National

National: Top Republican says Senate unlikely to vote on any election security bills | Maggie Miller/The Hill

Sen. Roy Blunt (R-Mo.), a member of Senate GOP leadership, said Wednesday that the chamber is unlikely to vote on any election security legislation, despite requests from a federal agency for more funding to improve election systems nationwide. Blunt made the remarks at a Senate Rules Committee hearing where Election Assistance Commission (EAC) officials highlighted what they said is an urgent need for more resources. His comments were in response to Senate Minority Whip Dick Durbin (D-Ill.) pointedly asking during the hearing whether the Rules Committee, chaired by Blunt, would mark up any election security bills already introduced this Congress. “At this point I don’t see any likelihood that those bills would get to the floor if we mark them up,” Blunt said. When Durbin asked why that was the case, Blunt said, “I think the majority leader is of the view that this debate reaches no conclusion. And frankly, I think the extreme nature of H.R. 1 from the House makes it even less likely we are going to have that debate.”

Full Article: Top Republican says Senate unlikely to vote on any election security bills | TheHill.

National: Americans may vote in 2020 using old, unsecured machines | Gopal Ratnam/Roll Call

The first primary in the 2020 presidential race is a little more than 250 days away, but lawmakers and experts worry that elections will be held on voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results. Although states want to upgrade their voting systems, they don’t have the money to do so, election officials told lawmakers last week. Overhauling the nation’s election systems would mean injecting as much as $1 billion in federal grants that would then be supplemented by states, but top Senate Republicans have said they are unlikely to take up any election security bills or give more money to the states. The deadlock could mean that even as federal government and private companies spend tens of billions of cybersecurity dollars annually to protect their computers and networks from attacks, the cornerstone of American democracy could remain vulnerable in the upcoming elections.

Full Article: Americans may vote in 2020 using old, unsecured machines.

National: EAC rattles the cup on Capitol Hill | Derek B. Johnson/FCW

For the first time in nearly a decade, the Election Assistance Commission has a full slate of commissioners in place. Now, with the agency sitting at the center of several key election security debates, they’re asking Congress to make their budget whole too. At a May 15 Senate Rules Committee hearing, Christy McCormick, who chairs the EAC, said the commission is at “a critical crossroads with regard to having sufficient resources necessary to better support state and local election administrators and the voters they serve” and asked members of Congress for more funding. “With additional resources, the EAC would have the opportunity to fund additional election security activities within its election technology program,” said McCormick. There is no shortage of ambition at EAC when it comes to supporting this work, but there is a stark shortage of funds for such activities.”

Full Article: EAC rattles the cup on Capitol Hill -- FCW.

National: EAC hires 2 tech experts for testing and certification program | Sean Lyngaas/CyberScoop

The U.S. Election Assistance Commission has added two experienced hands to its voting system certification program amid concerns it had a shortage of technical experts overseeing election infrastructure. The agency is staffing up its crucial certification program by hiring Jessica Bowers, a former executive at Dominion Voting Systems, one of the country’s three largest voting system vendors, and Paul Aumayr, a former Maryland election official. Both new hires will work as senior election technology specialists. In an email announcement to staff obtained by CyberScoop, EAC Executive Director Brian Newby touted Bowers and Aumayr’s technical acumen. Bowers has “over 18 years of software development and product support experience,” while Aumayr is a “Microsoft-certified systems engineer,” Newby wrote.

Full Article: Election commission hires 2 tech experts for testing and certification program.

National: Here’s how the military’s hacking arm is gearing up to protect the 2020 election |The Washington Post

Russia viewed the midterm elections as a “warm-up” for 2020. The U.S. military’s hacking division is treating it that way, too. In the run-up to the presidential election, U.S. Cyber Command is surging election defense efforts that proved useful during the midterms, officials told reporters Tuesday — including probing allies’ computer networks to glean insights about Russian threats. Cybercom is also working more closely with election defense teams at the Department of Homeland Security and the FBI, and with industry sectors that are targeted by Kremlin hackers and might have early warnings about threats facing the election, my colleague Ellen Nakashima reported from that briefing. “Our goal is to have no interference in our elections,” said Maj. Gen. Tim Haugh, who heads the command’s cyber national mission force. “Ideally, no foreign actor is going to target our electoral process.” Cybercom is the only outfit among the myriad federal state and local government agencies tasked with protecting the 2020 election that is allowed to punch back against Russian hackers — and it’s using its new authorities granted during the Trump administration to be more aggressive in cyberspace.

Full Article: The Cybersecurity 202: Here's how the military’s hacking arm is gearing up to protect the 2020 election - The Washington Post.

National: Report: U.S. political parties need to shore up cyber | Derek B. Johnson/FCW

Three years after the 2016 election, major political parties in the U.S. are still displaying sloppy digital security practices, according to a report from Security Scorecard. In new research released May 21, the company found vulnerabilities for the public facing, internet-connected digital assets of two major political parties. The Green Party and the Libertarian Party websites also displayed weaknesses. Vulnerabilities range from smaller sins like serving expired security certificates and sending unencrypted data to larger ones like leaking personally identifiable information and failing to put in place anti-spoofing protocols. In one case, an unnamed U.S. party was caught leaking data from a voting validation application containing the names, dates of birth and addresses of voters to the internet.

Full Article: Report: U.S. political parties need to shore up cyber -- FCW.

National: The vote-by-phone tech trend is scaring the life out of security experts | Eric Halper/Los Angeles Times

With their playbook for pushing government boundaries as a guide, some Silicon Valley investors are nudging election officials toward an innovation that prominent coders and cryptographers warn is downright dangerous for democracy. Voting by phone could be coming soon to an election near you. As seasoned disruptors of the status quo, tech pioneers have proven persuasive in selling the idea, even as the National Academies of Science, Engineering and Medicine specifically warn against any such experiment. The fight over mobile voting pits technologists who warn about the risks of entrusting voting to apps and cellphones against others who see internet voting as the only hope for getting most Americans to consistently participate on election day. “There are so many things that could go wrong,” said Marian Schneider, president of Verified Voting, a coalition of computer scientists and government transparency advocates pushing for more-secure elections. “It is an odd time for this to be gaining momentum.”

Full Article: The vote-by-phone tech trend is scaring the life out of security experts - Los Angeles Times.

National: In Congressional Hearing, Election Officials Appear United Yet Divided on Security | Graham Vyse/Governing

Jocelyn Benson and John Merrill are a political odd couple. She’s a Michigan Democrat who backed Hillary Clinton, and he’s a Donald Trump supporter who represents Alabama. But both are secretaries of state, and when they testified side-by-side before Congress on Wednesday — she in a blue dress and he in a red tie — they repeatedly insisted they were friends ready to work together to strengthen the nation’s voting system. Benson and Merrill called on the federal government to provide more funding and resources for states and localities to address the issue. This weekend, they’re leading 18 other secretaries of state on a voting-rights history tour of Alabama with the hope of inspiring further bipartisan collaboration. “It’s the first time in our country’s history where you’ve got the chief election officers collectively, Democrats and Republicans, going to Selma to walk across the Edmund Pettus Bridge together,” Benson told Governing. The question is whether the secretaries can bridge enough of their differences to unite around federal legislation to improve election security. Benson and Merrill appeared alongside cybersecurity experts before the U.S. Committee on House Administration this week, more than two years after Russia’s cyberattack on American election systems during the 2016 presidential campaign.

Full Article: In Congressional Hearing, Election Officials Appear United Yet Divided on Security.

National: After Russian Election Interference, Americans Are Losing Faith in Elections | Susan Milligan/US News

As lawmakers, state elections officials and social media executives work to limit intervention in the 2020 elections by Russia and other foreign operatives, an unsettling truth is emerging. Vladimir Putin may already be succeeding. The troubling disclosures of Russian meddling in the 2016 campaign – “sweeping and systematic,” special counsel Robert Mueller concluded in his report on the matter – have policymakers on guard for what intelligence officials say is a continuing campaign by Russia to influence American elections. But even if voting machines in all jurisdictions are secured against hacking and social media sites are scrubbed of fake stories posted by Russian bots, the damage may already have been done, experts warn, as Americans’ faith in the credibility of the nation’s elections falters.

Full Article: After Russian Election Interference, Americans Are Losing Faith in Elections | The Civic Report | US News.

National: House Democrats reintroduce bill to protect elections from cyberattacks | Maggie Miller/The Hill

House Democratic chairmen on Friday reintroduced a bill to protect U.S. election systems against cyberattacks, including requiring President Trump to produce a “national strategy for protecting democratic institutions.” The Election Security Act is aimed at reducing risks posed by cyberattacks by foreign entities or other actors against U.S. election systems. The national strategy from President Trump would “protect against cyber attacks, influence operations, disinformation campaigns, and other activities that could undermine the security and integrity of United States democratic institutions.”

Full Article: House Dems reintroduce bill to protect elections from cyberattacks | TheHill.

National: House Administration Committee to make election security a ‘primary focus’ | TRegina Zilbermintshe Hill

The secretaries of state of Michigan and Alabama went before the House Administration Committee Wednesday to advocate for more federal resources to secure election systems against cyber attacks and committee leaders vowed to make the issue a “primary focus.” “Federal action is needed now to grasp the scope of the problem and to innovate concrete solutions that can be implemented before the next federal election cycle in 2020,” House Administration Committee Chairwoman Zoe Lofgren (D-Calif.) said at the hearing on election security. 

Full Article: House Administration Committee to make election security a 'primary focus' | TheHill.

National: Election commission names new lead for testing and certifying voting systems | Sean Lyngaas/CyberScoop

The federal Election Assistance Commission has appointed Jerome Lovato, a former Colorado state election official, as head of the commission’s program for testing and certifying voting systems, according to a commission email obtained by CyberScoop. Lovato replaces Ryan Macias, who was filling the role in an acting capacity and will step down this month. The crucial EAC program works with the country’s top voting equipment vendors to certify and decertify voting system hardware and software. 

Full Article: Election commission names new lead for testing and certifying voting systems.

National: Microsoft offers software tools to secure elections | Associated Press

Microsoft has announced an ambitious effort to make voting secure, verifiable and subject to reliable audits by registering ballots in encrypted form so they can be accurately and independently tracked long after they are cast. Two of the three top U.S elections vendors have expressed interest in potentially incorporating the open-source software into their voting systems. The software is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA. Dubbed “ElectionGuard,” it will be available this summer, Microsoft says, with early prototypes ready to pilot for next year’s U.S. general elections. CEO Satya Nadella announced the initiative Monday at a developer’s conference in Seattle, saying the software development kit would help “modernize all of the election infrastructure everywhere in the world.” Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems. Open-source software is inherently more secure because the underlying code is easily scrutinized by outside experts but has been shunned by the dominant vendors whose customers — the nation’s 10,000 election jurisdictions — are mostly strapped for cash. None offered bids when Travis County, Texas, home to Austin, sought to build a system with the “end-to-end” verification attributes that ElectionGuard promises to deliver. Two of the leading vendors, Election Systems & Software of Omaha, Nebraska, and Hart InterCivic of Austin, Texas, both expressed interest in partnering with Microsoft for ElectionGuard. A spokeswoman for a third vendor, Dominion Voting Systems of Denver, said the company looks forward to “learning more” about the initiative.

Full Article: Microsoft offers software tools to secure elections.

National: Democrats focus on election security, voting rights | McClatchy

Democratic leaders are launching a more aggressive push this month that could widen their probe of possible voter suppression into states other than those now under scrutiny, seeking to make it particularly less difficult for minority voters, who tend to vote Democratic, to go to the polls. House Oversight Committee Chairman Elijah Cummings told McClatchy he wants to “make sure we spend significant effort and time, perhaps even looking at even more states and seeing what they’re doing and shining a light on what they may be doing illegally or improperly to stop or hinder people from voting and having those votes counted.” Cummings was already planning to look at possible voter suppression in North Carolina, Georgia, Texas and Kansas. The Maryland Democrat did not name additional states. At the same time, congressional Democrats are stepping up pressure on Republicans to address election security lapses to prevent a repeat of Russian meddling in the 2016 election. The Russian interference, combined with allegations of voter suppression, erode confidence in the electoral system, Democrats argue, and if both are not addressed, voters could be discouraged from participating in the 2020 election. “This is my worry, that we have done very little now to correct the threat of Russian interference with our electoral system,” Cummings said, “which means that it might be that the only way this whole situation that we’re in is corrected is through the ballot, with people voting.”

Full Article: Democrats focus on election security, voting rights | McClatchy Washington Bureau.

National: U.S. Cyber Command Bolsters Allied Defenses to Impose Cost on Moscow | The New York Times

American officials are pushing ahead on efforts with allied nations to counter Russia’s interference in democratic elections and other malign activities, military cybercommanders said on Tuesday, an effort intended to allow the United States to better observe and counter Moscow’s newest cyberweapons. American officials deployed last year to Ukraine, Macedonia and Montenegro, and United States Cyber Command officials said that their missions included defending elections and uncovering information about Russia’s newest abilities. Cyber Command will continue some of those partnerships and expand its work to other countries under attack from Russia, officials said Tuesday. The deployments, officials said, are meant to impose costs on Moscow, to make Russia’s attempts to mount online operations in Europe and elsewhere more difficult and to potentially bog down Moscow’s operatives and degrade their ability to interfere in American elections. “We recognize and understand the importance of being in constant contact with the enemy in this space, especially below the level of armed conflict, so we can defend ourselves and we can impose costs,” Maj. Gen. Charles L. Moore, the director of operations for Cyber Command, said Tuesday. “That is it in a nutshell.” With new authorities from the White House, as well as congressional legislation that declared online operations a traditional military activity, Cyber Command stepped up its election defenses last year, allowing commanders to develop a strategy to engage American adversaries.

Full Article: U.S. Cyber Command Bolsters Allied Defenses to Impose Cost on Moscow - The New York Times.

National: Can open source help safeguard elections? | FCW

Lawmakers and policy experts are demonstrating increased interest in open source technology as a means to solving longstanding challenges and road blocks around election security. State and local governments rely on proprietary software and hardware from a small handful of private vendors to power their voting machines, voter registration systems and other technologies. Those vendors have historically been reluctant or unwilling to allow third-party audits of their products, and when outside researchers have gotten their hands on voting machines or probed commonly used software like voter registration systems, they’ve found extensive and worrying cybersecurity vulnerabilities in nearly every model. That reluctance has led to a number of projects that have sprouted up over the past year from organizations aiming to disrupt the status quo. One such organization, Voting Works, was created last year in partnership with the non-profit Center for Democracy and Technology and seeks to build “secure, usable, affordable and open-source voting machines” that will help to restore trust in the modern election system.

Full Article: Can open source help safeguard elections? -- FCW.

National: Limiting the cyber threat to elections infrastructure | GCN

Voter confidence in the integrity of elections is critical to a vibrant democracy. Recent cyberattacks by foreign state actors accompanied by disinformation campaigns aimed at U.S. voters have contributed to an erosion in the public’s trust of electoral results. But there’s another set of issues just as concerning: persistent, preventable “seams” or vulnerabilities in election system tools, processes and guidelines. E-voting machines are among the most prominent business technology solutions of the 21st century, yet they remain vulnerable to physical and data tampering and weaknesses in the chain of custody. In a 2012 study, the Argonne National Laboratory’s vulnerability assessment team discovered that attackers could exploit the integrity of an e-voting machine chassis with relative ease regardless of tamper-evident seals or locks. Data stored on e-voting machines was not encrypted, leaving it susceptible to interception, modification or deletion by an attacker. In the Argonne study, white-hat hackers used after-market wireless card adapters to intercept and alter communications exchanged between e-voting machines and the elections network infrastructure. The study concluded that successful tampering with just one in three voting machines is enough to change the outcome of an election.

Full Article: Limiting the cyber threat to elections infrastructure -- GCN.

National: What’s Russia still doing to interfere with U.S. politics — and what’s the U.S. doing about it? | The Washington Post

President Trump and Russian President Vladimir Putin spoke by phone Friday morning, covering, according to both sides, a wide range of issues. Included among them, according to a subsequent tweet from Trump, was the “Russian hoax” — apparently a reference to the recently concluded investigation into Russian interference in the 2016 election. It’s a bit uncertain, though: Trump regularly referred to the investigation as a hoax but has also repeatedly claimed that the idea that Russia interfered at all was questionable. The probe led by special counsel Robert S. Mueller III left little doubt about Russia’s role. Mueller obtained indictments against two dozen Russians for the two-pronged effort to steal and publish material from Democratic sources and to foster political divisions through events and on social media. Trump has long argued that the source of the hacking in particular was unknowable, reiterating shorthand allusions to his skepticism as recently as February.

TRUMP on whether he discussed election meddling with PUTIN:
“We discussed it. He actually sort of smiled when he said something to the effect that it started off as a mountain and it ended up being a mouse, but he knew that because he knew there was no collusion, whatsoever.” pic.twitter.com/qlEaWP6Eqy— JM Rieger (@RiegerReport) May 3, 2019

In an interview with Fox News on Thursday, Trump was asked whether he had spoken to Putin about Russia’s efforts to interfere in U.S. politics, an effort that Attorney General William P. Barr said in Senate testimony this week was ongoing. “I don’t think I’ve spoken to him about the 2020, but I certainly have told him you can’t do what you’re doing,” Trump said. “And I don’t believe they will be.”

Full Article: What’s Russia still doing to interfere with U.S. politics — and what’s the U.S. doing about it? - The Washington Post.

National: Sen. Klobuchar on Russian interference: Trump ‘makes it worse by calling it a hoax’ | The Washington Post

Sen. Amy Klobuchar (D-Minn.) on Sunday sharply criticized President Trump’s response to Russian interference in U.S. elections, saying that the president “makes it worse by calling it a hoax.” Trump had a lengthy phone call with Russian President Vladi­mir Putin on Friday. After being repeatedly asked by reporters whether he raised the issue of election interference or warned Putin not to do it again, Trump eventually acknowledged the issue, saying, “We didn’t discuss that.” Klobuchar, who is running for the 2020 Democratic presidential nomination, said Sunday that there is “ample evidence” that Trump is not concerned about the possibility that Russia may try to interfere in the next election. She accused Trump of dismissing the seriousness of the issue. “This was actually an invasion of our democracy, okay?” Klobuchar said on CNN’s “State of the Union.” U.S. national security officials have been preparing for Russian interference in 2020 by tracking cyberthreats, sharing intelligence about foreign disinformation efforts with social media companies and helping state election officials protect their systems against foreign manipulation. But Trump has repeatedly rebuffed warnings from senior aides about Russia and sought to play down the country’s potential to influence American politics.

Full Article: Sen. Klobuchar on Russian interference: Trump ‘makes it worse by calling it a hoax’ - The Washington Post.

National: Trips To Vegas And Chocolate-Covered Pretzels: Election Vendors Come Under Scrutiny | NPR

It is likely to be a banner year for the voting equipment industry with state and local election offices planning to spend hundreds of millions of dollars on new machines ahead of the 2020 election. This year’s purchases will probably amount to the biggest buying wave since right after the 2000 presidential election, when officials rushed to replace discredited punch card machines with touchscreen voting equipment. Those machines are rapidly aging and are being replaced with machines that leave a paper backup as a result of security concerns about purely electronic voting. The voting equipment purchases come at a time of increased scrutiny over the security and integrity of elections following Russia’s efforts to interfere in the 2016 election. Some states, such as Georgia, South Carolina and Delaware, are replacing all of their voting machines, while several other states, including California, Ohio and Pennsylvania, are replacing much of their equipment. About one quarter of voters live in the states doing most of the buying. The buying spree has also put a focus on the close ties between vendors and the government officials who buy their equipment. Advocacy groups and some politicians allege that vendors have unduly influenced the procurement process in many places, something the companies and election officials deny.

Full Article: With Major Contracts Ahead of 2020, Voting Machine Industry Comes Under Scrutiny : NPR.