National: ‘Online and vulnerable’: Experts find nearly three dozen U.S. voting systems connected to internet | Kevin Monahan, Cynthia McFadden and Didi Martinez/NBC

It was an assurance designed to bolster public confidence in the way America votes: Voting machines “are not connected to the internet.” Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security Jeanette Manfra said those words in 2017, testifying before Congress while she was responsible for the security of the nation’s voting system. So many government officials like Manfra have said the same thing over the last few years that it is commonly accepted as gospel by most Americans. Behind it is the notion that if voting systems are not online, hackers will have a harder time compromising them. But that is an overstatement, according to a team of 10 independent cybersecurity experts who specialize in voting systems and elections. While the voting machines themselves are not designed to be online, the larger voting systems in many states end up there, putting the voting process at risk. That team of election security experts say that last summer, they discovered some systems are, in fact, online. “We found over 35 [voting systems] had been left online and we’re still continuing to find more,” Kevin Skoglund, a senior technical advisor at the election security advocacy group National Election Defense Coalition, told NBC News.

National: How Close Did Russia Really Come to Hacking the 2016 Election? | Kim Zetter/Politico

On November 6, 2016, the Sunday before the presidential election that sent Donald Trump to the White House, a worker in the elections office in Durham County, North Carolina, encountered a problem. There appeared to be an issue with a crucial bit of software that handled the county’s list of eligible voters. To prepare for Election Day, staff members needed to load the voter data from a county computer onto 227 USB flash drives, which would then be inserted into laptops that precinct workers would use to check in voters. The laptops would serve as electronic poll books, cross-checking each voter as he or she arrived at the polls. The problem was, it was taking eight to 10 times longer than normal for the software to copy the data to the flash drives, an unusually long time that was jeopardizing efforts to get ready for the election. When the problem persisted into Monday, just one day before the election, the county worker contacted VR Systems, the Florida company that made the software used on the county’s computer and on the poll book laptops. Apparently unable to resolve the issue by phone or email, one of the company’s employees accessed the county’s computer remotely to troubleshoot. It’s not clear whether the glitch got resolved—Durham County would not answer questions from POLITICO about the issue—but the laptops were ready to use when voting started Tuesday morning. Almost immediately, though, a number of them exhibited problems. Some crashed or froze. Others indicated that voters had already voted when they hadn’t. Others displayed an alert saying voters had to show ID before they could vote, even though a recent court case in North Carolina had made that unnecessary.

Pennsylvania: These Two Lawsuits Could Force Philadelphia to Purchase New Voting Machines | David Murrell/Philadelphia Tribune

Who knew something as seemingly mundane as voting machines could generate so much conflict? Then again, maybe we should know better — this is Philadelphia, where nothing related to politics is mundane. So of course the procurement process for the city’s 3,735 ExpressVote XL machines — which we wrote about here — was rife with allegations of impropriety, and an eventual City Controller audit concluded that the city had failed to ensure a transparent purchase without conflicts of interest. And that was before two lawsuits challenging the ExpressVote XL’s certification in the first place. The suits — one filed in state Commonwealth Court, one filed in federal court — share a central claim: that the machines, which were used by both Philadelphia and Northampton counties in November (not without some significant Election Day drama in the latter case), don’t satisfy the requirements of Pennsylvania’s byzantine 267-page election code. Needless to say, the stakes are high. If a judge agrees, Philadelphia could potentially have to return its machines — and after all that conflict! — for new ones that are compliant. We’ve broken down the details of the two suits. … “The ExpressVote XL elevates the risk to unacceptable levels, and some of those risks can’t be mitigated mainly because of the hardware design,” says Marian Schneider, a former Pennsylvania Department of State official and president of Verified Voting, a nonprofit that advocates for transparent elections.

Georgia: As Georgia rolls out new voting machines for 2020, worries about election security persist | Neena Satija, Amy Gardner and Joseph Marks/The Washington Post

Last month, voters in six Georgia counties cast ballots for local elections using new touch-screen voting machines that officials have said will resolve long-standing questions about the security of the state’s election system. Richard DeMillo, a professor of computing at the Georgia Institute of Technology, said he was worried as he visited polling places in a county north of Atlanta. DeMillo said bystanders could easily see the screens from 30 feet away, presenting serious privacy concerns. In some counties, elections officials reported that programming problems led to delays in checking in voters, and in some precincts, the machines unexpectedly shut down and rebooted. Georgia is preparing to roll out 30,000 of the machines in every polling place for its presidential primary in March, replacing a paperless electronic voting system that a federal judge declared insecure and unreliable. But election security experts said the state’s newest voting machines also remain vulnerable to potential intrusions or malfunctions — and some view the paper records they produce as insufficient if a verified audit of the vote is needed.

North Carolina: Clear Ballot leaving North Carolina, seeks probe of ES&S’s practices | Frank Taylor/Carolina Public Press

Clear Ballot, one of three companies certified to provide election systems to North Carolina counties for 2020, formally withdrew from the state on Thursday, citing certification and marketing rules that Clear Ballot said perpetuate a virtual monopoly by competitor Election Systems & Software. Jordan Esten, chief executive officer of Boston-based Clear Ballot, told Carolina Public Press on Thursday that he has asked the N.C. Board of Elections to look into whether ES&S improperly capitalized on its presence in North Carolina with older generations of election equipment, marketing its elections systems to counties before the state certified it this summer. Separately, N.C. Rep. Verla Insko, D-Orange, issued a letter to the state Board of Elections calling for the board to “to delay this use of (ES&S’ systems) until after the 2020 election.” She pointed to many questions that have been raised about ES&S and its newly certified ballot-marking devices. North Carolina and Indiana are the only states that prevent elections systems makers from marketing systems prior to certification. Clear Ballot CEO Esten said he thinks this is a foolish law, but his company has followed the rule. Esten said he remains suspicious about ES&S’ compliance because many counties rapidly adopted its new electronic voting system almost immediately after it was certified. N.C. Board of Elections member Stella Anderson told CPP Thursday that she also had concerns about ES&S having an uncompetitive advantage. She observed that many counties have chosen to go with ES&S systems even though she felt its product wasn’t strong. “I haven’t met a person yet who thinks the ES&S Express Vote is good technology,” she said.

Editorials: Congress waited too long to start securing the 2020 elections | Justin Rohrlich/Quartz

After the US House and Senate passed a $1.4 trillion spending package this week, lawmakers on both sides of the aisle congratulated themselves, which funds the federal government through September. It adds nearly $2 billion in additional funding for fighting wildfires, sets aside $25 million for gun violence research, and apportions $7.6 billion for the 2020 Census. Under the terms of the deal, all 50 states will also receive funding to improve election security. But according to Lawrence Norden, director of the Election Reform Program at the Brennan Center for Justice at New York University School of Law, securing the 2020 elections from top to bottom require more time and money than what has been allocated thus far. “Congress has been completely absent when it comes to funding for election security,” Norden told Quartz. “For the most part, Congress has said, ‘States, it’s up to you,’ and states have said, ‘Counties, it’s up to you,’ and election security has been neglected.” Congress voted to distribute $425 million among the states. A provision calls for states to match an additional 20% of the amount received within two years, bringing the eventual funding for election security to about $500 million nationwide. Last year, Congress also earmarked $380 million for states to strengthen election security. State governments have until October 2023 to spend it all.

National: Voting-Machine Parts Made by Foreign Suppliers Stir Security Concerns | Alexa Corse/Wall Street Journal

A voting machine that is widely used across the country contains some parts made by companies with ties to China and Russia, researchers found, fueling questions about the security of using overseas suppliers, which has also sparked scrutiny in Washington. Voting-machine vendors could be at risk of using insecure components from such overseas suppliers, which generally are difficult to vet and monitor, said a report being released Monday by Interos Inc., an Arlington, Va.-based supply-chain monitoring company that has consulted for government agencies and Fortune 500 companies. The findings are likely to fan worries about whether voting-machine vendors are doing enough to defend themselves against foreign interference ahead of the 2020 U.S. elections, which U.S. intelligence officials say hostile powers could try to disrupt. Voting-machine vendors assailed the research, which Interos conducted independently, saying the report failed to note existing safeguards, such as testing done at the federal, state and local levels, and the vendors’ internal protocols. The report comes as U.S. lawmakers and national-security officials increasingly have sounded alarms about supply-chain risks. Although supply chains that span the globe are common in the tech industry, Russia and China pose concerns because of how, according to U.S. officials, they press companies for access to technology within their borders. Washington lawmakers have specifically cited voting machines as an area of concern, among such other products as telecom equipment made by Chinese firm Huawei and antivirus software from Russia-based Kaspersky Lab. Russia and China historically have denied interfering in U.S. politics. The report examined one voting machine as a case study. In that machine, around 20% of the components in the supply chain that Interos was able to identify came from China-based companies, including processors, software and touch screens, according to the Interos research. Those components weren’t necessarily made in China, as the suppliers may have several locations globally, and the Interos data doesn’t necessarily cover the entire supply chain, the researchers noted. Researchers declined to name the particular model of voting machine they examined, or its maker, citing the sensitivity of the issue. They said only that it is “widely used” in the U.S. Two major vendors, Election Systems & Software LLC and Dominion Voting Systems Corp., said they didn’t think it was one of their products.

North Carolina: Despite ‘disappointment’ in manufacturer, election board skips certification to approve new voting systems | Benjamin Schachtman/Port City Daily

The state’s election board has resolved the potential for a major shortage of voting machines — including around $1 million worth that New Hanover County plans to order. The move was not without controversy, as some state officials said the manufacturer held back information about the shortage to force the state’s hand in approving a new model. On Friday afternoon, the North Carolina Board of Elections (NCSBE) voted 3-2 to approve the use of a newer model voting system manufactured by Elections Systems and Software (ES&S) without putting it through a state certification process. Board Chair Damon Circosta cast the tie-breaking vote in favor of the approval, but expressed disappointment in ES&S behavior. “I’m disappointed. I’m disappointed with ES&S, who in their zeal to sell their product lacked candor and were not forthcoming with this agency,” Circosta said. Circosta ultimately cast the vote in favor of fast-tracking ES&S’s new system, saying “my disappointment does not dissuade me from my obligation to North Carolina voters” and noting that the system itself was in line with the board’s commitment to providing election security and transparency, despite its manufacturer’s actions. The issue stems from a 2018 North Carolina law (SL 2018-13) that decertified direct record electronic (DRE) voting systems because they did not create a physical record that could be checked in the event of election challenges, evidence of hacking, or other irregularities. New Hanover County’s Board of Elections has over 100 DRE units.

National: Pennsylvania voting debacle gives ammunition to paper ballot push | Joseph Marks/The Washington Post

Massive voting machine failures in a Pennsylvania county in November are giving election security advocates fresh ammunition to call for nationwide paper ballots. The problems, which may have been caused by a software glitch, resulted in some Northampton County residents who tried to vote straight-ticket Democrat initially registering as straight-ticket Republican. It also incorrectly showed a Republican judicial candidate winning by a nearly statistically impossible margin, the New York Times’ Nick Corasaniti reports. In this case, voters got lucky. The county had paper backups for all the votes the machine counted incorrectly. They showed the Democrat judicial candidate Abe Kassis — who the computer tally said got just 164 votes out of 55,000 ballots — actually narrowly won the race. But about 16 million Americans spread across eight states won’t have a paper backup for their votes in 2020. That means a similar software glitch or a malicious hack by Russia or another U.S. adversary could cause mass uncertainty about an election’s outcome or even result in the wrong candidate taking office. Even in Pennsylvania, it could have been different. The machines that malfunctioned in November were just purchased this year in response to a statewide mandate to upgrade to new voting machines with paper records.

National: Every State Was Given Funding to Increase Election Security. Here’s How They Spent It | Nicole Goodkind/Fortune

The U.S. is less than a year out from one of the most consequential elections of the century, which President Donald Trump’s Department of Homeland Security has called “the big game” for foreign adversaries looking to attack and undermine the Democratic process. Congress, meanwhile, is locked in a stalemate about how to secure systems in the country’s 8,000 largely disjointed voting jurisdictions. Tuesday marks the last test of security preparedness before the 2020 elections, as certain statewide polls take place around the country. The Department of Homeland Security is gearing up “war rooms” to monitor for potential interference and test voting infrastructure, but with sluggish movement at a federal level there is little they’ll be able to do to correct any issues within the next 12 months. There is, however, one beacon of hope: 2002’s Help America Vote Act (HAVA)—a block grant issued to states to bolster election security following the Bush v. Gore hanging chad debacle some 19 years ago. In 2018, Congress used the Omnibus Appropriations Act to pad HAVA with an extra $380 million to be divided up amongst the states in proportion to their voting age population. The idea was that they spend it to prepare for the 2020 elections, and Democrats and Republicans are likely to approve at least another $250 million through the act this year.

Pennsylvania: Problems with York County’s new paper ballots | Shelly Stallsmith/York Daily Record

Jerry Brenchley has lived in West Manheim Township, York County, since 1984. Before that, he lived in Los Angeles. The 72-year-old voted in every election in both areas because his grandparents told him that’s the only way to make sure his voice is heard. Brenchley’s voice isn’t going to be heard in this election because, for the first time, he didn’t vote. He and his wife tried, he said. They stood in line at St. David’s Evangelical Lutheran Church for nearly an hour and still hadn’t reached the registration table to get a ballot. “There were five or six ladies handing out ballots,” Brenchley said. “And one came out and said, ‘I’m sorry, they just sent us one machine.’ People were walking out. “This stinks, I mean it really stinks.” Brenchley isn’t alone in his complaints. Voters around York County were voicing concerns about the new paper ballot system. They are worried about this year’s election, but Tuesday’s long lines and voting difficulties have them more concerned about next year’s presidential election. “We waited 2½ hours to vote in 2016,” Valerie Herman said Tuesday. “If things don’t change for next year, we’ll have to camp out.”

National: The Market for Voting Machines Is Broken. This Company Has Thrived in It. | Jessica Huseman/ProPublica

In the glare of the hotly contested 2018 elections, things did not go ideally for ES&S, the nation’s largest manufacturer of voting technology. In Georgia, where the race for governor had drawn national interest amid concerns about election integrity, ES&S-owned technology was in use when more than 150,000 voters inexplicably did not cast a vote for lieutenant governor. In part because the aged ES&S-managed machines did not produce paper backups, it wasn’t clear whether mechanical or human errors were to blame. Litigation surrounding the vote endures to this day. In Indiana, ES&S’ systems were plagued by mishaps at the local level. In Johnson County, for instance, the company’s brand-new machines faltered in ways that made it difficult to know whether some people had voted more than once. “ES&S misjudged the need for appropriate resources to serve Johnson County on Election Day 2018,” a report issued by state election officials later concluded. Johnson County subsequently terminated its contract with ES&S and, this September, paid more than $1.5 million to purchase an entirely new set of equipment. The uneven performance by ES&S in 2018, however, did little to dent its position as one of the most popular and powerful voting technology companies in the U.S. Any number of prior controversies hadn’t either.

Editorials: Election security isn’t that hard – We can have safe elections if we follow these three steps. | Kevin Shelley and Wayne Williams/Politico

Intelligence experts warn that hostile nation-states, criminals and political partisans are preparing attacks on our election systems in 2020. We’ve set ourselves up for this: In the course of modernizing our voting systems, our country has introduced computers into many layers of our election process, including the recording and tallying of our votes. In fact, 99 percent of votes cast in 2020 will be counted either by the computerized voting machines on which the voters cast their ballots or – in the case of voter-marked paper ballots – by scanners, which also are computers. As former secretaries of state from both parties, we know that it’s possible to devise tangible solutions needed to validate our elections. In fact, we can tell you how to do it. That’s not to say that it’s easy, particularly given the decentralized nature of our election administration system. Most states administer elections locally and only a few states have uniform equipment in each locality. For many years, election administration has been woefully underfunded, leading to wide variability in capacity and resources. But, as long as the equipment incorporates a voter-marked paper ballot, officials can adjust existing processes to instill confidence in elections, regardless of the equipment in place.

Iowa: DNC recommends scrapping Iowa’s virtual caucus plan | Brianne Pfannenstiel and Barbara Rodriguez/Des Moines Register

The Democratic National Committee on Friday unraveled months of progress the Iowa Democratic Party had made toward making its caucuses more accessible and inclusive, throwing the process into turmoil. The DNC announced it would not recommend approval of plans by Iowa and Nevada to enact virtual caucuses, citing broad cybersecurity concerns. The rejection upends Iowa’s plans just five months before caucus night, adding another layer of uncertainty to what has always been a complicated, volunteer-driven exercise in organizing. And it calls into question the long-term viability of the Iowa caucus system as Democrats here debate whether expanding access outweighs the importance of being first. Iowa Democratic Party chairman Troy Price struck a conciliatory tone and reassured Iowa Democrats that their place leading off the presidential nominating process is secure this February. “Iowa will be a caucus, and Iowa will be first,” he said multiple times during an afternoon news conference at the party’s headquarters in Des Moines. But as the DNC actively encourages states to move away from caucuses and toward primaries, even some Iowans questioned whether it’s time to abandon Iowa’s closely guarded caucus system.

National: Russian hackers, town budgets, Windows updates: Officials grapple with realities of election security | Ben Popken and Kenzi Abou-Sabe/NBC

The nation’s highest agency dedicated to election administration convened a security summit on Thursday to figure out how to confront a problem: The majority of the country’s 10,000 voting jurisdictions still run outdated software. In July, Associated Press reported that many counties still use Windows 7, initially released in 2009, or even older software in their back office election management systems used by officials to administer elections, but not on the machines where voters cast their ballots. It’s so old that Microsoft announced last year it will soon stop supporting it — shipping free updates to bugs or fixing security issues. After 2020, updates will require a fee. But inside a 21-seat conference room in Silver Spring, the discussion of the Election Assistance Commission — which included state election directors, secretaries of state and representatives from the Department of Homeland Security, election system manufacturers and testing laboratories — the hastily organized meeting also touched on broader frustrations over challenges local election officials face in trying to secure their voting systems as well as inaction from politicians in Washington. “We are talking about local communities having trouble funding roads and water bills, and now we want them to take part in defense against foreign and state actors,” said Kentucky State Election Director Jared Dearing.

National: Election officials want security money, flexible standards | Dean DeChiaro/Roll Call

State officials from Louisiana and Connecticut on Thursday asked for more money and clear standards from the federal government to help secure voting systems before the 2020 elections. But the officials, Louisiana Secretary of State Kyle Ardoin and Connecticut Secretary of State Denise Merrill, stressed the differences between their election systems and asked for leeway from the federal government in deciding how to spend any future funding. “The cultures are different and the voters have different expectations,” Ardoin told commissioners from the federal Election Assistance Commission, or EAC, at a public forum. Both states received federal funds to upgrade cyber and physical security of their voting systems after Congress approved $380 million for election security in 2018. They spent their share of those funds differently. Connecticut has put much of its funding toward training, Merrill said, while Louisiana is scrambling to upgrade systems running Windows 7 to Windows 10 before Microsoft stops offering support for the older operating system in January. Ginny Badanes, the director of Microsoft’s Defending Democracy Program, which is working to help both states and companies that build voting machines and software to prepare for the switch in operating systems, said the company “will do whatever it takes to make sure these customers have access to updates that are straightforward and affordable.” Both the state officials and private sector witnesses urged the commission to adopt and publish standards that would set the best practices for election security.

National: Analysis shows 2020 votes still vulnerable to hacking | Mary Clare Jalonick/Associated Press

More than one in 10 voters could cast ballots on paperless voting machines in the 2020 general election, according to a new analysis, leaving their ballots more vulnerable to hacking. A study released by the Brennan Center for Justice at NYU School of Law on Tuesday evaluates the state of the country’s election security six months before the New Hampshire primary and concludes that much more needs to be done. While there has been significant progress by states and the federal government since Russian agents targeted U.S. state election systems ahead of the 2016 presidential election, the analysis notes that many states have not taken all of the steps needed to ensure that doesn’t happen again. The report also notes that around a third of all local election jurisdictions were using voting machines that are at least a decade old, despite recommendations they be replaced after 10 years. The Associated Press reported last month that many election systems are running on old Windows 7 software that will soon be outdated. “We should replace antiquated equipment, and paperless equipment in particular, as soon as possible,” the report recommends.

National: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials | Kim Zetter/Motherboard

For years, U.S. election officials and voting machine vendors have insisted that critical election systems are never connected to the internet and therefore can’t be hacked. But a group of election security experts have found what they believe to be nearly three dozen backend election systems in 10 states connected to the internet over the last year, including some in critical swing states. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties—all states that are perennial battlegrounds in presidential elections. Some of the systems have been online for a year and possibly longer. Some of them disappeared from the internet after the researchers notified an information-sharing group for election officials last year. But at least 19 of the systems, including one in Florida’s Miami-Dade County, were still connected to the internet this week, the researchers told Motherboard. The researchers and Motherboard have been able to verify that at least some of the systems in Wisconsin, Rhode Island, and Florida are in fact election systems. The rest are still unconfirmed, but the fact that some of them appeared to quickly drop offline after the researchers reported them suggests their findings are on the mark.

National: Russia Is Using Cold War Strategy to Undermine the Faith of Americans in the 2020 Election—Will It Work? | Adam Piore/Newsweek

Three events occurring in rapid succession on October 7, 2016, stand out in Robby Mook’s memory.The first came at about 3:30 pm. The Obama Administration issued a statement that publicly blamed Russia for hacking the Democratic National Committee and orchestrating the release of the thousands of emails roiling the Democratic Party, which, it said, were “intended to interfere with the US election process.” In the day’s crazy news cycle, that highly-unusual announcement never had a chance.At 4 pm, The Washington Post unveiled the infamous Access Hollywood Tape, on which then-candidate Donald Trump was recorded boasting about his own sexual harassment of women. “When you’re a star, they let you do it. You can do anything. Grab ’em by the pussy. You can do anything.”Within the hour, yet another media bomb dropped. Wikileaks released another trove of emails—the first 20,000 pages of 50,000 hacked emails stolen from the account of Hillary Clinton’s Campaign Chairman John Podesta. “It was so clear what was happening,” recalls Mook, who at the time was a 35-year-old political operative running the Clinton campaign. In time, reporters would dig out old transcripts of paid speeches to Wall Street banks, controversial comments about Catholic voters and other documents that turned out to be damaging to the Clinton campaign. U.S. intelligence has since linked the Podesta trove to the Russian military.

National: On election security, these members bring a fresh(man) take | Tami Abdollah/Daily Journal

For the past eight weeks, seven freshman members of Congress have quietly met each Monday in a spare House conference room to tackle a problem they feel their more senior colleagues haven’t done enough to address: election security. The six Democrats and one Republican call themselves Task Force Sentry, a title meant to signal their focus on crafting legislation to keep foreign adversaries from interfering with the U.S. political system. They bring a variety of backgrounds to the table, including some with experience in the CIA, military and the technology field. “We’re drawing a line in the sand,” said Rep. Abigail Spanberger, D-Virginia, a former Central Intelligence Agency operations officer. “We’re standing watch, we’ve been attacked, and a sentry stands watch to ensure it doesn’t happen again.”

National: Group sues for records on US election hacking vulnerability | Tom Davies/Associated Press

A voting security advocacy group is trying to force a leader of a state election officials association to release documents on whether she wrongly asserted that U.S. election systems are safe from hacking. The National Election Defense Coalition filed a lawsuit Thursday against Indiana Secretary of State Connie Lawson alleging she’s violated state law in denying public record requests since September for her communications about election security with the National Association of Secretaries of State. Lawson was the bipartisan association’s 2017-18 president and is currently co-chair of its cybersecurity committee. The coalition argues that Lawson’s public statements have downplayed the vulnerability of election systems. It pointed to her testimony for a 2017 U.S. Senate intelligence committee hearing on Russian interference in the 2016 election during which she said it was “very important to underscore that voting machines are not connected to the internet or networked in any way.”

National: NGA selects six states for election cybersecurity policy academy | Benjamin Freed/StateScoop

The National Governors Association announced Wednesday the six states that will participate in the organization’s latest cybersecurity policy academy. Officials from Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia will spend the next six months studying election security to come up with plans and practices to protect the integrity of their voting systems ahead of the 2020 presidential election. The NGA has convened the cybersecurity policy academies, which are run by the group’s Homeland Security and Public Safety division, since 2016. Last year’s program — which included Indiana, North Carolina, West Virginia and Wisconsin — focused broadly on IT security, ultimately producing a set of recommendations for greater collaboration between state and local governments.

North Carolina: Software vendor may have opened a gap for hackers in 2016 swing state | Kim Zetter/Politico

A Florida election software company targeted by Russians in 2016 inadvertently opened a potential pathway for hackers to tamper with voter records in North Carolina on the eve of the presidential election, according to a document reviewed by POLITICO and a person with knowledge of the episode. VR Systems, based in Tallahassee but with customers in eight states, used what’s known as remote-access software to connect for several hours to a central computer in Durham County, N.C., to troubleshoot problems with the company’s voter list management tool, the person said. The software distributes voter lists to so-called electronic poll books, which poll workers use to check in voters and verify their eligibility to cast a ballot. The company did not respond to POLITICO’s requests for comment about its practices. But election security experts widely condemn remote connections to election-related computer systems — not only because they can open a door for intruders but because they can also give attackers access to an entire network, depending on how they’re configured.

National: NGA selects six states for election cybersecurity policy academy | Benjamin Freed/StateScoop

The National Governors Association announced Wednesday the six states that will participate in the organization’s latest cybersecurity policy academy. Officials from Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia will spend the next six months studying election security to come up with plans and practices to protect the integrity of their voting systems ahead of the 2020 presidential election. The NGA has convened the cybersecurity policy academies, which are run by the group’s Homeland Security and Public Safety division, since 2016. Last year’s program — which included Indiana, North Carolina, West Virginia and Wisconsin — focused broadly on IT security, ultimately producing a set of recommendations for greater collaboration between state and local governments. The 2019 academy will focus more closely on issues related to election security, from building protections around voter registration databases to developing better communications between agencies. Participants will include governors’ office staffers, election directors and statewide cabinet agencies, the NGA said.

National: Technology has made voting lines move faster but also made elections less secure | Miles Parks/NPR

From 8 a.m. to noon on Election Day last November, voting in Johnson County, Ind., ground to a halt. Lines at precincts across the county, just south of Indianapolis, swelled. Some voters waited hours to cast a ballot; some left furious that they were unable to do so. “People weren’t happy. People had to leave and go to work,” said Cindy Rapp, the Democratic member on Johnson County’s election board. The county votes on electronic voting machines, which don’t provide a paper trail — something cybersecurity experts vehemently warn against. But those machines weren’t what caused the issue in November. Instead, the problem came from the computer system, known as an electronic poll book, that poll workers were using to check people in. Increasingly, more and more states and voting jurisdictions are using these systems to speed up and improve in-person voting. According to federal data, nearly half of all voters who voted in person in 2016 signed in at their polling place using an electronic poll book. That’s up from 27 percent just one presidential election prior. Like many issues surrounding elections, moving from paper to a digital process may bring convenience, but it also brings big questions about security and reliability.

National: Americans may vote in 2020 using old, unsecured machines | Gopal Ratnam/Roll Call

The first primary in the 2020 presidential race is a little more than 250 days away, but lawmakers and experts worry that elections will be held on voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results. Although states want to upgrade their voting systems, they don’t have the money to do so, election officials told lawmakers last week. Overhauling the nation’s election systems would mean injecting as much as $1 billion in federal grants that would then be supplemented by states, but top Senate Republicans have said they are unlikely to take up any election security bills or give more money to the states. The deadlock could mean that even as federal government and private companies spend tens of billions of cybersecurity dollars annually to protect their computers and networks from attacks, the cornerstone of American democracy could remain vulnerable in the upcoming elections.

Editorials: Don’t nickel & dime Pennsylvania’s democracy | David Hickton/Pittsburgh Tribune-Review

The front lines of today’s cyberwarfare battles are not just at Fort Meade. They are in Allegheny County’s Elections Division. And in Erie County. And Butler County. And Indiana County. And all across Pennsylvania. Our elections — and the integrity of your vote — are under threat from nation-state adversaries. As of today, Pennsylvania is not prepared to defend against what will almost certainly be unprecedented attacks in the next presidential election cycle. But there is still time to secure the 2020 election. The General Assembly, however, needs to help counties secure this most critical of battlegrounds. The Blue Ribbon Commission on Pennsylvania’s Election Security spent much of the past year studying current and future cyber-based threats to Pennsylvania’s elections. What we found was sobering. In the 2016 and 2018 elections, more than 80 percent of Pennsylvania voters were registered to vote in precincts that did not use paper-based voting systems, meaning that most of Pennsylvania’s counties would be unable to even detect the hack of a voting system, let alone recover from it.

Verified Voting Blog: Verified Voting Testimony Before the House Administration Committee hearing on “Election Security"

Download the Written Testimony (pdf) Chair Lofgren, Ranking Member Davis and members of the Committee, thank you for the invitation to submit testimony to the Committee on House Administration hearing on “Election Security.” We urge the Committee to move expeditiously to support state and local jurisdictions in strengthening their election systems and provide upfront and…

National: Mueller Findings Raise Election Hacking Fears in States | Stateline

Tucked into the 448-page report from Special Counsel Robert Mueller were four paragraphs about major breaches into state and local election systems. Mueller’s description of Russian interference designed to help the Trump campaign was a reminder of how far many state and local officials have come in securing election infrastructure, but also of how stark the threat remains to the nation’s 8,000 election offices. The report even disclosed a previously unknown breach: Russian intelligence agents in November 2016 tried to introduce corrupted files into election offices in several Florida counties. The hackers succeeded in at least one of those counties, the report indicates. It raises questions about election systems’ vulnerability to outside hackers — and why the FBI didn’t tell Florida officials about the attempted strike. Election security experts say malicious foreign actors continue this year to target voter registration databases, Election Day result programs, and election office websites and social media profiles as they did during the last presidential election. “It once again reinforces that this is a legitimate threat,” said Maurice Turner, a senior technologist at the nonprofit Center for Democracy and Technology in Washington, D.C. “This isn’t just a one-time issue that’s come and gone.” Any interference operations targeting the 2020 presidential election already have begun, Turner said. Phishing emails designed to allow hackers to capture passwords, usernames or personal information through unwitting officials likely have already gone out, he said.