National: The Wrong Hack – Trump has been conspicuously quiet about the SolarWinds hack. | Fred Kaplan/Slate

The attack penetrated at least five U.S. government agencies and 18,000 other users of the Orion network management system, manufactured by a privately traded company called SolarWinds. Those five agencies—the departments of State, Homeland Security, Commerce, and Treasury, and the National Institutes of Health—are the only ones so far identified as victims of the hack, though there may have been others. (Ironically, one mission of Homeland Security is to protect the nation from cyberattack. Jake Williams, principal consultant of Rendition InfoSec and a former official in the National Security Agency’s elite hacker unit, said Monday, in a YouTube video explaining the hack, that the system is used throughout the federal government, including the Defense Department, as well as many “heavy-hitter” private corporations—300,000 customers in all. “Who uses SolarWinds?” Williams asked. “A better question is ‘Who doesn’t use SolarWinds?’ ” One of the customers that the Russians hacked was FireEye, and here they went a hack too far. Analysts at FireEye, one of Silicon Valley’s leading cybersecurity firms, detected the intrusion, analyzed it, and—in an act of unusual transparency—publicized everything they could find out about it. The malware turns out to have been embedded in what appeared to be a software-update message from SolarWinds, sent through SolarWinds servers with a valid digital signature. This sort of attack—which is particularly pernicious because it makes users reluctant to download legitimate software updates—is known as a “software supply-chain attack.” This means the malware came not from any product made by SolarWinds but from a feature or component made by an outside source—a code, a digital library, or any number of other common suppliers—that the company used in making the product. Williams said software supply-chain attacks are “ridiculously hard” to detect or, once detected, to trace. Russian and Chinese intelligence have launched a few of them in recent years. “I suspect,” Williams said, “we are going to see a lot more of them.”

Full Article: Trump has been conspicuously quiet about the SolarWinds hack.

National: Trump took the nation in the wrong direction on cybersecurity, experts say | Joseph Marks/The Washington Post

President Trump took the nation in the wrong direction on cybersecurity, according to a solid majority of experts polled by The Cybersecurity 202. During four years in office, Trump failed to hold adversaries including Russia accountable for hacking U.S. targets, removed experienced cyber-defenders from their posts for petty reasons and undermined much of the good work being done on cybersecurity within federal agencies, according to 71 percent of respondents to The Network, a panel of more than 100 cybersecurity experts who participate in our ongoing informal survey. The survey concluded before news broke about probably the most significant breach of the Trump administration — a hack linked to the Russian Foreign Intelligence Service, or SVR, that infected at least five federal agencies — the Commerce, Treasury, Homeland Security and State departments as well as the National Institutes of Health — and probably several others, as well as foreign governments and companies across the globe. Yet, the respondents’ comments reflect widespread concern Trump is disinterested in the damage that hack has done to national security, unwilling to take Russia to task and preoccupied instead with his own efforts to sow baseless doubts about his election loss. “Much of the work done … [during the Trump administration] was weakened by a president who didn’t prioritize cyber-issues and who, in many cases, actively undercut any actions or messaging against our adversaries,” said Chris Painter, the State Department cyber-coordinator under President Obama who also served for several months under Trump until his post was eliminated.

Full Article: The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say – The Washington Post

National: Suspected Russian hackers spied on U.S. Treasury emails – sources | Christopher Bing/Reuters

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg. The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter. U.S. officials have not said much publicly beyond the Commerce Department confirming there was a breach at one of its agencies and that they asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate. National Security Council spokesman John Ullyot added that they “are taking all necessary steps to identify and remedy any possible issues related to this situation.” The U.S. government has not publicly identified who might be behind the hacking, but three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack. Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

Full Article: Suspected Russian hackers spied on U.S. Treasury emails – sources | Reuters

National: Hack at Treasury and Commerce spurs emergency order from CISA | Justin Katz/FCW

The Cybersecurity and Infrastructure Security Agency late Sunday night issued an emergency directive in response to a sophisticated cyberattack mandating all federal civilian agencies stop using SolarWinds’ Orion products “immediately.” “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA acting Director Brandon Wales. The “directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners — in the public and private sectors — to assess their exposure to this compromise and to secure their networks against any exploitation.” CISA also said that federal agencies using SolarWinds products should provide a completion report to the CISA by noon Monday. SolarWinds, which provides IT management and monitoring products, boasts a long list of government customers including the Defense Department, NASA and NSA as well as “425 of the U.S. Fortune 500″ companies,” according to company’s website, The order is just the fifth binding operational directive issued by CISA in its history. Hackers – likely backed by Russia, according to analysts and government sources – breached both the Commerce and Treasury Departments’ networks, Reuters first reported Sunday afternoon. The news hit several days after FireEye announced its own network was compromised and cyber exploits used to test client networks were stolen.

Full Article: Hack at Treasury and Commerce spurs emergency order from CISA — FCW

National: Major cybersecurity firm FireEye says it was hacked in sophisticated nation-state attack | Maggie Miller and Olivia Beavers/The Hill

FireEye, a top cybersecurity firm that has built a reputation for tracking the digital fingerprints in major cyberattacks, has now become a target in a highly sophisticated attack that it says was done by a skilled nation-state. FireEye acknowledged to The Hill and other news outlets on Tuesday that its own systems were penetrated by “a nation with top-tier offensive capabilities.” FireEye, which was a key firm that helped track Russia’s cyberattack on the Democratic National Committee during the 2016 presidential election, did not name who it believes is behind the attack, but its description points to the Kremlin. FireEye CEO Kevin Mandia wrote in a blog post that “based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities.” “We were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack,” he wrote. Mandia noted that FireEye was working with the FBI and “other key partners,” including Microsoft, to investigate the attack. Matt Gorham, the assistant director of the FBI’s Cyber Division, said in a statement provided to The Hill that “the FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state.”

Full Article: Major cybersecurity firm says it was hacked in sophisticated nation-state attack | TheHill

National: Leadership changes at top cyber agency raise national security concerns | Maggie Miller/The Hill

The departure of the three of the Department of Homeland Security’s top cybersecurity officials over the past week is leading experts and officials to voice concerns that the United States has been left vulnerable to attacks in cyberspace, with national security potentially compromised. The concerns come after President Trump fired Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and after both CISA Deputy Director Matthew Travis and top cybersecurity official Bryan Ware resigned following pressure from the White House. These changes left the nation’s key cybersecurity agency without Senate-confirmed leadership in the last months of Trump’s presidency, amid a shakeup of major government officials following a contentious election.“Today, cybersecurity and disinformation threats are among the most significant risks our nation confronts,” Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, told The Hill in a statement Friday. “For that reason, it’s enormously disturbing that the president has paired an unwillingness to begin an orderly transition with a zeal to gut key national security agencies of their senior-most leadership.”

Full Article: Leadership changes at top cyber agency raise national security concerns | TheHill

Utah: Cast your next vote by phone? Lawmakers approve pilot proposal | Art Raymond/Deseret News

Even as the tumult surrounding 2020 election processes and results continues, Utah lawmakers are looking ahead to potential new ways to help residents easily and securely engage their civic voting duties. An interim legislative committee this week advanced a proposal from Rep. Mike Winder aiming to expand opportunities for Utah cities interested in testing new, internet-based systems that allow voters to cast their ballots via smartphone. … Committee member Rep. Suzanne Harrison, D-Draper, said she was concerned about public reports from cybersecurity experts critical of internet-based voting systems and, in particular, the Voatz system that’s been in use by Utah County. “There have been a host of articles highlighting the concerns with electronic voting and even specific critiques of the Voatz app that Utah County has been using,” Harrison said. “MIT came out with a research paper … also Homeland Security itself had concerns. There’s too many cybertechnology experts that say it’s impossible to secure these devices and these apps and that the technology is just not where it needs to be to expand these projects.”

Full Article: Cast your next vote by phone? Utah lawmakers approve pilot proposal – Deseret News

Trump fires Christopher Krebs, top DHS official who refuted his claims that the election was rigged | Ellen Nakashima and Nick Miroff/The Washington Post

President Trump on Tuesday fired a top Department of Homeland Security official who led the agency’s efforts to help secure the election and was vocal about tamping down unfounded claims of ballot fraud. In a tweet, Trump fired Christopher Krebs, who headed the Cybersecurity and Infrastructure Security Agency (CISA) at DHS and led successful efforts to help state and local election offices protect their systems and to rebut misinformation. Earlier Tuesday, Krebs in a tweet refuted allegations that election systems were manipulated, saying that “59 election security experts all agree, ‘in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent.’ ” Krebs’s statement amounted to a debunking of Trump’s central claim that the November election was stolen. Trump, who has not conceded the election to President-elect Joe Biden, said on Twitter: “The recent statement by Chris Krebs on the security of the 2020 Election was highly inaccurate, in that there were massive improprieties and fraud — including dead people voting, Poll Watchers not allowed into polling locations, ‘glitches’ in the voting machines which changed votes from Trump to Biden, late voting, and many more. Therefore, effective immediately, Chris Krebs has been terminated as Director of the Cybersecurity and Infrastructure Security Agency.” Late Tuesday, following Trump’s tweet, acting DHS secretary Chad Wolf called Krebs’s deputy, Matthew Travis, to inform him that the White House had overruled CISA’s succession plan that named him acting director, essentially forcing him to resign, Travis said.

Full Article: Trump fires top DHS official who refuted his claims that the election was rigged – The Washington Post

Top official on U.S. election cybersecurity tells associates he expects to be fired | Christopher Bing, Joseph Menn, and Raphael Satter/Reuters

Top U.S. cybersecurity official Christopher Krebs, who worked on protecting the election from hackers but drew the ire of the Trump White House over efforts to debunk disinformation, has told associates he expects to be fired, three sources familiar with the matter told Reuters. Krebs, who heads the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), did not return messages seeking comment. CISA and the White House declined comment. Separately, Bryan Ware, assistant director for cybersecurity at CISA, confirmed to Reuters that he had handed in his resignation on Thursday. Ware did not provide details, but a U.S. official familiar with his matter said the White House asked for Ware’s resignation earlier this week. The departure is part of the churn in the administration since Republican President Donald Trump was defeated by Democrat Joe Biden in last week’s election, raising concerns about the transition to the president-elect who would take office on Jan. 20. Trump, who has yet to concede and has repeatedly made unsubstantiated claims of electoral fraud, fired Defense Secretary Mark Esper and has installed loyalists in top positions at the Pentagon. Krebs has drawn praise from both Democrats and Republicans for his handling of the election, which generally ran smoothly despite persistent fears that foreign hackers might try to undermine the vote.

Full Article: Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired | Reuters

National: U.S. Tried a More Aggressive Cyberstrategy, and the Feared Attacks Never Came | David E. Sanger and Julian E. Barnes/The New York Times

From its sprawling new war room inside Fort Meade, not far from Baltimore-Washington International Airport in Maryland, United States Cyber Command dived deep into Russian and Iranian networks in the months before the election, temporarily paralyzing some and knocking ransomware tools offline. Then it stole Iran’s game plan and, without disclosing the intelligence coup behind the theft, made public a part of Tehran’s playbook when the Iranians began to carry it out. Now, nearly a week after the polls closed, it is clear that all the warnings of a crippling cyberattack on election infrastructure, or an overwhelming influence operation aimed at American voters, did not come to pass. There were no breaches of voting machines and only modest efforts, it appears, to get inside registration systems. Interviews with government officials and other experts suggest a number of reasons for the apparent success. One may be that the United States’ chief adversaries were deterred, convinced that the voting infrastructure was so hardened, Facebook and Twitter were so on alert, and Cyber Command and a small group of American companies were so on the offensive that it was not worth the risk. But there is another explanation as well: In the 2020 election the distinction between foreign and domestic interference blurred. From early in the campaign, President Trump did more to undermine confidence in the system’s integrity than America’s rivals could have done themselves.

Full Article: U.S. Tried a More Aggressive Cyberstrategy, and the Feared Attacks Never Came – The New York Times

National: Officials on alert for potential cyber threats after a quiet Election Day | Maggie Miller/The Hill

Election officials are cautiously declaring victory after no reports of major cyber incidents on Election Day. “After millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies,” Christopher Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said in a statement Wednesday. But the long shadow of 2016, when the U.S. fell victim to extensive Russian interference, has those same officials on guard for potential attacks as key battleground states tally up remaining ballots. Agencies that have worked to bolster election security over the past years are still on high alert during the vote-counting process, noting that the election is not over even if ballots have already been cast. “I think while it’s fantastic that yesterday was quiet, that tells you that the work is paying off. But we know the nature of the threats in the cybersecurity landscape don’t go away, and you don’t get to say, ‘Oh, we’re good.’ You see the commitment and the effort and that has to continue,” Election Assistance Commission Chairman Benjamin Hovland, who was nominated by President Trump, told The Hill on Wednesday.

Full Article: Officials on alert for potential cyber threats after a quiet Election Day | TheHill

National: ‘No bar’ to what election officials shared on Election Day, DHS says | Benjamin Freed/CyberScoop

As voting culminated Tuesday and vote-counting continued into Wednesday, Department of Homeland Security officials said that a virtual “situational awareness room” where federal, state and local officials shared intelligence about cyber activity and other potential disruptions with each other was largely successful as an information-sharing space on Election Day. Over the course of Tuesday, the room — operated by the federally funded Election Infrastructure Information Sharing and Analysis Center — saw participation from about 500 election and voter-protection officials, IT staff, vendors and representatives from social media companies and political parties. And while DHS officials repeatedly described the cyber activity observed on Election Day as “another Tuesday on the internet,” there was a flutter of activity inside the virtual war room. “The engagement was great,” a senior official with the Cybersecurity and Infrastructure Security Agency said about 11:30 p.m. Tuesday night. “A lot of sharing around scanning, sharing of IPs, sharing of emails. That’s what we wanted. There’s no bar to what we share.”

Full Article: ‘No bar’ to what election officials shared on Election Day, DHS says

National: Election security pros focus on effective partnerships | CyberScoop

Trust the process. That’s the message from a group of election security experts who, during a virtual panel discussion at CyberTalks, said they are working to safeguard the 2020 election from an array of cybersecurity threats. Benjamin Hovland, a commissioner on the U.S. Election Assistance Commission, Jack Cable, an election security technical adviser at the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and Matt Masterson, a senior cybersecurity adviser at CISA, explained that the goal isn’t only to protect the Nov. 3 election, but also to ensure that the American people can trust the results. The CyberTalks panel was led by John DeSimone, vice president of cybersecurity, training and services at Raytheon Intelligence and Space. In a series of questions, DeSimone, probed the election security experts on the ways that U.S. government entities and the defense industrial base are working together “from a mission assurance perspective” to protect U.S. voting systems from interference or an unexpected technical failure. The ultimate goal would be to prevent America’s electorate from being impacted by any efforts to subvert the true intent of a ballot cast on Election Day.

Full Article: Election security pros focus on effective partnerships

National: Inside Democrats’ efforts to fight election security threats | Eric Geller/Politico

Four years after playing an embarrassing starring role in the hack-plagued 2016 presidential election, the Democratic National Committee is staring down its highest-stakes test yet — cyberattacks or disinformation campaigns on Election Day. “I think we’re going to be ready,” said Bob Lord, the party’s chief security officer, in a recent interview. “We have the right plan and the right people.” Lord joined the DNC in January 2018 from Yahoo, where he helped executives recover from two of the world’s largest data breaches. He has spent the past two years rebuilding the DNC’s digital defenses, training its staff to spot cyber threats and offering security guidance to the DNC’s many partners. His efforts paid off during the 2018 midterms, which featured no repeat of the Russian government’s major intrusions two years earlier. Still, Lord and his team face significant challenges. “Given how impermanent campaigns and party committees are, creating an effective long-lasting institutional cyber regime was always going to be a very tough assignment,” said Simon Rosenberg, who was a senior strategist focused on disinformation and election security at the Democratic Congressional Campaign Committee from 2017-2018. “Most people working at the DNC won’t be there in a few months, and campaigns disappear after two years,” said Rosenberg, the founder and president of NDN, a center-left think tank. “So what Bob has been trying to do, while so incredibly important, is also incredibly hard as it goes against the grain of the fly-by-night culture of modern American politics.”

Full Article: Inside Democrats’ efforts to fight election security threats – POLITICO

Rhode Island to use modems, private Verizon network for transmission of unofficial resultsOSET Institute expert says State is taking misguided risk | Mark Reynolds/The Providence Journal

After the polls close on Tuesday, Rhode Island election officials will take a risk when they rely on modems and a private Verizon network to collect tabulated election results from voting precincts across the state, according to leading election technology experts. Election officials say the cybersecurity of the modem arrangement has been greatly enhanced and only unofficial results will travel across the network. An election technology expert with the Silicon Valley-based OSET Institute, Eddie Perez, asserts that the arrangement is “a bad idea,” citing “broad consensus” in the cybersecurity field. “Any attempts to try to shore up and justify the use of modems to transmit even unofficial results in this threat environment, I would say is a misplaced mandate,” Perez said. The use of networks, including private networks, for transmitting election results has come under fire from prominent election technology experts in Florida.

Full Article: OSET Institute expert says Rhode Island election system taking misguided risk.

National: DHS plans largest-ever operation to secure U.S. election against hacking | Joseph Marks/The Washington Post

The Department of Homeland Security’s cybersecurity division is mounting the largest operation to secure a U.S. election, aiming to prevent a repeat of Russia’s 2016 interference and to ward off new threats posed by Iran and China. On Election Day, DHS’s Cybersecurity and Infrastructure Security Agency will launch a 24/7 virtual war room, to which election officials across the nation can dial in at any time to share notes about suspicious activity and work together to respond. The agency will also pass along classified information from intelligence agencies about efforts they detect from adversaries seeking to undermine the election and advise states on how to protect against such attacks. “I anticipate possibly thousands of local election officials coming in to share information in real time, to coordinate, to track down what’s real and what’s not, separate fact from fiction on the ground,” said Matt Masterson, CISA’s senior cybersecurity adviser, who has helped lead election preparations. “We’ll be able to sort through what’s happening and identify: Is this a typical election event or is this something larger?” The operation will run for days or weeks until winners are clear in most races — and potentially until the election is formally certified in December. “We’ll remain stood up until the [election] community tells us, ‘Okay, we’re good, you can stand down,’ ” Masterson said. The wide-ranging operation is the culmination of four years during which CISA has grown from a backwater agency that was largely unknown outside Washington to the main federal government liaison to a nationwide ecosystem of officials running the elections.

Full Article: DHS plans largest-ever operation to secure U.S. election against hacking – The Washington Post

National: Ransomware Can Interfere with Elections and Fuel Disinformation – Basic Cybersecurity Precautions Are Key to Minimizing the Damage | Richard Forno/Government Technology

Government computer systems in Hall County, Georgia, including a voter signature database, were hit by a ransomware attack earlier this fall in the first known ransomware attack on election infrastructure during the 2020 presidential election. Thankfully, county officials reported that the voting process for its citizens was not disrupted. The attack follows on the heels of a ransomware attack last month on eResearchTechnology, a company that provides software used in clinical trials, including trials for COVID-19 tests, treatments and vaccines. Less than a week after the attack in Georgia was revealed, the FBI warned that cyber criminals have unleashed a wave of ransomware attacks targeting hospital information systems. Attacks like these underscore the challenges that cybersecurity experts face daily – and which loom over the upcoming election. As a cybersecurity professional and researcher, I can attest that there is no silver bullet for defeating cyber threats like ransomware. Rather, defending against them comes down to the actions of thousands of IT staff and millions of computer users in organizations large and small across the country by embracing and applying the basic good computing practices and IT procedures that have been promoted for years.

Full Article: Ransomware Can Interfere with Elections and Fuel Disinformation – Basic Cybersecurity Precautions Are Key to Minimizing the Damage

National: Overstating the foreign threat to elections poses its own risks, U.S. officials and experts say | Ellen Nakashima/The Washington Post

Iranian government-backed hackers last week pulled off a feat few were expecting. They became the first foreign adversary to interfere in the 2020 election by sending threatening emails to voters. But that action — so far the only confirmed intelligence operation by a foreign government that directly targeted specific voters in this election — had far less impact than Moscow’s hacking and leaking of Democratic emails four years ago. Officials and disinformation experts warn that overstating the threat posed by foreign spies and hackers plays into their narrative that they have the power to sow chaos, and undermines the ability to fashion the most effective and proportionate response. “My biggest concern is that we give a foreign adversary more credit than they’re actually due,” said Brig. Gen. Joe Hartman, the election security lead for the military’s U.S. Cyber Command, which is working with the National Security Agency to protect the election from foreign threats.

Full Article: Overstating the foreign threat to elections poses its own risks, U.S. officials and experts say – The Washington Post

National: U.S. voter info has always been public — but now it’s getting weaponized | Kevin Collier/NBC

When John Ratcliffe, the top U.S. intelligence official, said at a news conference last week that Iran and Russia had obtained American voter registration information, he left out an important point: American voters’ data is already public and widely available. “We have confirmed some voter registration information has been obtained by Iran and separately by Russia,” Ratcliffe said last Wednesday. “This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion.” Iran had already weaponized some of that information in the form of threatening emails sent to some Democrats in Florida. The email campaign showed no signs of any successful effort to target Florida’s election infrastructure. But the campaign offered a stark reminder that voting in the U.S. comes with a strong chance that your personal information is shared online. While states’ readiness to share the information may not be common knowledge, it has been the reality for more than a century, said Eitan Hersh, a politics professor at Tufts University and author of a history of how political campaigns target voters.”I think there’s a pretty widespread view across the political spectrum that if you want to participate in the political process, having a public record about it is part of what that means,” he said. “It’s amazingly hard to not have your name, address and birthday in the public record.” State legislators periodically introduce bills to change state laws about sharing the information, but “the mainstream of both parties are committed to the idea that parties should be able to contact you, so these bills are squashed,” Hersh said.

Full Article: U.S. voter info has always been public — but now it’s getting weaponized

Georgia election networks untouched by Hall County ransomware attack | Mark Niesse/The Atlanta Journal-Constitution

A ransomware attack that took over some Hall County election information won’t harm other Georgia election systems, according to the secretary of state’s office. “There is no connective tissue between those things, so I want to put everyone’s mind at ease on that,” Gabriel Sterling, the state’s voting system manager, said during a meeting Thursday of Georgia’s new Safe, Secure, and Accessible Elections Task Force. Hackers penetrated Hall’s networks and captured some election information, hindering the county’s ability to verify voter signatures on absentee ballot envelopes, Sterling said. “They weren’t targeting an election system. They were just targeting anywhere where they could get in,” Sterling said. “It never touched the state system.”

Full Article: A ransomware attack in Hall County didn’t infect Georgia election systems

North Carolina: Chatham County hit by cyber attack. Systems rendered ‘inoperable’ | Charlie Innis/Raleigh News & Observer

An unidentified “cyber incident” breached Chatham County’s communication systems Wednesday, County Manager Dan LaMontagne said. The attack rendered the government’s network, email and phone lines “inoperable for an undetermined amount of time,” LaMontagne said in an email to The News & Observer. “We are working with law enforcement and support agencies so we can recover from this incident as soon as possible. Our priority is to restore our systems in a secure manner and maintain the provision of critical services,” he said. The incident did not affect the county’s early voting or 911 communications, he said. When asked for details about what happened and how the system was breached, public information officer Kara Dudley said the county is “still evaluating the impact.”

Full Article: Chatham County systems “inoperable” after Cyber attack | Raleigh News & Observer

National: Election operations are holding up so far against a wave of hacks and technical failures | Joseph Marks/The Washington Post

The week before Election Day has seen a wave of digital attacks on election systems and technical foul-ups, but officials are mostly parrying the blows to keep voting going on as planned. The most concerning hit came late yesterday, when the Wall Street Journal reported that hackers who compromised some election systems in Hall County, Ga., earlier this month had posted a small trove of nonpublic information, including voters’ social security numbers, as a ploy to persuade the county to pay a ransom. Officials’ greatest fear about such strikes, called ransomware attacks, is that hackers could seize voter registration databases and hold them hostage during voting so it becomes exceedingly difficult to check in voters. This is far from that worst case scenario because it hasn’t impeded any voting operations. But knowing that the act of voting put their personal data at risk is sure to have a chilling effect on some people. The hackers also teased the release as “example files,” which suggests they could release more sensitive and damaging information later.

Full Article: The Cybersecurity 202: Election operations are holding up so far against a wave of hacks and technical failures – The Washington Post

National: Maze Ransomware Is An Election Night Threat | Calvin Hennick/StateTech Magazine

Imagine it: It’s election night, and the results are starting to trickle in. Then, just as the electoral picture is beginning to come into focus, large voting precincts in critical swing states begin to experience problems. Voter registration databases are inaccessible to election officials, and even the websites where results are posted come crashing down. The culprit? It’s ransomware — specifically Maze ransomware. This is a nightmare scenario, but one that Chase Cunningham, principal analyst and vice president serving security and risk professionals for Forrester, says could really happen… “I think there should be a whole lot more worry about it,” says Cunningham. “I think we’re going to see a ransomware event in a major district, and it’s going to cause civil unrest. Of all the things that concern me about the election cycle, that is the one that keeps me awake at night.” Maze ransomware, a new type of threat discovered in 2019, is a major point of concern. Here’s what state, county and local officials need to know about the threat, why voting systems are particularly vulnerable and what can be done to protect their systems before Nov. 3.

Full Article: How Maze Ransomware Threatens Voter Databases | StateTech Magazine

National: Trump campaign site hack shows risks of even low-grade election interference | Joseph Marks/The Washington Post

A brief but colorful breach of President Trump’s campaign website is underscoring how even unsophisticated efforts at election interference can rattle voters and undermine the democratic process.  Officials and experts were eager to put the breach into context in the final week of the election – during which millions of Americans are expected to flock to the websites of candidates and state and local election offices for last-minute information before casting their ballots. Chris Krebs, head of the Department of Homeland Security’s election security division, sought to tamp down concern and called it an effort to “distract, sensationalize, and confuse” and to “undermine your confidence in our voting process.” The hackers managed to deface the site’s “About” page for several minutes, replacing it with a screed that claimed in broken English and without evidence to have compromising information about the president and his family culled from multiple hacked devices. “[T]he world has had enough of the fake-news spreaded daily by president donald j trump,” read the message, which also included FBI and Justice Department seals. “[I]t is time to allow the world to know truth.”

Full Article: The Cybersecurity 202: Trump campaign site hack shows risks of even low-grade election interference – The Washington Post

Georgia: Hacker Releases Hall County Election Data After Ransom Not Paid | Tawnell D. Hobbs/Wall Street Journal

A computer hacker who took over networks maintained by Hall County, Ga., escalated demands this week by publicly releasing election-related files after a ransom wasn’t paid, heightening concerns about the security of voting from cyberattacks. A website maintained by the hacker lists Hall County along with other hacked entities as those whose “time to pay is over,” according to a Wall Street Journal review of the hacker’s website. The Hall County files are labeled as “example files,” which typically are nonsensitive and used to encourage payment before a possible bigger rollout of often more-compromising information. The release of some of Hall County files came Tuesday, one week before the 2020 presidential election, in which election security has been a major focus. Recent polls show the race has tightened in Georgia, which was last won by a Democrat in 1992, and former Vice President Joe Biden, the Democratic nominee, made a campaign appearance there Tuesday.

Full Article: Hacker Releases Georgia County Election Data After Ransom Not Paid – WSJ

Cybersecurity and U.S. Election Infrastructure | Helen You/Foreign Policy

´As voters head to the polls for the 2020 elections, the U.S. faces on-going security threats such as disinformation campaigns, data breaches, and ballot tampering in an effort by foreign adversaries to erode the integrity of the democratic process. Recent events from Russian and Iranian hackers stealing data to threaten and intimidate voters to Russian actors actively targeting state, local, and territorial networks demonstrate that elections rely on crucial technological tools to ensure process integrity, the disruption of which would have a debilitating impact on national security and society.Critical infrastructure (CI) provides essential services and is the backbone of the country’s economy, security, and health. From transportation enabling personal mobility and commerce, to electricity powering our homes and businesses, to telecommunications networks fostering global connectivity—particularly amid the pandemic—CI is the lynchpin to functioning social, economic, and political systems. While these systems have long been subject to threats from terrorism and natural disasters, cyberattacks represent among the most destabilizing and underappreciated risk. With the rapid digitalization of all facets of society and increasing dependence on information and communications technologies (ICT), attackers ranging from nation-states to hacktivists to organized criminal groups can identify vulnerabilities and infiltrate seemingly disparate systems to disrupt services and damage global society—all without a physical attack. As a designated CI subsector, election systems are vital to domestic and international security (see U.N. nonbinding consensus report A/70/174) and election security risks can threaten democracies worldwide.

Full Article: Cybersecurity and U.S. Election Infrastructure – Foreign Policy

National: One week out, election IT officials project calm, with caution | Benjamin Freed/StateScoop

For many, the final week leading up to Election Day will be spent doomscrolling through poll results, enduring wall-to-wall campaign ads during every television commercial break and nervously refreshing some number-crunching Electoral College forecast. But as Election Day draws near, the IT and cybersecurity officials backstopping their states’ voting processes are projecting much more calm than your Facebook feed or family group text. “The technical pieces are in place, the planning is in place,” said Jeff Franklin, the chief cybersecurity officer in the office of Iowa Secretary of State Paul Pate. “We’re checking the locks on the doors and that the windows are shut and walking through that checklist.” Within the election security community, if the 2018 midterms — the first nationwide vote since the federal government declared elections to be critical infrastructure — were the “dress rehearsal,” 2020 has been considered the “big show.” In just the past few weeks, U.S. officials, led by the FBI and the Cybersecurity and Infrastructure Security Agency, have pumped out multiple alerts, including warnings that a Russia-linked hacking group has breached state and local networks and blaming Iran for a string of threatening emails to voters. And while the overall level of malicious cyber activity appears to be down from 2016, other threats, like misinformation and disinformation, still abound.

Full Article: One week out, election IT officials project calm, with caution

National: The lowly DDoS attack is still a viable threat for undermining elections | Tim Starks/CyberScoop

Scenes like what happened to Florida’s voter registration site on Oct. 6 has played out over and over again: A system goes down, and questions fly. Was there a cyberattack, specifically a distributed denial-of-service (DDoS) attack meant to overwhelm a website site with traffic, knocking it offline? Could there have been too many legitimate visitors rushing to the site to beat the voter registration deadline — that surged past what the system could handle? Or, was it something weirder, as in this case, like pop singer Ariana Grande urging fans on Twitter to register to vote? Florida’s chief information officer eventually blamed misconfigured computer servers. The incident, though, was one of several over the course of the past month that exposed ongoing anxieties about how cyberattacks, accidental outages and other technical failures could upend a polling place, or even an election. Few, if any, election security experts would rank the relatively antiquated technique of DDoS attacks as one of the top couple threats, particularly compared to ransomware or disinformation. Still, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security on Sept. 30 issued a warning about DDoS election threats. And Google,  in an Oct. 16 report, said it was watching government-backed hacking groups build their abilities to conduct large-scale DDoS attacks in recent years.

Full Article: The lowly DDoS attack is still a viable threat for undermining elections – CyberScoop

Virginia computers targeted by Trickbot malware before election | Mike Valerio/WUSA

Only days before the November election, Microsoft turned to a federal judge in Alexandria, arguing a ransomware network run by Russian-speaking cyber criminals posed a growing threat to the integrity of the vote. The corporation asserted its computer code is illegally used to operate Trickbot ransomware, a virus weaponized to lock electronic networks and make computers inoperable. That is, until a ransom is paid to the hackers. “Defendants have directed malicious computer code at the computers of individual users located in Virginia and the Eastern District of Virginia,” lawyers for Microsoft wrote in an October 6 federal civil complaint. “Defendants have attempted to and, in fact, have infected such user’s computers with malicious computer code.” The court this month granted approval for Microsoft to disable Trickbot servers and IP addresses, as the Pentagon’s U.S. Cyber Command launched a parallel action to neutralize the global botnet.

Full Article: Trickbot malware targeted Virginia computers before election |

National: Election Officials Warn of Widespread Suspicious Email Campaign | Robert McMillan and Dustin Volz/Wall Street Journal

Local U.S. election officials have been receiving suspicious emails that appear to be part of a widespread and potentially malicious campaign targeting several states, according to a private alert about the activity. In some of the emails, the sender impersonated state election directors and asked that the voting officials click on a link to receive special two-factor authentication hardware, the Elections Infrastructure Information Sharing and Analysis Center, an information sharing group for election officials, said in the alert Friday. While tricking users into clicking malicious links is a technique commonly used to hack into computer systems, the group, known as the EI-ISAC, didn’t find malicious links or attachments in most of the email samples it analyzed. Other emails deemed suspicious by the EI-ISAC purported to be from people with disabilities looking for ways to vote from home. “Some of these emails were designed to mimic standard correspondence that election officials would expect to receive…which increases the risk that an official might click a malicious link,” the alert said.”