election cybersecurity

Tag Archive

National: How Vulnerable Are Electronic Voting Machines? | WBUR

A federal judge ruled this week that Georgia does not have to replace its electronic voting machines with machines that create paper records before the election in November. In her ruling, though, the judge noted she’s “gravely concerned” about Georgia’s slow pace in addressing electronic voting vulnerabilities. Here & Now’s Jeremy Hobson talks with Marian Schneider, president of Verified Voting, a nonpartisan nonprofit that advocates for accurate and verifiable elections, about those vulnerabilities and how secure electronic voting machines are.

On her opinion of the judge’s ruling in Georgia: “I do think that it’s a significant decision, but I think that the judge was concerned about the amount of time before the election, that there wasn’t enough time to smoothly implement paper ballots. “There’s only seven weeks between now and the election, and the early voting would start soon, too. So I think that was a greater concern for the court, but I think the judge made a lot of very significant findings about the vulnerabilities that are present in paperless computer systems that count our votes.” Read More

National: State Elections Agencies Focus on Voting Security Ahead of Midterms | StateTech

During the last election, Russian cyberattackers looking for vulnerabilities scanned 21 state election systems, including those in Illinois, over the 2016 campaigns. While the Department of Homeland Security says the scanning activity did not necessarily breach systems, some individual states have reported compromised data. This year, for instance, the Illinois State Board of Elections reported a 2016 breach of its voter registration system, detailing a SQL injection attack of unknown origin that exposed records in the state’s voter registration database. Since the attack, the Illinois board has worked with state IT experts as well as DHS cybersecurity professionals to keep the database of 18 million records and the servers on which it resides safe from attackers, says Matt Emmons, the agency’s IT director. And there are plenty of hackers out there. Read More

National: DOD’s new cyber strategy stresses election security | FCW

The Defense Department’s newly released cyber strategy draws attention to election meddling, infrastructure protection and greater reliance on commercial technology to get ahead of the curve. A summary of the DOD’s cyber strategy released Sept. 18 boasted an assertive stance on election meddling and attribution, calling out cyber “challenges to [U.S.] democratic processes” as a means for Russia, China, North Korea and Iran to inflict damage without engaging in armed conflict. However, the Pentagon remained firm in its infrastructure protection role. DOD will partner with the private sector and other agencies on improved information sharing “to reduce the risk that malicious cyber activity targeting U.S. critical infrastructure could have catastrophic or cascading consequences,”  the document indicated. Read More

National: Cleanup time for tech firms as midterm elections approach | AlphaStreet

Investigations carried out by federal agencies showed that hackers exploited seemingly minor flaws in the electronic voting system to manipulate the vote tally in the last presidential election. The findings might not surprise Americans as much as it would have done a few years ago, because now we know a bigger threat is hanging over the election process. Skeletons of the illegal online campaign launched by Russian agencies a couple of years ago to rig the presidential election are still tumbling out of the closets of technology companies like Facebook (FB) and Google (GOOG). With the midterm polls around the corner, the security agencies are busy plugging all the loopholes in the system to ensure a free and fair election. That the attackers managed to hack important government websites and breached huge volumes of voter data show the severity of the campaign, and that justifies the extra alert this time. Reports show that hackers, with possible Russia connections, are already doing the groundwork to interfere in the November election. Read More

National: Could white hat hackers boost security of voting machines? | Fifth Domain

Government officials and cybersecurity experts are arguing that companies need to embrace vulnerability disclosure programs to guard against hacking amid pushback from the largest voting machine company in the United States, which has portrayed efforts to test their systems as a tactic of foreign spy-craft. Vulnerability disclosure programs that invite hackers to test computer systems are a show of strength, participants in a Sept. 18 event at the Atlantic Council argued. “Not having a vulnerability disclosure program amounts to cybersecurity negligence,” said Marten Mickos, the head of Hacker One. It’s a myth that companies can test their systems on their own, said Chris Nims, chief information security officer at Oath, a cybersecurity company. Even large companies who perform penetration testing on their own products cannot catch all vulnerabilities, he argued. “The reality is that is simply not true.” Read More

National: Wyden: Senators need protection from ongoing Russian hacking campaign | Politico

Russian hackers behind the 2016 Democratic National Committee hack appear to be targeting the personal email of senators and their staffers, according to Sen. Ron Wyden. In a letter today to Senate leaders, the Oregon Democrat urged support for legislation that would allow the Sergeant at Arms to protect those email systems. The letter from Wyden follows reports in January that the Russian hacking group Fancy Bear — which the U.S. intelligence community identified as one group that penetrated the DNC in the lead-up to the 2016 election — was going after Senate offices. Read More

Wisconsin: Adams County clerk resigns following investigation into unauthorized computer access | WKOW

A meeting to hear charges against Cindy Phillippi was scheduled for Wednesday morning. But the hearing was canceled after Phillippi, through her attorney, submitted a 5-page resignation agreement to the Adams County Board during a closed door session Tuesday night. The resignation is effective Wednesday. The agreement does not include an admission of liability. Phillippi will be on paid leave through the end of the year. Board Chair John West said she will continue to provide consultation during the transition period. Read More

Sweden: IT sector advises Swedish government on elections and voting system | Computer Weekly

Swedish IT sector is helping the government make election systems more secure and reduce external influence. The security measures assembled and implemented around the 2018 election in Sweden were devised in consultation with leading actors within Sweden’s private IT sector. The primary role of the IT suppliers was to advise government panels, which included the national security service (Säpo), the National Police Board (Rikspolisstyrelsen), the National Civil Contingencies Agency and the National Election Authority. Säpo was at the head of a government-commissioned election taskforce that organised an IT-based protective shield around the voting process and implemented measures to minimise hostile external inference. Read More

National: The Cyberthreats That Most Worry Election Officials | Wall Street Journal

As Election Day gets closer, one issue looms large for voters and election officials alike: cybersecurity. Hoping to quell fears about foreign hackers and repel potential threats, many states and counties are beefing up their plans to deal with cyberattacks. They’re shoring up systems to protect their voter databases and hiring security experts to assess the strength of their defenses. They’re coordinating with social-media organizations to stamp out deliberately fraudulent messages that could mislead voters about how to cast a ballot. And they’re banding together to share information and simulating how to respond to potential emergencies. One simulation-based exercise, held by the Department of Homeland Security in mid-August, gathered officials from 44 states, the District of Columbia and multiple federal agencies, the DHS says. “There absolutely is more emphasis on contingency planning” since 2016, says J. Alex Halderman, a professor of computer science at the University of Michigan.  Read More

National: Symantec takes on election hacking by fighting copycat websites | CNET

Symantec is offering a free tool for US campaigns and election officials to fight fraudulent websites, the company announced Tuesday. The feature could help take away an important weapon in the election hacking arsenal: the spoof website. Lookalike websites could imitate official government sites and report false information about candidates or voting. What’s more, they’ve already been used to imitate a login page to trick campaign workers to enter their valuable usernames and passwords.  That approach, called phishing, was key to letting hackers gain access to the emails and internal documents of important Democratic Party organizations and key figures in Hillary Clinton’s 2016 presidential campaign, according to an indictment of the Russian hackers alleged to have stolen and leaked emails from the groups. Read More