Critics have derided the White House’s decision this past May to scrap its Cyber Coordinator post—created by the Obama administration to consolidate policy courses of action on cybersecurity issues—as short-sighted and tone-deaf, particularly at the height of concern over Russia’s nefarious activity toward U.S. political processes. However, the move creates an opportunity to examine whether the overall U.S. approach to cybersecurity has been overly narrow relative to the Russian threat—which itself has demonstrated the need for Washington to forge partnerships with industry and to expand beyond the network-centric aspects of information warfare.
National: Politicians wary that hackers could swipe emails, upend their campaigns | The Sacramento Bee
A new reality has set in to political campaigns: Candidates must expect that their private email accounts will be hacked, and the contents splashed onto the internet, possibly squandering their chances of victory or exposing personal secrets. Email hacking is now an entrenched tactic for practitioners of political sabotage. “I think it’s here to stay. I don’t see it changing,” said Richard Ford, chief scientist at Forcepoint, an Austin, Texas, cybersecurity company. Whether politicians are swapping tales of town halls, dishing on their opponents or sharing intimacies with spouses — or others — they now know that a private conversation can explode on to the internet.
National: Voter confidence is the biggest election security challenge, DHS cybersecurity official says | The Washington Post
A top cybersecurity official at the Department of Homeland Security says the biggest election security challenge going into the midterms isn’t a technical one. It’s convincing voters that their ballots are secure. “To me the No. 1 threat is around public confidence in the process,” said Matt Masterson, who coordinates a range of DHS election security efforts as senior cybersecurity adviser within the department’s National Protection and Programs Directorate. “How are we talking about this? How are we educating the public so they have confidence in the process and will show up and vote? Because the best response to any attempts to undermine confidence in the process is to vote.” Now that voters know that nation-states such as Russia want to disrupt U.S. elections, it’s going to take a continuous effort from DHS and other government agencies at all levels to make sure they keep turning out at the polls, Masterson told me in a recent interview in his office in Arlington, Va. And that won’t go away come November. “Security is not an end goal,” he said. “You don’t reach a point where you say, okay, now we’re secure. It’s an evolving process.”
National: National labs will probe election tech for vulnerabilities under planned DHS program | CyberScoop
The government is currently planning a cybersecurity program that would allow federally funded national scientific laboratories to privately probe and then document security flaws existing in U.S. election technology, most of which is developed and sold by private companies, according to a senior U.S. official. Rob Karas, director of the National Cybersecurity Assessments and Technical Service team at the Homeland Security Department, said that multiple election technology vendors had already shown an interest in engaging on the effort. Karas declined to name the firms, but said the initiative will begin later this summer. The outreach process is still ongoing.
The website of a Mexican political opposition party was hit by a cyber attack during Tuesday’s final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate. The National Action Party (PAN) said that its website, targeting front-runner Andres Manuel Lopez Obrador, likely suffered a distributed denial of service (DDoS) cyber attack with the bulk of traffic to the site nominally coming from Russia and China. Lopez Obrador’s Morena party said it had nothing to do with the outage. The Chinese and Russian embassies in Mexico did not immediately respond to requests for comment. Reuters could not confirm the PAN’s account of the attack.
Homeland Security Department inspectors aren’t turning up anything shocking when they assess state and local election systems for cybersecurity vulnerabilities in advance of the 2018 midterms, an official said Tuesday. Most of what Homeland Security is turning up in the risk and vulnerability assessments are the same issues you’d see in any information technology environment, Matthew Masterson, a senior cybersecurity adviser, told members of the Senate Judiciary Committee. That includes unpatched software, outdated equipment and misconfigured systems. Homeland Security has conducted risk and vulnerability assessments of 17 states and 10 localities so far, Masterson said.
A group of Democratic senators is introducing a bill aimed at securing U.S. elections from hacking efforts, the latest response to attempted Russian interference in the 2016 presidential vote. The bill introduced Tuesday is specifically designed to ensure the integrity of and bolster confidence in the federal vote count. It would require state and local governments to take two steps to ensure that votes are counted correctly. Under the legislation, states would have to use voting systems that use voter-verified paper ballots that could be audited in the event a result is called into question. State and local officials would also be required to implement what are known as “risk-limiting audits” — a method that verifies election outcomes by comparing a random sample of paper ballots with their corresponding digital versions — for all federal elections.
National: Congress struggles with ‘more than 30 proposals’ to combat foreign election meddling | Washington Times
Congress is wrestling with more than 30 proposals “to combat different angles of the foreign election meddling issue,” according to Senate Judiciary chairman Chuck Grassley. The logjam of legislation — much of it pushed by House and Senate bipartisan efforts — comes as the 2018 midterm election season accelerates toward its November finale that will determine the balance of power in Congress and in statehouses across the nation. “There have been no fewer than 18 pieces of legislation proposed to combat different angles of the foreign election meddling issue in the Senate alone,” Mr. Grassley, Iowa Republican, said Tuesday during a Senate Judiciary Committee hearing exploring election safety and foreign influence.
State and local elections officials preparing for the 2018 elections are strapped for time and resources, but the Department of Homeland Security’s National Protection and Programs Directorate is stepping in to help. Two weeks ago, at the request of the Elections Government Coordinating Council, NPPD released guidance on what states and localities should do with their share of the $382 million from 2018 Help America Vote Act Security Fund, said Matt Masterson, NPPD senior cybersecurity advisor, during a June 12 Senate Judiciary Committee hearing. NPPD provided insights on where the money should be used to address risks in the election process. “We focused first on common IT vulnerabilities that exist across elections — things like patching, training for phishing campaigns as well as manpower,” Masterson said.
Pennsylvania: After 2016 Russian hack attempts on voter data, registration system to be audited | Philadelphia Inquirer
Pennsylvania Auditor General Eugene DePasquale said Monday that his office will evaluate the security of the state’s voter-registration system, a target of Russian hackers before the 2016 presidential election. Pennsylvania was one of 21 states whose election data were sought by Russian hackers, the U.S. Department of Homeland Security said last year. Though there was no evidence of a breach, DePasquale said, the revelation prompted him and others to test the system’s security. “This is something that has been talked about both locally and nationally for quite some time,” DePasquale said. “I believe it is the right time to make sure we are doing everything we can to make sure our voting system in Pennsylvania is secure.”