National: Homeland security chief: I haven’t seen intel that showed Russia favored Trump | The Guardian

Donald Trump’s homeland security secretary, Kirstjen Nielsen, told reporters on Tuesday she was unaware of intelligence assessments that Russia favored Trump over Hillary Clinton in the 2016 election. “I do not believe I’ve seen that conclusion that the specific intent was to help President Trump win,” she said. “I’m not aware of that.” Nielsen’s comments stand at odds with the US intelligence community, which concluded in 2017 that Russia tried to influence the 2016 election to benefit Trump. Last week, the Senate intelligence committee said it agreed with that assessment. Nielsen was speaking to reporters after briefing House lawmakers on election security efforts.

National: Homeland Security unveils new cyber security strategy amid threats | Reuters

The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities. “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS chief Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.” The announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.

Pennsylvania: State Waiting For Security Review Of Election Systems | KDKA

As midterm votes are being cast in Pennsylvania and across the country, the U.S. Department of Homeland Security is playing catch-up. Pennsylvania is one of at least 17 states where election officials have requested on-site risk assessments of their election systems. Nearly half those reviews had not been completed by mid-May, including the one for Pennsylvania, which holds its primary election on Tuesday, May 15. A spokesperson for the Pennsylvania Department of State told KDKA-TV the security review will not be completed until June at the earliest. A security review by DHS typically takes two weeks to complete.

National: States Await Election Security Reviews as Primaries Heat Up | Associated Press

With the midterm congressional primaries about to go into full swing, the Department of Homeland Security has completed security reviews of election systems in only about half the states that have requested them so far. The government’s slow pace in conducting the reviews has raised concerns that the nation’s voting systems could be vulnerable to hacking, especially after U.S. intelligence agencies warned that Russia plans to continue meddling in the country’s elections. Among those still waiting for Homeland Security to conduct a risk assessment is Indiana, one of four states with primaries on Tuesday. Its ballot includes several hotly contested races, including a Republican primary for U.S. Senate. Indiana Secretary of State Connie Lawson said she is confident state officials have done what they can to safeguard Tuesday’s voting, but acknowledged: “I’ll probably be chewing my fingernails during the entire day on Election Day.”

National: Senator presses DHS on scope of Russian voting hacks | FCW

A Department of Homeland Security official acknowledged that more than 21 states could have been targeted by Russian hackers prior to the 2016 election and told lawmakers the department hasn’t seen any similar activity in the lead-up to the 2018 mid-terms. In an April 24 Senate Homeland Security and Governmental Affairs Committee hearing, Jeanette Manfra, assistant secretary for the office of cybersecurity and communications, fended off questions about whether the department had “misled” Congress and the American public about how many states had been targeted by Russian hackers in the lead-up to the 2016 presidential elections. The department has consistently pegged the number of states affected at 21, but Sen. Claire McCaskill (D-Mo.) pointed out that number reflects only the number of states that had sensors or tools in place to capture the scanning activity. Manfra largely agreed with that interpretation.

National: DHS chief issues stern warning to Russia, others on election meddling, cyberattacks | The Hill

Homeland Security Secretary Kirstjen Nielsen issued a stern warning to Russia and other countries looking to meddle in future U.S. elections, saying that the U.S. government will consider all options “seen and unseen” for responding to malicious attacks in cyberspace. “The United States, as you know, possesses a spectrum of response options both seen and unseen, and we will use them to call out malign behavior, punish it and deter future cyber hostility,” Nielsen said in keynote remarks at the RSA cybersecurity conference in San Francisco on Tuesday. “Our cyber defenses help guard our very democracy and all we hold dear. To those who would try to attack our democracy to affect our elections, to affect the elections of our allies, to undermine our national sovereignty, I have a simple word of warning: Don’t,” Nielsen said.

National: DHS Secretary Kirstjen Nielsen Talks Russia Hacks, Upcoming Elections | Fortune

Homeland Security Secretary Kirstjen Nielsen promised that the federal government would do all it could to prevent Russians from hacking future elections, but stopped short of guaranteeing that those measures would be effective. “I feel secure that we are and will continue to do everything we can to help state and locals secure their election infrastructure,” Nielsen said on Tuesday, avoiding answering a question about whether the U.S. voting system is hacker proof. The DHS secretary’s comments at the annual RSA cybersecurity conference in San Francisco come after members of the U.S. Senate Intelligence Committee urged Nielsen and the DHS to speed up efforts to secure the nation’s elections, according to the New York Times. In September, the DHS notified 21 U.S. states that Russia had attempted to hack their voting systems prior to the last presidential election.

Colorado: Department of Homeland Security Testing Colorado’s Election Systems With Operation Cyber Storm | Westword

Colorado’s election systems have been under attack by cyber intruders. Networks are being poked and prodded in an attempt to bypass security measures, access control systems and manipulate or extract data. Don’t worry, though: The attacks are not real. Rather, they are simulations part of “Cyber Storm,” the nation’s largest cybersecurity exercise, overseen by the Department of Homeland Security. Colorado is one of seven states participating in the exercise, along with nearly 1,000 other “players” across the nation that range from law enforcement agencies to transportation and manufacturing networks. According to DHS, the exercises are the sixth iteration of Operation Cyber Storm, and the simulated cyber attacks are meant to expose cyber vulnerabilities and test network administrators’ preparedness, security measures and responses.

National: States to Game Out Election Threats in Homeland Security Drills | Bloomberg

The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote. The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.

National: After GOP is criticized over election security, key official goes to Homeland Security | The Hill

The official recently replaced atop the U.S. Election Assistance Commission (EAC) is joining the Department of Homeland Security to protect elections from cyber threats, The Hill has learned. Matthew Masterson was replaced as chairman of the EAC in February as a result of a decision made by Republican leadership. The move opened up House Speaker Paul Ryan (R-Wis.) to criticism. Masterson has now signed on to work as a senior cybersecurity adviser at Homeland Security’s main cyber wing and to assist the department’s election security mission. A Homeland Security official confirmed that Masterson will work at the National Protection and Programs Directorate, which spearheads efforts to protect critical infrastructure from cyber and physical threats.

National: Trump wants new authority over polling places. Top election officials say no | The Boston Globe

President Trump would be able to dispatch Secret Service agents to polling places nationwide during a federal election, a vast expansion of executive authority, if a provision in a Homeland Security reauthorization bill remains intact. The rider has prompted outrage from more than a dozen top elections officials around the country, including Secretary of State William F. Galvin of Massachusetts, a Democrat, who says he is worried that it could be used to intimidate voters and said there is “no basis” for providing Trump with this new authority. “This is worthy of a Third World country,” said Galvin in an interview. “I’m not going to tolerate people showing up to our polling places. I would not want to have federal agents showing up in largely Hispanic areas.” “The potential for mischief here is enormous,” Galvin added. The provision alarming him and others is a rider attached to legislation that would re-authorize the Department of Homeland Security. The legislation already cleared the House of Representatives with bipartisan support.

Guam: U.S. Homeland Security assisting Guam Election Commission | PNC

The U.S. Department of Homeland Security now considers U.S. elections a part of the nation’s critical infrastructure. The DHS is now offering the Guam Election commission technical assistance to help with election security. In fact, GEC Executive Director Maria Pangelinan just returned from a meeting in Washington D.C. where DHS officials briefed election officials on the services they are offering. Pangelinan says Homeland Security is offering assistance with assessing the cyber security and physical security needs of the GEC. Pangelinan says that Guam’s election system is relatively safe from cyber-attacks because the system is not internet based and the island no longer uses electronic voting booths.

Wisconsin: For state officials, election security a concern heading into 2018 elections | Wisconsin State Journal

Amid warnings that Russia will again try to meddle in U.S. elections in 2018, state officials are sizing up Wisconsin’s defenses — and saying past missteps must be avoided in working with national-security officials who can spot such threats. The state Elections Commission also hopes lawmakers will act on a request for more funding to hire three more staffers, including at least one position dedicated to election security. Russian government cyberactors unsuccessfully targeted Wisconsin election systems in July 2016 as part of a broader effort to interfere in U.S. elections, federal intelligence officials have concluded. The commission said Homeland Security didn’t notify it until September 2017, about 14 months later, that it believed the attempted cyberattacks came from hackers tied to the Russian government.

National: Homeland Security’s tall order: A hacker-free election | CNET

As lawmakers and federal investigators continue to try to understand the chaos foreign actors were able to create during the 2016 election, the US Department of Homeland Security has taken a central role in helping secure the next election. The agency declared the US election system, which is run by a fragmented group of officials in all 50 states as well as dozens of smaller local governments, to be a part of the nation’s “critical infrastructure” in January 2017. The agency doesn’t have any legal authority over election officials, but it offers programs to help them keep hackers out of voting machines, voter registration databases and public-facing election websites.

National: Homeland Security calls NBC report on election hacking ‘false’ | The Hill

The Department of Homeland Security on Monday pushed back against a recent NBC News report claiming that Russian hackers “successfully penetrated” U.S. voter roles before the 2016 elections, calling it misleading. “Recent NBC reporting has misrepresented facts and confused the public with regard to Department of Homeland Security and state and local government efforts to combat election hacking,” Jeanette Manfra, the department’s chief cybersecurity official, said in a statement. The article published by NBC last week drew on an exclusive interview with Manfra, during which she told the publication that U.S. officials observed “a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated.” 

National: DHS cyber chief: Russia ‘successfully penetrated’ some state voter rolls | The Hill

A U.S. cybersecurity official said Wednesday that Russia “successfully penetrated” the voter rolls in a small number of states in 2016. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security (DHS), told NBC News that Russia targeted 21 states and “an exceptionally small number of them were actually successfully penetrated.” DHS previously notified the 21 states that Russia had attempted to hack their elections systems before the 2016 election. It was Manfra who first revealed to the Senate Intelligence Committee last June that the states had their systems targeted by Russian hackers ahead of the election.

National: Democrats press Gowdy to subpoena Homeland Security for election hacking documents | The Hill

Democratic lawmakers are pressing House Oversight and Government Reform Committee Chairman Trey Gowdy (R-S.C.) to subpoena the Department of Homeland Security (DHS) for documents related to Russia’s efforts to target state systems ahead of the 2016 presidential election. In a letter sent to Gowdy on Monday, the Democrats on the committee accused the Trump administration of withholding “critical information” from Congress on the targeting.  Homeland Security said last year that Russian hackers tried to probe election-related systems in 21 states. Most of the activity amounted to only preparations for hacking, such as scanning for vulnerabilities, though both Illinois and Arizona witnessed breaches of state voter registration databases. None of the systems targeted were involved in vote tallying, officials say.

National: DHS won’t do voter-fraud investigation after Trump commission shut down | Washington Times

Homeland Security Secretary Kirstjen Nielsen tamped down on claims her department is going to pursue an investigation into voter fraud, saying Tuesday that her role will be limited to assisting states looking to weed out their own voter lists. President Trump earlier this month canceled his voter fraud commission and asked Homeland Security to pick up some of the work. Republican commissioners had said they expected Ms. Nielsen to take on the work they started of using government data to figure out how many non-citizens are registered and, in some cases, actually casting ballots. But the new secretary told Congress on Tuesday that’s not her goal.

National: DHS Official On Russian Hacking: ‘A National Security Issue’ | NPR

President Trump has shown little interest in fighting the threat of Russians hacking U.S. elections. He’s shown a lot of interest in fighting voter fraud, something he insists — without evidence — is widespread. Parts of his administration are doing just the opposite. Bob Kolasky, an acting deputy undersecretary at the Department of Homeland Security (DHS), told a group of election officials gathered in Washington, D.C., this week that the threat of Russian hacking in future elections is “a national security issue.” “We have seen no evidence that the Russian government has changed its intent or changed its capability to cause duress to our election system. That may not be the only concern we have in the future,” Kolasky said, adding that another nation-state or bad actor could also attempt to interfere in U.S. voting.

National: 3 ways DHS is helping states with election security | FCW

A Department of Homeland Security official said the federal government is substantially more prepared to deal with a nation-state attack on election systems today than it was in the lead-up to the 2016 election. In a Jan. 10 speech to the Election Assistance Commission in Washington D.C., Bob Kolasky, acting deputy under secretary for the National Protection and Programs Directorate, said the department has worked to expand its communication and outreach to state and local governments, which are primarily responsible for administering elections. “The Department of Homeland Security is in a much better position to work with our interagency partners and the election community to respond to any lingering threats that emerge going forward,” he said.

National: White House says it will destroy Trump voter panel data, send no records to DHS | The Washington Post

State voter registration data collected by President Trump’s abandoned election fraud commission will be destroyed and not shared with the Department of Homeland Security or any other agency, a White House aide told a federal judge. White House Director of Information Technology Charles Herndon also said in a legal filing in Washington late Tuesday that none of the controversial panel’s other “records or data will be transferred to the DHS or another agency” from this point on, except for disclosure or archiving that a court or federal law might require. Herndon’s declaration left unclear what other information the panel may have assembled since its formation in May, if any analysis was done and whether information had already been shared with others outside the Presidential Advisory Commission on Election Integrity, according to lawyers who participated in a telephone conference call with the court Wednesday.

National: DHS: Kobach not advising on new voter fraud investigation | The Kansas City Star

A spokesman for the U.S. Department of Homeland Security said Monday that Kansas Secretary of State Kris Kobach would not be advising the agency as it investigates voter fraud despite his claims that he would be involved. President Donald Trump officially disbanded his voter fraud commission last week in the face of a flood of lawsuits and resistance from states to a massive data request sent out by Kobach, the commission’s vice chair, in June. The administration said the Department of Homeland Security would study the issue instead of the commission. 

National: DHS election unit has no plans for probing voter fraud: sources | Reuters

The U.S. Department of Homeland Security’s election security unit has no immediate plans to probe allegations of electoral fraud, despite President Donald Trump’s announcement this week he was giving the issue to the agency, according to administration officials. Trump said on Wednesday that he had asked the Department of Homeland Security (DHS) to review voter fraud and determine appropriate courses of action, as he announced he was disbanding a presidential commission dedicated to the matter. Multiple officials and sources familiar with the matter said they were unaware of plans within DHS, a sprawling agency responsible for a wide array of national security issues, to investigate voter fraud.

National: Trump fraud investigation’s fate unclear after move to DHS | The Hill

The work of investigating President Trump’s claim that millions of people voted illegally in the last presidential election and cost him the popular vote — an idea he’s presented without providing any evidence — now lies in the hands of officials at the Department of Homeland Security, after Trump disbanded the commission originally charged with the investigation. Trump dissolved the controversial Presidential Advisory Commission on Election Integrity late Wednesday and turned its work over to DHS “rather than engage in endless legal battles at taxpayer expense,” White House Press Secretary Sarah Huckabee Sanders said in a statement. Trump’s decision comes after the commission grappled with data security concerns and widespread opposition from state governments, including both Democrats and Republicans, who refused to fulfill the commission’s wide-ranging requests for voter data. 

National: The latest 2018 election-hacking threat: A 9-month wait for government help | Politico

States rushing to guard their 2018 elections against hackers may be on a waiting list for up to nine months for the Department of Homeland Security’s most exhaustive security screening, according to government officials familiar with the situation. That means some states might not get the service until weeks before the November midterms and may remain unaware of flaws that could allow homegrown cyber vandals or foreign intelligence agencies to target voter registration databases and election offices’ computer networks, the officials said. Russian hackers targeted election systems in at least 21 states in 2016, according to DHS. The scanning, known as a “risk and vulnerability assessment,” is the crème de la crème of security exams: DHS personnel come in person to do an intensive, multiweek probing of the entire system required to run an election. But department officials acknowledge that it’s of limited use if it doesn’t come soon enough for states to correct their flaws before voters go to the polls. The nine-month wait is “not a good metric” for states hoping to boost their security, admitted Christopher Krebs, one of the DHS officials leading election security efforts. ”We are working to prioritize.”

National: DHS official says ‘trust’ with states prevents sharing cyber threats to election with Congress | InsideCyberSecurity

The Department of Homeland Security’s Christopher Krebs told House lawmakers that a “trust” relationship with state officials has prevented the department from sharing specific details about cyber threats to the 2016 presidential election with Congress. Krebs said “we don’t have statutory authority to compel” states to report cyber incidents to the federal government, while expressing concern that the level of trust needed to get states to share with DHS could be undermined by passing along that information to lawmakers. Krebs, who is the senior official performing the duties of the DHS under secretary for the National Protection and Programs Directorate, testified Wednesday at a joint hearing by the House Oversight and Government Reform information technology and intergovernmental affairs subcommittees on the “cybersecurity of voting machines.”

National: State election boards’ hands are sometimes tied when it comes to voting machine security. | Slate

Voting in the United States is highly decentralized—and in many ways that’s a good thing when it comes to security. Having different regions operate their own elections and count their own votes makes it harder for someone to forge, compromise, or change a large number of votes all at once. But that decentralization also means that individual states, counties, or districts are also often free to make bad decisions about what kind of voting technology to use—and it’s surprisingly hard to stop them. Earlier this week, North Carolina’s state elections board made a last-ditch attempt to convince a judge to prohibit counties in the state from using voting software manufactured by VR Systems on the grounds that the board hadn’t officially certified the software since 2009. On Monday—the day before Election Day—that attempt failed when Superior Court Judge Paul Ridgeway declined to intervene.

National: Election officials race to combat cyberattacks | The Hill

A year before the midterm elections, state election administrators are racing to plug vulnerabilities and update software ahead of an expected wave of cyberattacks from foreign actors. In interviews, state officials and elections experts said they are working to bolster internal security at both the state and local levels. At the same time, many said they hope Congress will act to update federal election law, in part to provide them with the resources they need to secure the democratic process. “No matter what steps we take today, cybersecurity and the cyber risk evolves and changes daily, and we just have to be vigilant and diligent going forward,” said Vermont Secretary of State Jim Condos (D). “Anybody that thinks, ‘today I’ve got it covered,’ and washes their hands of it is fooling themselves.”

Virginia: DHS pick worried about voting machine security during Virginia election | The Hill

President Trump’s choice to lead the Department of Homeland Security (DHS) said Wednesday that she pressed her polling place on voting machine security when she voted in Virginia this week. Kirstjen Nielsen, the nominee for Homeland Security secretary, made the comments during her confirmation hearing Wednesday morning when asked about the department’s role in protecting election infrastructure from cyberattacks. “When I went to vote this week in the Virginia election, I was quite concerned with the scanning machine and started asking a variety of questions on what the security was on the scanning machine for the ballot. I think we all have to be very aware and work with the state and locals,” Nielsen said. 

National: DHS has eye on cybersecurity issues Tuesday | CNN

As voters head to the polls on Tuesday, state and local officials are working with the federal government to monitor any potential cybersecurity issues on the first major Election Day since the 2016 election. While experts do not believe any interference with actual voting occurred last year, Russian efforts to meddle in the election — in part through hacking emails and some probing of election-related systems at the state level — have fueled a national conversation about the cybersecurity of elections. The Department of Homeland Security has taken the lead for the federal government in helping shore up election systems, which are managed at the state and local level. “We are working closely with officials in Virginia and New Jersey and other states and will have cybersecurity advisers embedded with state officials and with direct lines to DHS’ National Cybersecurity Communications Integration Center throughout the day today,” spokesman Scott McConnell told CNN in an email. “We continue to offer state and local governments our cybersecurity services, including cyber hygiene scans of Internet-facing systems and onsite risk and vulnerability assessments.”