian Schneider, president of Verified Voting, told WhoWhatWhy that the report proves that there can no longer be a dispute as to whether Russia actually interfered in the 2016 election. Schneider said that voting systems, the pieces that tabulate the vote, and voter registration databases need to be made resilient moving forward. “That means you have to be able to monitor the systems, detect that something has gone wrong, and recover,” she said, adding that voter-marked paper ballots are “the only way to do that.” Schneider also called for “uniform federal standards coupled with federal funding,” in light of the 2016 attack on US democracy.

National: A high-level Senate report confirms it: Our elections still aren’t safe | Michael McFaul/The Washington Post

In his congressional testimony last week, former special counsel Robert S. Mueller III once again confirmed the seriousness of Moscow’s attack on our democracy in the 2016 presidential election. Yet that wasn’t even the most important news for those of us who track Russian election interference. The Senate Intelligence Committee has just published the first section of its report on Russian efforts to influence the election. The bipartisan panel’s report has made headlines by showing that the Russians probably targeted elections systems in all 50 states in 2016. That calculated operation was designed not only to help Trump but also to undermine American democracy more generally. You’d think this report would give President Trump and Senate Majority Leader Mitch McConnell (R-Ky.) the perfect reason to support new legislation designed to enhance the security of our elections infrastructure in 2020. As the bipartisan report makes evident, enhancing cybersecurity for our election infrastructure is not a partisan issue — it’s an issue of national security. Department of Homeland Security representatives told the committee “there wasn’t a clear red state-blue state-purple state, more electoral votes, less electoral votes” pattern. So far, though, there is little sign that Trump and McConnell are paying attention.

National: Mitch McConnell just made sure election security will be key Senate campaign issue | Joseph Marks/The Washington Post

Senate Majority Leader Mitch McConnell, R-Ky., smacked back at critics who have accused him of leaving the 2020 election vulnerable to Russian hackers, accusing them of “modern-day McCarthyism.” McConnell offered an impassioned 25-minute defense of his election security record on the Senate floor as Democrats accuse him of consistently blocking their bills from coming up to a vote. “I’m not going to let Democrats and their water carriers in the media use Russia’s attack on our democracy as a Trojan horse for partisan wish list items that would not actually make our elections any safer,” McConnell said. “I’m not going to do that.” His stance ensures that election security will play a major role in Senate campaigns that are ramping up now — and Democrats are already seizing the moment to make McConnell look like the face of obstruction. Within minutes of the speech, Amy McGrath, a Kentucky Democrat and retired Marine lieutenant colonel who’s seeking McConnell’s seat, slammed the majority leader on Twitter. McGrath rattled off a list of election security provisions Democrats have sought to mandate, such as paper ballots and security audits for voting machines before asking: “Tell me again how that is partisan, @senatemajldr? Oh right, you can’t.”

National: Our lax cybersecurity risks our elections and our data. We need solutions | Andrew Grotto/CNN

Our national discussions about cybersecurity and privacy follow a frustrating pattern: a headline-grabbing incident like the recent Capital One breach occurs, Congress wrings its hands and policymakers more or less move on. So it is no surprise cybersecurity hasn’t been much of a focus as the race to the 2020 presidential election heats up. The issue is here to stay, and it should be debated by the candidates. Here are some concrete ideas that would significantly improve the safety and security of the nation — but require presidential leadership if they are to come to fruition. The candidates have been justifiably outraged over Senate Majority Leader Mitch McConnell’s stonewalling on election security legislation that would direct resources and expertise to state and local governments to help modernize election systems and implement paper-based backups for electronic voting, among other improvements. As Special Counsel Robert Mueller warned in Congressional hearings last week, the Russians and other bad actors will undoubtedly attempt to threaten the integrity of the 2020 election. This is no time to stand pat — Congress should pass — and the President should sign — legislation on election security before the 2020 election, not after.

National: Democrats take another stab at preventing foreign election interference | Maggie Miller/The Hill

House Democrats introduced legislation Tuesday that would require campaigns to report any foreign contacts to federal authorities, the latest push for election security following last week’s warnings from former special counsel Robert Mueller. The measure — sponsored by Democratic Reps. Elissa Slotkin (Mich.), Lauren Underwood (Ill.), and Jason Crow (Colo.) — would mandate federal campaigns to inform the FBI and Federal Election Commission about any foreign contacts who attempt to donate funds or assist a candidate. Campaigns would also be required to implement a “compliance system” to monitor communication with those foreign contacts. “Guarding our country against another attack on our political system should not be a partisan issue — it is a national security issue and it’s an American issue,” Slotkin said in a statement. The bill will be referred to the House Administration Committee.

National: Russia Is Going to Up Its Game for the 2020 Elections | Matt Laslo/WIRED

One week after Robert Mueller’s testimony shined a spotlight, once again, on election interference, Senate Majority Leader Mitch McConnell is feeling the heat. The leader turned heads on the Senate floor Monday as he rose to decry critics who have dubbed him “a Russian asset” and “Moscow Mitch” for stonewalling congressional measures to improve election security. And with momentum building in the House to formally start impeachment proceedings against President Trump, the pressure is unlikely to let up anytime soon. Focusing on election interference from 2016 is backwards thinking, though, at least according to Virginia Senator Mark Warner. With 2020 just around the corner, he tells WIRED—in an exclusive interview—that the upcoming election is where both parties need to direct their attention right now. As the top-ranking Democrat on the Senate Intelligence Committee, Warner has long been a vocal proponent of new legislation to strengthen election protections, such as the Honest Ad Act, which would compel Silicon Valley firms to disclose when political ads are paid for by a foreign nation. He’s also behind a bill that would require campaigns to alert federal officials if they’re approached by a foreign operative offering information or other assistance. Both bills have bipartisan support—Senator Susan Collins became the first Republican to cosponsor the Foreign Influence Reporting in Elections Act earlier this week.

National: Why is Mitch McConnell blocking election security bills? Good question. | Amber Phillips/The Washington Post

As President Trump’s own FBI director warns that Russians are planning to try to undermine American democracy in the next presidential election, Republican lawmakers led by Senate Majority Leader Mitch McConnell (Ky.) are blocking bills aimed at blocking foreign hackers from states’ voting systems. Why? Republicans have policy objections to the legislation, but it seems clear that politics is at the forefront of McConnell’s decision-making. Specifically, the politics of pleasing Trump. Trump is so sensitive to findings that Russians tried to help him win in 2016 that a Cabinet secretary was warned against briefing him on it. He’s repeatedly sided with Russian President Vladimir Putin over his own intelligence community about whether Russians interfered. He’s said he might accept foreign help in his 2020 reelection. And last month, he made light of it all when he mock-scolded Putin in front of cameras. “Don’t meddle in the election,” he said, waving a finger and wearing a smile. That puts McConnell in a tough spot: Pass legislation, which election security experts say is needed, and risk sparking the president’s ire, or block the legislation — and risk increased Russia election interference and public ridicule.

National: ‘Moscow Mitch’ Tag Enrages McConnell and Squeezes G.O.P. on Election Security | Carl Hulse/The New York Times

Senator Mitch McConnell is usually impervious to criticism, even celebrating the nasty nicknames critics bestow on him. But Mr. McConnell, the Senate majority leader, is incensed by the name “Moscow Mitch,” and even more miffed that he has been called a “Russian asset” by critics who accuse him of single-handedly blocking stronger election security measures after Russia’s interference in 2016. Democrats had been making the case for months, but it was supercharged last week by the testimony of Robert S. Mueller III, the former special counsel, who told the House Intelligence Committee that the Russians were back at it “as we sit here.” Mr. McConnell cites several reasons for his opposition — a longstanding resistance to federal control over state elections, newly enacted security improvements that were shown to have worked in the 2018 voting and his suspicion that Democrats are trying to gain partisan advantage with a host of proposals. Republican colleagues say that Mr. McConnell, a longtime foe of tougher campaign finance restrictions and disclosure requirements, is leery of even entering into legislative negotiation that could touch on fund-raising and campaign spending.

National: States Rush to Make Voting Systems More Secure as New Threats Emerge | David E. Sanger, Reid J. Epstein and Michael Wines/The New York Times

Amid growing warnings about the security of American voting systems, many states are rushing to address vulnerabilities exposed by the 2016 election, even as intelligence officials worry they are fighting the last battle and are not sufficiently focused on a new generation of threats headed into 2020. Delaware has replaced its voting machines to assure paper backup that would provide a record in case of a breach. South Carolina’s State Election Commission said this month that it would introduce a paper-based voting system in January and planned to “build additional layers of security designed to harden the new system.” Yet Florida, home of the United States’ best-known presidential balloting problems, like hanging chads in 2000 and still mysterious Russian activity in 2016, once again seems far behind. And the fear among American intelligence officials is that the federal government and the 50 states may be making the classic mistake of believing their adversaries will use the same techniques again. “No one expects the Russians will use their old playbook” in the next election, said Suzanne Spaulding, who oversaw election security at the Department of Homeland Security during the Obama administration and is now looking at how Russia is expanding its targets to undermine confidence in the American judicial system.

National: Has Congress already missed its chance to strengthen election security ahead of 2020? | Bryan Lowry/The Kansas City Star

Congress may have already missed its window to shore up state election systems against foreign cyber-attacks ahead of the 2020 election. Former Special Counsel Robert Mueller’s testimony this week on his investigation into Russia’s role in the 2016 election has reignited calls for the passage of a bipartisan election security bill. But Republican Senate leaders have balked at approving any such measure prior to 2020. GOP leadership said Mueller’s testimony did little to persuade them of the need for legislation. Moreover, one of the only GOP lawmakers pushing election security reforms on Capitol Hill said states have effectively run out of time to implement changes ahead of the next presidential election. Sen. James Lankford, R-Oklahoma, told reporters Thursday that Congress should shift its focus to the 2022 mid-term election. “I’ve had folks say we need to hurry and get money out the door so they can buy new systems, that’s not going to happen for 2020. There’s no way to do it for 2020 because you can’t buy the equipment, get it in, test it, evaluate it, train your volunteers on it when the first primary is six months away,” Lankford said. “The discussion now is not about 2020. That’s already resolved. They’re not going to add new stuff unless it’s already currently in the pipeline. It’s really 2022 at this point.”

National: State election offices made for an easy target for Russian hackers | Andrew Eversden/Fifth Domain

In the months before the 2016 presidential election, one U.S. state received a notification from a federally-backed cybersecurity group, warning about suspicious cyber activity directed at its networks. The state IT officials did not share the alert with other state government leaders and as late at January 2018, the same officials reported nothing “irregular, inconsistent, or suspicious” took place before the vote. In fact, GRU, Russia’s military intelligence agency, had scanned one of the state’s “election-related” domains, according to a new Senate report. In another state, leaders did not turn over to the Senate which of its systems had been targeted by Russians. Officials told Senate investigators they hadn’t seen evidence of scanning or attacks on its election infrastructure. Instead, they told the committee that they had seen a “probing” of its state systems. Again, DHS told the committee that GRU had scanned the state’s Secretary of State website. And in a third state, officials told Senate investigators they had not noticed a connection between their systems and the IP addresses listed in a warning from the federal government. And again, DHS told the committee that GRU scanned the state’s government domain.

National: Bring Back Paper Ballots: Senate Intelligence Committee report shows how electronic voting systems are inherently vulnerable to hackers. | Fred Kaplan/Slate

Just hours after Senate Republicans blocked a vote on a bill to make elections less vulnerable to cyberattacks, the Senate Intelligence Committee released a 67-page report, concluding that, leading up to the 2016 election, Russians hacked voting machines and registration rolls in all 50 states, and they are likely still doing so. The heavily redacted document, based on a two-year investigation, found no evidence that the hackers altered votes or vote tallies, though it says they could have if they’d wanted to. However, three former senior U.S. intelligence officials with backgrounds in cybersecurity told me that the absence of evidence isn’t the same as the evidence of an absence. One of them said, “I doubt very much that any changes would be detectable. Certainly, the hackers would be able to cover any tracks. The Russians aren’t stupid.” Hacking individual voting machines would be an inefficient way to throw an election. But J. Alex Halderman, a computer scientist who has tested vulnerabilities for more than a decade, testified to the Senate committee that he and his team “created attacks that can spread from machine to machine, like a computer virus, and silently change election outcomes.” They studied touch-screen and optical-scan systems, and “in every single case,” he said, “we found ways for attackers to sabotage machines and steal votes.”

National: Myriad election systems complicate efforts to stop hackers | Christina A. Cassidy and Colleen Long/Associated Press

A new Senate report on Russian interference in U.S. elections highlighted one of the biggest challenges to preventing foreign meddling: the limited powers and ability of the federal government to protect elections run by state and local officials. That has given fuel to those who argue that a larger federal role is needed. The Senate Select Committee on Intelligence issued the first part of its report into Russian interference in the 2016 election on Thursday, noting that Russian agents “exploited the seams” between federal government expertise and ill-equipped state and local election officials. The report also emphasized repeatedly that elections are controlled by states, not the federal government. It called for the reinforcement of state oversight of elections — a view blasted as inadequate by Sen. Ron Wyden, an Oregon Democrat on the committee. He called on Congress to establish mandatory cybersecurity requirements across the country. “We would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army,” Wyden wrote. “We shouldn’t ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia’s cyber army. That approach failed in 2016 and it will fail again.”