National: Leadership changes at top cyber agency raise national security concerns | Maggie Miller/The Hill

The departure of the three of the Department of Homeland Security’s top cybersecurity officials over the past week is leading experts and officials to voice concerns that the United States has been left vulnerable to attacks in cyberspace, with national security potentially compromised. The concerns come after President Trump fired Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and after both CISA Deputy Director Matthew Travis and top cybersecurity official Bryan Ware resigned following pressure from the White House. These changes left the nation’s key cybersecurity agency without Senate-confirmed leadership in the last months of Trump’s presidency, amid a shakeup of major government officials following a contentious election.“Today, cybersecurity and disinformation threats are among the most significant risks our nation confronts,” Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, told The Hill in a statement Friday. “For that reason, it’s enormously disturbing that the president has paired an unwillingness to begin an orderly transition with a zeal to gut key national security agencies of their senior-most leadership.”

Full Article: Leadership changes at top cyber agency raise national security concerns | TheHill

Utah: Cast your next vote by phone? Lawmakers approve pilot proposal | Art Raymond/Deseret News

Even as the tumult surrounding 2020 election processes and results continues, Utah lawmakers are looking ahead to potential new ways to help residents easily and securely engage their civic voting duties. An interim legislative committee this week advanced a proposal from Rep. Mike Winder aiming to expand opportunities for Utah cities interested in testing new, internet-based systems that allow voters to cast their ballots via smartphone. … Committee member Rep. Suzanne Harrison, D-Draper, said she was concerned about public reports from cybersecurity experts critical of internet-based voting systems and, in particular, the Voatz system that’s been in use by Utah County. “There have been a host of articles highlighting the concerns with electronic voting and even specific critiques of the Voatz app that Utah County has been using,” Harrison said. “MIT came out with a research paper … also Homeland Security itself had concerns. There’s too many cybertechnology experts that say it’s impossible to secure these devices and these apps and that the technology is just not where it needs to be to expand these projects.”

Full Article: Cast your next vote by phone? Utah lawmakers approve pilot proposal – Deseret News

Trump fires Christopher Krebs, top DHS official who refuted his claims that the election was rigged | Ellen Nakashima and Nick Miroff/The Washington Post

President Trump on Tuesday fired a top Department of Homeland Security official who led the agency’s efforts to help secure the election and was vocal about tamping down unfounded claims of ballot fraud. In a tweet, Trump fired Christopher Krebs, who headed the Cybersecurity and Infrastructure Security Agency (CISA) at DHS and led successful efforts to help state and local election offices protect their systems and to rebut misinformation. Earlier Tuesday, Krebs in a tweet refuted allegations that election systems were manipulated, saying that “59 election security experts all agree, ‘in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent.’ ” Krebs’s statement amounted to a debunking of Trump’s central claim that the November election was stolen. Trump, who has not conceded the election to President-elect Joe Biden, said on Twitter: “The recent statement by Chris Krebs on the security of the 2020 Election was highly inaccurate, in that there were massive improprieties and fraud — including dead people voting, Poll Watchers not allowed into polling locations, ‘glitches’ in the voting machines which changed votes from Trump to Biden, late voting, and many more. Therefore, effective immediately, Chris Krebs has been terminated as Director of the Cybersecurity and Infrastructure Security Agency.” Late Tuesday, following Trump’s tweet, acting DHS secretary Chad Wolf called Krebs’s deputy, Matthew Travis, to inform him that the White House had overruled CISA’s succession plan that named him acting director, essentially forcing him to resign, Travis said.

Full Article: Trump fires top DHS official who refuted his claims that the election was rigged – The Washington Post

Top official on U.S. election cybersecurity tells associates he expects to be fired | Christopher Bing, Joseph Menn, and Raphael Satter/Reuters

Top U.S. cybersecurity official Christopher Krebs, who worked on protecting the election from hackers but drew the ire of the Trump White House over efforts to debunk disinformation, has told associates he expects to be fired, three sources familiar with the matter told Reuters. Krebs, who heads the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), did not return messages seeking comment. CISA and the White House declined comment. Separately, Bryan Ware, assistant director for cybersecurity at CISA, confirmed to Reuters that he had handed in his resignation on Thursday. Ware did not provide details, but a U.S. official familiar with his matter said the White House asked for Ware’s resignation earlier this week. The departure is part of the churn in the administration since Republican President Donald Trump was defeated by Democrat Joe Biden in last week’s election, raising concerns about the transition to the president-elect who would take office on Jan. 20. Trump, who has yet to concede and has repeatedly made unsubstantiated claims of electoral fraud, fired Defense Secretary Mark Esper and has installed loyalists in top positions at the Pentagon. Krebs has drawn praise from both Democrats and Republicans for his handling of the election, which generally ran smoothly despite persistent fears that foreign hackers might try to undermine the vote.

Full Article: Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired | Reuters

National: U.S. Tried a More Aggressive Cyberstrategy, and the Feared Attacks Never Came | David E. Sanger and Julian E. Barnes/The New York Times

From its sprawling new war room inside Fort Meade, not far from Baltimore-Washington International Airport in Maryland, United States Cyber Command dived deep into Russian and Iranian networks in the months before the election, temporarily paralyzing some and knocking ransomware tools offline. Then it stole Iran’s game plan and, without disclosing the intelligence coup behind the theft, made public a part of Tehran’s playbook when the Iranians began to carry it out. Now, nearly a week after the polls closed, it is clear that all the warnings of a crippling cyberattack on election infrastructure, or an overwhelming influence operation aimed at American voters, did not come to pass. There were no breaches of voting machines and only modest efforts, it appears, to get inside registration systems. Interviews with government officials and other experts suggest a number of reasons for the apparent success. One may be that the United States’ chief adversaries were deterred, convinced that the voting infrastructure was so hardened, Facebook and Twitter were so on alert, and Cyber Command and a small group of American companies were so on the offensive that it was not worth the risk. But there is another explanation as well: In the 2020 election the distinction between foreign and domestic interference blurred. From early in the campaign, President Trump did more to undermine confidence in the system’s integrity than America’s rivals could have done themselves.

Full Article: U.S. Tried a More Aggressive Cyberstrategy, and the Feared Attacks Never Came – The New York Times

National: Officials on alert for potential cyber threats after a quiet Election Day | Maggie Miller/The Hill

Election officials are cautiously declaring victory after no reports of major cyber incidents on Election Day. “After millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies,” Christopher Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said in a statement Wednesday. But the long shadow of 2016, when the U.S. fell victim to extensive Russian interference, has those same officials on guard for potential attacks as key battleground states tally up remaining ballots. Agencies that have worked to bolster election security over the past years are still on high alert during the vote-counting process, noting that the election is not over even if ballots have already been cast. “I think while it’s fantastic that yesterday was quiet, that tells you that the work is paying off. But we know the nature of the threats in the cybersecurity landscape don’t go away, and you don’t get to say, ‘Oh, we’re good.’ You see the commitment and the effort and that has to continue,” Election Assistance Commission Chairman Benjamin Hovland, who was nominated by President Trump, told The Hill on Wednesday.

Full Article: Officials on alert for potential cyber threats after a quiet Election Day | TheHill

National: ‘No bar’ to what election officials shared on Election Day, DHS says | Benjamin Freed/CyberScoop

As voting culminated Tuesday and vote-counting continued into Wednesday, Department of Homeland Security officials said that a virtual “situational awareness room” where federal, state and local officials shared intelligence about cyber activity and other potential disruptions with each other was largely successful as an information-sharing space on Election Day. Over the course of Tuesday, the room — operated by the federally funded Election Infrastructure Information Sharing and Analysis Center — saw participation from about 500 election and voter-protection officials, IT staff, vendors and representatives from social media companies and political parties. And while DHS officials repeatedly described the cyber activity observed on Election Day as “another Tuesday on the internet,” there was a flutter of activity inside the virtual war room. “The engagement was great,” a senior official with the Cybersecurity and Infrastructure Security Agency said about 11:30 p.m. Tuesday night. “A lot of sharing around scanning, sharing of IPs, sharing of emails. That’s what we wanted. There’s no bar to what we share.”

Full Article: ‘No bar’ to what election officials shared on Election Day, DHS says

National: Election security pros focus on effective partnerships | CyberScoop

Trust the process. That’s the message from a group of election security experts who, during a virtual panel discussion at CyberTalks, said they are working to safeguard the 2020 election from an array of cybersecurity threats. Benjamin Hovland, a commissioner on the U.S. Election Assistance Commission, Jack Cable, an election security technical adviser at the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and Matt Masterson, a senior cybersecurity adviser at CISA, explained that the goal isn’t only to protect the Nov. 3 election, but also to ensure that the American people can trust the results. The CyberTalks panel was led by John DeSimone, vice president of cybersecurity, training and services at Raytheon Intelligence and Space. In a series of questions, DeSimone, probed the election security experts on the ways that U.S. government entities and the defense industrial base are working together “from a mission assurance perspective” to protect U.S. voting systems from interference or an unexpected technical failure. The ultimate goal would be to prevent America’s electorate from being impacted by any efforts to subvert the true intent of a ballot cast on Election Day.

Full Article: Election security pros focus on effective partnerships

National: Inside Democrats’ efforts to fight election security threats | Eric Geller/Politico

Four years after playing an embarrassing starring role in the hack-plagued 2016 presidential election, the Democratic National Committee is staring down its highest-stakes test yet — cyberattacks or disinformation campaigns on Election Day. “I think we’re going to be ready,” said Bob Lord, the party’s chief security officer, in a recent interview. “We have the right plan and the right people.” Lord joined the DNC in January 2018 from Yahoo, where he helped executives recover from two of the world’s largest data breaches. He has spent the past two years rebuilding the DNC’s digital defenses, training its staff to spot cyber threats and offering security guidance to the DNC’s many partners. His efforts paid off during the 2018 midterms, which featured no repeat of the Russian government’s major intrusions two years earlier. Still, Lord and his team face significant challenges. “Given how impermanent campaigns and party committees are, creating an effective long-lasting institutional cyber regime was always going to be a very tough assignment,” said Simon Rosenberg, who was a senior strategist focused on disinformation and election security at the Democratic Congressional Campaign Committee from 2017-2018. “Most people working at the DNC won’t be there in a few months, and campaigns disappear after two years,” said Rosenberg, the founder and president of NDN, a center-left think tank. “So what Bob has been trying to do, while so incredibly important, is also incredibly hard as it goes against the grain of the fly-by-night culture of modern American politics.”

Full Article: Inside Democrats’ efforts to fight election security threats – POLITICO

Rhode Island to use modems, private Verizon network for transmission of unofficial resultsOSET Institute expert says State is taking misguided risk | Mark Reynolds/The Providence Journal

After the polls close on Tuesday, Rhode Island election officials will take a risk when they rely on modems and a private Verizon network to collect tabulated election results from voting precincts across the state, according to leading election technology experts. Election officials say the cybersecurity of the modem arrangement has been greatly enhanced and only unofficial results will travel across the network. An election technology expert with the Silicon Valley-based OSET Institute, Eddie Perez, asserts that the arrangement is “a bad idea,” citing “broad consensus” in the cybersecurity field. “Any attempts to try to shore up and justify the use of modems to transmit even unofficial results in this threat environment, I would say is a misplaced mandate,” Perez said. The use of networks, including private networks, for transmitting election results has come under fire from prominent election technology experts in Florida.

Full Article: OSET Institute expert says Rhode Island election system taking misguided risk.

National: DHS plans largest-ever operation to secure U.S. election against hacking | Joseph Marks/The Washington Post

The Department of Homeland Security’s cybersecurity division is mounting the largest operation to secure a U.S. election, aiming to prevent a repeat of Russia’s 2016 interference and to ward off new threats posed by Iran and China. On Election Day, DHS’s Cybersecurity and Infrastructure Security Agency will launch a 24/7 virtual war room, to which election officials across the nation can dial in at any time to share notes about suspicious activity and work together to respond. The agency will also pass along classified information from intelligence agencies about efforts they detect from adversaries seeking to undermine the election and advise states on how to protect against such attacks. “I anticipate possibly thousands of local election officials coming in to share information in real time, to coordinate, to track down what’s real and what’s not, separate fact from fiction on the ground,” said Matt Masterson, CISA’s senior cybersecurity adviser, who has helped lead election preparations. “We’ll be able to sort through what’s happening and identify: Is this a typical election event or is this something larger?” The operation will run for days or weeks until winners are clear in most races — and potentially until the election is formally certified in December. “We’ll remain stood up until the [election] community tells us, ‘Okay, we’re good, you can stand down,’ ” Masterson said. The wide-ranging operation is the culmination of four years during which CISA has grown from a backwater agency that was largely unknown outside Washington to the main federal government liaison to a nationwide ecosystem of officials running the elections.

Full Article: DHS plans largest-ever operation to secure U.S. election against hacking – The Washington Post

National: Ransomware Can Interfere with Elections and Fuel Disinformation – Basic Cybersecurity Precautions Are Key to Minimizing the Damage | Richard Forno/Government Technology

Government computer systems in Hall County, Georgia, including a voter signature database, were hit by a ransomware attack earlier this fall in the first known ransomware attack on election infrastructure during the 2020 presidential election. Thankfully, county officials reported that the voting process for its citizens was not disrupted. The attack follows on the heels of a ransomware attack last month on eResearchTechnology, a company that provides software used in clinical trials, including trials for COVID-19 tests, treatments and vaccines. Less than a week after the attack in Georgia was revealed, the FBI warned that cyber criminals have unleashed a wave of ransomware attacks targeting hospital information systems. Attacks like these underscore the challenges that cybersecurity experts face daily – and which loom over the upcoming election. As a cybersecurity professional and researcher, I can attest that there is no silver bullet for defeating cyber threats like ransomware. Rather, defending against them comes down to the actions of thousands of IT staff and millions of computer users in organizations large and small across the country by embracing and applying the basic good computing practices and IT procedures that have been promoted for years.

Full Article: Ransomware Can Interfere with Elections and Fuel Disinformation – Basic Cybersecurity Precautions Are Key to Minimizing the Damage

National: Overstating the foreign threat to elections poses its own risks, U.S. officials and experts say | Ellen Nakashima/The Washington Post

Iranian government-backed hackers last week pulled off a feat few were expecting. They became the first foreign adversary to interfere in the 2020 election by sending threatening emails to voters. But that action — so far the only confirmed intelligence operation by a foreign government that directly targeted specific voters in this election — had far less impact than Moscow’s hacking and leaking of Democratic emails four years ago. Officials and disinformation experts warn that overstating the threat posed by foreign spies and hackers plays into their narrative that they have the power to sow chaos, and undermines the ability to fashion the most effective and proportionate response. “My biggest concern is that we give a foreign adversary more credit than they’re actually due,” said Brig. Gen. Joe Hartman, the election security lead for the military’s U.S. Cyber Command, which is working with the National Security Agency to protect the election from foreign threats.

Full Article: Overstating the foreign threat to elections poses its own risks, U.S. officials and experts say – The Washington Post

National: U.S. voter info has always been public — but now it’s getting weaponized | Kevin Collier/NBC

When John Ratcliffe, the top U.S. intelligence official, said at a news conference last week that Iran and Russia had obtained American voter registration information, he left out an important point: American voters’ data is already public and widely available. “We have confirmed some voter registration information has been obtained by Iran and separately by Russia,” Ratcliffe said last Wednesday. “This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion.” Iran had already weaponized some of that information in the form of threatening emails sent to some Democrats in Florida. The email campaign showed no signs of any successful effort to target Florida’s election infrastructure. But the campaign offered a stark reminder that voting in the U.S. comes with a strong chance that your personal information is shared online. While states’ readiness to share the information may not be common knowledge, it has been the reality for more than a century, said Eitan Hersh, a politics professor at Tufts University and author of a history of how political campaigns target voters.”I think there’s a pretty widespread view across the political spectrum that if you want to participate in the political process, having a public record about it is part of what that means,” he said. “It’s amazingly hard to not have your name, address and birthday in the public record.” State legislators periodically introduce bills to change state laws about sharing the information, but “the mainstream of both parties are committed to the idea that parties should be able to contact you, so these bills are squashed,” Hersh said.

Full Article: U.S. voter info has always been public — but now it’s getting weaponized

Georgia election networks untouched by Hall County ransomware attack | Mark Niesse/The Atlanta Journal-Constitution

A ransomware attack that took over some Hall County election information won’t harm other Georgia election systems, according to the secretary of state’s office. “There is no connective tissue between those things, so I want to put everyone’s mind at ease on that,” Gabriel Sterling, the state’s voting system manager, said during a meeting Thursday of Georgia’s new Safe, Secure, and Accessible Elections Task Force. Hackers penetrated Hall’s networks and captured some election information, hindering the county’s ability to verify voter signatures on absentee ballot envelopes, Sterling said. “They weren’t targeting an election system. They were just targeting anywhere where they could get in,” Sterling said. “It never touched the state system.”

Full Article: A ransomware attack in Hall County didn’t infect Georgia election systems

North Carolina: Chatham County hit by cyber attack. Systems rendered ‘inoperable’ | Charlie Innis/Raleigh News & Observer

An unidentified “cyber incident” breached Chatham County’s communication systems Wednesday, County Manager Dan LaMontagne said. The attack rendered the government’s network, email and phone lines “inoperable for an undetermined amount of time,” LaMontagne said in an email to The News & Observer. “We are working with law enforcement and support agencies so we can recover from this incident as soon as possible. Our priority is to restore our systems in a secure manner and maintain the provision of critical services,” he said. The incident did not affect the county’s early voting or 911 communications, he said. When asked for details about what happened and how the system was breached, public information officer Kara Dudley said the county is “still evaluating the impact.”

Full Article: Chatham County systems “inoperable” after Cyber attack | Raleigh News & Observer

National: Election operations are holding up so far against a wave of hacks and technical failures | Joseph Marks/The Washington Post

The week before Election Day has seen a wave of digital attacks on election systems and technical foul-ups, but officials are mostly parrying the blows to keep voting going on as planned. The most concerning hit came late yesterday, when the Wall Street Journal reported that hackers who compromised some election systems in Hall County, Ga., earlier this month had posted a small trove of nonpublic information, including voters’ social security numbers, as a ploy to persuade the county to pay a ransom. Officials’ greatest fear about such strikes, called ransomware attacks, is that hackers could seize voter registration databases and hold them hostage during voting so it becomes exceedingly difficult to check in voters. This is far from that worst case scenario because it hasn’t impeded any voting operations. But knowing that the act of voting put their personal data at risk is sure to have a chilling effect on some people. The hackers also teased the release as “example files,” which suggests they could release more sensitive and damaging information later.

Full Article: The Cybersecurity 202: Election operations are holding up so far against a wave of hacks and technical failures – The Washington Post

National: Maze Ransomware Is An Election Night Threat | Calvin Hennick/StateTech Magazine

Imagine it: It’s election night, and the results are starting to trickle in. Then, just as the electoral picture is beginning to come into focus, large voting precincts in critical swing states begin to experience problems. Voter registration databases are inaccessible to election officials, and even the websites where results are posted come crashing down. The culprit? It’s ransomware — specifically Maze ransomware. This is a nightmare scenario, but one that Chase Cunningham, principal analyst and vice president serving security and risk professionals for Forrester, says could really happen… “I think there should be a whole lot more worry about it,” says Cunningham. “I think we’re going to see a ransomware event in a major district, and it’s going to cause civil unrest. Of all the things that concern me about the election cycle, that is the one that keeps me awake at night.” Maze ransomware, a new type of threat discovered in 2019, is a major point of concern. Here’s what state, county and local officials need to know about the threat, why voting systems are particularly vulnerable and what can be done to protect their systems before Nov. 3.

Full Article: How Maze Ransomware Threatens Voter Databases | StateTech Magazine

National: Trump campaign site hack shows risks of even low-grade election interference | Joseph Marks/The Washington Post

A brief but colorful breach of President Trump’s campaign website is underscoring how even unsophisticated efforts at election interference can rattle voters and undermine the democratic process.  Officials and experts were eager to put the breach into context in the final week of the election – during which millions of Americans are expected to flock to the websites of candidates and state and local election offices for last-minute information before casting their ballots. Chris Krebs, head of the Department of Homeland Security’s election security division, sought to tamp down concern and called it an effort to “distract, sensationalize, and confuse” and to “undermine your confidence in our voting process.” The hackers managed to deface the site’s “About” page for several minutes, replacing it with a screed that claimed in broken English and without evidence to have compromising information about the president and his family culled from multiple hacked devices. “[T]he world has had enough of the fake-news spreaded daily by president donald j trump,” read the message, which also included FBI and Justice Department seals. “[I]t is time to allow the world to know truth.”

Full Article: The Cybersecurity 202: Trump campaign site hack shows risks of even low-grade election interference – The Washington Post

Georgia: Hacker Releases Hall County Election Data After Ransom Not Paid | Tawnell D. Hobbs/Wall Street Journal

A computer hacker who took over networks maintained by Hall County, Ga., escalated demands this week by publicly releasing election-related files after a ransom wasn’t paid, heightening concerns about the security of voting from cyberattacks. A website maintained by the hacker lists Hall County along with other hacked entities as those whose “time to pay is over,” according to a Wall Street Journal review of the hacker’s website. The Hall County files are labeled as “example files,” which typically are nonsensitive and used to encourage payment before a possible bigger rollout of often more-compromising information. The release of some of Hall County files came Tuesday, one week before the 2020 presidential election, in which election security has been a major focus. Recent polls show the race has tightened in Georgia, which was last won by a Democrat in 1992, and former Vice President Joe Biden, the Democratic nominee, made a campaign appearance there Tuesday.

Full Article: Hacker Releases Georgia County Election Data After Ransom Not Paid – WSJ

Cybersecurity and U.S. Election Infrastructure | Helen You/Foreign Policy

´As voters head to the polls for the 2020 elections, the U.S. faces on-going security threats such as disinformation campaigns, data breaches, and ballot tampering in an effort by foreign adversaries to erode the integrity of the democratic process. Recent events from Russian and Iranian hackers stealing data to threaten and intimidate voters to Russian actors actively targeting state, local, and territorial networks demonstrate that elections rely on crucial technological tools to ensure process integrity, the disruption of which would have a debilitating impact on national security and society.Critical infrastructure (CI) provides essential services and is the backbone of the country’s economy, security, and health. From transportation enabling personal mobility and commerce, to electricity powering our homes and businesses, to telecommunications networks fostering global connectivity—particularly amid the pandemic—CI is the lynchpin to functioning social, economic, and political systems. While these systems have long been subject to threats from terrorism and natural disasters, cyberattacks represent among the most destabilizing and underappreciated risk. With the rapid digitalization of all facets of society and increasing dependence on information and communications technologies (ICT), attackers ranging from nation-states to hacktivists to organized criminal groups can identify vulnerabilities and infiltrate seemingly disparate systems to disrupt services and damage global society—all without a physical attack. As a designated CI subsector, election systems are vital to domestic and international security (see U.N. nonbinding consensus report A/70/174) and election security risks can threaten democracies worldwide.

Full Article: Cybersecurity and U.S. Election Infrastructure – Foreign Policy

National: One week out, election IT officials project calm, with caution | Benjamin Freed/StateScoop

For many, the final week leading up to Election Day will be spent doomscrolling through poll results, enduring wall-to-wall campaign ads during every television commercial break and nervously refreshing some number-crunching Electoral College forecast. But as Election Day draws near, the IT and cybersecurity officials backstopping their states’ voting processes are projecting much more calm than your Facebook feed or family group text. “The technical pieces are in place, the planning is in place,” said Jeff Franklin, the chief cybersecurity officer in the office of Iowa Secretary of State Paul Pate. “We’re checking the locks on the doors and that the windows are shut and walking through that checklist.” Within the election security community, if the 2018 midterms — the first nationwide vote since the federal government declared elections to be critical infrastructure — were the “dress rehearsal,” 2020 has been considered the “big show.” In just the past few weeks, U.S. officials, led by the FBI and the Cybersecurity and Infrastructure Security Agency, have pumped out multiple alerts, including warnings that a Russia-linked hacking group has breached state and local networks and blaming Iran for a string of threatening emails to voters. And while the overall level of malicious cyber activity appears to be down from 2016, other threats, like misinformation and disinformation, still abound.

Full Article: One week out, election IT officials project calm, with caution

National: The lowly DDoS attack is still a viable threat for undermining elections | Tim Starks/CyberScoop

Scenes like what happened to Florida’s voter registration site on Oct. 6 has played out over and over again: A system goes down, and questions fly. Was there a cyberattack, specifically a distributed denial-of-service (DDoS) attack meant to overwhelm a website site with traffic, knocking it offline? Could there have been too many legitimate visitors rushing to the site to beat the voter registration deadline — that surged past what the system could handle? Or, was it something weirder, as in this case, like pop singer Ariana Grande urging fans on Twitter to register to vote? Florida’s chief information officer eventually blamed misconfigured computer servers. The incident, though, was one of several over the course of the past month that exposed ongoing anxieties about how cyberattacks, accidental outages and other technical failures could upend a polling place, or even an election. Few, if any, election security experts would rank the relatively antiquated technique of DDoS attacks as one of the top couple threats, particularly compared to ransomware or disinformation. Still, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security on Sept. 30 issued a warning about DDoS election threats. And Google,  in an Oct. 16 report, said it was watching government-backed hacking groups build their abilities to conduct large-scale DDoS attacks in recent years.

Full Article: The lowly DDoS attack is still a viable threat for undermining elections – CyberScoop

Virginia computers targeted by Trickbot malware before election | Mike Valerio/WUSA

Only days before the November election, Microsoft turned to a federal judge in Alexandria, arguing a ransomware network run by Russian-speaking cyber criminals posed a growing threat to the integrity of the vote. The corporation asserted its computer code is illegally used to operate Trickbot ransomware, a virus weaponized to lock electronic networks and make computers inoperable. That is, until a ransom is paid to the hackers. “Defendants have directed malicious computer code at the computers of individual users located in Virginia and the Eastern District of Virginia,” lawyers for Microsoft wrote in an October 6 federal civil complaint. “Defendants have attempted to and, in fact, have infected such user’s computers with malicious computer code.” The court this month granted approval for Microsoft to disable Trickbot servers and IP addresses, as the Pentagon’s U.S. Cyber Command launched a parallel action to neutralize the global botnet.

Full Article: Trickbot malware targeted Virginia computers before election | wusa9.com

National: Election Officials Warn of Widespread Suspicious Email Campaign | Robert McMillan and Dustin Volz/Wall Street Journal

Local U.S. election officials have been receiving suspicious emails that appear to be part of a widespread and potentially malicious campaign targeting several states, according to a private alert about the activity. In some of the emails, the sender impersonated state election directors and asked that the voting officials click on a link to receive special two-factor authentication hardware, the Elections Infrastructure Information Sharing and Analysis Center, an information sharing group for election officials, said in the alert Friday. While tricking users into clicking malicious links is a technique commonly used to hack into computer systems, the group, known as the EI-ISAC, didn’t find malicious links or attachments in most of the email samples it analyzed. Other emails deemed suspicious by the EI-ISAC purported to be from people with disabilities looking for ways to vote from home. “Some of these emails were designed to mimic standard correspondence that election officials would expect to receive…which increases the risk that an official might click a malicious link,” the alert said.”

Georgia: Ransomware hit Hall County. That didn’t stop its ballot counting. | Kevin Collier/NBC

A Georgia county has reverted to matching some absentee ballot signatures to paper backups, rather than an online system, after a ransomware infection spread to part of its election department. Poll workers in Hall County have since caught up on a backlog of absentee ballots, state officials said, and said there’s no danger of the ransomware extending to systems used to cast or count votes. But the infection is the first known example in the 2020 general election of opportunistic criminal hackers incidentally slowing the broader election process, something that federal cybersecurity officials have warned is a strong possibility.But the attack does not indicate any broad effort to tamper with U.S. voting or show systemic vulnerabilities to the U.S. election system. “They switched over to their paper backups, which is required of them,” said Jordan Fuchs, Georgia’s deputy secretary of state. “It took a little bit of work on their part — I think they had 11 days of catch-up to do — and they completed their task,” she said. A spokesperson for the county, Katie Crumley, said in an email, “For security purposes, we are not commenting on any specifics related to the ransomware attack.”

New York: Some ballot requests may be affected by Chenango County cyber attack | Associated Press

A hacker attack against an upstate New York county’s computer system raised concern that some emailed absentee ballot applications may not be processed, but the state Board of Elections said voting won’t be affected overall. The cyber attack on Oct. 18 encrypted about 200 computers operated by Chenango County and hackers demanded ransom of $450 per computer to unlock the files, Herman Ericksen, the county’s information technology director, said Monday. “We are not paying the ransom,” he said. Last week, the county board of elections released a public statement urging anyone who had sent an absentee ballot application by email since Oct. 15 to call the board to verify it had been received. The statement said the cyber attack would not otherwise impact voting because “the board has redundancies in place that will allow the secure and effective administration of the general election.”

Washington: Despite more threats voting system not breached, elections officials say | Jim Camden/The Spokesman-Review

Although attempts to disrupt the U.S. elections have increased, Washington’s voting system is safer than it was in 2016 and has withstood any attacks, state and local elections officials said Monday. Those findings dovetail with news that nearly half of all ballots sent out have been returned in an unprecedented early vote. The state’s Elections Security Operations Center has been monitoring the VoteWA system and the 39 counties’ elections systems for any attacks, Secretary of State Kim Wyman said. “We’re confident that our system has not had any breaches, has not been compromised in any way and that it is operating fully secure,” she said. Using some $20 million in federal funds for cybersecurity, the state built strong firewalls around the system and ways to monitor the traffic going in and out of VoteWa. “We have a much higher confidence level than we did, even two years ago, with the cybersecurity of our system,” Wyman said.

National: Officials stress security of election systems after U.S. reveals new Iranian and Russian efforts | Amy Gardner, Isaac Stanley-Becker and Elise Viebeck/The Washington Post

State and local officials hastened to reassure Americans this week that the nation’s election systems are secure after the country’s top intelligence official accused Iran of sending threatening emails to voters in several states and the United States said Russia obtained voter information from at least one county. U.S. officials and cybersecurity experts said the activity did not appear to include penetration of voting systems or access to voter registration databases, or the hacking of equipment that could be tampered with to alter election results. Arizona’s voter registration database remains secure,” said C. Murphy Hebert, a spokeswoman for the secretary of state’s office in Arizona, one of the states where Democratic voters reported receiving the threatening emails. “Some information in the voter record is publicly available in Arizona through a public record request, including party registration and, up until recently, emails. We are vigilantly monitoring all election systems. ”Federal and state officials said they have fortified election systems since 2016, when Russian hackers scanned election-related websites and software nationwide for vulnerabilities.

National: Russian Hackers Break Into 2 County Systems, Stoking Election Security Fears | Philip Ewing and Miles Parks/NPR

Active Russian cyberattacks are targeting a wide swath of American government networks, including those involved with the ongoing election, federal authorities revealed Thursday. The focus of the effort include “U.S. state, local, territorial, and tribal government networks, as well as aviation networks,” according to a new bulletin from the FBI and the Cybersecurity and Infrastructure Security Agency.It continued: “As this recent malicious activity has been directed at … government networks, there may be some risk to elections information … However, the FBI and CISA have no evidence to date that integrity of elections data has been compromised. “U.S. officials said separately on Thursday afternoon that systems in two local government jurisdictions had been accessed, granting attackers admission to some limited data about voters.The announcement followed one day after an in-person briefing by Director of National Intelligence John Ratcliffe and FBI Director Christopher Wray in which they warned about Russian interference as well as an Iranian scheme to intimidate voters with spoof emails.