The technology industry and organizations worldwide are reeling from the disclosure of two critical computer hardware vulnerabilities that affect scores of modern devices from PCs to smartphones. Details about the computer processor flaws nicknamed “Meltdown” and “Spectre” came into full focus over the past week and sent programmers at major software companies racing to quickly issue patches to protect affected systems. The issue was initially believed to only affect Intel processors but actually affects a variety of chip vendors. Intel’s stock dropped Thursday as a result of the revelations.
Election Assistance Commission
National: Election Assistance Commission announces meeting next week on securing mid-terms | InsideCyberSecurity
The U.S. Election Assistance Commission has announced that it will be holding a public meeting on Jan. 10 to review steps for securing the nation’s election system in advance of mid-term voting this fall. “Ahead of the 2018 midterm elections, the U.S. Election Assistance Commission will host an all day summit to highlight a spectrum of issues that state and local election officials will face as they work to administer a secure, accessible and efficient 2018 Election,” according to a Federal Register notice issued today. The congressionally mandated commission will hear from witness on “topics such as election security, voting accessibility, and how to use election data to improve the voter experience,” according to the announcement.
Every two years after a November mid-term or presidential election, the Election Assistance Commission surveys states about their election practices, compiles that data and submits a report to Congress. The 226-page 2016 Election Administration and Voting Survey includes data on voter registration, turnout, absentee and pre-election voting, precinct and polling places and military and overseas voting. While the report contains charts and downloadable datasets, the EAC recognized that election officials at the county and municipal level might need help manipulating the data for their own analysis. On Dec. 13, EAC released the EAVS Data Interactive, a new data visualization tool that lets election officials, academics, activists and others examine specific data at the state and local level, as well as compare jurisdictions side by side.
Voting Blogs: Challenges to Better Security in U.S. Elections: The Last Mile | Brian Hancock/EAC Blog
Every election has a set of outcomes. Usually it’s winners and losers, but occasionally – and perhaps not coincidentally in presidential elections – there are also outcomes that shape our perceptions about the fairness and efficacy of our elections. In 2000, it was the hanging chad and the role of the Electoral College. In 2012, it was long lines. And in 2016, it was cybersecurity. Once an issue is introduced into the election ecosphere, it often remains a permanent and recurring part of the landscape. For example, a recent Google search of the words “cybersecurity elections” produced over 12 million hits. And at nearly every election-related forum I’ve attended during the past year, cybersecurity was a key topic of discussion. The 2016 election elevated the profile of election security issues and demonstrated a need for state and local election officials not only to reassess their readiness, but to educate the public about this important work and the role it plays in securing elections.
If you have ever looked at the Voluntary Voting System Guidelines (VVSG), you might be overcome by the sheer size of the document and the level of detail included. If your state requires federal certification for the voting systems you use, the VVSG 1.0 (2005) or 1.1 (2015) are the specifications used to test the voting systems against. We all learned a lot from the process of creating and refreshing the VVSG over the years. In the meantime, so much has changed. The technology has changed, the market of voting technology has changed, laws have changed — elections have changed. We all learned a lot from the process of creating and refreshing the VVSG over the years. In the meantime, so much has changed. The technology has changed, the market of voting technology has changed, laws have changed — elections have changed. On September 12, 2017, the Technical Guidelines Development Committee (TGDC), a committee formed by the National Institute of Standards and Technology (NIST) and the Election Assistance Commission (EAC), adopted a new version of the VVSG, which they’re affectionately calling VVSG 2.0.
A federal performance audit said New Hampshire failed to get prior approval to use $1 million in federal election grant money as part of a $3.7 million renovation to the state archives building. This was one of four conditions found in the 76-page audit the U.S. Election Assistance Commission published in the past week and posted in the Federal Register. State election officials said they have been trying for more than seven years to get retroactive approval of that archives building spending state lawmakers first approved in 2003. New Hampshire is one of the last states in the country to undergo this audit, which is mandatory under the Help America Vote Act of 2002.
Federal money set aside to help states upgrade their voting equipment is running out, at a time when many states are seeking to replace aging machines and further fortify against cyberattacks. While federal funding has gradually diminished, the 2016 fiscal year marked a new low. As of September 2016, states had collectively spent more than the approximately $3.2 billion, distributed over several years, that Congress provided under the 2002 Help America Vote Act, according to a report from the independent Election Assistance Commission released Wednesday. Several states now rely mostly on any interest accrued from federal grants or on other sources for election-related efforts, such as replacing equipment that is in some cases a decade old.
The Department of Homeland Security continues to work with state and local governments to protect election systems as critical infrastructure. At an Aug. 16 public meeting of the federal Election Assistance Commission, however, officials made clear that risks still remain. EAC Vice-Chairman Thomas Hicks pointed to a recent planning exercise in Albany, N.Y., as an example. That exercise, conducted in July, resulted in some surprising results that remain classified. “I found the meeting very informative, enlightening and frightening,” Hicks said. “I would encourage every state to hold a similar meeting with election officials, emergency management folks and IT officials.”
Even with the widespread attention and federal protections provided to election systems, state and federal officials alike have concerns that U.S. election systems remain vulnerable to digital meddling. In the final days of the Obama administration, then-Department of Homeland Security Secretary Jeh Johnson formally designated state election assets as U.S. critical infrastructure in response to digital floods of misinformation, as well as Russian cyber espionage on an election software vendor and spear-phishing attempts against local election officials during the lead-up to the November 2016 presidential election. The move allowed state governments to ask DHS for help on a voluntary basis in securing their election infrastructure, but was met with resistance from many state officials and some members of Congress. Amid this resistance — and the current shuffle in DHS leadership — Johnson expressed fear on CBS’s Face the Nation Aug. 6 that voting systems remain vulnerable to digital meddling. “I’m concerned that we are almost as vulnerable, perhaps, now as we were six, nine months ago,” he said.
Editorials: Republicans Want To Defund The Commission That Fights Voting Machine Hacking | Steny Hoyer/HuffPost
This past weekend, hackers gathered in Las Vegas with a simple mission: break into America’s electronic voting machines and take control. Within minutes, some had already succeeded – but that’s a good thing. These hackers were part of a workshop held to identify vulnerabilities so they can be fixed well before any Americans cast actual votes next election. This exercise underscores the very real danger posed by outdated and insecure voting-machine software – as well as the important mission our government must continue undertaking to close these vulnerabilities and safeguard our elections. However, in their FY2018 funding proposal, Republicans are going after the small but highly successful agency that protects the integrity of our voting systems: the Election Assistance Commission. In June, House Republicans included a provision in their Financial Services and General Government Appropriations bill that would abolish the Election Assistance Commission.