Today, Georgia’s “Secure, Accessible, and Fair Elections (SAFE) Commission” delivered to the state legislature a final recommendation for new, more reliable election equipment. I was honored to serve as a cybersecurity expert for the SAFE Commission to help improve a process at the very core of democracy – secure elections and the right to a private vote. However, I ultimately chose to vote against the Commission’s final report even though we agreed on many points. Below is a summary of everything I believe Georgia must consider going forward. The SAFE Commission was charged with studying options for Georgia’s next voting system, and our discussions focused heavily on which type of voting equipment to use at physical polling places, risks to election security and hacking methods, concerns for voter accessibility at physical polls, and intergovernmental coordination. State legislators next will review and ultimately determine which new election system to adopt, which new processes to enact or change, and how best to appropriate funds for purchase, maintenance, staffing, training, and voter education.Full Article: Why computer scientists prefer paper ballots.
Though sporadic hacker intrusions and phishing campaigns targeted political entities in the lead-up to November’s midterm elections, things seemed pretty quiet overall on the election-meddling front in the US. Certainly no leaks or theatrics rose to the level of Russia’s actions during the 2016 presidential election. But a belatedly revealed breach of the National Republican Congressional Committee shows just how bad the attack on the 2018 election really was. As Politico first reported Tuesday, attackers compromised the email accounts of four top NRCC aides, surveilling their correspondences—totaling thousands of messages—for months. The NRCC discovered the intrusion in April, and has been investigating it since. The Committee kept the incident quiet, though, and didn’t even inform Republican House leaders. NRCC officials told Politico that the stolen data hasn’t surfaced, and that no breach-related extortion attempts have targeted the NRCC so far.Full Article: GOP Email Hack Shows How Bad Midterm Election Meddling Got | WIRED.
National: Bipartisan pair of senators introduces bill to create global election security information sharing program | The Hill
pair of senators on Friday introduced a bipartisan bill to create a program within the State Department to share information with U.S. global allies about election security. The measure would establish a way for the United States and other countries to share information on the best practices for administering elections, such as combating disinformation campaigns and conducting post-election audits. The bill is a companion to similar bipartisan legislation passed by the House earlier this year. Under the legislation, the new State Department program would offer grants to American nonprofit groups that work on election security to share information with similar groups in other countries. Foreign election officials would also be brought to the U.S. to study the election process and the program would offer U.S. election officials the chance to examine other nations’ election security measures.Full Article: Bipartisan pair of senators introduces bill to create global election security information sharing program | TheHill.
Canada’s top two elections officials say a bill to modernize election laws will make it difficult to stop computer hackers from sowing chaos that confuses voters, deterring them from casting ballots and undermining confidence in the electoral system. Bill C-76, omnibus legislation to reform election laws, creates a new offence of computer interference in response to attempts by hackers in other countries to undermine the electoral process. While he supports the additional offence, chief electoral officer Stéphane Perrault says the bill requires proof that the offender intended to affect the result of the election. He says that qualifier will “greatly restrict the application of the new offence,” letting off the hook hackers who simply sow confusion.Full Article: Bill won't stop hackers from sowing election confusion: watchdogs - iPolitics.
National: Security Clearances Won’t Get in the Way of Responding to Election Cyber Threats, Officials Say | Nextgov
A lack of security clearances among some state and local election officials shouldn’t hinder the Homeland Security Department from responding speedily to Election Day cybersecurity threats, the department’s top cyber official said Wednesday. Even if state and local election officials don’t have the necessary authorizations to view a particular piece of threat information, Homeland Security Undersecretary Chris Krebs said he’s confident those officials will start trying to mitigate the threat if he asks them to. “I’m confident that if I had a piece of information right now …I could say: ‘Look, I’ve got something you need to see. You need to take action. It’s going to take me a day or two to get you the information, but, in the meantime, you need to take action,” Krebs during an election readiness summit hosted by the Election Assistance Commission.\ “We have trust established so there would be at least the beginning of an article of faith that they would do something,” he said.Full Article: Security Clearances Won’t Get in the Way of Responding to Election Cyber Threats, Officials Say - Nextgov.
State election officials plan to spend about two thirds of election security money allocated by Congress earlier this year on new voting equipment and cybersecurity efforts, though not all the improvements will be completed before the November elections. New data gathered by the federal agency that distributes the funds detail how states plan to spend $380 million appropriated by Congress in March to upgrade election security. States plan to spend roughly $134.2 million on cybersecurity upgrades over five years, and $102.6 million on voting equipment, according to the data released by the U.S. Election Assistance Commission. States plan to spend the rest of the federal funding on measures that include upgrading voter-registration databases, bolstering postelection auditing and communications capabilities.Full Article: States Detail Election-Security Plans - WSJ.
The version of the Senate’s major election security bill that the Rules Committee marks up this week will not require states to conduct post-election audits using paper records, a major blow to election integrity advocates who are now sharply criticizing the bill. The chairman’s mark of the Secure Elections Act, S. 2593 (115), “would allow for and validate audits of electronic ballot images, which are just plain worthless as a safeguard against cyberattacks,” Susan Greenhalgh, policy director at the National Election Defense Coalition, told MC. Voting system vendors, which encourage local election officials to buy electronic systems, tout the supposed auditability of their digital ballots, despite cybersecurity experts nearly unanimously warning against electronic audits. “This sort of audit would be very appealing to election officials,” Greenhalgh said of the weakened provision, “as it would eliminate the need for extensive ballot manifests and tracking of paper ballots.”Full Article: Election integrity advocates protest security bill changes - POLITICO.
Every year, DEFCON convenes thousands of hackers who attempt to breach the security of important technologies in an effort to expose vulnerabilities. For the past two years, this has included voting machines in a room dubbed the “Voting Village.” Rather than watch from the sidelines, or read about the findings in the news, I wanted to see for myself. So, I went to DEFCON. I listened, I observed and I had the opportunity to address attendees. While it’s important to constantly search for and understand the vulnerabilities of any voting system, a unifying message at the conference — from hackers to elections officials alike — is that we must be on alert and Congress must invest more to better secure our elections. Threats to the integrity of our elections are constantly evolving. Not too long ago, a primary focus for election officials was securing voting machines. Today, cyberattack vectors have expanded — and so must our defenses.Full Article: Election officials have plenty to learn from hackers | TheHill.
National: Michael McCaul presses Senate to pass critical bipartisan cyber and election security legislation | Washington Times
Warning of continuing threats to U.S. interests across cyberspace, House Homeland Security Chairman Rep. Michael McCaul on Wednesday again urged the Senate to pass legislation intended to rename and reorganize the Department of Homeland Security’s primary cyber protection wing. The proposal, which the House passed in December, would streamline DHS’s primary operation currently overseeing the defense of federal networks and U.S. critical infrastructure from cyber threats, known as the National Protection and Programs Directorate (NPPD). The bill creates a stand-alone organization for that mission with a more logical name, the Cybersecurity and Infrastructure Security Agency (CISA).Full Article: Michael McCaul presses Senate to pass critical bipartisan cyber and election security legislation - Washington Times.
Momentum may finally be building in Congress to take new action to secure the elections from cyberthreats as the midterms approach. Lawmakers have struggled to advance election security legislation in the months since they approved a $380 million funding package for states to upgrade their election systems. But a flurry of election-related hearings on Capitol Hill in recent weeks — including a pair of hearings Wednesday that featured testimony from some of the government’s top cybersecurity and election officials — shows they’re sharpening their focus on the issue. And the latest attention could help move bipartisan legislation to combat election cyberthreats closer to the goal line as November nears and intelligence officials warn of ongoing attempts by the Russian government to disrupt the U.S. political system. “The tone has changed so it’s much more forward-looking in terms of, ‘Let’s figure out what we can get done,’ ” said Sen. Amy Klobuchar (D-Minn.), co-sponsor of Secure Elections Act, which would streamline the way state and federal officials exchange threat information and has garnered broad support in the Senate. “Congress, I think, has realized our role has to focus on what’s in front of us, and that’s protecting the 2018 and 2020 elections from foreign interference.”Full Article: The Cybersecurity 202: Election security legislation may be gaining steam in Congress - The Washington Post.
To help protect the nation’s voting infrastructure, the Elections Assistance Commission is distributing $380 million in funding to states, while the Department of Homeland Security is conducting vulnerability scans on election equipment in at least 17 states. But some senators believe there’s much more that could be done to help secure elections. “We want to put some processes in place to make sure that we’ve not forgotten the lessons from 2016,” Sen. James Lankford (R-Okla.) said in his testimony at a July 11 Senate rules committee hearing. “There are some basic things that could be done while still allowing the states to control their election structures and have flexibility on the type of election machines that they want to have.”Full Article: Senators push for increased elections security -- GCN.
Wyoming is about halfway there. In an omnibus appropriations bill passed by the U.S. Congress this spring, legislators designated $380 million in elections security grants to the states, and Wyoming will be getting a $3 million chunk of those funds. The grants require a 5 percent match from states, working out to $150,000 from Wyoming. A formula breaking down distribution by county has yet to be hashed out, but will likely factor in population and individual county needs. The funds will be provided through the Help America Vote Act of 2002, which last disbursed payments for upgrades nationally in 2010. The last time Wyoming saw any of that money was in 2005, however, when the current generation of machines were bought for the 2006 elections.Full Article: State gets half of needed funds for voting equipment | Local News | codyenterprise.com.
Russia has been repeatedly accused of interfering in recent elections. But Sweden is determined it won’t fall victim to any such meddling – with millions of leaflets being distributed and propaganda-spotting lessons for students. As campaigning intensified in the French election, the team of now President Emmanuel Macron said it was a target for “fake news” by Russian media and the victim of “hundreds if not thousands” of cyber-attacks from inside Russia. In Washington, sanctions were recently imposed on 19 Russians accused of interference in the 2016 US election and “destructive” cyber-attacks.Full Article: How Sweden is preparing for its election to be hacked - BBC News.
As midterm primary elections inch closer and closer, cybersecurity of election systems is top of mind across the nation. Seventeen states requested on-site risk assessments from the Department of Homeland Security to ensure elections are secure against cyber-tampering. Idaho was not one of those states but election officials say the Gem State is involved in informal conversations with both DHS and the FBI regarding election cybersecurity. That includes constant vulnerability scans. … Just last week, election officials implemented several DHS processes and recommendations to keep state elections secure. But among Idaho’s high-tech security measures, the state’s best defense against a potential threat is much simpler.Full Article: ktvb.com | As midterm primary elections approach, cybersecurity is top of mind.
The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote. The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.Full Article: States to Game Out Election Threats in Homeland Security Drills - Bloomberg.