election cybersecurity

Tag Archive

National: Americans should not be confident about security of 2020 election, experts say | Joseph Marks/The Washington Post

Americans should not be confident about the security of the 2020 election, according to a slim majority of experts surveyed by The Cybersecurity 202. The assessment from 57 percent of The Network, a panel of more than 100 cybersecurity experts who participate in our ongoing informal survey, puts a serious damper on the years-long push by federal, state and local government officials and political parties to bolster election security since a Russian hacking and influence operation upended the 2016 contest. “There are no signs that any part of our institutions are capable of providing an election that is reasonably secure from tampering and manipulation,” said Dave Aitel, a former NSA computer scientist who is now CEO of the cybersecurity company Immunity. “Every part of the voting process is vulnerable. This includes the voter registration process, the voting itself, the vote tabulation, and the results-reporting system,” said Bruce Schneier, fellow and lecturer at the Harvard Kennedy School of Government. Cindy Cohn, executive director of the Electronic Frontier Foundation, called for “more serious security measures for voting, from registration through to reporting the results back to the central voting authority.”

Full Article: The Cybersecurity 202: Americans should not be confident about security of 2020 election, experts say - The Washington Post.

National: With 2020 general election approaching, voting security under growing scrutiny | Maya Rodriguez/Scripps Media

It’s the foundation of American democracy: voting. Depending on where you are in the U.S., though, your election experience could look very different from that in your neighboring state or even just your neighbor. “It really does depend on where you are in the country,” said Marian Schneider, who heads up Verified Voting, a non-profit, non-partisan group that advocates for better election security. In particular, the group takes a closer look at when it comes to the use of computers in elections. “We use computers in every aspect of election administration in this country,” Schneider said. “We have also historically underfunded our elections and not put the money into them that we need in order to run a computerized operation.”

Full Article: With 2020 general election approaching, voting security under growing scrutiny.

National: Congress to get election security briefing next month amid Intel drama | Jordain Carney/The Hill

The administration is gearing up to brief lawmakers on election security as the country wades deeper into the 2020 primaries. Both the House and Senate will be briefed, separately, on March 10, according to Speaker Nancy Pelosi (D-Calif.) and a Senate aide. The briefings will come a week after Super Tuesday, when primary voters in more than a dozen states will head to the polls. On March 10, voters in six more states will cast ballots. The announcement of the briefings come as President Trump’s shake up of top intelligence community positions has sparked fierce criticism from Democrats and some national security professionals, and after reports that intelligence leaders have told lawmakers that Russia is again seeking to aid Trump’s campaign efforts. “American voters should decide American elections — not Vladimir Putin. All Members of Congress should condemn the President’s reported efforts to dismiss threats to the integrity of our democracy & to politicize our intel community,” Pelosi said in a tweet on Thursday.

Full Article: Congress to get election security briefing next month amid Intel drama | TheHill.

Florida: Cyber experts: Public should have known about 2016 Palm Beach County elections ransomware | Hannah Morse/The Palm Beach Post

In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. Is three years too long to learn that a ransomware attack happened at the Palm Beach County Supervisor of Elections Office? Yes, say cybersecurity and IT experts. In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. “Not only should they report this, they should understand that just because everything seems normal it might not necessarily be,” said Silka Gonzalez, founder of ERMProtect in Coral Gables. “Even if a hacker is already inside your network and passively stealing your information everything in your workplace is going to look normal and ‘business as usual.’ These things don’t come with sirens and red lights.” The scrutiny over Zepto and its purported encroachment by an unknown entity through an elections office computer in the weeks before the 2016 presidential vote has been a source of controversy. This month, current Supervisor of Elections Wendy Sartory Link revealed the previously unknown cyber attack via a Zepto virus. The severity of the episode, however, has been disputed by her predecessor, Susan Bucher.

Full Article: Cyber experts: Public should have known about 2016 elections ransomware - News - The Palm Beach Post - West Palm Beach, FL.

Illinois: ‘Wake-up call’ led to focus on election security | Bernard Schoenburg/The State Journal-Register

As the March 17 Illinois primary approaches, state and local election officials say they are continually working to keep election records, information and vote totals safe from outside meddling. “What I always say is we’re confident that we’re doing everything we can to stay a step ahead of any cyber attacker,” said Matt Dietrich, spokesman for the Illinois State Board of Elections. “But all you can ever hope, when you’re dealing with cyber security, is to stay ahead of the next hacker.” Sangamon County Clerk Don Gray, whose office oversees elections in the county, said every election authority has been “working hard … protecting and defending our election apparatus. It is absolutely imperative today that we are proactive and being out in front of cybercriminals.”

Full Article: 'Wake-up call' led to focus on election security - News - The State Journal-Register - Springfield, IL.

Kansas: Counties’ websites may lack security against hackers | Associated Press

Many Kansas counties’websites may be at risk as they lack basic protocols that make it easier for hackers to impersonate websites in order to install malware or trick individuals into giving out their personal information. Out of 105 counties, only eight of them have websites ending in .gov, a domain extension only government officials can control, and 60 counties’ URLs start with “http” rather than the more secure “https.” Experts say it could be a serious concern for smaller governments during a time of increasing cyberattacks, KCUR-FM reported. Local governments have in recent years become frequent targets of ransomware attacks, where hackers hold data hostage in exchange for money.

Full Article: Kansas counties' websites may lack security against hackers.

Pennsylvania: University of Pittsburgh forum will look at threats to democracy in the internet age | Abigail Mihaly/Pittsburgh Post-Gazette

Leading expert in cybersecurity David Hickton is warning us that the internet could dismantle democracy. Mr. Hickton, founding Director of the University of Pittsburgh Institute for Cyber Law, Policy and Security and former United States Attorney for the Western District of Pennsylvania, will discuss the issue in a lecture this week at the University of Pittsburgh. The “Can Democracy Survive the Internet?” lecture, hosted by the Dick Thornburgh Forum for Law and Public Policy at Pitt, will ask the question: Is the internet a force for freedom or for oppression? When his children began instant messaging online, Mr. Hickton realized the internet was an open environment, without sufficient rules or security. “[The cyber world] is designed to make our lives better,” said Mr. Hickton. “But … it’s not coincidental that in some places around the world, digital space is being used to make people less free.”

Full Article: Pitt forum will look at threats to democracy in the internet age | Pittsburgh Post-Gazette.

Editorials: As Washington State’s chief elections officer, I don’t think electronic voting is worth the risk | Kim Wyman/The Seattle Times

The integrity of our elections and our democracy is under attack. Bad actors — both foreign and domestic — seek to damage election infrastructure, manipulate results and sow discourse. Washington has made critical strides in shoring up security for upcoming elections and beyond, but safeguarding our elections is a race without a finish line. With cybersecurity experts warning of the severe vulnerabilities with online or mobile voting, including electronic ballot return methods, I am recommending the Legislature act on a bill I requested to protect Washington voters from cyber intrusion. Currently, Washington allows military and civilian overseas voters to return their ballots by email or fax. Cybersecurity experts, including the Department of Homeland Security, the Federal Bureau of Investigation, the National Security Agency and the Massachusetts Institute of Technology, are imploring states to eliminate these glaring vulnerabilities. Heeding their warnings, I partnered with a bipartisan group of legislators to eliminate email and fax ballot return options for voters serving or living overseas.

Full Article: As the state’s chief elections officer, I don’t think electronic voting is worth the risk | The Seattle Times.

National: Disability rights groups say focus on election security hurting voter accessibility | Maggie Miller/The Hill

Disability rights advocates on Thursday urged election officials to focus on accessibility alongside security for U.S. elections and pushed for more technological solutions that would allow all Americans to cast secure votes. “For people with disabilities, our votes aren’t secure now,” Kelly Buckland, the executive director of the National Council for Independent Living, said at an election accessibility summit hosted by the Election Assistance Commission (EAC) on Thursday. “I believe we could make them more secure through technology that is available today.” After Russian interference in the 2016 presidential elections — which according to U.S. intelligence agencies and former special counsel Robert Mueller involved sweeping disinformation efforts on social media and targeting of vulnerabilities in voter registration systems — election security has become a major topic of debate on the national stage. Concerns around the use of technology in elections were also heightened this month following the use of a new vote tabulation app by the Iowa Democratic Party during the Iowa caucuses. The app malfunctioned due to a “coding issue,” leading to chaos around the final vote tally.  After these incidents, election security experts have advocated for using more paper ballots to ensure no individual or group can hack the votes, and to ensure no glitch can occur.  However, disability groups on Thursday noted that moving to just paper could make it difficult to vote for blind or visually impaired people, those who have difficulty leaving their homes, or those for whom English is not their first language.

Full Article: Disability rights groups say focus on election security hurting voter accessibility | TheHill.

Kentucky: Election Machinery Regularly Scanned by Foreign Hackers, Official Says | DH Kass/MSSP Alert

The state of Kentucky’s election systems are “routinely scanned” by foreign hackers, including North Korea, Russia and Venezuela, a senior election official told legislators in a state House budget subcommittee hearing. “This is not something that is in the past, that happened in 2016,” Jared Dearing, executive director of Kentucky’s Board of Elections told the subcommittee, according to the (Kentucky) Courier Journal. “It happens on a weekly basis.” A U.S. Department of Homeland Security official meets with the board every week to go over every scan against Kentucky’s system, he said. Cyber break-ins at the state election level are a growing concern for security defenders, with many states complaining rightfully that funding to fend off attacks is sorely lacking. “We’re asking county clerks with very, very limited resources, with not enough IT staff, to fully maintain their own systems,” Dearing said. “We’re asking them to participate in national security.” Late last year, some help arrived in the federal government’s fiscal 2020 budget agreement that includes $425 million in state election grants to improve cybersecurity. Increased awareness by state officials combined with supplemental financial support could present new opportunities for managed security service providers (MSSPs) and managed service providers (MSPs).

Full Article: Kentucky’s Election Machinery Regularly Scanned by Foreign Hackers, Official Says - MSSP Alert.

Minnesota: Standoff looms over election security, provisional ballots | Brian Bakst/MPR News

The Republican-sponsored bill for a provisional ballot system is tied to a measure unlocking more federal funding to enhance election security. The Senate State Government Finance and Policy and Elections Committee advanced it Tuesday on a 6-3 party-line vote. The rules would apply to anyone who registers at the polls. Their ballots would be kept out of counts until additional eligibility and residency verification checks are done within a week of an election. Sen. Torrey Westrom, R-Elbow Lake, said it’s an election-integrity safeguard. “Once the ballot is in the box, it’s like pouring two cups of water together — one has toxins in it and the other doesn’t. You can’t separate that water again,” he said. “The same thing goes here.” Democrats argued it would impose new voting obstacles — and could tie up legitimate votes — when there isn’t widespread evidence of ineligible people casting ballots. “If a person were to swear erroneously and after the fact be found out that it was a lie, they have a felony. They have a felony,” said Sen. Carolyn Laine, DFL-Columbia Heights. “This is not done light-heartedly. And as we know in the state of Minnesota it is rarely done and usually by mistake.”

Full Article: Standoff looms over election security, provisional ballots | MPR News.

Georgia (Sakartvelo): U.S. and Allies Blame Russia for Cyberattack on Republic of Georgia | David E. Sanger and Marc Santora/The New York Times

The United States and its key allies on Thursday accused Russia’s main military intelligence agency of a broad cyberattack against the republic of Georgia in October that took out websites and interrupted television broadcasts, in a coordinated effort to deter Moscow from intervening in the 2020 presidential election in the United States. The accusation, issued by Secretary of State Mike Pompeo, was particularly notable at a time when President Trump has been seeking to shift blame for interference in the 2016 election from Russia to Ukraine, a central element of his impeachment trial last month. Russian military intelligence, known as the G.R.U., was one of the agencies implicated in the cyberoperations aimed at interfering in that election and in a 2017 attack that struck major companies around the world, including Merck, Federal Express and Maersk. That attack is considered one of the most destructive and expensive in history, causing billions of dollars in damage.

Full Article: U.S. and Allies Blame Russia for Cyberattack on Republic of Georgia - The New York Times.

Nevada: ‘A complete disaster’: Fears grow over potential Nevada caucus malfunction | Laura Barrón-López

The process will break down like this: On caucus day, each precinct chair will be given a party-purchased iPad that will have a link to a Google form — dubbed a “caucus calculator” — saved on it. Pre-loaded on the form will be the early vote total from that precinct. The precinct chair will then input vote totals after the first and second votes. Under caucus rules, voters choose their preferred candidate at the outset, known as the first alignment. But if their candidate fails to reach 15 percent, they can switch to a different candidate, or seek to persuade supporters of another candidate who fails to reach 15 percent to help their candidate clear that threshold during the second alignment. The prompts on the Google form are expected to look similar to how they appear on the physical caucus reporting sheet. When the first and second alignments are completed, the totals will be relayed over the cloud to the Nevada Democratic Party via the Google form, which on the back end appears as a Google spreadsheet. Separately, the precinct chair or site lead will take the printed caucus reporting sheets — each campaign must sign off on them first — and call the Nevada Democratic Party boiler room via a secure hotline. (Site leads oversee multiple precinct chairs in caucusing at a single large location.)

Full Article: ‘A complete disaster’: Fears grow over potential Nevada caucus malfunction - POLITICO.

National: ElectionGuard could be Microsoft’s most important product in 2020. If it works | Alfred Ng/CNET

Building 83 doesn’t stand out on Microsoft’s massive Redmond, Washington, headquarters. But last week, the nameless structure hosted what might be the software giant’s most important product of 2020. Tucked away in the corner of a meeting room, a sign reading “ElectionGuard” identifies a touchscreen that asks people to cast their votes. An Xbox adaptive controller is connected to it, as are an all-white printer and a white ballot box for paper votes. If you didn’t look carefully, you might have mistaken all that for an array of office supplies. ElectionGuard is open-source voting-machine software that Microsoft announced in May 2019. In Microsoft’s demo, voters make their choices by touchscreen before printing out two copies. A voter is supposed to double-check one copy before placing it into a ballot box to be counted by election workers. The other is a backup record with a QR code the voter can use to check that the vote was counted after polls close. With ElectionGuard, Microsoft isn’t setting out to create an unhackable vote — no one thinks that’s possible — but rather a vote in which hacks would be quickly noticed. The product demo was far quieter than the typical big tech launch. No flashy lights or hordes of company employees cheering their own product, like Microsoft’s dual screen phone, its highly anticipated dual-screen laptop or its new Xbox Series X. And yet, if everything goes right, ElectionGuard could have an impact that lasts well beyond the flashy products in Microsoft’s pipeline.

Full Article: This could be Microsoft's most important product in 2020. If it works - CNET.

Editorials: There’s always a threat to voting online | Huntingdon Herald-Dispatch

It shouldn’t take an MIT genius to figure out that any internet-based voting system can be hacked, but apparently it did. Last week researchers at the Massachusetts Institute of Technology said the Voatz app, which has been used in West Virginia and elsewhere by absentee voters and military personnel, has vulnerabilities that could allow hackers to change a person’s vote without detection. The Voatz developer said the analysts used an older version of the app. It accused them of acting in “bad faith.” So far the app has been used by fewer than 600 voters in nine pilot elections. Voatz was used in West Virginia’s elections in 2018 by fewer than 200 voters. No problems were reported. Last month, the Legislature approved a bill that would allow voters with physical disabilities to use the Voatz app in this year’s election. The bill awaits the governor’s signature or veto.

Full Article: Editorial: There's always a threat to voting online | Opinion | herald-dispatch.com.

Florida: Experts Reiterate Cybersecurity Warnings for 2020 Election | Sarah Nelson/The Gainesville Sun

Cybersecurity experts warned in late 2019 that internet hacking has climbed to crisis level. And based on what they’ve seen in early 2020, a similar warning has now been issued: that hackers show no signs of letting up and will likely focus on the 2020 election. “What’s more likely is that these cybercriminals will cause disruption,” said Brett Callow, Emsisoft spokesman. “Because most elections operate at the county level, local governments need to prepare.” But because of this year’s tense political climate, and overall spike in cyberattacks, Callow predicts cybercriminals will zero in on the election. Kim Barton, supervisor of the Alachua County, Fla., Elections Office, says the department began to look at cybersecurity preventive security measures years ago, and officials work to keep up with the latest internet security updates. “Cybersecurity is an always evolving field, so our office expects that we will continually be updating our training, procedures, and systems to keep ourselves as protected as possible,” she said.

Full Article: Experts Reiterate Cybersecurity Warnings for 2020 Election.

Georgia: Election Security Scandals in Georgia Heighten 2020 Concerns | Lucas Ropek/Government Technology

In 2016, a vulnerability was discovered in Georgia’s election system that exposed the information of some 6.7 million voters and would’ve given a hacker the ability to manipulate or delete any information within voting machines across the state, according to people familiar with the discovery. While the state has since taken steps to patch the holes, activists are still concerned that the state’s subpar election security practices will endanger the results of the 2020 presidential race. Marilyn Marks, executive director of the advocacy group Coalition for Good Governance, said that while Georgia has corrected some mistakes, it still hasn’t addressed its fundamental weaknesses. The group, which is currently engaged in one of several election-related lawsuits against the state, released a statement this week alleging that the state’s presidential primary was “at risk of failure.” With a highly contentious election looming and heightened concerns about foreign interference, the question remains: has Georgia done what it takes to protect voters and the democratic process?  

Full Article: Election Security Scandals in Georgia Heighten 2020 Concerns.

Iowa: Caucus app chaos shows why American elections should stay analog for now | Brinkwire

Like everything created by humans, code has flaws. One major way to defend against potential problems brought on by the flaws is testing an app before you use it. Unfortunately, it seems like the Iowa Democratic Party did little in the way of testing the app it used to track results from the Iowa caucuses, wreaking havoc on the tenuous Democratic presidential-nominating process. “The situation in Iowa makes the average voter’s confidence in the election process worse than before,” said Ron Gula, a former National Security Agency (NSA) white hat hacker who now invests in startup cybersecurity firms. “Whether or not they might believe the Russians hacked the election before, this is another thing that will make them go ‘wow, we really don’t trust this.’ It’s not a great situation for voter confidence in general.” This was a screw up on a state level, a state that happens to hold a lot of significance for U.S. democracy. “The situation with Iowa’s caucus reveals the risks associated with technology, in this case with a mobile app, but more importantly that there needs to be a low-tech solution in order to recover from technological failures — no matter the cause,” said Marian K. Schneider, president of Verified Voting, in a statement to Digital Trends. Verified Voting is a voting accuracy nonprofit that works to eliminate or reduce the use of systems that “cannot be audited or secured, such as internet voting.” Schneider noted it was lucky that Iowa kept paper records of the vote. “It’s clear that mobile apps are not ready for prime time,” she said.

Full Article: Iowa caucus app chaos shows why American elections should stay analog for now – Brinkwire.

Kentucky: Despite Security Push, Kentucky Struggles To Update Voting Machines | Ryland Barton/WFPL

Despite worries from election security experts, Kentucky will be one of only a few states in 2020 that’s still using some voting machines that don’t produce a paper trail — an industry standard to verify election results. The reason is one that Kentuckians have heard often: there isn’t enough money, especially in a state that places much of the burden of election administration on local governments. And despite recent transfusions of cash from the federal government for states to improve election security, the amount allocated to Kentucky in the most recent disbursement only represents about 10 percent of the overall need. But state election officials say that voters have nothing to worry about. The outdated electronic-only voting machines used in the vast majority of Kentucky counties aren’t connected to the internet and there’s no evidence that they’ve been hacked before.

Full Article: Despite Security Push, Kentucky Struggles To Update Voting Machines.

Nevada: Democrats scramble to avoid Iowa-like chaos as Democratic caucuses approach | Kari Paul/The Guardian

Democratic party officials in Nevada are rushing to avoid the fate of Iowa, where technological and organizational failure left the first caucus in the 2020 presidential race without a clear winner. Nevada Democratic party officials had initially planned to rely on the same app that caused chaos in Iowa to transfer results from local precincts during the caucus on 22 February. But during the Iowa vote, a “coding issue” caused the app, developed haphazardly and on a low budget by the tech firm Shadow, to report only partial data from the state’s 1,700 caucus sites. Spotty cellphone coverage in some voting locations, poor training of some caucus volunteers and troubles with a backup phone line to report results compounded the chaos. Following the Iowa caucus, Nevada officials said they were determined to avoid similar problems. “NV Dems can confidently say that what happened in the Iowa caucus last night will not happen in Nevada,” the state Democratic party chair, William McCurdy II, said in a statement at the time. Since then, it has been difficult to pin down the Nevada Democratic party regarding what process it will use instead. It did not respond to the Guardian’s requests for comment and its website includes no information on the topic.

Full Article: Nevada scrambles to avoid Iowa-like chaos as Democratic caucuses approach | US news | The Guardian.