North Carolina: Federal Government To Check North Carolina Election Equipment Over Hacking Fears | Pam Fessler/NPR

The Department of Homeland Security has finally agreed to conduct a thorough inspection of election equipment used in North Carolina that was supplied by a vendor whose system was targeted by Russian hackers in 2016. It has been three years since the machines — laptops used to check in voters in Durham County — malfunctioned on Election Day, telling voters that they had already voted, even though they had not. The county took the laptops out of service that day and switched to using paper poll books, but what caused the problem has remained a mystery. It’s one of several remaining questions about what happened in the 2016 elections, the answers to which could help the U.S. protect itself against future cyberattacks. “This support may help to provide a better understanding of previous issues and help to secure the 2020 elections,” said Sara Sendek, a DHS spokesperson. She added that the agency “has no information that there is any previous or ongoing issues regarding elections systems” in the state.

North Carolina: Software vendor may have opened a gap for hackers in 2016 swing state | Kim Zetter/Politico

A Florida election software company targeted by Russians in 2016 inadvertently opened a potential pathway for hackers to tamper with voter records in North Carolina on the eve of the presidential election, according to a document reviewed by POLITICO and a person with knowledge of the episode. VR Systems, based in Tallahassee but with customers in eight states, used what’s known as remote-access software to connect for several hours to a central computer in Durham County, N.C., to troubleshoot problems with the company’s voter list management tool, the person said. The software distributes voter lists to so-called electronic poll books, which poll workers use to check in voters and verify their eligibility to cast a ballot. The company did not respond to POLITICO’s requests for comment about its practices. But election security experts widely condemn remote connections to election-related computer systems — not only because they can open a door for intruders but because they can also give attackers access to an entire network, depending on how they’re configured.

Editorials: Why computer scientists prefer paper ballots | Wenke Lee Ph.D

Today, Georgia’s “Secure, Accessible, and Fair Elections (SAFE) Commission” delivered to the state legislature a final recommendation for new, more reliable election equipment. I was honored to serve as a cybersecurity expert for the SAFE Commission to help improve a process at the very core of democracy – secure elections and the right to a private vote. However, I ultimately chose to vote against the Commission’s final report even though we agreed on many points. Below is a summary of everything I believe Georgia must consider going forward. The SAFE Commission was charged with studying options for Georgia’s next voting system, and our discussions focused heavily on which type of voting equipment to use at physical polling places, risks to election security and hacking methods, concerns for voter accessibility at physical polls, and intergovernmental coordination. State legislators next will review and ultimately determine which new election system to adopt, which new processes to enact or change, and how best to appropriate funds for purchase, maintenance, staffing, training, and voter education. 

National: GOP Email Hack Shows How Bad Midterm Election Meddling Got | WIRED

Though sporadic hacker intrusions and phishing campaigns targeted political entities in the lead-up to November’s midterm elections, things seemed pretty quiet overall on the election-meddling front in the US. Certainly no leaks or theatrics rose to the level of Russia’s actions during the 2016 presidential election. But a belatedly revealed breach of the National Republican Congressional Committee shows just how bad the attack on the 2018 election really was. As Politico first reported Tuesday, attackers compromised the email accounts of four top NRCC aides, surveilling their correspondences—totaling thousands of messages—for months. The NRCC discovered the intrusion in April, and has been investigating it since. The Committee kept the incident quiet, though, and didn’t even inform Republican House leaders. NRCC officials told Politico that the stolen data hasn’t surfaced, and that no breach-related extortion attempts have targeted the NRCC so far.

National: Bipartisan pair of senators introduces bill to create global election security information sharing program | The Hill

pair of senators on Friday introduced a bipartisan bill to create a program within the State Department to share information with U.S. global allies about election security. The measure would establish a way for the United States and other countries to share information on the best practices for administering elections, such as combating disinformation campaigns and conducting post-election audits. The bill is a companion to similar bipartisan legislation passed by the House earlier this year. Under the legislation, the new State Department program would offer grants to American nonprofit groups that work on election security to share information with similar groups in other countries. Foreign election officials would also be brought to the U.S. to study the election process and the program would offer U.S. election officials the chance to examine other nations’ election security measures.

Canada: Bill won’t stop hackers from sowing election confusion: watchdogs | iPolitics

Canada’s top two elections officials say a bill to modernize election laws will make it difficult to stop computer hackers from sowing chaos that confuses voters, deterring them from casting ballots and undermining confidence in the electoral system. Bill C-76, omnibus legislation to reform election laws, creates a new offence of computer interference in response to attempts by hackers in other countries to undermine the electoral process. While he supports the additional offence, chief electoral officer Stéphane Perrault says the bill requires proof that the offender intended to affect the result of the election. He says that qualifier will “greatly restrict the application of the new offence,” letting off the hook hackers who simply sow confusion.

National: Security Clearances Won’t Get in the Way of Responding to Election Cyber Threats, Officials Say | Nextgov

A lack of security clearances among some state and local election officials shouldn’t hinder the Homeland Security Department from responding speedily to Election Day cybersecurity threats, the department’s top cyber official said Wednesday. Even if state and local election officials don’t have the necessary authorizations to view a particular piece of threat information, Homeland Security Undersecretary Chris Krebs said he’s confident those officials will start trying to mitigate the threat if he asks them to. “I’m confident that if I had a piece of information right now …I could say: ‘Look, I’ve got something you need to see. You need to take action. It’s going to take me a day or two to get you the information, but, in the meantime, you need to take action,” Krebs during an election readiness summit hosted by the Election Assistance Commission.\ “We have trust established so there would be at least the beginning of an article of faith that they would do something,” he said.

National: States Detail Election-Security Plans | Wall Street Journal

State election officials plan to spend about two thirds of election security money allocated by Congress earlier this year on new voting equipment and cybersecurity efforts, though not all the improvements will be completed before the November elections. New data gathered by the federal agency that distributes the funds detail how states plan to spend $380 million appropriated by Congress in March to upgrade election security. States plan to spend roughly $134.2 million on cybersecurity upgrades over five years, and $102.6 million on voting equipment, according to the data released by the U.S. Election Assistance Commission. States plan to spend the rest of the federal funding on measures that include upgrading voter-registration databases, bolstering postelection auditing and communications capabilities.

National: Election integrity advocates protest security bill changes | Politico

The version of the Senate’s major election security bill that the Rules Committee marks up this week will not require states to conduct post-election audits using paper records, a major blow to election integrity advocates who are now sharply criticizing the bill. The chairman’s mark of the Secure Elections Act, S. 2593 (115), “would allow for and validate audits of electronic ballot images, which are just plain worthless as a safeguard against cyberattacks,” Susan Greenhalgh, policy director at the National Election Defense Coalition, told MC. Voting system vendors, which encourage local election officials to buy electronic systems, tout the supposed auditability of their digital ballots, despite cybersecurity experts nearly unanimously warning against electronic audits. “This sort of audit would be very appealing to election officials,” Greenhalgh said of the weakened provision, “as it would eliminate the need for extensive ballot manifests and tracking of paper ballots.”

Editorials: Election officials have plenty to learn from hackers | Alex Padilla/The Hill

Every year, DEFCON convenes thousands of hackers who attempt to breach the security of important technologies in an effort to expose vulnerabilities. For the past two years, this has included voting machines in a room dubbed the “Voting Village.”  Rather than watch from the sidelines, or read about the findings in the news, I wanted to see for myself. So, I went to DEFCON. I listened, I observed and I had the opportunity to address attendees. While it’s important to constantly search for and understand the vulnerabilities of any voting system, a unifying message at the conference — from hackers to elections officials alike — is that we must be on alert and Congress must invest more to better secure our elections. Threats to the integrity of our elections are constantly evolving. Not too long ago, a primary focus for election officials was securing voting machines. Today, cyberattack vectors have expanded — and so must our defenses. 

National: Michael McCaul presses Senate to pass critical bipartisan cyber and election security legislation | Washington Times

Warning of continuing threats to U.S. interests across cyberspace, House Homeland Security Chairman Rep. Michael McCaul on Wednesday again urged the Senate to pass legislation intended to rename and reorganize the Department of Homeland Security’s primary cyber protection wing. The proposal, which the House passed in December, would streamline DHS’s primary operation currently overseeing the defense of federal networks and U.S. critical infrastructure from cyber threats, known as the National Protection and Programs Directorate (NPPD). The bill creates a stand-alone organization for that mission with a more logical name, the Cybersecurity and Infrastructure Security Agency (CISA).

National: Election security legislation may be gaining steam in Congress | The Washington Post

Momentum may finally be building in Congress to take new action to secure the elections from cyberthreats as the midterms approach. Lawmakers have struggled to advance election security legislation in the months since they approved a $380 million funding package for states to upgrade their election systems. But a flurry of election-related hearings on Capitol Hill in recent weeks — including a pair of hearings Wednesday that featured testimony from some of the government’s top cybersecurity and election officials — shows they’re sharpening their focus on the issue. And the latest attention could help move bipartisan legislation to combat election cyberthreats closer to the goal line as November nears and intelligence officials warn of ongoing attempts by the Russian government to disrupt the U.S. political system. “The tone has changed so it’s much more forward-looking in terms of, ‘Let’s figure out what we can get done,’ ” said Sen. Amy Klobuchar (D-Minn.), co-sponsor of Secure Elections Act, which would streamline the way state and federal officials exchange threat information and has garnered broad support in the Senate. “Congress, I think, has realized our role has to focus on what’s in front of us, and that’s protecting the 2018 and 2020 elections from foreign interference.”

National: Senators push for increased elections security | GCN

To help protect the nation’s voting infrastructure, the Elections Assistance Commission is distributing $380 million in funding to states, while the Department of Homeland Security is conducting  vulnerability scans on election equipment in at least 17 states. But some senators believe there’s much more that could be done to help secure elections. “We want to put some processes in place to make sure that we’ve not forgotten the lessons from 2016,” Sen. James Lankford (R-Okla.) said in his testimony at a July 11 Senate rules committee hearing. “There are some basic things that could be done while still allowing the states to control their election structures and have flexibility on the type of election machines that they want to have.”

Wyoming: State gets half of needed funds for voting equipment | Cody Enterprise

Wyoming is about halfway there. In an omnibus appropriations bill passed by the U.S. Congress this spring, legislators designated $380 million in elections security grants to the states, and Wyoming will be getting a $3 million chunk of those funds. The grants require a 5 percent match from states, working out to $150,000 from Wyoming. A formula breaking down distribution by county has yet to be hashed out, but will likely factor in population and individual county needs. The funds will be provided through the Help America Vote Act of 2002, which last disbursed payments for upgrades nationally in 2010. The last time Wyoming saw any of that money was in 2005, however, when the current generation of machines were bought for the 2006 elections.

Sweden: How Sweden is preparing for its election to be hacked | BBC

Russia has been repeatedly accused of interfering in recent elections. But Sweden is determined it won’t fall victim to any such meddling – with millions of leaflets being distributed and propaganda-spotting lessons for students. As campaigning intensified in the French election, the team of now President Emmanuel Macron said it was a target for “fake news” by Russian media and the victim of “hundreds if not thousands” of cyber-attacks from inside Russia. In Washington, sanctions were recently imposed on 19 Russians accused of interference in the 2016 US election and “destructive” cyber-attacks.

Idaho: As midterm primary elections approach, cybersecurity is top of mind | KTVB

As midterm primary elections inch closer and closer, cybersecurity of election systems is top of mind across the nation. Seventeen states requested on-site risk assessments from the Department of Homeland Security to ensure elections are secure against cyber-tampering. Idaho was not one of those states but election officials say the Gem State is involved in informal conversations with both DHS and the FBI regarding election cybersecurity. That includes constant vulnerability scans. …  Just last week, election officials implemented several DHS processes and recommendations to keep state elections secure. But among Idaho’s high-tech security measures, the state’s best defense against a potential threat is much simpler.

National: States to Game Out Election Threats in Homeland Security Drills | Bloomberg

The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote. The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.