National: CISA leans into facilitator role in election security plan | Derek B. Johnson/FCW

Officials from the Cybersecurity and Infrastructure Security Agency often describe their role in election security as helping to coordinate and advise the larger ecosystem of election stakeholders. In a newly released strategic plan, the agency lays out its strategy for protecting the 2020 elections by largely leaning into that facilitator role, breaking down its coordination activities across four lines of effort: elections infrastructure, campaigns and political infrastructure, the American electorate and warning and response. To help protect digital and physical elections infrastructure, such as voting machines, election software systems and polling places, CISA views its role as largely complementary to that of states and localities, vendors and others on the front lines of election administration. Thus, getting those organizations to adopt better security practices through outreach and offers of federal resources are its prime tools.

National: Voting on Your Phone: New Elections App Ignites Security Debate | Matthew Rosenberg/The New York Times

For more than a decade, it has been an elusive dream for election officials: a smartphone app that would let swaths of voters cast their ballots from their living rooms. It has also been a nightmare for cyberexperts, who argue that no technology is secure enough to trust with the very basis of American democracy. The debate, long a sideshow at academic conferences and state election offices, is now taking on new urgency. A start-up called Voatz says it has developed an app that would allow users to vote securely from anywhere in the world — the electoral version of a moonshot. Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile voting. But where optimists see a more engaged electorate, critics are warning that the move is dangerously irresponsible. In a new report shared with The New York Times ahead of its publication on Thursday, researchers at the Massachusetts Institute of Technology say the app is so riddled with security issues that no one should be using it.

National: MIT researchers identify security vulnerabilities in voting app | Abby Abazorius/MIT News

In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting. Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.

National: CISA and states tell Senate more cybersecurity resources needed | Benjamin Freed/StateScoop

State IT officials and the federal government’s top civilian cybersecurity official told members of the U.S. Senate Tuesday that the federal government needs to provide state and local governments with more assistance and expertise in protecting their networks and other critical infrastructure. Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency; Michigan Chief Security Officer Chris DeRusha; and Amanda Crawford, executive director of the Texas Department of Information Resources, each told members of the Senate Homeland Security Committee that while collaboration on cybersecurity between states and the federal government has improved in recent years, funding and resources for those activities are still in short supply. Krebs acknowledged his agency was not built to support state and local governments when it became the Department of Homeland Security’s newest branch in late 2018. But with ongoing threats to election security and a spike in ransomware attacks against local governments, he said, “we have had to build out our support to states.”

National: How Can State and Local Agencies Better Collaborate on Cybersecurity? | Phil Goldstein/StateTech Magazine

Some state governments, such as Massachusetts, have established formal plans to work with localities within their states on cybersecurity. However, as ransomware attacks proliferate across the country and strike big cities and small towns alike, state-level organizations say there needs to be greater IT security coordination between states and municipalities. Last month, the National Governors Association and the National Association of State Chief Information Officers released a report, “Stronger Together: State and Local Cybersecurity Collaboration,” designed to showcase best practices for such collaboration. “State governments are increasingly providing services to county and municipal governments, including endpoint protection, shared service agreements for cyber defensive tools, incident response and statewide cybersecurity awareness and training,” the report notes. At a minimum, the report says, increased engagement can provide government agencies with “a more accurate threat picture to enhance state and local governments’ cyber posture.” Yet agencies need to move beyond mere information sharing to “leverage limited resources for enhanced cyber capabilities,” the report notes.

National: Russia will try to meddle in 2020 U.S. election, intelligence report says | Courtney Kube/NBC

Russia interfered in Western elections in 2019 and is likely to do so again in 2020, according to the latest annual threat assessment by the Estonian Foreign Intelligence Service. NBC News obtained an exclusive preview of the annual report from the Baltic nation's intelligence agency, which warns that Russia will continue to pursue cyber operations that threaten other nations. "Russia's cyber operations have been successful and, to date, have not been sanctioned enough by the West to force Russia to abandon them," the report says. Russia will try to interfere in the U.S. presidential election in November and in parliamentary elections in the nation of Georgia in October, it warns, saying, "The main goal is to ensure a more beneficial election result for Russia by favoring Russian-friendly candidates or those who have the most divisive influence in the West."

National: Senate GOP blocks three election security bills | Jordan Carney/The Hill

Senate Republicans blocked an effort by Democrats to unanimously pass three election security-related bills Tuesday, marking the latest attempt to clear legislation ahead of the November elections. Democrats tried to get consent to pass two bills that require campaigns to alert the FBI and Federal Election Commission (FEC) about foreign offers of assistance, as well as legislation to provide more election funding and ban voting machines from being connected to the internet. But Sen. Marsha Blackburn (R-Tenn.) opposed each of the requests. Under the Senate's rules, any one senator can ask for unanimous consent to pass a bill, but any one senator can object and block their requests. Blackburn accused Democrats of trying to move the bills knowing that GOP lawmakers would block them and giving them fodder for fundraising efforts. “They are attempting to bypass this body’s Rules Committee on behalf of various bills that will seize control over elections from the states and take it from the states and where do they want to put it? They want it to rest in the hands of Washington, D.C., bureaucrats,” she said.

National: After GAO critique, DHS releases 2020 election security plan | Dean DeChiaro/Roll Call

The government’s top cybersecurity agency will focus on four key objectives to secure this year’s elections from hacking and other interference: protecting election infrastructure, assisting political campaigns, increasing public awareness about foreign intrusion, and facilitating the flow of information on vulnerabilities and potential threats between the public and private sectors. That’s according to the Cybersecurity and Infrastructure Security Agency’s #Protect2020 Strategic Plan, issued by the Homeland Security Department on Friday. The blueprint follows a Government Accountability Office report that said the agency would struggle to execute a nationwide strategy without a finalized agenda. The strategic plan describes the agency’s plans to work with federal law enforcement and state and local election officials on a “whole-of-nation effort” to defend electoral systems. “If we learned anything through 2016 and the Russian interference with our elections, it’s [that] no single organization, no single state, no locality can go at this problem alone,” CISA Director Christopher Krebs said in the report.

National: White House Budget Gives Election Assistance Commission More Funding, But Expert Says It’s Not Enough | Courtney Bublé/Government Executive

Amid growing concern about the integrity of the nation’s election systems, President Trump gave the federal agency charged with coordinating efforts to ensure accurate and secure voting a slight funding increase as part of his fiscal 2021 budget request to Congress, but one expert says it would not be nearly enough. On Monday, the White House sent Congress a $4.8 trillion budget request for fiscal 2021 that would increase military spending by 0.3% and decrease non-defense spending by 5%. For the bipartisan and independent Election Assistance Commission, the plan proposed allocating a little over $13 million, of which $1.5 million would be transferred to the National Institute of Standards and Technology. This would represent a $300,000 increase over fiscal 2020 enacted levels, after subtracting a one-time allocation for relocation expenses from the 2020 total. While some election security experts applauded the slight funding boost in Trump’s proposal, others say more is needed for the agency that certifies voting systems and serves as an information clearinghouse for best practices in election administration.

National: As Targets, States Need to Be Prepared for the 2020 Election | Tom Guarente/StateTech Magazine

With the first 2020 election primaries upon us, state government leaders are faced with the critical question of whether their election systems are prepared for looming cybersecurity threats. Foreign threat actors have shown again and again their interest in undermining one of the most sacred rights Americans hold: the vote. In Florida, it’s been reported, Russian interference in voter roll systems had the potential to alter results during the 2016 midterm elections. In Illinois, media reports show, there’s evidence that hackers working for Russian military intelligence installed malware on the network of a voter registration technology vendor. In fact, all 50 states’ election systems were targeted by Russia in 2016, according to a July 2019 report from the U.S. Senate Select Committee on Intelligence. Cyber-enabled election threats did not end in 2016. In the 2018 midterm elections, FireEye identified multiple social media accounts impersonating congressional candidates and spreading pro-Iran messages.

National: Iowa’s app fiasco worries mobile voting advocates | Tonya Riley/The Washington Post

The fiasco caused by an app that failed to properly transmit votes in the Iowa caucuses is worrying the mobile voting industry, which hoped 2020 would be a banner year. Companies — and proponents of incorporating more technology into elections — are trying to avoid being lumped in with the hastily made app used in Iowa. They’re saying its failure proves serious investment in user-friendly, secure election technology is more critical than ever. “We need to ensure that every new idea is tested, transparent and secure — just like the eight successful mobile voting pilots conducted to date,” Bradley Tusk, the founder and CEO of Tusk Philanthropies, said in a statement. “Enough is enough. 2016 should have been enough of a wake-up call. Iowa just confirmed it.” Tusk Philanthropies has funded pilots for mobile voting across the country, launched in a push to increase participation in elections. Unlike the app used in Iowa, which was developed to relay vote counts, the pilots use technologies that allow voters to easily vote from their mobile phones. So far, the pilots have largely been limited to eligible uniformed and overseas voters and voters with disabilities. But any expansion is sure to fall under an even more critical spotlight. Any malfunction — or hack — of an app used directly for voting in 2020 could have far greater impact in undermining public faith in the Democratic process than one Democratic caucus gone wrong.

National: Bipartisan lawmakers introduce bill to combat cyber attacks on state and local governments | Juliegrace Brufke/The Hill

A bipartisan group of lawmakers on Monday introduced a bill that would establish a $400 million grant program at the Department of Homeland Security (DHS) to help state and local governments combat cyber threats and potential vulnerabilities. Under the legislation — led by Reps. Cedric Richmond (D-La.), John Katko (R-N.Y.), Derek Kilmer (D-Wash.), Mike McCaul (R-Texas), Dutch Ruppersberger (D-Md.), Bennie Thompson (D-Miss.) and Mike Rogers (R-Ala.) — DHS’ Cybersecurity and Infrastructure Security Agency (CISA) would be required to develop a plan to improve localities' cybersecurity and would create a State and Local Cybersecurity Resiliency Committee to help inform CISA on what jurisdictions need to help protect themselves from breaches. The group noted that state and local governments have become targets for hackers, having seen an uptick in attacks in recent years. “It provides more grant funding to state and locals for cybersecurity my own state of Texas impacted, particularly as tensions rise in Iran, for instance, we are seeing more cyber attacks coming out of Iran,” McCaul told The Hill. “And then of course going into the election we will make sure that our voting machines are secure.”

National: Voting Process Under Spotlight After Iowa Confusion | Alexa Corse/Wall Street Journal

States conducting presidential nominating contests in the weeks ahead are facing new scrutiny of their voting processes, after glitches caused confusion over which candidate prevailed in Iowa’s caucuses last week. Federal and local law-enforcement officials huddled at a Manchester, N.H., conference center on Friday morning, gaming out responses to hypothetical hacking scenarios ahead of New Hampshire’s Tuesday primary. The meeting included representatives from the U.S. Secret Service and from the police forces of Manchester, Concord and Nashua, along with private-sector experts. The Manchester gathering, which had been scheduled for months, is one example of intensified efforts nationwide to secure the voting process since 2016, when Russia was found to have interfered in the U.S. presidential election. But such efforts have taken on a new urgency after Iowa’s debacle. The failure of a results-reporting app, due to what the Iowa Democratic Party called a coding issue and a series of problems cascading from those glitches, showed that foreign meddling isn’t the only risk, experts say.

National: US counterintel strategy emphasizes protection of democracy | Eric Tucker/Associated Press

The U.S. government’s top counterintelligence official said Monday that he was concerned Russia or other foreign adversaries could exploit the chaos of the Iowa caucuses to sow distrust in the integrity of America’s elections. “How can an adversary take what happened in Iowa and pour gasoline on it?” Bill Evanina, the director of the National Counterintelligence and Security Center, told reporters at a briefing. Evanina’s comments came as he unveiled a strategy document aimed at guiding the government’s national security priorities over the next two years. The document identifies the U.S. economy, infrastructure, democracy and supply chains as areas being routinely targeted by foreign governments and in need of heightened protection. Election security, particularly combating foreign influence in U.S. politics, accounts for one of the counterintelligence community’s top priorities as voters head to the polls this year. A malfunctioning app used by the Iowa Democratic Party caused a delay in the reporting of caucus results last week and fueled calls for a recanvassing. Because of the delay and after observing irregularities in the results once they did arrive, The Associated Press says it cannot declare a winner.

National: Senate panel wants politicians to put party aside for election security. Fat chance in 2020. | Joseph Marks/The Washington Post

A long-awaited Senate Intelligence Committee report admonishes politicians to forget about politics when dealing with election interference operations and to exercise maximum restraint before suggesting an election was hacked or corrupted. Good luck with that. "Restraint" is not the operative word in the Trump era. The bipartisan report arrived just days after President Trump’s 2020 campaign manager Brad Parscale suggested without evidence on Twitter that a long delay in reporting Iowa caucuses results was because of a #RiggedElection. In fact, the count was marred by technical issues. And while the Republican-run committee states "the President of the United States should take steps to separate himself or herself from political considerations when handling issues related to foreign influence operations,” Trump has not been living by that mantra. Nor has he been “explicitly putting aside politics when addressing the American people on election threats.” The president has openly contemplated accepting dirt on his opponents from foreign nations in the 2020 race -- and cast doubt on the intelligence community’s conclusion that Russia interfered on his behalf in 2016. And the Senate acquitted the president just this week after the House impeached him for pressuring Ukraine’s leader to help dig up dirt on the family of a political rival, former vice president Joe Biden.

National: Iowa Breakdown Reveals Broken Election Technology Ecosystem | Alyza Sebenius and Bill Allison/Bloomberg

The chaos at the Iowa caucus has been blamed on a small startup called Shadow Inc., but what happened this week is also emblematic of wider problems plaguing the world of election technology. It’s hard to get sophisticated technology companies to build such technology because most buyers have small budgets, and disappear after Election Day. In a four-year presidential election cycle, one campaign’s killer app is woefully obsolete by the next. So political parties and campaigns often create the technology themselves or hire small firms to do it for them. “The tech companies with depth of knowledge and understanding tend to shy away from building critical voting systems,” said Charles Stewart III, a professor and elections scholar at the Massachusetts Institute of Technology.

National: Gutted Election Assistance Commission struggles to recover | Bill Theobald/The Fulcrum

Nine months from an intensely contested presidential election already clouded by anxiety about the integrity of the results, the main federal agency overseeing the process is struggling to get back on its feet after years in turmoil. The Election Assistance Commission is unknown to most Americans. But it certifies the reliability of the machines most voters will use this fall, and it's at the epicenter of efforts to protect our election systems from being hacked by foreign adversaries. And since last fall it's been without an executive director or general counsel to coordinate the government's limited supervision over how states and thousands of localities plan for the 2020 balloting. In fact, none of eight top officials listed on the agency website in March 2017, when the extent of Russian interference in the last presidential election was just becoming clear, are still with the agency. Neither are eight of the other 16 staff members who worked there then. And years of budget cuts have only recently started to be reversed. The ability of the already tiny operation to do its job in the leadup to November — when turnout and fear of hacking could both reach record levels — could go a long way to determining whether the world believes President Trump was either defeated or re-elected fair and square. It is a tall order that will be left largely to the four politically appointed commissioners, and two of them are new since Trump took office. Only a year ago did the EAC gain a full complement of members for the first time in almost a decade.

National: The Iowa caucus app isn’t the only new election tech | Rebecca Heilweil/Vox

Election security in the United States seems more precarious than ever. As the November 2020 election grows closer, states and counties have charged ahead with their own plans to secure — and improve — their voting systems. Congress, meanwhile, has failed to send much-needed reforms to the president’s desk. Anxiety over the mechanics of this year’s election has spiked following the disaster that was the Iowa Democratic caucus. While there’s no reason to believe that the very poorly developed app used in the caucus was hacked, the fiasco does have lawmakers spooked on a number of fronts, as it’s increasingly becoming clear that the integrity of the nation’s elections can be compromised in a variety of ways. In fact, after the phone number for reporting precinct results was posted online, supporters of President Donald Trump managed to flood phone lines and interfere with the counting of results, according to Bloomberg. You could say the country is more vulnerable to election interference than ever. Some worry, with good reason, that the worst is yet to come.

National: The progress the government has made on election security | Andrew Eversden/Fifth Domain

The latest Senate report on Russian interference in the 2016 election, released Feb. 6, contained several broad recommendations for how the government can improve effectiveness in securing American elections. While the Senate Select Committee on Intelligence’s third volume lists seven recommendations for correcting shortfalls made by the Obama administration in responding to Russian election interference, the federal government has already made progress in several of the recommended areas since the committee started its report. The committee recommends that the executive branch “bolster” partnerships with countries considered “near abroad” to Russia. The bipartisan report states that Russia has been using these countries as a “laboratory” for perfecting information and cyber warfare. For example, in the military conflict between Ukraine and Russian, Russian-backed hackers have targeted the government and shut down the country’s power grid. Expanding partnerships with such countries will “help to prepare defenses for the eventual expansion of interference techniques targeting the West," the report read.

National: Election Security 2020: States Take Cybersecurity Measures Ahead of November | Adam Stone/StateTech Magazine

In the Buckeye State, officials are doing more than just keeping an eye on the upcoming national elections. As the threat of cyber tampering looms large, state and local leaders are working diligently to ensure voting is secure. “We want to set the tone for the rest of the nation,” says Ohio Secretary of State Frank LaRose, who in June issued a 34-point directive to guide state, county and local efforts on election cyber strategies. It calls for the use of event logging and intrusion detection tools, along with segmentation — disconnecting voting apparatus from external networks. “We want to make sure our boards of elections aren’t leaving a door opened by being attached to other, less secure assets,” LaRose says. Ohio may be out in front, but it is hardly alone. Authorities in all 50 states are taking steps to not only to secure the vote, but to ensure that the public perceives that vote as valid. They are getting help from the federal government, including the Cybersecurity and Infrastructure Security Agency, an operational component under the U.S. Department of Homeland Security. Experts say the aggressive action is justified, given the high likelihood that adversarial nations and other bad actors could try to tamper with the election.

National: Russia engaging in ‘information warfare’ ahead of 2020 election, FBI chief warns | Eric Tucker/Associated Press

The FBI director, Christopher Wray, has warned that Russia is engaged in “information warfare” heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America’s election infrastructure. Wray told the House judiciary committee that Russia, just as it did in 2016, is relying on a covert social media campaign aimed at dividing American public opinion and sowing discord. That effort, which involves fictional personas, bots, social media postings and disinformation, may have an election-year uptick but is also a round-the-clock threat that is in some ways harder to combat than an election system hack, Wray said. “Unlike a cyber-attack on an election infrastructure, that kind of effort – disinformation – in a world where we have a first amendment and believe strongly in freedom of expression, the FBI is not going to be in the business of being the truth police and monitoring disinformation online,” Wray said.

National: Iowa and the grand tradition of election tech mishaps | Andrew Gumbel/The Guardian

The great Iowa caucus meltdown of 2020 may be triggering anguish, anger and, on the Republican side of the political fence, expressions of unalloyed glee; but for one Miami lawyer and voting rights activist it is also bringing back vivid memories of another high-profile primary contest that fell victim to untested new technology and administrative incompetence. The year was 2002, and the race was a hotly contested Florida gubernatorial election in which Janet Reno, the former US attorney general, was vying for the Democratic party nomination against a prominent lawyer from Tampa. A politically connected company called Electronic Systems & Software (ES&S) was rolling out new touchscreen technology to replace the punch card machines that were widely blamed for the meltdown in the presidential election two years earlier between George W Bush and Al Gore. ES&S, though, was very far from ready for prime time. Many of the machines in Miami-Dade county took so long to boot up that polling stations could not open before lunchtime. When a freak storm caused power blackouts, the battery backup on many machines failed. One Miami precinct reported 900% turnout; another showed just one ballot cast. The governor declared a state of emergency, and Reno – who was trailing narrowly – demanded a re-examination of the ballots, only to realize that the new technology made recounts impossible.

National: Caucus Meltdown Tied to Democrats’ Little-Tested Mobile App | Michaela Ross, Kartikay Mehrotra and Chris Strohm/Bloomberg

The breakdown in reporting results from Iowa’s Democratic caucuses appears tied to failures in a mobile application that wasn’t ready for the load of a statewide election and which the head of the Homeland Security Department said wasn’t subjected to a cybersecurity test by his agency. “This is more of a stress or load issue as well as a reporting issue that we’re seeing in Iowa,” acting Department of Homeland Security Secretary Chad Wolf said in a Fox News interview Tuesday. Wolf said there’s little evidence of hacking of the app, which precinct officials struggled to use on Monday night. He said that his department’s cyber division had offered to test the software for vulnerabilities but was declined.… But the failure spotlights the need for hard-copy backups across election systems, as a handful of states are still using voting machines that don’t produce a paper receipt, according to Marian Schneider, president of the voting advocacy group Verified Voting and former deputy secretary for elections of Pennsylvania. “It’s clear that mobile apps are not ready for prime time, but thankfully Iowa has paper records of their vote totals and will be able to release the results from those records,” Schneider said.

National: Iowa’s Lesson: Political Parties Are Not as Good as Government Officials at Counting Votes | Jessica Huseman, Jack Gillum and Derek Willis/ProPublica

Here’s the takeaway from the Iowa fiasco: Beware of caucuses run by political parties. But don’t panic about the integrity of most primaries and the general election, which are run by state and county election administrators. As Tuesday morning wore on without results from Iowa’s Democratic caucuses, the long-awaited first test of the strength of President Donald Trump’s would-be challengers, both public officials and enraged commentators stoked fears that Iowa was a harbinger of chaos for the rest of the 2020 campaign. Some said it raises alarms about the broader condition of election security and the reliability of computer systems that record, tally and publish the votes. Trump campaign manager Brad Parscale even suggested on Twitter Monday, without evidence, that the process was “rigged.” But there’s a marked difference between the Iowa caucuses and the upcoming primaries in New Hampshire and South Carolina, as well as the 14 state primaries on Super Tuesday. The Iowa Democratic Party ran the caucuses, much as its counterparts in Nevada, Wyoming and several territories will do in the next few months. Party officials have less training and experience in administering the vote than do state and local election administrators who oversee most of the primaries.

National: After Iowa Democrats’ caucus app mess, election officials distance themselves | Benjamin Freed/StateScoop

The meltdown Monday night of a new app that the Iowa Democratic Party intended to use to tally the results of its presidential nominating caucuses has famously mucked up the beginning of the race to determine the Democrats’ presidential nominee. But as the candidates wait for the first batch of results to finally be released Tuesday afternoon, election officials around the country are taking pains to distance a political party’s technological bungling from the work that they do on behalf of state and local governments. Iowa Democrats headed into their first-in-the-nation caucuses saying the app — designed by a software firm called Shadow Inc. — would help on-the-ground volunteers report results and the complicated math that determines how many delegates each candidate won. But after not releasing caucus results as expected, the party late Monday night said there were “inconsistencies” in how precinct-level results were reported. And since then, several county party leaders have said that they never received any training on the app from either the state party or Shadow. While caucus-goers’ preferences were recorded on paper, which the Iowa Democrats said Tuesday is being used to verify the data collected by the app, election officials have said this episode may throw a wrench in the public perception of their jobs. “We have a term we call the ‘cicada voter’,” Dave Bjerke, the elections director in Falls Church, Virginia, told StateScoop, referring to the ground-dwelling insects that only emerge once every several years. “The cicada voter is only going to vote in presidential elections. There’s always elections going on, but the presidential is the Super Bowl of our process.”

National: Why 2020 could be a year of election malfunctions | Steven Overly and Eric Geller/Politico

Monday's caucus app meltdown is just a taste of what may await the rest of America. Iowa wasn’t alone in adopting new technology to run elections in 2020, and the odds are it may not be the last state to suffer the consequences. Counties with tens of millions of people have rolled out new voting machines in recent years to replace hack-prone paperless devices. But new technologies inevitably bring their own hiccups, some more damaging than others. And as the debacle surrounding the Iowa Democrats' vote-reporting app showed, any confusion can feed divisions and conspiracy theories, fueled by social media, that undermine Americans’ faith in democracy. Marian Schneider, the president of the advocacy group Verified Voting, said technology will always carry some risk, particularly when it’s connected to the internet — noting that even large companies with deep pockets get hacked. She said the problems in Iowa reinforce her organization’s argument that voting and reporting should not be done via mobile app. Another lesson: At least the Iowa caucuses had paper records to back up all of the electronic information. And so should other elections, she said. “So, the takeaway is that having a low-tech backup is really important whenever you're deploying technology in elections,” she said.

National: Iowa Caucus chaos likely to set back mobile voting | Lucas Mearian/Computerworld

A coding flaw and lack of sufficient testing of an application to record votes in Monday's Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting. While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election. “This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it's just delayed results and egg on the face of the people who built and purchased the technology.” The vote tallying app used Monday in the Iowa Caucus was created by a small Washington-based vendor called Shadow Inc.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear through a tweet it did not supply the technology for the Iowa Caucus, and it is no more than an investor.

National: DHS creates ‘tabletop in a box’ for local election security drills | Benjamin Freed/StateScoop

For the past few years, the Department of Homeland Security has convened exercises for state election officials to test how they’d respond to a cyberattack against voting systems. At a National Association of Secretaries of State meeting in Washington last weekend, a DHS official introduced a new product that could make it easier for local officials to run those exercises. The tabletop exercises, as the events are known, are designed to give secretaries of state, election directors, IT leaders and other officials a war game-like environment simulating the threats posed by foreign governments and other adversaries that might try to disrupt a real election. And while the exercises have included representatives of some local governments, one of the biggest challenges statewide election officials say they have is making sure new cybersecurity tools and procedures trickle down to even the smallest, most resource-strapped jurisdictions involved in the democratic process. The Cybersecurity and Infrastructure Security Agency on Friday published its “Elections Cyber Tabletop Exercise Package,” a 58-page guide for state and local officials to hold their own drills simulating ransomware, data breaches, disinformation campaigns and attempts to corrupt voting equipment. Matt Masterson, a senior adviser at CISA, described the document as a “tabletop in a box.”

National: Majority of Election Websites in Battleground States Failing in Cybersecurity | Security Magazine

A large majority of election-related websites operated by local governments in battleground states lack a key feature that would help them be more cybersecure -- a site that ends in .gov as opposed to .com or other extensions. Research by McAfee found that as many as 83.3 percent of county websites lacked .GOV validation across these states, and 88.9 percent and 90 percent of websites lacked such certification in Iowa and New Hampshire respectively. Such shortcomings could make it possible for malicious actors to establish false government websites and use them to spread false election information that could influence voter behavior and even impact final election results. “Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” said Steve Grobman, McAfee Senior Vice President and Chief Technology Officer. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times. In this way, this malicious actor could impact election results without ever physically or digitally interacting with voting machines or systems.”

National: Election officials confident about security days before first contests of 2020 | Joseph Marks/The Washington Post

Election officials are striking a confident tone about digital security at their final summit before caucus and primary season begins. But they're also planning for the worst, war-gaming how to handle any major hacks from Russia or other adversaries. “We’re planning as if they’re coming back,” Chris Krebs, the Department of Homeland Security’s top cybersecurity official, said on the sidelines of the conference hosted by the National Association of Secretaries of State. “The playbook’s out there. It’s not just about Russia. It’s about anyone else that may want to get into this space.” Krebs led more than 200 officials through a series of worst-case scenarios during the conference, testing how they’d respond and work together during a cyberattack or misinformation campaign targeting a primary or general election. Among the participants were representatives from 44 states, 15 election vendors and 11 federal departments and agencies, a DHS spokeswoman said. The conclusion: Officials are far better prepared than in 2016 when Russian hackers probed election infrastructure across the nation and upended Hillary Clinton’s campaign by hacking and releasing emails and flooding disinformation onto social media.