National: State, local election officials train for cyber attacks as ‘another level of war’ | Christina Almeida Cassidy/Associated Press

Inside a hotel ballroom near the nation’s capital, a U.S. Army officer with battlefield experience told 120 state and local election officials that they may have more in common with the military strategists than they might think. These government officials are on the front lines of a different kind of high-stakes battlefield — one in which they are helping to defend American democracy by ensuring free and fair elections. “Everyone in this room is part of a bigger effort, and it’s only together are we going to get through this,” the officer said. That officer and other past and present national security leaders had a critical message to convey to officials from 24 states gathered for a recent training held by a Harvard-affiliated democracy project: They are the linchpins in efforts to defend U.S. elections from an attack by Russia, China or other foreign threats, and developing a military mindset will help them protect the integrity of the vote.

Editorials: There’s a lot to like in Congress’s new election security measures. But there’s a big omission. | The Washington Post

President Trump has signed into law a bundle of election security measures buried in this year’s spending bills. What the package includes says a lot about legislators’ commitment to safeguarding our democracy. What it does not include may say even more. There’s a lot to like in this year’s appropriations agreements, starting with a lump sum for states to bolster critical voting infrastructure. The $425 million Congress is providing in 2020 comes many days late and many dollars short according to experts, who say billions were needed starting at least two years ago. But it’s still an improvement over the $380 million allocated in 2018, and the $0 allocated this past year. These funds will be doled out in grants to states, which can then decide how to use them. The National Defense Authorization Act also includes essential measures, such as allowing state election officials to receive top-secret security clearances. The step will open the road at last to robust information-sharing between the federal and local governments. The same is true for public-private partnerships: The legislation establishes a threat analysis center at the office of the director of national intelligence responsible for coordinating between intelligence officials and technology companies to root out influence campaigns.

Indiana: Election cybersecurity: Local election officials prepare for “doomsday-like” scenarios | Andy East/The Republic

How would Bartholomew County handle a cyberattack that compromises its election systems? The answer to that question, as well as other “doomsday-like,” election-related scenarios, will be put down on paper for the first time as Bartholomew County election officials continue their efforts to prepare for the 2020 presidential election, said Bartholomew County Clerk Jay Phelps. Next month, Phelps and other county election officials will begin drafting written contingency plans for how his office would respond to a range of threats that would constitute what he described as an election administrator’s “worst nightmare” — including a cyberattack directed at the county’s voting systems, theft or physical tampering of electronic poll books and even a catastrophic natural disaster that wipes out electricity and cellphone towers. Phelps clarified that his office already has a “verbal plan” in place for these scenarios and his staff knows the general practices for how to deal with them, but no written, step-by-step plans have been drafted. Phelps said he expects to have the written plans ready by April 1, just over one month before Indiana’s presidential primary on May 5.

Ohio: Is Ohio Ready for the 2020 Election? Secretary of State, League of Women Voters Weigh-In | Kabir Bhatia/WVXU

Ohio Secretary of State Frank LaRose says the state’s voting systems are secure and ready for 2020. But Jen Miller of the League of Women Voters is concerned about voter turnout. LaRose has been touring each of Ohio’s 88 Boards of Elections. He finished up last week in Akron, touting more than $114 million spent this year to equip almost every county with new voting machines. He estimates another $13-15 million in federal “Help America Vote Act” funds is on its way. And he says counties will be completing his 34-point voting security checklist by the end of next month to ensure readiness. “We’ve required every board of elections to install an intrusion detector – it’s essentially a burglar alarm for your server and IT infrastructure. What it does is, it allows us to know – whether it’s 4 a.m. on a Saturday or whenever – if there is malicious activity occurring so we can respond to it.”

National: Limited election security funds pose risk for 2020 | Kimberly Adams/Marketplace

As presidential candidates vie for voters’ attention, there’s another group getting ready for 2020: state and local election officials. Congress sent $380 million to states after attempts, some successful, to hack voter lists and election machines in the 2016 election. But elections security experts say that’s unlikely to be enough to fix the patchwork of voting machines, voter lists, and state or county computer systems that make up America’s voting infrastructure. Efforts to shore up that infrastructure happen in quiet offices like that of Chris Piper, commissioner for the Virginia Department of Elections. “The irony of being an election official is that if you’ve done your job right, nobody notices,” he said. Virginia was among the states probed by foreign hackers in 2016, and Piper said the commonwealth is working to ensure that doesn’t happen again. “Virginia was obviously one of the states that was scanned, but we were not breached,” Piper said. “We’ve taken an incredible number of steps to improve that security posture.”

National: More election security funds headed to states as 2020 looms | Christina A. Cassidy/NPR

Congress is giving states a last-minute infusion of federal funds to help boost election security with voting in early caucus and primary states slated to begin in February. Under a huge spending bill, states would receive $425 million for upgrading voting equipment, conducting post-election audits, cybersecurity training and other steps to secure elections. To receive the funds, states must match 20% of their allocation. The Senate approved the bill Thursday, sending it to President Donald Trump for his signature. States have been scrambling to shore up their systems ahead of the 2020 election. The nation’s intelligence chiefs have warned that Russia and others remain interested in attempting to interfere in U.S. elections and undermine democracy. For many who have been advocating for more congressional action on election security, the money is welcome, but they say more must still be done to ensure elections are secure. Sen. Ron Wyden, a Democrat from Oregon, has been among those pushing Congress to require states to implement rigorous post-election audits and use paper ballots in exchange for federal funds. “I’m afraid this bill will widen the gulf between states with good election security and those with perilously weak election security,” Wyden said in a statement. “I appreciate the intent behind this provision, but until Congress takes steps to secure the entire election system, our democracy will continue to be vulnerable to foreign interference.”

National: 2019’s top cybersecurity story is still what Russia did in 2016 | Joseph Marks/The Washington Post

The historic House vote to impeach President Trump last night also marked the most recent turn in a cybersecurity saga that’s gripped the nation since 2016 and consumed much of the past year. Russia’s hacking and disinformation operation in 2016 has occupied lawmakers, election officials and cybersecurity pros for three years now as they try to hold the Kremlin accountable and to prevent a repeat in 2020. It was also Trump’s obsession with poking holes in the official narrative about that operation – by urging Ukraine’s president to investigate a baseless conspiracy theory about Russia’s Democratic National Committee hack and the cybersecurity firm CrowdStrike — that helped spark an impeachment trial that promises to grip the nation for weeks to come. “This impeachment is, to a great degree, a cyber story,” Jon Bateman, a Cyber Policy Initiative fellow at the Carnegie Endowment for International Peace and a former Pentagon cybersecurity official, told me. “It’s the president’s inability to grasp what really happened in a series of cyber incidents that’s led to our current political crisis.” Election hacking was a key battleground for lawmakers this year as Democrats demanded Congress provide $600 million for states and localities to secure their voting machines and impose strict mandates to ensure elections are as secure as possible. They also pummeled Republicans who blocked those efforts, accusing them of being complicit with Russia, and even branding Senate Majority Leader Mitch McConnell (R-Ky.) as “Moscow Mitch” before he relented this week and endorsed sending $425 million to states. Homeland Security Department officials, meanwhile, crisscrossed the country vetting election equipment and running cybersecurity training for local officials. But they were regularly undermined by the president’s wavering on whether Russia was actually responsible for the 2016 interference, helping spark concern the Kremlin will do it again.

Editorials: Cybersecurity Experts Are Leaving the Federal Government. That’s a Problem. | Josephine Wolff/The New York Times

At the end of 2019, with less than a year to go until the presidential election, the government official who has been leading efforts to secure voting systems in the United States will leave the Department of Homeland Security to join Google. The impending departure of Jeanette Manfra, the assistant director for cybersecurity at the department’s Cybersecurity and Infrastructure Security Agency, is a major loss for the federal government’s civilian cybersecurity efforts, and it comes at the end of a year that saw a series of departures by key cybersecurity personnel. In August, the White House chief information security officer, Joe Schatz, left government to join a consulting firm, TechCentrics. A few months later, in October, Dimitrios Vastakis, the branch chief of White House computer network defense, resigned as well, explaining his reasons in a memo, obtained by Axios, with the subject line “cybersecurity personnel leaving office of the administration at an alarming rate.” Mr. Vastakis’s memo stated that the majority of the high-level cybersecurity personnel at the White House had already resigned because of the administration’s “habitually being hostile” to them, including using tactics such as “revocation of incentives, reducing the scope of duties, reducing access to programs, revoking access to buildings and revoking positions with strategic and tactical decision making authorities.” Through these tactics, in combination with a structural reorganization this summer, the White House effectively dismantled the Office of the Chief Information Security Officer, which was established by President Barack Obama in 2014 following the discovery that Russian hackers had infiltrated White House networks.

Voting Blogs: Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials | Brennan Center for Justice

America’s intelligence agencies have unanimously concluded that the risk of cyberattacks on election infrastructure is clear and present — and likely to grow. 1 While officials have long strengthened election security by creating resiliency plans, 2 the evolving nature of cyber threats makes it critical that they constantly work to improve their preparedness. It is not possible to build an election system that is 100 percent secure against technology failures and cyberattacks, but effective resiliency plans nonetheless ensure that eligible voters are able to exercise their right to vote and have their votes accurately counted. This document seeks to assist officials as they revise and expand their plans to counter cybersecurity risks. Many state and local election jurisdictions are implementing paper-based voting equipment, risk-limiting audits, and other crucial preventive measures to improve overall election security. In the months remaining before the election, it is at least as important to ensure that adequate preparations are made to enable quick and effective recovery from an attack if prevention efforts are unsuccessful. While existing plans often focus on how to respond to physical or structural failures, these recommendations spotlight how to prevent and recover from technological errors, failures, and attacks. Advocates and policymakers working to ensure that election offices are prepared to manage technology issues should review these steps and discuss them with local and state election officials.

Rhode Island: Board of Elections votes to purchase new modems to enhance security | Mark Reynolds/Providence Journal

The Rhode Island Board of Elections voted unanimously Tuesday afternoon to enhance the security of the voting system by acquiring new modems for the machines that tabulate votes and embracing other recommendations of a recent security assessment. The board took action after releasing a public copy of the security assessment and taking input from Rhode Island National Guard Col. R. Michael Tetreault, who was part of a team that helped draft the assessment. The state Division of Information Technology and the Rhode Island Guard Defensive Operations Element looked at “technology enhancements” made to the state’s election management system, according to a report obtained Tuesday by The Providence Journal. The initiative also reviewed efforts to reduce risk based on recommendations made last year.

National: Pressure still on McConnell after $425 million election security deal | Joseph Marks/The Washington Post

Democrats and activists plan to keep pressing Senate Majority Leader Mitch McConnell (R-Ky.) for major election security reforms — even after he endorsed delivering an additional $425 million to state and local election officials. That money, which was part of a last-minute government funding deal, marks a major turnaround for McConnell, who for months refused to consider any new election security spending and only recently endorsed a far smaller cash infusion of $250 million. But it doesn’t include any of the election security mandates that McConnell has long resisted and that cybersecurity experts say are vital, such as paper ballots and post-election audits. Without those mandates, Democrats worry the Kremlin will still be able to upend the 2020 election by attacking the least-protected voting districts. Those concerns are also hyper-charged as intelligence and law enforcement agencies are already warning that not just Russia but also “China, Iran, and other foreign malicious actors” are all eager to compromise the election. “Mitch McConnell refused to agree to safeguards for how this funding is spent, which means state and local governments will continue buying machines with major security problems,” said Sen. Ron Wyden (D-Ore.), who has called for strict security mandates on states. “Until Congress takes steps to secure the entire election system, our democracy will continue to be vulnerable to foreign interference.” Sen. Mark Warner (D-Va.) applauded the new funding on Twitter, but warned it is “*not* a substitute for passing election security reform legislation that Senate GOP leadership has been blocking all year.”

National: Spending Deal Allots Millions for Election Security, but Democrats Say It Isn’t Enough | Alexa Corse/Wall Street Journal

The U.S. House voted Tuesday to provide more funding to help states secure their election systems as part of a sweeping budget agreement, but Democrats argued that the compromise still doesn’t do enough to protect U.S. elections from hacking or other interference. A budget agreement would provide $425 million to help states upgrade their voting systems, lawmakers said, the largest amount for a single fiscal year in over a decade. That is part of nearly $1.4 trillion in spending which cleared the House on Tuesday and is expected to win approval from the Senate and from President Trump, preventing a possible government shutdown after Friday. The new funding represents a rare moment of agreement between top Democrats and Republicans concerning how to secure U.S. elections in the run-up to the 2020 contests, which U.S. intelligence officials repeatedly have said hostile powers remain intent on disrupting. But the issue is likely to continue to face partisan headwinds. Key Democrats continued to call for more funding and stricter standards. “This is a welcome development after months of pressure, but this money is no substitute for a permanent funding mechanism for securing and maintaining elections systems,” said Sen. Mark Warner (D., Va.), the top-ranking Democrat on the Senate Intelligence Committee. He also called for comprehensive election-security legislation that would mandate stronger standards, which he said top Republicans had blocked.

National: New federal funds for election security garner mixed reactions on Capitol Hill | Maggie Miller/The Hill

The inclusion of $425 million for election security purposes in the House and Senate-negotiated annual appropriations bill garnered mixed reactions on Capitol Hill on Tuesday, with Democrats taking issue with how states will be allowed to spend the funds. Sen. Ron Wyden (D-Ore.), one of the key Senate Democrats who has advocated strongly this year for the Senate to take action on election security, told reporters on Tuesday that it was a “huge mistake” for Congress to allow the new funds to be spent on items including voting machines that experts might not deem as secure. “Under this language they can basically spend it on a whole variety of things apparently that really don’t go to the heart of modern security,” Wyden said. “As a member of the [Senate] Intelligence Committee, I won’t talk about anything classified, but I will say that the threats we face in 2020 will make what we saw in 2016 look like small potatoes.” The funds were included in the government appropriations deal following negotiations between the House and Senate, along with a requirement that states match the federal funds by 20 percent, meaning the final amount available for election security upgrades will total $510 million.

Editorials: Will your 2020 vote actually get counted? | Michael Chertoff/Los Angeles Times

On Monday, congressional leaders announced that their government-wide spending bill for fiscal year 2020 will include $425 million for states to protect U.S. elections against foreign interference and cyberattacks. This is an important, if overdue, step in the right direction. But our election systems need far more than a one-time rescue mission. To secure American elections in 2020 and beyond, Congress and the local election officials who will soon receive these funds must treat them as a starting point. When I was secretary of Homeland Security in the Bush administration, we warned of intensifying cyberthreats to critical infrastructure like power grids and transportation and communications systems. Interference with elections emerged only later, as geopolitical rivalry with Russia increased. One vulnerability that needs urgent correction is the use of paperless voting machines. These voting systems are extremely susceptible to hacking without detection because they produce only a digital record of votes. Without a paper record, officials have no way of verifying a vote count when a machine is hacked. The Department of Homeland Security, the American Assn. for the Advancement of Science, and countless other experts have said that replacing paperless machines is critical. Yet up to eight states are still expected to use paperless machines in some or all polling places next year. The Brennan Center has estimated that more than 16 million Americans could vote on insecure paperless machines in 2020 unless further action is taken. Once they receive the funds from Congress, states relying on paperless machines should take immediate steps to replace them.

Editorials: The Wisconsin Elections Commission is ignoring cyber threats to counties | Scott McDonell/Wisconsin State Journal

If your neighborhood had a string of robberies, you wouldn’t lock your front door but leave the garage door wide open. Unfortunately, that is exactly what Wisconsin is doing ahead of the 2020 presidential election. Here’s the story: The nonpartisan Wisconsin Elections Commission recently received $7 million from the U.S. Election Assistance Commission to safeguard election infrastructure in our state. The federal commission is rightly concerned about Russians or other bad actors hacking or intentionally crashing our computer systems. Anything that could cause the public to question our election results would be considered a victory by the hackers. But so far, the Wisconsin Elections Commission has committed over 95 percent of the $7 million in federal money to the state’s online voter registration system — WisVote — while leaving counties without any additional funding to head off cyber threats. This is a crucial issue because all votes are collected at the county level. Certainly, protecting the integrity of WisVote is important. If a hacker were to target WisVote, for example, the hacker could alter the voter database and cause chaos prior to an election as well as on Election Day. And the Wisconsin Elections Commission has provided some funding to cities, villages and towns to upgrade their old equipment and software to ensure WisVote is accessed in a secure environment.

National: Democrats want tougher language on election security in defense bill | Maggie Miller/The Hill

Democrats are complaining that the annual National Defense Authorization Act (NDAA) set for a Senate vote this week doesn’t go far enough to protect election security. The bill includes a number of provisions that would tighten security, but Democrats — who for much of the year have targeted Senate Majority Leader Mitch McConnell (R-Ky.) on the issue of election security — say it lacks key safeguards that would help prevent foreign meddling, including post-election audits of the results and requirements for states that do not use paper ballots. While the concerns won’t prevent the Senate from approving the massive bill, they are likely to lead to complaints as Democrats continue to press the issue of election security next year. “We can’t mandate that, but we could say if you want to take the federal money, you’ve got to meet these prerequisites,” Sen. Mark Warner (D-Va.), the top Democrat on the Senate Intelligence Committee, said of the paper ballot issue. “I still don’t think we’re as protected as we should be going into the 2020 election.”

National: Election, grid security provisions in defense bill | Tim Starks/Politico

Via inclusion of a multi-year intelligence authorization measure, the defense legislation issues numerous election security edicts. The legislation would establish briefings and notifications from the Director of National Intelligence and DHS to Congress, state and local governments, campaigns and parties when there’s a significant cyber intrusion or attack campaign. It would take steps to expand and speed up security clearances for election officials. It would require development of a strategy for countering foreign influence. And ODNI would have to designate a lead counterintelligence official for election security. Intel officials (often in partnership with other agencies) would have to deliver reports and assessments to Congress on past attempted and successful cyberattacks on the 2016 elections, as well as those anticipated in the future; how prepared intel agencies are to counter Russian election influence; foreign intelligence threats to U.S. elections; and Russian influence campaigns in foreign elections. The grid: House and Senate negotiators included a proposal (S. 174) from Sens. Angus King (I-Maine) and Jim Risch (R-Idaho) that would establish a program to test analog and other methods of protecting the grid from cyberattack. It would authorize the use of military construction funding to make cyber and other improvements to utility systems that serve military installations.

National: Voting-Machine Parts Made by Foreign Suppliers Stir Security Concerns | Alexa Corse/Wall Street Journal

A voting machine that is widely used across the country contains some parts made by companies with ties to China and Russia, researchers found, fueling questions about the security of using overseas suppliers, which has also sparked scrutiny in Washington. Voting-machine vendors could be at risk of using insecure components from such overseas suppliers, which generally are difficult to vet and monitor, said a report being released Monday by Interos Inc., an Arlington, Va.-based supply-chain monitoring company that has consulted for government agencies and Fortune 500 companies. The findings are likely to fan worries about whether voting-machine vendors are doing enough to defend themselves against foreign interference ahead of the 2020 U.S. elections, which U.S. intelligence officials say hostile powers could try to disrupt. Voting-machine vendors assailed the research, which Interos conducted independently, saying the report failed to note existing safeguards, such as testing done at the federal, state and local levels, and the vendors’ internal protocols. The report comes as U.S. lawmakers and national-security officials increasingly have sounded alarms about supply-chain risks. Although supply chains that span the globe are common in the tech industry, Russia and China pose concerns because of how, according to U.S. officials, they press companies for access to technology within their borders. Washington lawmakers have specifically cited voting machines as an area of concern, among such other products as telecom equipment made by Chinese firm Huawei and antivirus software from Russia-based Kaspersky Lab. Russia and China historically have denied interfering in U.S. politics. The report examined one voting machine as a case study. In that machine, around 20% of the components in the supply chain that Interos was able to identify came from China-based companies, including processors, software and touch screens, according to the Interos research. Those components weren’t necessarily made in China, as the suppliers may have several locations globally, and the Interos data doesn’t necessarily cover the entire supply chain, the researchers noted. Researchers declined to name the particular model of voting machine they examined, or its maker, citing the sensitivity of the issue. They said only that it is “widely used” in the U.S. Two major vendors, Election Systems & Software LLC and Dominion Voting Systems Corp., said they didn’t think it was one of their products.

National: The biggest tech threats to 2020 elections | Roi Carmel/VentureBeat

As our election system modernizes, securing our democratic process has become a chief concern for both U.S. legislators and voters. Just last month, the House passed the SHIELD Act, which is focused on securing our elections. But that’s not going to be enough in an era when technology is turning out entirely new attack surfaces. In 2016, the Pew Research Center put the number of electronic voting machines — also known as direct-recording electronic (DRE) devices — at 28%. The 2020 election cycle will likely show an uptick in that number. But attacking American voting booths is an obvious move, and attackers consistently follow the path of least resistance. In the case of election security, the weakest point today is critical infrastructure. It’s the framework that supports our modern democratic process, and it runs deep, from traffic light systems and mass transit to the way we receive vital news and information.

Florida: Pensacola mum on ransom demands by cyberattackers | Bobby Caina Calvan and Frank Bajak/ Associated Press

A Florida city confirmed Friday that hackers seeking to extort money were responsible for crippling its computer systems earlier this week but officials have yet to decide whether they will pay a reported $1 million ransom. If they do opt to fork over the money, they may have to dip into Pensacola city coffers; the city of about 52,000 in Florida’s Panhandle — whose annual budget is roughly $245 million — is not insured for such an attack. Obtaining it in the future is “something that our risk manager will certainly be looking into,” said city spokeswoman Kaycee Lagarde. Lagarde confirmed that ransomware was behind the attack that brought down the city’s computer network over the weekend, less than a day after a Saudi aviation student killed three U.S. sailors and wounded eight other people at a nearby naval air station. The FBI has said the attacks were not connected.

Nevada: Cybersecurity risks cast shadow on Nevada’s 2020 Democratic presidential caucuses | Steven Rosenfeld/Salon

In August, the Democratic National Committee decreed there would be no online voting in 2020’s state party-run presidential caucuses due to security and reliability issues. But the Nevada Democratic Party will be using several online elements in early voting and 1,700-plus local precinct caucuses, reviving these concerns among election experts. The state party, as detailed in a long report in the Nevada Independent, will use an app—that “has not been finalized yet” — so caucus chairs can receive the results of early voting by area residents (February 15-18) and transmit the outcome of their precinct’s ranked-choice process (February 22) over Wi-Fi or cellular signals to state party headquarters. Nevadans who have not registered as Democrats can do so to vote early or at precinct caucuses, where party representatives will add them to their voter rolls via online or cellular transmissions, the Independent also said. Early voters and those participating in the caucuses will also record their registrations and presidential preferences on paper forms — as backups. But the central systems that will be used to manage voter lists and to submit local precinct results in 2020’s third Democratic presidential contest will be over the internet.

Ohio: Fairfield County one of 13 counties to meet state deadline on election security procedures | Rick Rouan/The Columbus Dispatch

The vast majority of Ohio’s county boards of elections haven’t installed the digital burglar alarm Secretary of State Frank LaRose says helped his office detect a hack attempt of his office’s website on Election Day. With less than two months to go before the deadline LaRose imposed to install the so-called Albert systems, just 13 out of Ohio’s 88 county boards of elections have operational alarms. The remaining 75 have until Jan. 31. Fairfield County Board of Elections Director Jane Hanley said her county is one of the 13 that are using the Albert systems. She said she was not allowed to talk much about it for security reasons. But Hanley did say the systems scan all email that comes into the county in trying to detect an intrusion or attack. The county has been using it for about six weeks and will use it permanently.  Hanley said the state gave the county a $50,000 grant to install the new security system. She said the county is so far under budget on the grant and that she expects to stay that way. Hanley said the county is also about halfway to installing a Security Information Event Management (SIEM) system to further enhance security and detect intrusion attempts. She said the purpose to so make sure voters get a fair and honest election. But that’s not all Fairfield County has done.

Taiwan: Elections vulnerable to cyber-warriors | Kent Wang/Asia Times

According to the latest survey by Taiwan United Daily News, 53% of Taiwanese voters think that hiring cyber-warriors is a severe issue during the current presidential election campaign. President Tsai Ing-wen said last week that during this period, most of the smearing and fake stories came from her Kuomintang (KMT) opponent Han Kuo-yu’s camp, adding that the government spent a lot of efforts to clarify fake news every day. A spokesman for Han’s campaign headquarters said, “At this moment there are so many cyber-warriors. How many people like Slow Yang (楊蕙如) are there exactly? Which attacks are self-motivated and which are organized? These all need to be further investigated by the police.” The general public has for long heard about Democratic Progressive Party (DPP) cyber-warriors, whose roars and rampages on the Internet are in direct proportion to their crude and brusque rhetoric. Yang was indicted for allegedly hiring and instructing cyber-warriors to exercise spin control by manipulating fake public opinions, resulting in the suicide of diplomat Su Chii-cherng (蘇啟誠), director of the Taipei Economic and Culture Office (TECO) in Osaka. Through the suicide case, Yang was charged with directing the cyber-warriors in guiding public opinion and her downstream subordinates. And the outside circles were wondering where Yang’s money to pay the cyber-warriors came from.

Indiana: State voting security seen as lax | Niki Kelly/The Journal Gazette

More than 50 Hoosiers attended the event put on by Common Cause Indiana that included a national look at election security as well as a detailed review of Indiana. The lack of an audit and paper trail has a tangible effect on whether voters trust the system, Dr. Greg Shufeldt – assistant professor of political science at Butler University – told the group. He noted states have taken divergent paths – some making voting easier and more accessible while others have cracked down on alleged voter fraud. A look at two different electoral integrity studies shows Indiana in the middle or slightly below the middle of the states. And Shufeldt said the primary thing that makes Indiana vulnerable is its use of direct record electronic machines. Election lawyer William Groth explained that 58 counties – including Allen – have these machines. They record votes directly into the machine with no paper ballot or trail generated. There is no way for a voter to confirm the machine accurately recorded their intent, and it is more difficult to do recounts.

Latvia: State institutions and politicians experience cyber attack | Latvian Public Broadcasting

The Information Technology Security Incident Response Institution Cert.lv announced on Friday, December 13 that over the last few days several state institution employees and politicians have experienced targeted cyber attacks using phishing emails from the Russian embassy formatted as a reply to a previous correspondence. The emails included a link for downloading a document, which would be used to infect the victim’s computer. All recipients recognised former correspondence fragments, which were used to promote trust in the email. This is at least the second such attack in the last three months where phishing emails were sent from the Russian embassy. The embassy itself informed the media in October that their email system experienced a cyber attack. The attack didn’t include critical vulnerabilities, but the downloadable documents included macro functions, where the user had to accept permissions. Cert.lv urges everyone to check the authenticity of all emails by checking the “From” and “Repy-to” addresses before opening any attachments or downloading any documents, as well as to avoid accepting any macro function permissions from documents.

National: Several election security provisions are in the massive defense bill | Andrew Eversden/The Fifth Domain

The National Defense Authorization Act released Dec. 9 contains several provisions aimed at securing U.S. election infrastructure months before presidential primary season is in full-swing. The provisions in the compromised conference report mandate a broad range of election-related steps, from an assessment of foreign intelligence threats to U.S. elections to allowing top state election officials to receive Top Secret security clearances. The security clearance language is good news for the information-sharing relationship between the the federal government and state election officials, who don’t have proper clearance to view high-level intelligence related to election infrastructure cyberthreats. Throughout the 2016 election, the Department of Homeland Security and the FBI had a fraught information-sharing relationship with the states. In the years since, top federal election officials have consistently said information sharing needed to be improved, and while officials say it has been, the clearance problem was still a hindrance.

National: RNC, DNC bank on Duo authentication ahead 2020 election | Shannon Vavra/CyberScoop

The Republican National Committee is relying on authentication tools and careful social media behavior in order to avoid a devastating data breach like the kind that derailed its Democratic counterparts in 2016. The RNC, which develops and promotes the party’s platform and currently supports President Donald Trump’s re-election campaign, is banking on Duo Security, which specializes in multi-factor authentication, to keep state-sponsored hackers out of party accounts, according to recent Federal Election Commission filings. Even if a user’s password credentials are stolen, an extra layer of authentication can ensure that only the legitimate account holder could access his or her communications. Since March of this year, the RNC has paid just over $1,000 per month to Duo, according to FEC filings. The RNC started using Duo in 2016, just days before the election. And it’s not just email account access the RNC is trying to protect — the RNC uses multiple layers of authentication to protect other user accounts, both personal and professional, too, according to Mike Gilding, the deputy director of information technology at the RNC. The approach reflects the urgency with which both major political U.S. parties must adopt even basic cybersecurity measures after Russian hackers accessed email accounts belonging to key members of the Democratic National Committee in 2016. Another similar attack against either party could disrupt what is shaping up to be a particularly contentious U.S. election season, as impeachment proceedings against the president move forward. The DNC and RNC have a lot to safeguard, including polling data, candidate research, campaign funding, and election strategies.

Editorials: Election security: Oversight of vendors is lacking | Pittsburgh Post-Gazette

Well-documented Russian meddling in U.S. elections demands keen concern for the protection of election integrity. This concern should rise to the level of immediate action in light of a new report verifying the lack of federal oversight of the private companies that make voting equipment. The Brennan Center for Justice, which is based at New York University School of Law, reported that three companies provide more than 80% of the voting systems in the U.S., yet they lack meaningful oversight, leaving the electoral process vulnerable to attack. A cyberattack against any of these companies could have deep consequences for elections across the country. Other systems that are essential for free and fair elections, such as voter registration databases and electronic pollbooks, also are supplied and serviced by private companies. Yet these vendors, unlike those in other sectors that the federal government has designated as critical infrastructure, receive little or no federal review, the Brennan Center found. Oversight is needed. Federal standards must be set. Congress should establish a framework for certification of election vendors.

Rhode Island: Elections board discusses voter-system security | Katherine Gregg/Providence Journal

Voting by email. Upgrading the modems used to transmit election-day vote tallies.  Unmasking the donors hiding behind names like “The Coalition to Make Our Voices Heard” who pour money into campaigns. On a day Russian interference in past U.S. elections again made news, Rhode Island election officials waded into this quagmire without making any final decisions on what to do next. For example, they briefly weighed the pros and cons of allowing overseas voters — such as members of the military — to cast their R.I. election ballots from afar by email. The idea was shelved — at least for now — pending more study, after one member after another of the state Board of Elections voiced concern about the security of ballots cast in this fashion, despite assurances the ballots would be sent to a dedicated “address.” “I think we need to look very carefully at the security issues,” said the vice chairman, Stephen P. Erickson. It was unclear who authored the email-voting proposal that appeared on the board’s agenda, alongside a proposal to upgrade from 3G to 4G the modems the state uses on election-day to transmit results to state Board of Elections headquarters. That proposal too was put on hold — until next week — amid warnings from Brian Tardiff, the information security officer for the state’s Division of Information Technology, that making public all of the findings of a cybersecurity analysis of Rhode Island’s election system could put the system at risk.

Texas: Ahead Of 2020, Voting Group Warns Most County Election Websites In Texas Are Not Secure | Ashley Lopez/KUT

Almost 80 percent of county election websites in Texas are not secure ahead of the 2020 presidential primary, according to a report from the League of Women Voters of Texas. Before every major election, the nonpartisan voting group says, it looks through the state’s 254 county election websites to make sure they have the information they are legally required to have, that the information is easy to find and that it’s easy to read. League of Women Voters of Texas President Grace Chimene said as the group conducted this review, it found a glaring issue. “One of things that stood out to us is that there is a definite problem with website security,” she said. “I was really surprised. I was totally shocked that this is a problem.” In particular, Chimene said, 201 of the 254 sites don’t have https in their URLs, signaling the website is secure. “This is just the most simple thing to fix and it hasn’t been fixed,” she said.