National: Election commission names new lead for testing and certifying voting systems | Sean Lyngaas/CyberScoop

The federal Election Assistance Commission has appointed Jerome Lovato, a former Colorado state election official, as head of the commission’s program for testing and certifying voting systems, according to a commission email obtained by CyberScoop. Lovato replaces Ryan Macias, who was filling the role in an acting capacity and will step down this month. The crucial EAC program works with the country’s top voting equipment vendors to certify and decertify voting system hardware and software. 

National: Microsoft offers software tools to secure elections | Associated Press

Microsoft has announced an ambitious effort to make voting secure, verifiable and subject to reliable audits by registering ballots in encrypted form so they can be accurately and independently tracked long after they are cast. Two of the three top U.S elections vendors have expressed interest in potentially incorporating the open-source software into their voting systems. The software is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA. Dubbed “ElectionGuard,” it will be available this summer, Microsoft says, with early prototypes ready to pilot for next year’s U.S. general elections. CEO Satya Nadella announced the initiative Monday at a developer’s conference in Seattle, saying the software development kit would help “modernize all of the election infrastructure everywhere in the world.” Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems. Open-source software is inherently more secure because the underlying code is easily scrutinized by outside experts but has been shunned by the dominant vendors whose customers — the nation’s 10,000 election jurisdictions — are mostly strapped for cash. None offered bids when Travis County, Texas, home to Austin, sought to build a system with the “end-to-end” verification attributes that ElectionGuard promises to deliver. Two of the leading vendors, Election Systems & Software of Omaha, Nebraska, and Hart InterCivic of Austin, Texas, both expressed interest in partnering with Microsoft for ElectionGuard. A spokeswoman for a third vendor, Dominion Voting Systems of Denver, said the company looks forward to “learning more” about the initiative.

National: Democrats focus on election security, voting rights | McClatchy

Democratic leaders are launching a more aggressive push this month that could widen their probe of possible voter suppression into states other than those now under scrutiny, seeking to make it particularly less difficult for minority voters, who tend to vote Democratic, to go to the polls. House Oversight Committee Chairman Elijah Cummings told McClatchy he wants to “make sure we spend significant effort and time, perhaps even looking at even more states and seeing what they’re doing and shining a light on what they may be doing illegally or improperly to stop or hinder people from voting and having those votes counted.” Cummings was already planning to look at possible voter suppression in North Carolina, Georgia, Texas and Kansas. The Maryland Democrat did not name additional states. At the same time, congressional Democrats are stepping up pressure on Republicans to address election security lapses to prevent a repeat of Russian meddling in the 2016 election. The Russian interference, combined with allegations of voter suppression, erode confidence in the electoral system, Democrats argue, and if both are not addressed, voters could be discouraged from participating in the 2020 election. “This is my worry, that we have done very little now to correct the threat of Russian interference with our electoral system,” Cummings said, “which means that it might be that the only way this whole situation that we’re in is corrected is through the ballot, with people voting.”

National: U.S. Cyber Command Bolsters Allied Defenses to Impose Cost on Moscow | The New York Times

American officials are pushing ahead on efforts with allied nations to counter Russia’s interference in democratic elections and other malign activities, military cybercommanders said on Tuesday, an effort intended to allow the United States to better observe and counter Moscow’s newest cyberweapons. American officials deployed last year to Ukraine, Macedonia and Montenegro, and United States Cyber Command officials said that their missions included defending elections and uncovering information about Russia’s newest abilities. Cyber Command will continue some of those partnerships and expand its work to other countries under attack from Russia, officials said Tuesday. The deployments, officials said, are meant to impose costs on Moscow, to make Russia’s attempts to mount online operations in Europe and elsewhere more difficult and to potentially bog down Moscow’s operatives and degrade their ability to interfere in American elections. “We recognize and understand the importance of being in constant contact with the enemy in this space, especially below the level of armed conflict, so we can defend ourselves and we can impose costs,” Maj. Gen. Charles L. Moore, the director of operations for Cyber Command, said Tuesday. “That is it in a nutshell.” With new authorities from the White House, as well as congressional legislation that declared online operations a traditional military activity, Cyber Command stepped up its election defenses last year, allowing commanders to develop a strategy to engage American adversaries.

National: Can open source help safeguard elections? | FCW

Lawmakers and policy experts are demonstrating increased interest in open source technology as a means to solving longstanding challenges and road blocks around election security. State and local governments rely on proprietary software and hardware from a small handful of private vendors to power their voting machines, voter registration systems and other technologies. Those vendors have historically been reluctant or unwilling to allow third-party audits of their products, and when outside researchers have gotten their hands on voting machines or probed commonly used software like voter registration systems, they’ve found extensive and worrying cybersecurity vulnerabilities in nearly every model. That reluctance has led to a number of projects that have sprouted up over the past year from organizations aiming to disrupt the status quo. One such organization, Voting Works, was created last year in partnership with the non-profit Center for Democracy and Technology and seeks to build “secure, usable, affordable and open-source voting machines” that will help to restore trust in the modern election system.

National: Limiting the cyber threat to elections infrastructure | GCN

Voter confidence in the integrity of elections is critical to a vibrant democracy. Recent cyberattacks by foreign state actors accompanied by disinformation campaigns aimed at U.S. voters have contributed to an erosion in the public’s trust of electoral results. But there’s another set of issues just as concerning: persistent, preventable “seams” or vulnerabilities in election system tools, processes and guidelines. E-voting machines are among the most prominent business technology solutions of the 21st century, yet they remain vulnerable to physical and data tampering and weaknesses in the chain of custody. In a 2012 study, the Argonne National Laboratory’s vulnerability assessment team discovered that attackers could exploit the integrity of an e-voting machine chassis with relative ease regardless of tamper-evident seals or locks. Data stored on e-voting machines was not encrypted, leaving it susceptible to interception, modification or deletion by an attacker. In the Argonne study, white-hat hackers used after-market wireless card adapters to intercept and alter communications exchanged between e-voting machines and the elections network infrastructure. The study concluded that successful tampering with just one in three voting machines is enough to change the outcome of an election.

National: What’s Russia still doing to interfere with U.S. politics — and what’s the U.S. doing about it? | The Washington Post

President Trump and Russian President Vladimir Putin spoke by phone Friday morning, covering, according to both sides, a wide range of issues. Included among them, according to a subsequent tweet from Trump, was the “Russian hoax” — apparently a reference to the recently concluded investigation into Russian interference in the 2016 election. It’s a bit uncertain, though: Trump regularly referred to the investigation as a hoax but has also repeatedly claimed that the idea that Russia interfered at all was questionable. The probe led by special counsel Robert S. Mueller III left little doubt about Russia’s role. Mueller obtained indictments against two dozen Russians for the two-pronged effort to steal and publish material from Democratic sources and to foster political divisions through events and on social media. Trump has long argued that the source of the hacking in particular was unknowable, reiterating shorthand allusions to his skepticism as recently as February.

TRUMP on whether he discussed election meddling with PUTIN:
“We discussed it. He actually sort of smiled when he said something to the effect that it started off as a mountain and it ended up being a mouse, but he knew that because he knew there was no collusion, whatsoever.” pic.twitter.com/qlEaWP6Eqy— JM Rieger (@RiegerReport) May 3, 2019

In an interview with Fox News on Thursday, Trump was asked whether he had spoken to Putin about Russia’s efforts to interfere in U.S. politics, an effort that Attorney General William P. Barr said in Senate testimony this week was ongoing. “I don’t think I’ve spoken to him about the 2020, but I certainly have told him you can’t do what you’re doing,” Trump said. “And I don’t believe they will be.”

National: Sen. Klobuchar on Russian interference: Trump ‘makes it worse by calling it a hoax’ | The Washington Post

Sen. Amy Klobuchar (D-Minn.) on Sunday sharply criticized President Trump’s response to Russian interference in U.S. elections, saying that the president “makes it worse by calling it a hoax.” Trump had a lengthy phone call with Russian President Vladi­mir Putin on Friday. After being repeatedly asked by reporters whether he raised the issue of election interference or warned Putin not to do it again, Trump eventually acknowledged the issue, saying, “We didn’t discuss that.” Klobuchar, who is running for the 2020 Democratic presidential nomination, said Sunday that there is “ample evidence” that Trump is not concerned about the possibility that Russia may try to interfere in the next election. She accused Trump of dismissing the seriousness of the issue. “This was actually an invasion of our democracy, okay?” Klobuchar said on CNN’s “State of the Union.” U.S. national security officials have been preparing for Russian interference in 2020 by tracking cyberthreats, sharing intelligence about foreign disinformation efforts with social media companies and helping state election officials protect their systems against foreign manipulation. But Trump has repeatedly rebuffed warnings from senior aides about Russia and sought to play down the country’s potential to influence American politics.

National: Trips To Vegas And Chocolate-Covered Pretzels: Election Vendors Come Under Scrutiny | NPR

It is likely to be a banner year for the voting equipment industry with state and local election offices planning to spend hundreds of millions of dollars on new machines ahead of the 2020 election. This year’s purchases will probably amount to the biggest buying wave since right after the 2000 presidential election, when officials rushed to replace discredited punch card machines with touchscreen voting equipment. Those machines are rapidly aging and are being replaced with machines that leave a paper backup as a result of security concerns about purely electronic voting. The voting equipment purchases come at a time of increased scrutiny over the security and integrity of elections following Russia’s efforts to interfere in the 2016 election. Some states, such as Georgia, South Carolina and Delaware, are replacing all of their voting machines, while several other states, including California, Ohio and Pennsylvania, are replacing much of their equipment. About one quarter of voters live in the states doing most of the buying. The buying spree has also put a focus on the close ties between vendors and the government officials who buy their equipment. Advocacy groups and some politicians allege that vendors have unduly influenced the procurement process in many places, something the companies and election officials deny.

National: CISA wants more funding for critical infrastructure activities | FCW

The head of the federal government’s top civilian cybersecurity agency told two House panels this week that he would prioritize increased technical assistance to critical infrastructure entities if provided with additional funding in the fiscal 2020 budget. Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, pointed to the substantial investment Congress has made to CISA’s budget for election security operations over the past few years as a model for how the agency would like to deploy additional resources to other critical infrastructure sectors. “Congress has invested in my agency to date, close to $60 million, purely related to election security,” Krebs said at an April 30 hearing with the House Homeland Security Cybersecurity, Infrastructure Protection and Innovation Subcommittee. “Outside of federal networks, I don’t think I have another critical infrastructure sector that Congress has invested specifically to that level.” CISA provides a variety of services to the 16 critical infrastructure sectors it serves, from sharing of cyber threat intelligence to in-depth vulnerability scans. The agency has also indicated in recent months that it has plans to begin installing technical sensors around critical infrastructure systems to detect malicious activity, similar to the Albert sensors it has deployed around election and voting systems.

National: Election security push stumbles amid White House resistance | Politico

Senate Democrats and Republicans can agree on perhaps just one thing about special counsel Robert Mueller’s investigation — that Russia interfered in the 2016 presidential election. But bipartisan legislation to address foreign intrusions is all but dead amid a distinct lack of enthusiasm from Senate GOP leadership and the Trump White House. At a heated hearing with Attorney General William Barr on Wednesday, Sen. Amy Klobuchar (D-Minn.) blasted the White House for blocking the election security bill she co-sponsored with Sen. James Lankford (R-Okla.) in the previous Congress. And in an interview, Klobuchar put the blame for the impasse squarely on President Donald Trump’s former White House counsel Don McGahn as well as Senate Majority Leader Mitch McConnell. “It was Don McGahn,” Klobuchar said Wednesday. “He called Republicans about the bill, didn’t want them to do it. And McConnell also didn’t want the bill to move forward. So it was a double-edged thing.” Klobuchar added that McGahn, who was previously chair of the Federal Election Commission, “had a personal interest in it” and that, with him no longer at the White House, “maybe they can look at it fresh.” McGahn did not respond to a request for comment.

National: Mueller Findings Raise Election Hacking Fears in States | Stateline

Tucked into the 448-page report from Special Counsel Robert Mueller were four paragraphs about major breaches into state and local election systems. Mueller’s description of Russian interference designed to help the Trump campaign was a reminder of how far many state and local officials have come in securing election infrastructure, but also of how stark the threat remains to the nation’s 8,000 election offices. The report even disclosed a previously unknown breach: Russian intelligence agents in November 2016 tried to introduce corrupted files into election offices in several Florida counties. The hackers succeeded in at least one of those counties, the report indicates. It raises questions about election systems’ vulnerability to outside hackers — and why the FBI didn’t tell Florida officials about the attempted strike. Election security experts say malicious foreign actors continue this year to target voter registration databases, Election Day result programs, and election office websites and social media profiles as they did during the last presidential election. “It once again reinforces that this is a legitimate threat,” said Maurice Turner, a senior technologist at the nonprofit Center for Democracy and Technology in Washington, D.C. “This isn’t just a one-time issue that’s come and gone.” Any interference operations targeting the 2020 presidential election already have begun, Turner said. Phishing emails designed to allow hackers to capture passwords, usernames or personal information through unwitting officials likely have already gone out, he said.

National: Klobuchar finds Attorney General Barr unaware of major election security legislation | Roll Call

Attorney General William Barr said Wednesday that he was not familiar with the Senate’s bipartisan effort to enhance the security of election systems ahead of 2020. Barr had not yet returned to the Department of Justice when, last year, the Senate Rules and Administration Committee abruptly cancelled a markup of a bipartisan bill known as the Secure Elections Act. The legislation crafted by Oklahoma Republican Sen. James Lankford and Minnesota Democratic Sen. Amy Klobuchar seeks to require state election officials to conduct audits following elections, as well as to establish paper ballot backup systems. “The White House, just as we were on the verge of getting a markup in the Rules Committee, getting it to the floor where I think we would get the vast majority of senators, the White House made calls to stop this,” Klobuchar said at the hearing, recalling the events of August 2018. Klobuchar then asked Barr for a commitment to work on the legislation. “I will work with you to enhance the security of our election, and I’ll take a look at what you are proposing,” Barr said. “I’m not familiar with it.” Klobuchar responded to Barr by pointing out that the bill is the main bipartisan measure related to election security, noting support of Intelligence Chairman Richard M. Burr, R-N.C., and Vice Chairman Mark Warner, D-Va., as well as fellow Judiciary Committee members including Democrat Kamala Harris of California and Chairman Lindsey Graham, a South Carolina Republican.

National: Here’s the one thing Republicans and Democrats could agree on during Barr hearing | The Washington Post

During a contentious and highly partisan hearing with Attorney General William Barr yesterday, senators did manage to find one bipartisan point of agreement: Pushing for improved election and campaign security before 2020. During the more than four-hour Judiciary Committee hearing, both Republicans and Democrats sought Barr’s support for legislation to require paper records for 2020 votes and efforts to harden election infrastructure and to combat digital misinformation. And they urged the Justice Department to help 2020 presidential campaigns ward off foreign interference. “The special counsel’s report is the end of the road when it comes to the question of the Trump administration’s intent,” Sen. Joni Ernst (R-Iowa) said. “But it is just the beginning of the conversation on how we counter Russia and other foreign adversaries in their attempts to undermine our Republic.” It seemed to be the only point of political alignment at the hearing during which Democrats savaged Barr for allegedly misrepresenting findings in the report from special counsel Robert S. Mueller III and after which numerous Democratic senators called on the attorney general to resign. But it’s far from clear that Congress will be able to pass election security legislation in time for the 2020 contest.

National: 2020 campaigns grappling with how to manage cybersecurity | Associated Press

While candidates were focused on campaigning in 2016, Russians were carrying out a devastating cyber-operation that changed the landscape of American politics, with aftershocks continuing well into Donald Trump’s presidency. And it all started with the click of a tempting email and a typed-in password. Whether presidential campaigns have learned from the cyberattacks is a critical question ahead as the 2020 election approaches. Preventing the attacks won’t be easy or cheap. “If you are the Pentagon or the NSA, you have the most skilled adversaries in the world trying to get in but you also have some of the most skilled people working defense,” said Robby Mook, who ran Hillary Clinton’s campaign in 2016. “Campaigns are facing similar adversaries, and they don’t have similar resources and virtually no expertise.” Traditionally, cybersecurity has been a lower priority for candidates, especially at the early stages of a campaign. They need to raise money, hire staff, pay office rents, lobby for endorsements and travel repeatedly to early voting states. Particularly during primary season, campaign managers face difficult spending decisions: Air a TV ad targeting a key voting demographic or invest in a more robust security system for computer networks?

National: Mueller fails to break stalemate on election meddling crackdown | The Hill

Efforts to combat election meddling in the aftermath of the Mueller report are running into steep political headwinds on Capitol Hill. Special counsel Robert Mueller’s sprawling 448-page report detailed Russia’s efforts to interfere in the 2016 election and sparked fresh calls for tougher sanctions against Moscow or new election security measures. But any initial boost of momentum is now hitting roadblocks with top GOP senators and stalemated partisan standoffs, underscoring the uphill battle for a legislative push leading up to the 2020 election. “I think there’s a lot we can do without passing new legislation,” said Sen. John Cornyn (R-Texas), a member of GOP leadership and the Senate Intelligence Committee. “The House has taken more of an attitude of: Don’t let a crisis go to waste.” Asked about the chances of passing sanctions or election security, Sen. John Thune (S.D.), the No. 2 Senate Republican, said, “We’ll see.” “Some of our members are talking about more sanctions. We’ll see where it goes,” he said. “On the election security stuff … I think we feel confident based on the fact that our elections in this country are basically local, that …  it ensures a certain amount of accountability.”

National: Schumer presses for election security boost after Mueller report | Politico

Senate Minority Leader Chuck Schumer on Tuesday called for swift action to boost election security in 2020 in the wake of the Mueller report. In a letter to his Senate Democratic colleagues, the New York Democrat blasted the Trump administration for “not forcefully and adequately responding to the attack on our democracy” described in special counsel Robert Mueller’s report on Russian interference in the 2016 presidential election. Schumer’s letter comes ahead of the caucus’ first meeting since the release of Mueller’s report and one day before Attorney General William Barr is set to testify before the Senate Judiciary Committee on the investigation. Schumer wants a classified briefing from Trump administration officials about steps they are taking to protect the integrity of U.S. elections, including from the heads of the Department of Homeland Security, FBI and Cyber Command.

National: If Mueller Report Was ‘Tip Of The Iceberg,’ What More Is Lurking Unseen? | NPR

If the political interference documented in special counsel Robert Mueller’s report was just the “tip of the iceberg,” what else is lurking out of sight beneath the surface? That was the question posed by Deputy Attorney General Rod Rosenstein in a speech in New York City, one in which he defended his handling of the Russia investigation and suggested there could be much more to it beyond that contained in Mueller’s report. “The bottom line is, there was overwhelming evidence that Russian operatives hacked American computers and defrauded American citizens, and that is only the tip of the iceberg of a comprehensive Russian strategy to influence elections, promote social discord and undermine America, just like they do in many other countries,” Rosenstein said on Thursday. Mueller’s focus was on the two best-known aspects of Russia’s “active measures”: the theft and release of material embarrassing to political targets and the use of social media platforms to crank up agitation among an already divided populace. Some of the Russian schemes that Mueller left out of his report also are known. On Friday, for example, a federal judge sentenced a woman to 18 months in prison after she pleaded guilty to serving as an unregistered Russian agent from around 2015 until her arrest last summer.

National: Mueller Objected to Barr’s Description of Russia Investigation’s Findings on Trump | The New York Times

Robert S. Mueller III, the special counsel, wrote a letter in late March to Attorney General William P. Barr objecting to his early description of the Russia investigation’s conclusions that appeared to clear President Trump on possible obstruction of justice, according to the Justice Department and three people with direct knowledge of the communication between the two men. The letter adds to the growing evidence of a rift between them and is another sign of the anger among the special counsel’s investigators about Mr. Barr’s characterization of their findings, which allowed Mr. Trump to wrongly claim he had been vindicated. It was unclear what specific objections Mr. Mueller raised in his letter, though a Justice Department spokeswoman said on Tuesday evening that he “expressed a frustration over the lack of context” in Mr. Barr’s presentation of his findings on obstruction of justice. Mr. Barr defended his descriptions of the investigation’s conclusions in conversations with Mr. Mueller over the days after he sent the letter, according to two people with knowledge of their discussions. Mr. Barr, who was scheduled to testify on Wednesday before the Senate Judiciary Committee about the investigation, has said publicly that he disagrees with some of the legal reasoning in the Mueller report. Senior Democratic lawmakers have invited Mr. Mueller to testify in the coming weeks but have been unable to secure a date for his testimony.

National: NSA’s Russian cyberthreat task force is now permanent | CyberScoop

The task force the National Security Agency and U.S. Cyber Command created last year to thwart Russian influence and cyberattacks on the U.S. is now permanent, spokespeople from both agencies confirmed to CyberScoop. The “Russia Small Group” — whose existence NSA Director Paul Nakasone announced in July of last year, absent guidance from the White House on how to handle Russian cyberthreats — settles in as the White House, Congress and the Pentagon have taken steps to clarify how and when the military should conduct offensive operations in cyberspace. The NSA would not comment on the number of people on the task force, where it is based, or when the operation became permanent. One intelligence official told CyberScoop the group’s new permanent designation, under routine operations, likely marks a surge of incoming resources, just as in any military surge. “We intend to build on this foundation as we prepare with our interagency partners for a broader challenge in the upcoming 2020 election cycle,” a Cyber Command spokesperson told CyberScoop. The New York Times first reported that the task force had become permanent.

National: F.B.I. Warns of Russian Interference in 2020 Race and Boosts Counterintelligence Operations | The New York Times

The F.B.I. director warned anew on Friday about Russia’s continued meddling in American elections, calling it a “significant counterintelligence threat.” The bureau has shifted additional agents and analysts to shore up defenses against foreign interference, according to a senior F.B.I. official. The Trump administration has come to see that Russia’s influence operations have morphed into…

National: FBI chief: Russia upping meddling efforts ahead of 2020, midterms a ‘dress rehearsal’ | The Hill

FBI Director Christopher Wray said Friday that the 2018 midterm elections served as a “dress rehearsal” for Russia’s election interference efforts slated to be aimed at the 2020 presidential election. Speaking at the Council on Foreign Relations, the FBI director said that Russian operatives and other foreign agents are “adapting” to the efforts the U.S. intelligence community is taking to secure America’s election systems. “Well, I think — on the one hand I think enormous strides have been made since 2016 by all the different federal agencies, state and local election officials, the social media companies, etc.,” Wray said. “But I think we recognize that our adversaries are going to keep adapting and upping their game. And so we’re very much viewing 2018 as just kind of a dress rehearsal for the big show in 2020,” he added. One area Wray pointed to where the FBI has seen improvement is in cooperation with social media companies such as Twitter and Facebook, where Russian election meddling was centered in 2016.

National: As security officials prepare for Russian attack on 2020 presidential race, Trump and aides play down threat | The Washington Post

In recent months, U.S. national security officials have been preparing for Russian interference in the 2020 presidential race by tracking cyber threats, sharing intelligence about foreign disinformation efforts with social media companies and helping state election officials protect their systems against foreign manipulation. But these actions are strikingly at odds with statements from President Trump, who has rebuffed warnings from his senior aides about Russia and sought to play down that country’s potential to influence American politics. The president’s rhetoric and lack of focus on election security has made it tougher for government officials to implement a more comprehensive approach to preserving the integrity of the electoral process, current and former officials said. Officials insist that they have made progress since 2016 in hardening defenses. And top security officials, including the director of national intelligence, say the president has given them “full support” in their efforts to counter malign activities. But some analysts worry that by not sending a clear, public signal that he understands the threat foreign interference poses, Trump is inviting more of it. In the past week, Justice Department prosecutors indicated that Russia’s efforts to disrupt the 2016 election are part of a long-term strategy that the United States continues to confront. 

National: Menendez calls for $2.5B to help strengthen election systems | NJTV

Brandishing a copy of the Mueller Report, Sen. Bob Menendez emphasized its findings about election security during the last presidential campaign and election and proposed spending $2.5 billion over 10 years to make the system more resilient. “The Russian government carried out a sweeping and systematic attack on the 2016 election and the Trump campaign actively welcomed it. Second, the president repeatedly tried to undermine and obstruct the special counsel’s investigation into that interference,” Menendez said. Menendez argued that the obstruction continues. This weekend, in fact, President Donald Trump continued to assail the Mueller Report as a political hoax. “The radical, liberal Democrats put all their hopes behind their ‘collusion delusion’, which has now been totally exposed to the world as a complete and total fraud,” Trump said on April 27 in Wisconsin. Trump’s chief of staff Mick Mulvaney warned White House officials not to mention Russian election activity to the president, The New York Times reported, because Trump believes it delegitimizes his election victory. But Menendez says the U.S. election system remains vulnerable to future attacks — noting that Mueller’s report underscored previous intel that Russians hacked 21 state elections systems, not including New Jersey’s and installed malware at a voting technology company’s computer network. Sen. Marco Rubio told The New York Times that Russian hackers could have tampered with rolls of registered voters in one Florida county. The FBI fully expects renewed cyberattacks.

National: U.S. Cyber Command has shifted its definition of success | CyberScoop

U.S. Cyber Command is shifting the way it measures success from solely military outcomes to how the command enables other government agencies to defend against foreign offensive cyber threats. Brig. Gen. Timothy Haugh, who is in charge of Cyber Command’s Cyber National Mission Force, said on Tuesday at an event hosted by the Atlantic Council that success is “not necessarily [about] the department’s outcome,” but is instead about “how can we enable our international partners [and] our domestic partners in industry to be able to defend those things that are critical to our nation’s success.” Haugh said Cyber Command is doing its job right if agencies are taking their own actions: State Department issuing démarches, Department of Homeland Security releasing alerts, and Treasury Department announcing sanctions “based off of information that is derived from our operations.” In the past, Haugh said he believes that these outcomes may not have been considered as wins. This shift in benchmarking comes amid newfound leeway at the Department of Defense to launch offensive cyber measures. Last year, President Donald Trump issued a revamp to the White House’s offensive cyber policy, which federal Chief Information Security Officer Grant Schneider last week deemed an “operational success.”

National: Graham challenges Kushner’s bid to downplay Russia interference | The Washington Post

Senate Judiciary Committee Chairman Lindsey O. Graham on Sunday pushed back against White House senior adviser Jared Kushner’s recent downplaying of Russian interference in the 2016 election, calling Moscow’s actions a “big deal” deserving of new sanctions immediately. Still, the South Carolina Republican insisted President Trump had done nothing wrong, citing special counsel Robert S. Mueller III’s refusal to charge Trump with either conspiracy or obstruction of justice in the Russia probe. “I think the idea that this president obstructed justice is absurd,” Graham, a fierce Trump ally, said on CBS News’s “Face the Nation.” “I can’t think of one thing that President Trump did to stop Mueller from doing his job. . . . I’ve heard all I need to really know.” During the interview, however, Graham challenged the assertion by Trump’s son-in-law in a Time magazine interview on Tuesday that Russia’s bid to sway the 2016 election in Trump’s favor amounted to a “couple of Facebook ads” — and that Mueller’s investigation was more damaging to the country than the Russian effort. 

National: Election tech vendors say they’re securing their systems. Does anyone believe them? | CyberScoop

The last few years have been an awakening for Election Systems & Software. Before 2016, very few people were publicly pressing the company to change the way it handled its cybersecurity practices. Now, the nation’s leading manufacturer of election technology has become a lightning rod for critics. Security experts say the small number of companies that dominate the nation’s election technology market, including ES&S, have failed to acknowledge and remedy vulnerabilities that lie in systems used to hold elections across the country. Once left to obscurity, the entire ecosystem has been called into question since the Russian government was found to have interfered with the 2016 presidential campaign. While there has never been any evidence to suggest that any voting machines were compromised, the Department of Homeland Security and FBI recently issued a memo that all 50 states were at least targeted by Russian intelligence. The peak of the criticism came after the Voting Village exhibition at the 2018 DEF CON security conference, where amateur hackers unearthed a bevy of flaws in the company’s tech. In a number of publications — including CyberScoop — ES&S disputed the notion that it didn’t take cybersecurity seriously, arguing its own due diligence was enough to satisfy any security worries. It didn’t help the Omaha, Nebraska-based company’s case when the Voting Village committee issued a report in September that found decades-old vulnerabilities in an ES&S ballot tabulator that has been used in elections in more than half of the states. In light of these issues, some of the election tech manufacturers are trying to change course, and ES&S is the most public about its efforts. With the country gearing up for the 2020 presidential election, the company has revamped its security testing procedures, putting together a plan to let penetration testers from both the public and private sector evaluate the safety of its systems. Furthermore, ES&S and its competitors are communicating in an unprecedented way about committing to a certain level of standards that can lift the entire industry to a better security baseline.

National: DHS is pushing cybersecurity support to presidential campaigns | The Washington Post

The Department of Homeland Security is offering to help test and improve the cybersecurity of Democratic presidential campaigns — and this time, these services are getting a lot of interest. “We haven’t had anyone decline to have a call with us or not be excited about the resources we’re offering or the support or services,” DHS senior adviser on election security Matt Masterson said of offers to the crowded field of 2020 candidates, during a panel discussion at the Atlantic Council’s International Conference on Cyber Engagement. That’s a far better reception than ahead of the 2018 midterms, when state election officials broadly rejected DHS’s offer to help with their cybersecurity early in the Trump administration. Despite the Russian hacking and influence operation that upended the presidential election, state officials were concerned DHS aid could lead to a federal takeover of election administration and were angered by the department’s slow pace sharing information about Russia’s 2016 hacking attempts. It was well into 2017 before some states changed their tune and began working with DHS on girding their election systems against hacking from Russia and elsewhere in the midterm elections. Now, the acceptance of free help from DHS is a sign the campaigns and states are getting on the same page as the federal government about the need for security to protect both voter information and the integrity of the vote.

National: Trump, GOP Won’t Act on Election Interference Warnings | RealClearPolitics

Foreign powers and domestic disruptors are already interfering in next year’s presidential and congressional elections and this week we learned what the likely response of the Trump re-election campaign will be: bring it on. Two prominent Trump associates — Rudy Giuliani and Jared Kushner — both dismissed the impact of Russia’s interference in the 2016 election, essentially telling those currently seeking to sow disinformation, “Come on in, fellas, no big deal.” What Special Counsel Robert Mueller characterized in his findings as a “sweeping and systematic” effort by the Russian government to interfere, and help elect Trump, was “a couple Facebook ads,” Kushner said Tuesday, adding that the investigation itself — into a foreign attack on this nation’s electoral process — had done more damage to democracy. To Rudy, “there’s nothing wrong” with accepting help from a hostile foreign power. Some characterized Kushner’s comments as unpatriotic, even treasonous. What they were, at best, was irresponsible. They were also false. According to the Mueller Report, by Election Day the Russian government was spending more than $1 million per month on its campaign and, by Facebook’s account, reaching one-third of the U.S. population. The very hour that Kushner spoke at the Time 100 Summit, NBC was reporting that Twitter had removed 5,000 accounts of bots attacking the Mueller investigation as the “Russiagate hoax.” They weren’t Russian bots but ones connected to a pro-Saudi social media operation that formerly went under the name Arabian Veritas, which had claimed to be “an initiative that aims to spread the truth about Saudi Arabia and the Middle East through social engagement.”

National: Cybersecurity proposal pits cyber pros against campaign finance hawks | The Washington Post

The Federal Election Commission could decide today whether nonpartisan groups can offer political campaigns free cybersecurity services, an issue that has made bedfellows of Republicans and Democrats but divided cyber pros and campaign finance hawks. The proposal’s authors, Hillary Clinton’s 2016 campaign manager Robby Mook and Mitt Romney’s 2012 campaign manager Matt Rhoades, come to the issue from bitter experience. The Romney campaign was targeted by Chinese hackers, and Clinton’s campaign was upended by a Russian hacking and disinformation operation aimed at helping  Donald Trump. The bipartisan duo want to help presidential and congressional campaigns steer clear of similar hacking operations by allowing nonprofits to provide cybersecurity free of charge. But first they need the FEC to say those services don’t amount to an illegal campaign contribution. “This is warfare,” Mook told FEC commissioners during a review of the proposal April 11. “People are trying to disrupt our democracy.” The plan is a hit with many cybersecurity pros who say campaigns aren’t equipped to defend themselves against sophisticated, government-backed hacking operations from Russia and China, and think this might level the playing field.