National: Keeping US elections safe from hackers | Maggie Miller/The Hill

Robert Mueller’s former chief of staff from his time at the FBI says Washington isn’t doing nearly enough to secure U.S. election systems in the wake of the special counsel report on Russian interference in 2016. John Carlin, who now chairs the law firm Morrison & Foerster’s global risk and crisis management group and co-chairs its national security practice group, told The Hill in a recent interview that foreign threats against elections are “here and present,” adding that he “absolutely” expects Moscow to attempt to interfere in this year’s vote. “The overall message that the seriousness of what they found in terms of the Russian government interfering in our elections in a sweeping and systematic action, you would hope that this is the type of report that would drive in a bipartisan way all Americans to see what we can do to prevent it from occurring again,” said Carlin. “I wish there would be more of a bipartisan focus on what Russia did and holding them [to] account.” Carlin noted that while “there have been improvements” from the federal government to address election security concerns — most notably $425 million Congress designated to states for election security as part of the recent appropriations cycle — the ongoing “plague” of ransomware attacks poses a new threat.

National: Cyber Threats to Elections Reported Nationwide | Associated Press

West Virginia reported unusual cyber activity targeting its election systems. The Texas governor said the state was encountering attempted “attacks” at the rate of “10,000 times a minute” from Iran. Information technology staff in Las Vegas responded to an intrusion, though the city says no data was stolen. All told, state election officials in at least two dozen states saw suspicious cyber activity last week, although it’s unclear who was behind the efforts and no major problems were reported. Long before a U.S. drone strike assassinated a top Iranian general, there were already concerns about foreign efforts to hack American institutions and its elections. The conflict with Iran has exacerbated those fears. Yet as the recent spate of reports makes clear, not all suspicious cyber activities are equally troublesome, the work of a foreign government or a precursor to the type of Russian interference seen in the 2016 election on behalf of Donald Trump.

Wisconsin: Election officials look to launch security outreach plan | Todd Richmond/Associated Press

Wisconsin officials are considering spending more than a quarter of a million dollars on a public relations push to reassure voters that elections in the state are secure after nearly three-quarters of respondents to a survey this fall said they were worried about threats. Wisconsin Elections Commission staffers planned to ask the six commissioners Tuesday for permission to spend $260,000 to hire Madison-based advertising firm KW2 to develop the campaign, which could include online content, videos, news releases and graphics. The money would come from a $7 million federal grant the state received in 2018 to bolster election security. The commission has already hired KW2 to research voter impressions on election security. Those efforts are expected to cost about $140,000. That money will also come from the federal grant. The firm conducted an online survey in October of 1,116 Wisconsin adults’ impressions of election security. Less than a third of respondents — 29% — said they had confidence in election security nationally. More than half — 54% — said they had confidence in state elections.

National: Voting equipment companies throw weight behind enhanced disclosures | Maggie Miller/The Hill

The CEOs of the three largest U.S. voting equipment companies on Thursday supported more disclosure requirements, marking a major step for an industry that has come under close scrutiny in recent years due to election security concerns. The leaders of Election Systems and Software (ES&S), Dominion Voting Systems and Hart InterCivic testified before the House Administration Committee during a House hearing, marking the first time leaders from the three major voting equipment manufacturers testified together before Congress. Committee Chairwoman Rep. Zoe Lofgren (D-Calif.) kicked off the hearing by asking whether the CEOs of these companies, which are estimated to control at least 80 percent of the market for voting equipment in the U.S., would support legislation mandating more disclosures.  Specifically, Lofgren asked if they would support requirements to disclose company cybersecurity practices, cyberattacks experienced by the companies, background checks done on employees, foreign investments in the companies, as well as information on the supply chain involved in building the voting equipment. Tom Burt, the president and CEO of ES&S, which has the largest individual share of the voting equipment market, answered that he “would support a requirement for all five of those requirements.” Julie Mathis, the CEO and president of Hart InterCivic, and John Poulos, the CEO and president of Dominion, both also agreed with Lofgren’s listed disclosure requirements.

National: Voting machine vendors to testify on election security | Maggie Miller/The Hill

The CEOs of the three biggest U.S. voting equipment manufacturers will testify before the House Administration Committee on Thursday, marking the first election security hearing of 2020. The hearing, which is to be focused on the status of election security, will represent the first time that top executives from the three companies have testified together before Congress. The presidents and CEOs of Dominion Voting Systems, Hart InterCivic and Election Systems and Software (ES&S) are all scheduled to appear. These three companies are estimated to control more  90 percent of the voting equipment market in the U.S., according to a report put out by the University of Pennsylvania’s Wharton Public Policy Initiative. All three have come under scrutiny from Washington in the wake of Russia’s interference in the 2016 presidential race. The Senate Intelligence Committee in volume one of its investigation into Russia’s actions expressed concerns for the security of voting machines. It voiced particular concerns with “direct-recording electronic” machines, which do not print out a paper copy of a voter’s vote.

National: Why the 2020 US presidential election is still vulnerable to foreign interference | Armen Najarian/Help Net Security

With the international political situation becoming increasingly fraught and divisive, it is hard to ignore the shadow of foreign interference looming over electoral proceedings around the world. Not only are the US elections arguably some of the most influential on the global stage, but the infamous cyber attack on Clinton campaign manager John Podesta during the 2016 presidential elections was a watershed moment. The attack, which used email-based social engineering techniques to breach Podesta’s email account and leak thousands of emails, marked a move towards more overt and hostile cyber activity in the political arena. The threat of foreign interference takes many forms, from the more subtle use of fake news and online trolls to confuse and frustrate the political discourse, to direct attacks on vulnerable voting infrastructure and to disrupt or breach political parties and individuals. Four years on from the Podesta hack, email remains one of the most prominent weapons in the cyber attacker’s arsenal – and worryingly, the majority of political parties and candidates are still extremely vulnerable to email attacks.

National: The 2020 election will be the country’s biggest cybersecurity test ever | Joseph Marks/The Washington Post

What will be the biggest cybersecurity story of the year? You hardly have to ask. The 2020 election probably is the most anticipated event in U.S. history when it comes to digital security. Russia’s hacking and disinformation campaign to interfere in the last presidential election shook the nation’s confidence in the U.S. democratic process and rocketed cybersecurity into the mainstream of Washington’s political life. Top questions now are not just when but how Russia will try to interfere in the approaching presidential election and whether it will be emboldened by the fact it has yet to face any significant consequences — and, of course, whether other U.S. adversaries will jump into the fray. “Nobody has really punished them for it and the reality is our adversaries are constantly pushing the envelope,” John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye, told me. “They see what they can get away with and then they push the envelope again.” If the election concludes without a security disaster that compromises the results or undermines public confidence in them, that will be a victory for solid planning, education and more than $900 million spent on digital election defense since 2016. If it’s disrupted, however, it will be a drastic blow to faith in democracy and to the idea the United States can set any red lines in cyberspace that our adversaries won’t cross.

Editorials: Facing the primary attack on democracy | Emily Frye & Philip Reitinger/The Hill

Democracy is under attack — and our federal, state, and local elections are the front lines. Both technical attacks and disinformation campaigns designed to undermine election legitimacy are being deployed on a daily basis to threaten the basic tenets of American society. The Justice Department’s special counsel recently concluded that “there were multiple, systematic efforts to interfere in our elections. And that allegation deserves the attention of every American.” A government “of the people, by the people, and for the people” is possible only if the will of the people is known. We must be able to trust the results of our elections. Without that trust, governments appear illegitimate. The next presidential election is less than a year away, but our nation’s elections infrastructure has far less time to prepare to preserve the basic principles of democracy.

Georgia: Augusta University and Cyber Center partner with State on election security | Tom Corwin/The Augusta Chronicle

Georgia election officials are turning to Augusta experts for help in ensuring election integrity this year. Georgia Secretary of State Brad Raffensperger announced Wednesday that his office will partner with the Georgia Cyber Center and Augusta University School of Computer and Cyber Sciences to ensure Georgia’s new electronic voting systems are secure. “This is exciting,” said Dr. Alex Schwarzmann, dean of the School of Computer and Cyber Sciences. “Georgia is moving absolutely in the right direction.” Before coming to Augusta, Schwarzmann was part of a similar partnership in Connecticut between the secretary of state and the University of Connecticut. He said there were not more than 20 states that have created such a proactive arrangement with an independent technology agency to ensure electronic election systems stay secure.

Georgia: Secretary of State Issues Warning for Cyberattacks | The Albany Herald

Georgia Secretary of State Brad Raffensperger announced Monday that he is instructing elections officials for the state and individual counties to be on heightened diligence against possible cybersecurity attacks following a warning issued by the U.S. Department of Homeland Security. “Nothing is more important than the security and integrity of elections,” Raffensperger said. “The state’s election system uses the most advanced protections against cyberattacks and draws on the advice and best practices of national experts. While no specific threat has been identified, this latest warning serves as a reminder that we can never lower our guard.” The Multi State Information Sharing and Analysis Center and the Department of Homeland Security have notified the Georgia office of the Secretary of State “that Iran is highly likely to retaliate” against the United States and its interests following the airstrikes early Friday, killing a prominent Iranian military official. “We are continually improving and enhancing our cyber security,” responded Raffensperger. “Our goal is both prevention and resiliency in our infrastructure and systems.”

Texas: Governor warns of possible cyber attacks amid conflict with Iran | Allie Morris/HoustonChronicle.com

Republican Gov. Greg Abbott is warning of potential cyberattacks on state agencies as a result of the conflict between Iran and the U.S. In the past 48 hours, Abbott said Texas officials have identified Iran as the origin of as many as 10,000 attempted attacks per minute on state computers and networks. After a roundtable with law enforcement officials on Tuesday, Abbott said there are some concerns about the attempted hacks, but that state officials have no credible information about immediate threats to the state or Texas residents. A federal website and a state website that isn’t monitored by the Texas Department of Information Resources might have been defaced by someone with pro-Iranian sentiments, the agency’s executive director Amanda Crawford told reporters after the roundtable. But she declined to name the affected sites and said the department is still gathering information. Abbott is warning local governments to be especially vigilant.

National: DHS issues bulletin warning of potential Iranian cyberattack | Maggie Miller/The Hill

The Department of Homeland Security (DHS) released a bulletin this week through its National Terrorism Advisory System warning of Iran’s ability to carry out cyberattacks with “disruptive effects” against critical U.S. infrastructure. In the bulletin, sent in the wake of the U.S. airstrike that killed Iranian Quds Force commander Gen. Qassem Soleimani, DHS noted that while there is currently “no information indicating a specific, credible threat to the Homeland,” Iran does have the ability to attack the U.S. in cyberspace. “Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets,” DHS wrote in the bulletin. The agency noted that “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.” Acting DHS Secretary Chad Wolf tweeted Saturday that the bulletin was intended to “inform & reassure the American public, state/local governments & private partners that DHS is actively monitoring & preparing for any specific, credible threat, should one arise.”

Florida: Despite Improvements, Concerns Remain About 2020 Election Security | Denise Royal/WUSF

With the presidency on the ballot this year, there are real fears of attempts by foreign powers to interfere in Florida’s election. Increasing election security is a priority for local, state and federal officials. Millions of tax dollars are being spent to shore up election security and to reassure voters that their votes will count. In addition to the cyber-threats, Florida has a history of close elections, and trouble with recounting close votes. This year, Florida’s county officials are on the front lines to identify problems. The Florida Roundup took a close look at election security and what problems remain in this crucial year for voters. Tammy Jones, president of Florida Supervisors of Elections, and Ion Sancho, the former elections supervisor for Leon County, joined hosts Tom Hudson and Melissa Ross.

National: Election vendors executives head to the Hill | Tim Starks/Politico

he House Administration Committee will start off the new year with a bang on Thursday when it convenes a hearing with the presidents of the three largest election technology vendors. Testifying on the first panel of the hearing, the committee told MC, are Tom Burt, president and CEO of Election Systems & Software; John Poulos, president and CEO of Dominion Voting Systems; and Julie Mathis, president and CFO of Hart InterCivic. The major vendors have sent lower-level representatives to congressional hearings in the past, but this is the first time that all three top executives have testified together, a House aide told MC. The timing is auspicious: the presidential primary season, which begins in just a few weeks, represents a high-profile test of many states’ new paper-backed electronic voting machines. Vendor oversight has been a top concern of voting security experts and activists, because the three largest firms have historically shunned transparency, downplayed security concerns and threatened competitors with lawsuits. House Administration Chairwoman Zoe Lofgren (D-Calif.) first told POLITICO that she was planning this hearing in August, after a bipartisan group of activist organizations pressed her panel and its Senate counterpart to scrutinize the vendors more closely. After vendor executives testify, the Administration Committee will hear from a trio of experts, according to the witness list shared with MC. They are Liz Howard from the Brennan Center for Justice, Georgetown University professor Matt Blaze and University of Florida professor Juan Gilbert.

Taiwan: China uses Taiwan for AI target practice to influence elections | Philip Sherwell/The Sunday Times

China has already deployed its expertise in artificial intelligence to erect a surveillance state, power its economy and develop its military. Now Taiwan’s cyber-security chiefs have identified signs that Beijing is using AI to interfere in an overseas election for the first time. In the run-up to its general and presidential elections on Saturday, Taiwan has detected what appear to be experiments with AI-generated messaging amid disinformation unleashed by Beijing and its proxies. This could presage China’s export of its Orwellian tools for manipulation and control to influence other democracies. If Chinese programmers can teach intelligent machines to mimic the language of voters — learning idioms, slang and mindsets via elaborate algorithms — it will be a game-changer, spreading fake news and disinformation through anonymous social media accounts at viral speeds. “We believe we are seeing China testing the use of artificial intelligence for the first time in their influence operations in this election,” said Tzeng Yi-suo, director of the cyber-warfare division at Taiwan’s Institute for National Defence and Security Research.

National: Cyber attacks and electronic voting errors threaten 2020 outcome, experts warn | Peter Stone/The Guardian

Potential electronic voting equipment failures and cyber attacks from Russia and other countries pose persistent threats to the 2020 elections, election security analysts and key Democrats warn. In November significant electronic voting equipment problems occurred in an election in the vital battleground state of Pennsylvania, sparking a lawsuit by advocacy groups charging the state is using insecure electronic voting machines. Other key states like Florida and North Carolina which experienced voting problems in 2016 and Georgia which had serious equipment problems in 2018, are being urged to take precautions to curb new difficulties in 2020, say election analysts. The Brennan Center’s electoral reform program last month released a study that stressed testing backup systems and electronic voting equipment before the primaries and next November’s general election was needed to reduce risks of cyber attacks and equipment failures, and offered guidance about ways to recover from attacks or malfunctions. In response to these and other threats, Congress in December added $425m for election related spending, including security measures, to a massive $1.4tn spending bill for 2020.

National: Election Security At The Chip Level | Andy Patrizio/Semiconductor Engineering

Technological advances have changed every facet of our lives, from reading to driving to cooking, but one task remains firmly rooted in 20th-century technology — voting. Electronic voting remains doggedly unavailable to most, and almost always unusable to those who have it. For more than a decade, it seems every election is accompanied by numerous reports of voting machine problems. The most common issue involves machines changing votes. It has happened in numerous states, and even to Ellen Swenson, chief analyst for the Election Integrity Project, a non-partisan California group seeking to preserve election integrity. It’s not easy when two separate voting machines in Riverside County, where Swenson resides, recorded incorrect votes. At least that machine worked. “So many have said they’ve gone to polls and the machines break down. That’s another thing that hurt the subject. There were so many broken machines across [Los Angeles] County in 2018 and none were fixed, so LA had to use paper ballots,” she said. For some people, the old paper punch ballot is actually preferable, said Swenson. “There is a whole set of challenges, philosophically and psychologically. The idea of connecting to the Internet scares some people, their fear of the privacy of their vote being compromised, or hacking it and changing the results. There’s a real psychological wall to climb,” she said.

National: Election Infrastructure Remains Vulnerable to Attacks | Diane Ritchey/Security Magazine

In 10 months, U.S. citizens will elect a new president (or re-elect a current one). As the race heats up and election day nears, a key component of the U.S. election infrastructure remains vulnerable to attack. Only five percent of the country’s largest counties are protecting their election officials from impersonation, according to an analysis by Valimail. The rest are vulnerable to impersonation, meaning their domains could become the vectors for cyberattacks and misinformation campaigns. According to Seth Blank, director of industry initiatives for Valimail, “This is a problem because the overwhelming majority of cyberattacks can be traced to impersonation-based phishing emails. In the corporate world, these cyberattacks result in the loss of funds or proprietary data. But when it comes to elections, the bedrock of democracy – free and fair elections – is at stake.” An August 2019 report from Valimail noted that most presidential candidates’ campaigns are not protected from email impersonation. An earlier report found a similar situation across the thousands of domains that are used by state and local governments. “And we’re not just talking about voting machines being vulnerable,” Blank says. “While most voting machines are isolated from the Internet (they are often air-gapped for security), the same cannot be said for other elements of the election process. The electronic pollbooks that voters use to sign in on election day and the machines that tabulate votes may be connected to the Internet for software updates or to receive or transmit voting information. This makes them potential targets for email-based attacks aimed at other users of the same networks.”

North Carolina: Election probe finds security flaws in key North Carolina county but no signs of Russian hacking | Kim Zetter/Politico

A long-awaited report this week from the Department of Homeland Security found security problems with the computer systems that a North Carolina county used to handle voter data during the 2016 election — but no evidence that Russian hackers had breached them. Still, the review is unlikely to totally resolve questions surrounding the county’s use of software provided by the Florida company VR Systems, which — as POLITICO reported last week — have added to broader doubts about the security of election technology that Americans will use at the polls in 2020. Experts contacted by POLITICO said the new DHS analysis has its share of holes — for instance, failing to examine all the computer systems the Russians could have targeted. And they noted that officials in Durham County, N.C., had waited until about a week after Election Day to preserve some potentially important evidence. “I think [the investigation is] incomplete,” says Jake Williams a former NSA hacker who is founder of the security firm Rendition Infosec and trains forensic analysts. “It’s the best investigation that can be conducted under the circumstances. We can’t investigate what we don’t have, [and] a lot of the crucial evidence is missing.” Among other security issues, the heavily redacted DHS report indicates that someone had used a “high value” desktop computer handling Durham County’s voter-registration data to access a personal Gmail account on Election Day. The report provides a lengthy list of suggestions — all blacked out — for how the county can improve the security of its election infrastructure.

International: Hackers will be the weapon of choice for governments in 2020 | Patrick Howell O’Neill/MIT Technology Review

When Russia was recently banned from the Olympics for another four years in a unanimous decision from the World Anti-Doping Agency (WADA), the instant reaction from Moscow was anger and dismissal. Now the rest of the world is waiting to see how Russia will retaliate this time. In the history books, 2016 will forever be known for unprecedented Russian interference into an American presidential election, but until that transpired, one of the most aggressive cyber campaigns that year centered on the Olympics. In the run-up to the summer games in Brazil, WADA had uncovered a national Russian doping conspiracy and recommended a ban. In response, Moscow’s most notorious hackers targeted an array of international officials and then leaked both real and doctored documents in a propaganda push meant to undermine the recommendation. The International Olympic Committee rejected a blanket ban and allowed each sport to rule individually. Next, the opening ceremony of the 2018 winter games in South Korea kicked off with all the traditional optimism, bright lights, and pageantry—plus a targeted cyberattack known as Olympic Destroyer that was designed to sabotage the networks and devices at the event. The attack’s origins were obfuscated, with breadcrumbs in the malware pointing to North Korea and China—but after investigators untangled the attempts to mislead them, it became apparent that some of the Russian government’s most experienced hackers were behind it. In a series of angry blog posts, the hackers charged that “on the pretext of defending clean sport,” what they described as “the Anglo-Saxon Illuminati” were fighting for “power and cash in the sports world.” It was clear that the Russians viewed the Olympics as one part of a larger world power competition, and looked to hacking as a weapon of choice. Almost nothing has been done to hold anyone responsible.

North Carolina: Federal review finds no evidence hacking caused 2016 Durham County election problems | Travis Fain/WRAL

A U.S. Department of Homeland Security review found no evidence that hacking caused the 2016 election problems that forced Durham County to shut down electronic poll books on election day, the State Board of Elections said Monday in a joint statement with Durham’s board of elections. The report, months in the making, is “compelling evidence that there were no cyberattacks impacting the 2016 election in Durham,” Durham County Board of Elections Chairman Philip Lehman said in the joint statement. The state released a heavily redacted version of the 12-page report late Monday afternoon. In it, federal cyber security experts say they “did not conclusively identify any threat actor activity,” but that aspects of the state’s election security could be improved. Most of these recommendations are redacted for security reasons, but Lehman said in his statement that the county has already “implemented additional training, security measures and staffing changes” since 2016. State elections director Karen Brinson Bell said the state is working with county boards and the federal government “to improve security at every step in the voting process.”

National: New Funding for Election Security Assistance Doesn’t Go Far Enough, Experts Say | Courtney Bublé/Government Executive

With just over 10 months to go before Americans head to the polls to elect their next president, states will have access to additional money to help shore up insecure voting equipment. The funding—$425 million—was included in appropriations for the Election Assistance Commission under the 2020 spending bills President Trump signed into law on Dec. 20. EAC Chairwoman Christy McCormick said the commission “will do everything in its power to distribute these funds as expeditiously as possible.” The funding is a boost over Congress’ most recent appropriation of $380 million for election improvements in 2018—the first time since 2010 that Congress made resources available to help states and localities with their election infrastructure and administration. “State and local election officials from across the country regularly tell us about the need for additional resources,” said EAC Vice Chair Benjamin Hovland. “This new funding will allow election officials to continue making investments that strengthen election security and improve election administration in 2020 and beyond.”  Despite widespread evidence of foreign interference in the 2016 U.S. presidential election and repeated warnings from the intelligence community about the vulnerability of election infrastructure, the bipartisan and independent Election Assistance Commission has struggled with funding and staff cuts as well as House Republicans’ threats to terminate it. With the 2020 presidential election less than a year away, the EAC lacks a permanent director and general counsel.

National: How good is the government at threat information sharing? | Andrew Eversden/Fifth Domain

Over and over cybersecurity officials in the civilian government, the intelligence community and the Department of Defense say the same platitude: information sharing is important. Often, however, little insight, or metrics, back up exactly how well they are doing it. But a new joint report from inspectors general across the government found that information sharing among the intelligence community and the rest of government “made progress.” The report, titled “Unclassified Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015” and released Dec. 19, found that cybersecurity threat information sharing has improved throughout government over the last two years, though some barriers remain, like information classification levels. Information sharing throughout government has improved in part because of security capability launched by the Office of the Director of National Intelligence’s Intelligence Community Security Coordination Center (IC SCC) that allowed the ODNI to increase cybersecurity information all the way up to the top-secret level. The capability, called the Intelligence Community Analysis and Signature Tool (ICOAST), shares both indicators of compromise and malware signatures that identify the presence of malicious code. According to the report, the information from the platform is available to “thousands” of users across the IC, DoD and civilian government.

National: Election security, ransomware dominate cyber concerns for 2020 | Maggie Miller/The Hill

Headed into 2020, with a presidential election on the horizon, cyber concerns are certain to be in the spotlight in Washington. Atop the list of cyber issues will be persistent questions about election security. Officials at the federal, state and local levels say they will be vigilant to any efforts to interfere in the election after 2016, even as lawmakers weigh additional actions to safeguard the vote. But lawmakers will also be looking to tackle other issues as well, such as the ransomware attacks spreading across the country and the growing concerns over companies with foreign ties accessing Americans’ data. 2020 will see a presidential election, along with nationwide elections for the House and a third of the Senate. It will be a major test for efforts to improve security after Russian interference efforts in the 2016 election. U.S. intelligence agencies, former special counsel Robert Mueller and the Senate Intelligence Committee have all concluded that Russia conducted a sweeping and systematic attack against the 2016 elections, using both hacking and disinformation campaigns. Mueller has warned that Russia would attempt to interfere again, testifying to the House Intelligence Committee in July that the Russians were trying to interfere “as we sit here.”

Maryland: Board of Elections to use more wireless networking in 2020 | Steve Thompson /The Washington Post

Maryland election officials plan to use an expanded wireless network during the 2020 elections, prompted by a new law allowing people to register to vote on Election Day. But at least one lawmaker and a local elections board are questioning whether the new system will be worth the cost and will be safe from hackers. A cellular network will transmit new registrations from local polling places to state elections officials throughout Election Day, allowing officials to update voter lists that help meet objectives including that no one vote twice. “It’s creating a path, a road, for the voter check-in data to go from the poll books to our server here,” said Nikki Charlson, the deputy administrator at the Maryland State Board of Elections. She said the step is necessary to enable “local officials to do their research to prepare to count the votes.” Charlson said the only information the network will carry is who is registered and has voted, not how any person voted. The same type of network is used by law enforcement and public safety agencies, she said. “It’s using cellular data, but it’s a secure and closed network,” she said. “No one can find it, and the data’s encrypted, and the network is encrypted.” The state already uses a similar, though smaller-scale, network to upload new registrations during early-voting periods. “So this was taking something we did in early voting and bringing it to Election Day,” Charlson said. But state Sen. Cheryl C. Kagan (D-Montgomery) said the networking equipment, which will cost counties hundreds of thousands of dollars, is not needed and “makes us more vulnerable to hacks and attacks.”

Michigan: Audit pings state bureau of elections on voter file, training, campaign finance oversight | Beth LeBlanc and Craig Mauger/The Detroit News

Michigan’s Bureau of Elections failed to properly safeguard the state’s file of 7.5 million qualified voters, a discrepancy that allowed an unauthorized user to access the file and increased the risk of an ineligible elector voting in Michigan, according to a recent report from the Office of Auditor General. Elections officials lack proper training in more than 14% of counties, cities and townships, the audit also found. And the bureau did not make timely reviews for campaign statements, lobby reports and campaign finance complaints. The audit conducted between Oct. 1, 2016, and April 30, 2019, found in the qualified voter file “230 registered electors who had an age that was greater than 122 years, the oldest officially documented person to ever live,” according to the Friday report. The report came 2 1/2 months before the state’s March 10 presidential primary and a little over 10 months before Michigan voters cast ballots in the November general election. The reviewed information fell largely under the tenure of Republican former Secretary of State Ruth Johnson. Democratic Secretary of State Jocelyn Benson took office Jan. 1.

North Carolina: No evidence of cyber attack in Durham County 2016 election, acordind to DHS | Will Doran/Raleigh News & Observer

There’s no evidence that the 2016 Election Day problems in Durham were the result of cyber hackers, according to the federal government. Special Counsel Robert Mueller’s report on Russian election interference said a company — whose description closely matched the company that provided voter check-in software for Durham and other North Carolina counties in 2016 — was targeted by hackers. And Durham experienced widely reported issues with that check-in software during the 2016 elections. State officials have long said they believed the problems were just due to human error, however, and not anything malicious like foreign hackers. But after the Mueller report’s findings on election interference became public earlier this year, officials at the Department of Homeland Security agreed to look into the Durham situation. On Monday, putting an end to their months-long investigation, they announced they had found nothing to indicate a cyber attack. Phillip Lehman, chairman of the Durham County Board of Elections, called the report “compelling evidence that there were no cyberattacks impacting the 2016 election in Durham.” “As we have acknowledged, there was human error in the preparation of electronic poll books,” Lehman said in a news release announcing the investigation’s findings. “Since that time, the Durham County Board of Elections has implemented additional training, security measures and staffing changes. Elections in 2017, 2018 and 2019 were conducted efficiently and accurately with no significant incidents.”

Ohio: Is Ohio ready for 2020 election? League of Women Voters not so sure | Cincinnati Business Courier

Ohio Secretary of State Frank LaRose says the state’s voting systems are secure and ready for 2020. But Jen Miller of the League of Women Voters is concerned about voter turnout, WVXU reports. LaRose has been touring each of Ohio’s 88 Boards of Elections. He finished up last week in Akron, touting more than $114 million spent this year to equip almost every county with new voting machines. He estimates another $13 million to $15 million in federal “Help America Vote Act” funds is on its way. And he said counties will be completing his 34-point voting security checklist by the end of January to ensure readiness. Jen Miller, executive director of Ohio’s League of Women Voters, is encouraged but said the larger issue is increasing voter turnout – especially with next year’s primary coming on St. Patrick’s Day.

National: How Close Did Russia Really Come to Hacking the 2016 Election? | Kim Zetter/Politico

On November 6, 2016, the Sunday before the presidential election that sent Donald Trump to the White House, a worker in the elections office in Durham County, North Carolina, encountered a problem. There appeared to be an issue with a crucial bit of software that handled the county’s list of eligible voters. To prepare for Election Day, staff members needed to load the voter data from a county computer onto 227 USB flash drives, which would then be inserted into laptops that precinct workers would use to check in voters. The laptops would serve as electronic poll books, cross-checking each voter as he or she arrived at the polls. The problem was, it was taking eight to 10 times longer than normal for the software to copy the data to the flash drives, an unusually long time that was jeopardizing efforts to get ready for the election. When the problem persisted into Monday, just one day before the election, the county worker contacted VR Systems, the Florida company that made the software used on the county’s computer and on the poll book laptops. Apparently unable to resolve the issue by phone or email, one of the company’s employees accessed the county’s computer remotely to troubleshoot. It’s not clear whether the glitch got resolved—Durham County would not answer questions from POLITICO about the issue—but the laptops were ready to use when voting started Tuesday morning. Almost immediately, though, a number of them exhibited problems. Some crashed or froze. Others indicated that voters had already voted when they hadn’t. Others displayed an alert saying voters had to show ID before they could vote, even though a recent court case in North Carolina had made that unnecessary.

National: U.S. Cybercom contemplates information warfare to counter Russian interference in 2020 election | Ellen Nakashima/The Washington Post

Military cyber officials are developing information warfare tactics that could be deployed against senior Russian officials and oligarchs if Moscow tries to interfere in the 2020 U.S. elections through hacking election systems or sowing widespread discord, according to current and former U.S. officials. One option being explored by U.S. Cyber Command would target senior leadership and Russian elites, though probably not President Vladimir Putin, which would be considered too provocative, said the current and former officials who spoke on the condition of anonymity because of the issue’s sensitivity. The idea would be to show that the target’s sensitive personal data could be hit if the interference did not stop, though officials declined to be more specific. “When the Russians put implants into an electric grid, it means they’re making a credible showing that they have the ability to hurt you if things escalate,” said Bobby Chesney, a law professor at the University of Texas at Austin. “What may be contemplated here is an individualized version of that, not unlike individually targeted economic sanctions. It’s sending credible signals to key decision-makers that they are vulnerable if they take certain adversarial actions.” Cyber Command and officials at the Pentagon declined to comment.