If election security is an engineering problem, the Defense Advanced Research Projects Agency is heading to the right place to solve it. The Pentagon’s blue skies projects agency is taking its System Security Integrated Through Hardware and Firmware (SSITH) to the 2019 DEF CON hacking conference to demonstrate its capabilities before the dark lords and apprentices of the underground community. SSITH will be on display as part of the conference’s Voting Village, where researchers will explore what can and cannot be done to interfere with voting machines and, by extension, elections. “We expect the voting booth demonstrator to provide tools, concepts and ideas that the election enterprise can use to increase security; however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices and beyond,” said Dr. Linton Salmon, the program manager leading SSITH, in a release from DARPA. DARPA sees securing faith in the literal machinery of elections as a national security issue. To prove that faith in the security systems is warranted, they have prepped the “SSITH voting system demonstrator,” with processors mounted on programmable arrays and installed in a ballot box. To get to the system, hackers can enter via either an Ethernet port or a USB port, loading software to try and get past the system’s hardware gatekeeping and security functions.Full Article: DARPA wants help cracking the election security problem.
National: Experts’ Views On NSA Launching New Cyber-Security Directorate | Sophanith Song/The Organization for World Peace
The National Security Agency (NSA) has announced its intention to create “cybersecurity directorate” in order to defend against foreign cyber interference. The cyber defense arm launch date is currently set to be this fall. According to the NSA, Anne Neuberger, who is currently the Director’s Senior Advisor, will be leading the Cybersecurity Directorate. The advisor also used to serve as NSA assistant deputy director of operations, chief risk officer and head of the NSA/US Cybercom Election Security Small Group that involved in working to prevent foreign interference with 2018 US midterm elections. The launch of this initiative was believed to be motivated by the upcoming 2020 general election. The NSA continued by stating that this approach to this cybersecurity objective will prepare the NSA in a suitable state to corporate with a key partner across the United States government such as the US Cyber Command, Department of Homeland Security and Federal Bureau of Investigation. The initiative will also prepare the NSA to easily share information with the customer with equipped security measure against malicious attacks. According to the Wall Street Journal, the NSA recently concur with a “broader fusion” of intelligence agency’s offensive and defensive portfolio.Full Article: Experts' Views On NSA Launching New Cyber-Security Directorate - The Organization for World Peace.
While House Democrats are haggling over whether to consider impeachment of President Donald Trump, Senate Democrats are focusing on a different angle in former special counsel Robert Mueller’s report — securing future elections from foreign interference. Democrats have tried to pass several election security bills in recent weeks only to have them blocked by Republicans, who say they are partisan or unnecessary. The federal government has stepped up its efforts to secure elections since Russians intervened in the 2016 presidential election, but Democrats say much more is needed, given ongoing threats from Russia and other countries. Senate Majority Leader Mitch McConnell has seethed in response to criticism over the issue, including some Democrats’ new moniker for him: “Moscow Mitch.” In an angry floor speech on Monday, he noted that Congress has already passed some bills on the subject, including ones that give money to the states to try to fix security problems. McConnell also left the door open to additional action, saying “I’m sure all of us will be open to discussing further steps.” Senate Minority Leader Chuck Schumer predicted that Democrats’ “relentless pushing” will work. “We’re forcing his hand,” Schumer said. The top Democrat on the Senate intelligence committee, Virginia Sen. Mark Warner, said Thursday that he’s “much more optimistic than even 10 days ago” that the Senate will ultimately pass something on election security. Warner said he believes that in his home state, at least, the issue “has broken through” with voters more than other aspects of Mueller’s probe. But action will have to wait until at least September, with senators having scattered from Washington for the summer recess.Full Article: AP Explains: Congress' fight over election security bills - Fairfield Citizen.
National: Inside the DEF CON hacker conference’s election security-focused Voting Village | Joe Uchill/Axios
The DEF CON hacker conference’s Voting Village event has become a testing ground for our national debate over voting security, referenced by Senate reports, several congressmen and even a presidential candidate (albeit incorrectly, see below). This year’s version, happening next week, comes with some upgrades. The big picture: Now in its third year, the event is traditionally one of the only places where many security researchers get a chance to audit the security of election systems.
Background: Voting Village burst onto the scene in 2017, when it took hackers only a matter of minutes to discover serious problems with machines. That was despite it being the first time many of the hackers had seen the systems.Full Article: Inside the DEF CON hacker conference's election security-focused Voting Village - Axios.
Mitch McConnell rarely budges in the face of political pressure. But Chuck Schumer thinks election security is an exception. The Senate minority leader predicted on Thursday that the majority leader will buckle and take up federal election security, a once-bipartisan issue. But though Democrats have continued their push in the House and Senate, McConnell (R-Ky.) has thus far resisted. “I predict that the pressure will continue to mount on Republican senators, especially Leader McConnell, and they will be forced to join us and take meaningful action on election security this fall,” Schumer said. “My prediction is our relentless push is going to produce results.” Though McConnell rarely rethinks opposition to legislation, he did allow criminal justice reform legislation on the Senate floor last year that he initially declined to take up. But that pressure came from President Donald Trump, not the party trying to oust him as majority leader.Full Article: Schumer predicts McConnell will take up election security - POLITICO.
National: DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking | Kelly Jackson Higgins/Dark Reading
US Defense Advanced Research Projects Agency (DARPA) researchers will set up three new smart electronic ballot-box prototypes at DEF CON’s famed Voting Village next week in Las Vegas, but they won’t be challenging hackers at the convention to crack them: They’ll be helping them do so. “We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices],” explains Daniel Zimmerman, principal researcher with Galois, a DARPA contractor working on the project. “We’re not daring them but actually helping them break this.” DARPA’s smart ballot box is the Defense Department agency’s prototype, featuring a secure, open source hardware platform that could be used not only in voting platforms, but also in military systems. It’s part of a broader DARPA project called System Security Integrated Through Hardware and Firmware (SSITH), which is developing hardware security architectures and tools that are better protected from hardware vulnerabilities exploited in software. DARPA ultimately hopes to build secure chip-level processors that thwart hardware hacks as well as software-borne attacks.Full Article: DARPA to Bring its Smart Ballot Boxes to DEF CON ....
National: Will A Trump Trade Move Create An Election Mess For Overseas U.S. Voters? | Tierney Sneed/TPM
The Trump administration has supported plenty of moves to make it harder to vote. But an under-the-radar action President Trump took last year, as part of his trade war with China, may be a case of him just stumbling into that outcome, election experts fear. Trump is threatening to withdraw from the international body that oversees global mail delivery, putting at risk the stability and reliability of the current system of sending and receiving mail internationally. Any disruption to the international postal service, voter advocates say, could make an already difficult process of casting ballots for Americans abroad even more complicated. Among those who stand to be affected are members of the military overseas, whose ability to vote while serving their country has always been a politically sensitive issue.Full Article: Will A Trump Trade Move Create An Election Mess For Overseas U.S. Voters? | Talking Points Memo.
National: Senator Feinstein introduces bill limiting use of voter data by political campaigns | Emily Birnbaum/The Hill
Sen. Diane Feinstein (D-Calif.) introduced a bill on Wednesday that would limit the use of voter data by political campaigns. The legislation is being touted as the first bill “directly responding to Cambridge Analytica,” the 2018 scandal that saw a right-wing political consulting firm use data on millions of American to target pro-Trump messaging at swing voters. Feinstein’s Voter Privacy Act seeks to give voters more control over the data collected on them by political campaigns and organizations. Under the legislation, voters would be allowed to access that data, ask political campaigns to delete it and instruct social media platforms like Google and Facebook to stop sharing personal data with those political entities. The legislation would intervene in the large and growing business around voter data, which campaigns increasingly use to direct their messaging.Full Article: Democratic senator introduces bill limiting use of voter data by political campaigns | TheHill.
National: Activists to Congress: Secure Elections or Risk a Repeat of 2016 | Gabriella Novello/WhoWhatWhy
The 2020 election could be vulnerable to another attack by hostile foreign actors if Senate Majority Leader Mitch McConnell (R-KY) continues to block election security legislation. Election integrity activists are urging Congress to take action after a bombshell report by the Senate Intelligence Committee found widespread attacks by the Russian government in the 2016 election. The Senate report detailed Russia’s far-reaching efforts to destabilize US democracy and get Donald Trump elected. Although the committee saw no evidence indicating that Russia had changed the actual vote tallies in the 2016 election, Vladimir Putin’s regime targeted all 50 states by researching “general election-related web pages, voter ID information, election system software, and election service companies.” Democrats in Washington have reached a roadblock in the Senate that has election integrity experts and grassroots organizers worried about its implications for 2020. Marian Schneider, president of Verified Voting, told WhoWhatWhy that the report proves that there can no longer be a dispute as to whether Russia actually interfered in the 2016 election.Full Article: Activists to Congress: Secure Elections or Risk a Repeat of 2016 - WhoWhatWhy.
National: A high-level Senate report confirms it: Our elections still aren’t safe | Michael McFaul/The Washington Post
In his congressional testimony last week, former special counsel Robert S. Mueller III once again confirmed the seriousness of Moscow’s attack on our democracy in the 2016 presidential election. Yet that wasn’t even the most important news for those of us who track Russian election interference. The Senate Intelligence Committee has just published the first section of its report on Russian efforts to influence the election. The bipartisan panel’s report has made headlines by showing that the Russians probably targeted elections systems in all 50 states in 2016. That calculated operation was designed not only to help Trump but also to undermine American democracy more generally. You’d think this report would give President Trump and Senate Majority Leader Mitch McConnell (R-Ky.) the perfect reason to support new legislation designed to enhance the security of our elections infrastructure in 2020. As the bipartisan report makes evident, enhancing cybersecurity for our election infrastructure is not a partisan issue — it’s an issue of national security. Department of Homeland Security representatives told the committee “there wasn’t a clear red state-blue state-purple state, more electoral votes, less electoral votes” pattern. So far, though, there is little sign that Trump and McConnell are paying attention.Full Article: A high-level Senate report confirms it: Our elections still aren’t safe - The Washington Post.
National: Mitch McConnell just made sure election security will be key Senate campaign issue | Joseph Marks/The Washington Post
Senate Majority Leader Mitch McConnell, R-Ky., smacked back at critics who have accused him of leaving the 2020 election vulnerable to Russian hackers, accusing them of “modern-day McCarthyism.” McConnell offered an impassioned 25-minute defense of his election security record on the Senate floor as Democrats accuse him of consistently blocking their bills from coming up to a vote. “I’m not going to let Democrats and their water carriers in the media use Russia’s attack on our democracy as a Trojan horse for partisan wish list items that would not actually make our elections any safer,” McConnell said. “I’m not going to do that.” His stance ensures that election security will play a major role in Senate campaigns that are ramping up now — and Democrats are already seizing the moment to make McConnell look like the face of obstruction. Within minutes of the speech, Amy McGrath, a Kentucky Democrat and retired Marine lieutenant colonel who’s seeking McConnell’s seat, slammed the majority leader on Twitter. McGrath rattled off a list of election security provisions Democrats have sought to mandate, such as paper ballots and security audits for voting machines before asking: “Tell me again how that is partisan, @senatemajldr? Oh right, you can’t.”Full Article: The Cybersecurity 202: Mitch McConnell just made sure election security will be key Senate campaign issue - The Washington Post.
National: Our lax cybersecurity risks our elections and our data. We need solutions | Andrew Grotto/CNN
Our national discussions about cybersecurity and privacy follow a frustrating pattern: a headline-grabbing incident like the recent Capital One breach occurs, Congress wrings its hands and policymakers more or less move on. So it is no surprise cybersecurity hasn’t been much of a focus as the race to the 2020 presidential election heats up. The issue is here to stay, and it should be debated by the candidates. Here are some concrete ideas that would significantly improve the safety and security of the nation — but require presidential leadership if they are to come to fruition. The candidates have been justifiably outraged over Senate Majority Leader Mitch McConnell’s stonewalling on election security legislation that would direct resources and expertise to state and local governments to help modernize election systems and implement paper-based backups for electronic voting, among other improvements. As Special Counsel Robert Mueller warned in Congressional hearings last week, the Russians and other bad actors will undoubtedly attempt to threaten the integrity of the 2020 election. This is no time to stand pat — Congress should pass — and the President should sign — legislation on election security before the 2020 election, not after.Full Article: Our lax cybersecurity risks our elections and our data. We need solutions - CNN.
National: Democrats take another stab at preventing foreign election interference | Maggie Miller/The Hill
House Democrats introduced legislation Tuesday that would require campaigns to report any foreign contacts to federal authorities, the latest push for election security following last week’s warnings from former special counsel Robert Mueller. The measure — sponsored by Democratic Reps. Elissa Slotkin (Mich.), Lauren Underwood (Ill.), and Jason Crow (Colo.) — would mandate federal campaigns to inform the FBI and Federal Election Commission about any foreign contacts who attempt to donate funds or assist a candidate. Campaigns would also be required to implement a “compliance system” to monitor communication with those foreign contacts. “Guarding our country against another attack on our political system should not be a partisan issue — it is a national security issue and it’s an American issue,” Slotkin said in a statement. The bill will be referred to the House Administration Committee.Full Article: Democrats take another stab at preventing foreign election interference | TheHill.
One week after Robert Mueller’s testimony shined a spotlight, once again, on election interference, Senate Majority Leader Mitch McConnell is feeling the heat. The leader turned heads on the Senate floor Monday as he rose to decry critics who have dubbed him “a Russian asset” and “Moscow Mitch” for stonewalling congressional measures to improve election security. And with momentum building in the House to formally start impeachment proceedings against President Trump, the pressure is unlikely to let up anytime soon. Focusing on election interference from 2016 is backwards thinking, though, at least according to Virginia Senator Mark Warner. With 2020 just around the corner, he tells WIRED—in an exclusive interview—that the upcoming election is where both parties need to direct their attention right now. As the top-ranking Democrat on the Senate Intelligence Committee, Warner has long been a vocal proponent of new legislation to strengthen election protections, such as the Honest Ad Act, which would compel Silicon Valley firms to disclose when political ads are paid for by a foreign nation. He’s also behind a bill that would require campaigns to alert federal officials if they’re approached by a foreign operative offering information or other assistance. Both bills have bipartisan support—Senator Susan Collins became the first Republican to cosponsor the Foreign Influence Reporting in Elections Act earlier this week.Full Article: Russia Is Going to Up Its Game for the 2020 Elections | WIRED.
National: Why is Mitch McConnell blocking election security bills? Good question. | Amber Phillips/The Washington Post
As President Trump’s own FBI director warns that Russians are planning to try to undermine American democracy in the next presidential election, Republican lawmakers led by Senate Majority Leader Mitch McConnell (Ky.) are blocking bills aimed at blocking foreign hackers from states’ voting systems. Why? Republicans have policy objections to the legislation, but it seems clear that politics is at the forefront of McConnell’s decision-making. Specifically, the politics of pleasing Trump. Trump is so sensitive to findings that Russians tried to help him win in 2016 that a Cabinet secretary was warned against briefing him on it. He’s repeatedly sided with Russian President Vladimir Putin over his own intelligence community about whether Russians interfered. He’s said he might accept foreign help in his 2020 reelection. And last month, he made light of it all when he mock-scolded Putin in front of cameras. “Don’t meddle in the election,” he said, waving a finger and wearing a smile. That puts McConnell in a tough spot: Pass legislation, which election security experts say is needed, and risk sparking the president’s ire, or block the legislation — and risk increased Russia election interference and public ridicule.Full Article: Why is Mitch McConnell blocking election security bills? Good question. - The Washington Post.
National: ‘Moscow Mitch’ Tag Enrages McConnell and Squeezes G.O.P. on Election Security | Carl Hulse/The New York Times
Senator Mitch McConnell is usually impervious to criticism, even celebrating the nasty nicknames critics bestow on him. But Mr. McConnell, the Senate majority leader, is incensed by the name “Moscow Mitch,” and even more miffed that he has been called a “Russian asset” by critics who accuse him of single-handedly blocking stronger election security measures after Russia’s interference in 2016. Democrats had been making the case for months, but it was supercharged last week by the testimony of Robert S. Mueller III, the former special counsel, who told the House Intelligence Committee that the Russians were back at it “as we sit here.” Mr. McConnell cites several reasons for his opposition — a longstanding resistance to federal control over state elections, newly enacted security improvements that were shown to have worked in the 2018 voting and his suspicion that Democrats are trying to gain partisan advantage with a host of proposals. Republican colleagues say that Mr. McConnell, a longtime foe of tougher campaign finance restrictions and disclosure requirements, is leery of even entering into legislative negotiation that could touch on fund-raising and campaign spending.Full Article: ‘Moscow Mitch’ Tag Enrages McConnell and Squeezes G.O.P. on Election Security - The New York Times.
Foreign interference is still an ongoing threat to state and local election security and can only be guarded against through increased federal assistance, warns a recently published report.
Defending Elections, published by the Brennan Center for Justice, claims that state and local governments are on the “front line” of a “cyberwar” with foreign actors and hackers.
Ever since the 2016 Russian intrusion into the U.S. presidential election, concern over voting system integrity has been a top priority for officials at all levels of government as well as the American public. With recent news that Russia’s efforts were far more extensive than initially believed, it isn’t hard to see why states are looking to bolster their cybersecurity.
For years, one of the biggest programs to increase election security has been the Help America Vote Act (HAVA), a George W. Bush-era federal law which last year provided $380 million in federal grant funding to assist with election security for state and local governments.
States spent only around 8 percent of this funding during the 2018 elections, but are on track to spend the vast majority of it during 2020, according to The Washington Post.
HAVA, which has been providing assistance since 2002, still does not do enough to satisfy the actual security needs of most states, according to the new report.
Many state and local governments have “substantial election security needs that likely will not be met absent additional federal support,” according to the report. It further concludes that these governments are “ill equipped to defend themselves against the sophisticated, well-resourced intelligence agencies of foreign governments.”
Those foreign governments may include Russia, China and Iran, according to Trump officials, who feel that a whole host of countries may attempt to inject their influence into the 2020 presidential election.
The Brennan report looks at the needs of a representative sample of states, including Alabama, Arizona, Oklahoma, Illinois, Louisiana and Pennsylvania; detailing the federal allocations they received last year, and the areas that will still need further investment.
Arizona, for example, received over $7 million in funds from the federal grant in 2018, the bulk of which went toward investing in cybersecurity, including an IT infrastructure security assessment and increased inter-agency information sharing. The funds were also used to help replace the state’s voter registration database.
However, the state ultimately needs further investment to replace its legacy voting systems, which many experts consider to be a liability due to their use of outdated software that may not receive consistent security patches.
Other states, like Oklahoma, spent millions in federal funding to upgrade their voter registration databases and security, as well as on new election system equipment and cybersecurity training. However, more funding is needed to ensure post-election audits, as well as upgrades to voting equipment and the state’s voter registration virtual private network.
For many states, like Pennsylvania, further investment is needed in basic cybersecurity assessments and trainings, which give elections staff the skills necessary to identify vulnerabilities and avoid spear-phishing campaigns.
“While the 2018 grant provides necessary funding for foundational election security projects, some of which will directly benefit local officials, it is simply not enough to also pay for projects that would provide or subsidize cyber services and more secure voting equipment to local election officials,” the report reads finally.
“States should not be expected to defend against such attacks alone,” the report concludes. “Our federal government should work to provide the states with the resources they need to harden their infrastructure against cybersecurity threats.”
Full Article: Election Security Needs Increased Federal Investment.Full Article: Election Security Needs Increased Federal Investment.
National: States Rush to Make Voting Systems More Secure as New Threats Emerge | David E. Sanger, Reid J. Epstein and Michael Wines/The New York Times
Amid growing warnings about the security of American voting systems, many states are rushing to address vulnerabilities exposed by the 2016 election, even as intelligence officials worry they are fighting the last battle and are not sufficiently focused on a new generation of threats headed into 2020. Delaware has replaced its voting machines to assure paper backup that would provide a record in case of a breach. South Carolina’s State Election Commission said this month that it would introduce a paper-based voting system in January and planned to “build additional layers of security designed to harden the new system.” Yet Florida, home of the United States’ best-known presidential balloting problems, like hanging chads in 2000 and still mysterious Russian activity in 2016, once again seems far behind. And the fear among American intelligence officials is that the federal government and the 50 states may be making the classic mistake of believing their adversaries will use the same techniques again. “No one expects the Russians will use their old playbook” in the next election, said Suzanne Spaulding, who oversaw election security at the Department of Homeland Security during the Obama administration and is now looking at how Russia is expanding its targets to undermine confidence in the American judicial system.
National: Has Congress already missed its chance to strengthen election security ahead of 2020? | Bryan Lowry/The Kansas City Star
Congress may have already missed its window to shore up state election systems against foreign cyber-attacks ahead of the 2020 election. Former Special Counsel Robert Mueller’s testimony this week on his investigation into Russia’s role in the 2016 election has reignited calls for the passage of a bipartisan election security bill. But Republican Senate leaders have balked at approving any such measure prior to 2020. GOP leadership said Mueller’s testimony did little to persuade them of the need for legislation. Moreover, one of the only GOP lawmakers pushing election security reforms on Capitol Hill said states have effectively run out of time to implement changes ahead of the next presidential election. Sen. James Lankford, R-Oklahoma, told reporters Thursday that Congress should shift its focus to the 2022 mid-term election. “I’ve had folks say we need to hurry and get money out the door so they can buy new systems, that’s not going to happen for 2020. There’s no way to do it for 2020 because you can’t buy the equipment, get it in, test it, evaluate it, train your volunteers on it when the first primary is six months away,” Lankford said. “The discussion now is not about 2020. That’s already resolved. They’re not going to add new stuff unless it’s already currently in the pipeline. It’s really 2022 at this point.”Full Article: GOP leaders block election security bills after Mueller. | The Kansas City Star.
National: State election offices made for an easy target for Russian hackers | Andrew Eversden/Fifth Domain
In the months before the 2016 presidential election, one U.S. state received a notification from a federally-backed cybersecurity group, warning about suspicious cyber activity directed at its networks. The state IT officials did not share the alert with other state government leaders and as late at January 2018, the same officials reported nothing “irregular, inconsistent, or suspicious” took place before the vote. In fact, GRU, Russia’s military intelligence agency, had scanned one of the state’s “election-related” domains, according to a new Senate report. In another state, leaders did not turn over to the Senate which of its systems had been targeted by Russians. Officials told Senate investigators they hadn’t seen evidence of scanning or attacks on its election infrastructure. Instead, they told the committee that they had seen a “probing” of its state systems. Again, DHS told the committee that GRU had scanned the state’s Secretary of State website. And in a third state, officials told Senate investigators they had not noticed a connection between their systems and the IP addresses listed in a warning from the federal government. And again, DHS told the committee that GRU scanned the state’s government domain.Full Article: State election offices made for an easy target for Russian hackers.