National: Homeland Security cyber unit on alert for Election Day | The Hill

Russia’s intervention in the 2016 presidential election yielded an unexpected result for officials at the Department of Homeland Security (DHS): it has put them in the driver’s seat for protecting future elections from cyberattacks. Since January, officials at the agency have grappled with how to work with state and local election officials to share information on imminent threats and develop response plans for when things go awry. The effort has spawned tensions with state officials, who are wary of a “federal takeover” of elections and have panned the slow pace at which the federal government offered up details on the Russia threat. Homeland Security has pressed forward, standing up a special council in October to engage with election officials on potential threats and how to defend against and respond to them. 

National: State officials to be given access to 2016 election cyberattack data | CBS

CBS News has learned that in an unprecedented effort to enhance election security ahead of the 2018 midterms, select state officials will be given access to some of the most sensitive information about the extent of the 2016 cyberattacks, but that access will require them to submit to the time-consuming and lengthy process of filling out federal security clearance applications. The process online can take up to 10 hours and, even after completing the application, some election officials say they have doubts about the extent of what they’ll be able to see.During the 2016 election, suspected Russian hackers scanned and probed voter databases and other election related computer networks in at least 21 states.

National: DHS and top election officials finally meet to begin hashing out ‘critical infrastructure’ designation | Washington Examiner

Top election officials from around the country met this weekend to create the formal organization to hash out what powers and lines of communications the Department of Homeland Security should have after the department designated voting systems in the states and territories as “critical infrastructure” earlier this year. By voting to adopt a charter for a “Government Coordinating Council,” the secretaries of state now have a group that has an official channel and a single “voice” to communicate with DHS. The move marks the first major step in the coming together between the nonpartisan National Association of Secretaries of State, or NASS, and DHS, amidst a contentious and sometimes mistrusting year.

National: Time is running out for state officials to be approved for cybersecurity intel ahead of elections | Cyberscoop

With just about a month left before the polls open in New Jersey and Virginia for gubernatorial elections, the Department of Homeland Security is racing to vet state officials who have applied for the ability to receive classified briefings and other information related to potential cyber-intrusions into election systems, people familiar with the matter tell CyberScoop. In August, the DHS began reaching out to chief election officials in every state to begin the process of obtaining clearances. While the nominees for these clearances are usually the secretary of state or similar high-ranking office-holders, some supporting staff have also sought clearances. The processing for each of these applications varies by person and as a result, there’s no average wait time. Over the last several months, however, DHS has been able to issue “interim” clearances when necessary within 30 days of an application, officials told CyberScoop. Final clearance approvals are taking much longer, the officials said.

National: The U.S. Election System Remains Deeply Vulnerable, But States Would Rather Celebrate Fake Success | The Intercept

When the Department of Homeland Security notified 21 states that Russian actors had targeted their elections systems in the months leading up to the 2016 presidential election, the impacted states rolled out a series of defiant statements. … But in most cases, according to the DHS, Russian actors scanned the public-facing websites of state agencies, apparently looking for vulnerabilities. The DHS said that in almost all of the cases, there was no evidence the operatives attempted to exploit any vulnerabilities. It was not, in other words, a thwarted bank robbery. Instead, Russian operatives surveyed the bank from the sidewalk, and then headed home. While the states are busy celebrating their successes, they are doing far too little to ensure that operatives don’t get in next time they show up and actually try to infiltrate, say cybersecurity experts.

National: DHS Creates Task Force To Bolster Election Security | Defense Daily Network

The Department of Homeland Security is upping its game to help state and local officials with strengthening the security of their election systems through the creation of a new task force, according to a senior department official. Last week the DHS National Protection and Programs Directorate established an election task force that includes members from the different departments components, including the Office of Intelligence and Analysis, to work with state and local governments to help them protect their election systems, Christopher Krebs, the acting undersecretary of the NPPD, on Tuesday told the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection. Prior to the creation of the task force, the Office of Infrastructure Protection within NPPD was in charge of working with state and local governments to provide any help they needed with their election systems. Krebs said that elevating this role to a task force is comes down to “matching my words with our execution,” adding that the entity is being resourced “appropriately.”

National: DHS is standing by its initial assessment that 21 states were targeted | HuffPost

Top election officials in two states say the Department of Homeland Security gave them faulty information last week when it said Russian hackers scanned their election systems last year. The accusations underscore the persistent barriers in information sharing as the federal government and states try to respond to hacking in last year’s election. DHS informed election officials in 21 states on Friday that Russian hackers had tried to access voter information, the first time many states found out they had been targeted. DHS has faced criticism for being slow to share information with states. Now election officials in Wisconsin and California say DHS has provided them with additional information showing that Russian hackers actually scanned networks at other state agencies unconnected to voter data. In Wisconsin, DHS told officials on Tuesday that hackers had scanned an IP address belonging to the Department of Workforce Development, not the Wisconsin Elections Commission. … Scott McConnell, a DHS spokesman, said in a statement the agency stood by its assessment that 21 states were targeted by Russian hackers last year. He suggested hackers still could have targeted election records, even if they did not target the IP addresses of the state’s election body.

National: Trump administration furthers states’ frustration over election hacking | CNN

Tension between state election officials and the Trump administration is only growing after two states say they were misinformed by the Department of Homeland Security about Russian government-linked hacking, further prolonging a months-long dispute over delayed information from the federal government. California and Wisconsin say DHS was incorrect in its initial assessment that their states’ systems connected to election administration were targeted by Russian hackers. The latest flap started September 22, when the Department of Homeland Security sought to notify state election officials on whether their states were among those targeted during last year’s presidential election. DHS previously said that 21 states’ election-related systems had been targeted — but had never said which ones were on the list. By Wednesday, DHS had to revise its alerts to both California and Wisconsin.

Wisconsin: Authorities didn’t tell Wisconsin about Russian hacking for a year | Milwaukee Journal Sentinel

Wisconsin officials for a year were not told about specific attempts by the Russian government to gain access to the state’s voter registration database, the leaders of the state Elections Commission said Friday. Friday’s statement from the commission comes after a week of conflicting reports about what Russian agents attempted to do and when state and federal officials knew about it. Wisconsin systems were targeted in July and August 2016. Wisconsin officials were aware of the attempts but not that Russian government actors were behind them, according to Friday’s statement and public records. In one of the incidents, the attack was targeted at a different state agency, not the Elections Commission.

Wisconsin: State has made progress heading off hackers but more could be done | Milwaukee Journal Sentinel

Russian hacking attempts grabbed headlines this week, but they weren’t the Wisconsin elections agency’s first cyber attack with an international flavor. For a day in August 2011, an older version of the state’s elections website and several other state sites were knocked out of commission by a cyber vandal. The elections site had its homepage plastered with the phrase “hacked by sovalye” — a phrase that appeared to refer to the Turkish word for “knight.” Since then, the state government as a whole has gotten more serious about protecting itself from internet attacks — efforts that may have paid off last year amid Russian attempts to influence, or undermine confidence in, the November elections. 

National: Obama DHS officials pitch election cybersecurity fixes to Congress | The Hill

Former high-level Obama administration officials appeared before congressional Democrats on Thursday to offer suggestions on how to secure future elections from cyber threats. Jeh Johnson, the former secretary of Homeland Security, and Suzanne Spaulding, a former high-level cybersecurity official at the Department of Homeland Security (DHS), faced a myriad of questions from lawmakers about what Congress can do to help states shore up the cybersecurity of their election systems. The meeting took place less than a week after Homeland Security officials notified 21 states of evidence that Russian actors targeted their networks ahead of the 2016 election. Among their recommendations, Spaulding encouraged lawmakers to provide more resources to states for cybersecurity, suggesting that the money could be allocated through a grant program that also mandates a full assessment of their systems.

National: Former DHS chief feared catastrophic attack on election systems | FCW

Russian interference in U.S. institutions reaches further than the interference in the election infrastructure in 2016 and requires a strong strategy to counter a sustained effort by that country to undermine the integrity of the vote, former DHS leaders told a congressional task force. Russian probes and alleged attempted hacks of state election systems in the last election are “a wake up call” for upcoming state and congressional elections in 2018, former Secretary of Homeland Security Jeh Johnson told House Democrats on the Election Security Task Force in a Sept. 28 public meeting. House Democrats created the Election Security Task Force in June to study ways to keep Russian interference out of 2018 elections. While Johnson told the panel that he found no evidence that Russian probes of state systems, including voter registration systems, altered ballots or election results, he said those efforts “exposed cyber vulnerabilities.”

National: Homeland Security Clarifying State Election Hacking Attempts | NECN

The Department of Homeland Security has notified two states that Russian hackers attempted to scan networks other than their election systems in the run-up to the 2016 presidential election, contrary to details provided last week. On Wednesday, California became the second state — after Wisconsin — to receive the clarification. California Secretary of State Alex Padilla said in a statement that homeland security officials told him the scanning activity took place on the state technology department’s network and not on the Secretary of State website, as the state was told last week. “Our notification from DHS last Friday was not only a year late, it also turned out to be bad information,” Padilla said in a statement. He said the public and officials who oversee elections “deserve timely and accurate information” from Homeland Security

National: Democratic election task force to hear from Obama Homeland Security chief | The Hill

A task force of congressional Democrats is slated to meet with an Obama-era Homeland Security secretary this week as part of an ongoing effort to address cyber threats to election infrastructure. The election security task force announced that it will host a public forum on Thursday featuring Jeh Johnson, who led the Department of Homeland Security (DHS) under the Obama administration. News of the forum comes days after the DHS notified nearly two dozen states that they were targeted by Russian hackers ahead of the 2016 presidential election. It was Johnson who was responsible for engaging with state-level officials on cybersecurity ahead of the election last year. The department offered voluntary cybersecurity assistance to states to shore up their systems ahead of the vote.

Washington: State Reveals Upcoming Federal Cybersecurity Pilot, After DHS Confirms Attempted Election Breaches | Gov Tech

Department of Homeland Security (DHS) officials said three months ago that people linked to the Russian government had attempted to hack election-related sites and information in 21 states. But on Sept. 22, DHS made it official, contacting election officials in those states to more formally notify them of having been targeted. Only one, the state of Illinois, was deemed as having been “breached,” according to a Washington Post analysis that pointed to the previously revealed exposure of personal information belonging to “tens of thousands of voters.” With its next election about six weeks away, a top Washington state elections official said the agency will soon embark on a three-month federal pilot aimed at improving cybersecurity, and officials are optimistic the electoral cycle will be uneventful and appear largely unchanged to voters.

Wisconsin: In reversal, DHS says Russians did not seek to hack Wisconsin’s election system | Milwaukee Journal Sentinel

The federal Department of Homeland Security reversed itself Tuesday and told Wisconsin officials that the Russian government had not tried to hack the state’s voter registration system last year. Instead, Homeland Security said, the Russians had attempted to access a computer system controlled by another state agency. The development — disclosed during a meeting of the Wisconsin Elections Commission — came four days after federal officials told the state that Russians had tried to hack systems in Wisconsin and 20 other states. Juan Figueroa, a member of Homeland Security’s election infrastructure team, on Tuesday told state officials by email that Wisconsin’s voter registration system had not been targeted in a hacking attempt after all. He said Russians had tried to access a computer system run by the state Department of Workforce Development.

National: DHS tells states about Russian hacking during 2016 election | The Washington Post

The Department of Homeland Security contacted election officials in 21 states Friday to notify them that they had been targeted by Russian government hackers during the 2016 election campaign. Three months ago, DHS officials said that people connected to the Russian government tried to hack voter registration files or public election sites in 21 states, but Friday was the first time that government officials contacted individual state election officials to let them know their systems had been targeted. Officials said DHS told officials in all 50 states whether their systems had been attacked or not. “We heard feedback from the secretaries of state that this was an important piece of information,” said Bob Kolasky, acting deputy undersecretary for DHS’s National Protection and Programs Directorate. “We agreed that this information would help election officials make security decisions.”

National: Trump Election Commissioners Are Resisting Efforts to Protect Elections From Hacking | Mother Jones

The intelligence community fears that Russia’s meddling in US elections did not end in November 2016, and that when the Kremlin tries to intervene again, state and local voting systems will be a prime target. “They will be back,” former FBI Director James Comey warned in June. Many election systems would prove an easy target. Last month, hackers at the annual DEF Con conference demonstrated this vulnerability when they easily breached multiple voting machines. A 16-year-old hacked a machine in 45 minutes. In response to this threat, the Department of Homeland Security has taken a major step to protect elections by prioritizing the cybersecurity of state and local voting systems. Yet several members of President Donald Trump’s controversial election commission oppose DHS’s move, and two of them have dismissed the threat entirely as a ploy for the federal government to intrude on states’ rights. Their opposition is a signal that the commission, tasked with finding vulnerabilities in the country’s election system, is not likely to take cybersecurity seriously. On January 6, the same day that the intelligence community released a declassified report alleging Russian meddling in the election, DHS announced that it would make additional cybersecurity assistance available to states that request it. This was done by classifying election infrastructure as “critical infrastructure,” a designation that already brings heightened security measures to critical infrastructure such as dams and the electrical grid. The move means that DHS will provide risk assessments, system scanning, and other cybersecurity services to states that request them. But several election officials and experts who sit on the Presidential Advisory Commission on Election Integrity quickly condemned the designation.

National: Election officials: ‘We are going to need more assistance’ | FCW

The Department of Homeland Security continues to work with state and local governments to protect election systems as critical infrastructure. At an Aug. 16 public meeting of the federal Election Assistance Commission, however, officials made clear that risks still remain. EAC Vice-Chairman Thomas Hicks pointed to a recent planning exercise in Albany, N.Y., as an example. That exercise, conducted in July, resulted in some surprising results that remain classified. “I found the meeting very informative, enlightening and frightening,” Hicks said. “I would encourage every state to hold a similar meeting with election officials, emergency management folks and IT officials.”

National: Amid DHS leadership shuffle, voting systems remain vulnerable | FCW

Even with the widespread attention and federal protections provided to election systems, state and federal officials alike have concerns that U.S. election systems remain vulnerable to digital meddling. In the final days of the Obama administration, then-Department of Homeland Security Secretary Jeh Johnson formally designated state election assets as U.S. critical infrastructure in response to digital floods of misinformation, as well as Russian cyber espionage on an election software vendor and spear-phishing attempts against local election officials during the lead-up to the November 2016 presidential election. The move allowed state governments to ask DHS for help on a voluntary basis in securing their election infrastructure, but was met with resistance from many state officials and some members of Congress. Amid this resistance — and the current shuffle in DHS leadership — Johnson expressed fear on CBS’s Face the Nation Aug. 6 that voting systems remain vulnerable to digital meddling. “I’m concerned that we are almost as vulnerable, perhaps, now as we were six, nine months ago,” he said.

National: DHS Reassures States it Won’t Step on Election Authority | MeriTalk

he designation of the nation’s election systems as critical infrastructure will not infringe upon state and local authority to run elections. In a recent memo to Senate Homeland Security and Governmental Affairs Committee Members, Ranking Member Claire McCaskill, D-Mo., relayed communications from the Department of Homeland Security that reiterated that fact. “This designation does not allow for technical access by the Federal Government into the systems and assets of election infrastructure, without voluntary legal agreements made with the owners and operators of these systems,” DHS told McCaskill, also confirming that there is no intention to change that critical infrastructure designation. “This dynamic is consistent with engagements between the Federal Government and other previously established critical infrastructure sectors and subsectors.”

National: 33 states accepted Department of Homeland Security aid to secure elections | The Hill

The Department of Homeland Security (DHS) provided cybersecurity assistance to 33 state election offices and 36 local election offices leading up to the 2016 presidential election, according to information released by Democratic congressional staff. During the final weeks of the Obama administration, the DHS announced that it would designate election infrastructure as critical, following revelations about Russian interference in the 2016 election. Since January, two states and six local governments have requested cyber hygiene scanning from the DHS, according to a memo and DHS correspondence disclosed Wednesday by the Democratic staff of the Senate Homeland Security and Governmental Affairs Committee. The information is related to the committee’s ongoing oversight of the DHS decision to designate election infrastructure. 

National: Election Security Is a Surprisingly Controversial Issue | WIRED

For all the uncertainty surrounding the Trump campaign’s associations with Russia, one thing remains clear: A foreign power interfered in the US presidential race, with hackers targeting the election systems of 21 states to do so. And yet the government has done precious little to keep it from happening again. The inaction stems not from laziness or ignorance but a deep, possibly unbridgeable divide between state and federal powers. So far this year, a handful of special elections in the US have gone smoothly, but the threat from Russia still looms, especially as the 2018 midterm races approach. France recently saw Kremlin-led meddling in its own presidential contest, and Germany has expressed fears over its upcoming election as well. Alarmism may not be productive, but states do have reason to worry. Local officials, though, have bristled at the Department of Homeland Security’s move to designate election systems as “critical infrastructure,” a move designed to unlock resources for system defense upgrades and improve state–federal communication. Everyone agrees that security matters; how to get there is another matter entirely.

National: State election officials complain feds keep them in the dark on possible voting breaches | Associated Press

State election officials gathering this weekend amid an uproar over a White House commission investigating allegations of voter fraud and heightened concern about Russian attempts to interfere in U.S. elections say a lack of information from federal intelligence officials about attempts to breach voting systems across the country is a major concern. Both Republicans and Democrats gathered in Indianapolis for a meeting of the National Association of Secretaries of State say they are frustrated because they have been largely kept in the dark by federal officials. “The chief election official in each state should be told if there are potential breaches of that state’s data or potential intrusions,” said Republican Colorado Secretary of State Wayne Williams.

National: Senator asks DHS for plans to treat election infrastructure as critical | The Hill

A Democratic senator is looking for answers on whether the Trump administration will keep in place the designation of election infrastructure as “critical” and, if so, how the new administration plans to implement it. Sen. Claire McCaskill (D-Mo.) directed a number of questions at Secretary of Homeland Security John Kelly in a letter this month in order to better understand the designation, which was made by his predecessor Jeh Johnson just weeks before Barack Obama left the White House. The designation was also made in timing with the release of the intelligence community’s report on Russian election interference, which assessed that Russian intelligence accessed elements of state and local electoral boards. In doing so, the Obama administration opened up election infrastructure—including polling places, vote tabulations locations, and technology such as voting machines and registration databases-–to federal protections upon request from state and local governments.

National: Senators ask feds for ‘full account’ of work to secure election from cyber threats | The Hill

Democratic senators are asking a federal agency that helps certify and secure voting systems for a “full account” of its work to secure the 2016 election from Russian hackers. The senators, led by Amy Klobuchar (D-Minn.), also want the Election Assistance Commission (EAC) to detail cybersecurity challenges facing state and local officials as they look to safeguard future elections. The intelligence community concluded in an unclassified report released in January that Russia engaged in a cyber and disinformation campaign during the election to undermine U.S. democracy and damage Democratic nominee Hillary Clinton. Intelligence officials determined that “Russian intelligence accessed elements of multiple state or local electoral boards,” though they found no systems involved in voting tallying were breached.

National: Secretaries of State balk at election system move by DHS | FCW

A group of state officials voted to oppose a federal critical infrastructure designation covering their election systems. They’re looking to get that designation removed. The National Association of Secretaries of State voted on Feb. 18 to oppose the Department of Homeland Security’s late January designation of state election systems as federally protected “critical infrastructure.” The designation puts election systems on similar footing as systems in the energy and financial services sectors. NASS also voted over the weekend to create a task force to work with federal agencies and stakeholders on election system cybersecurity issues. While some states, like Arizona, took DHS up on its offer to provide cybersecurity scans of some of their systems in the wake of attempted hacks into state voter registration systems, others are very wary of letting federal agencies into state-managed facilities for fear of, or the impression of, federal influence or management.

National: State election officials blast ‘unprecedented’ DHS move to secure electoral system | Politico

State election officials on Monday denounced the Department of Homeland Security’s decision to label the country’s electoral system as “critical infrastructure.” The move, which DHS announced on Friday, puts the electoral system on par with the energy or financial sector, industries considered vital to national security and economic stability. On Monday, the National Association of Secretaries of State lashed out at the decision, saying it is “is legally and historically unprecedented, raising many questions and concerns for states and localities with authority over the administration of our voting process.” Secretaries of state oversee elections in most states. Several of these officials have expressed concerns that the “critical infrastructure” tag could presage a federal takeover of local elections.

Georgia: Two more states say same DHS computer accessed their websites | Atlanta Journal Constitution

The National Association of Secretaries of State wants federal officials to help resolve concerns that a Department of Homeland Security computer made questionable visits to a number of state computers in recent months. The organization, based in Washington, “wants to make sure that we help the states in question get a quick resolution of this matter from the Department of Homeland Security and that there is a way to resolve it to everyone’s satisfaction,” Kay Stimson, spokeswoman for the association, told The Atlanta Journal-Constitution on Thursday. The organization surveyed its members after Georgia Secretary of State Brian Kemp’s staff traced what it considered a cyber threat against its network to a DHS-owned computer. The agency has denied any attempt to penetrate Georgia’s protected systems. Two states — Kentucky and West Virginia — discovered visits to their systems by the same computer involved in the Georgia incidents. Both of those states, however, said the visits did not appear to be malicious.

National: Election cyber threats: More states request DHS help | CNN

More states and local election boards have asked the Department of Homeland Security to help with cybersecurity, the department announced Monday night. The total, which has been steadily rising in recent weeks, has reached 33 state and 11 county or local election agencies, DHS said. More than two dozen states were known to have requested help before the updated tally. DHS has been urging states to take advantage of its resources, which include scanning systems for vulnerabilities and recommendations for improving cybersecurity on election and voter registration systems. The update from Secretary Jeh Johnson warned those on the fence to make a decision.