Iowa: 2012 election problem a window into ongoing voter dysfunction, county auditor contends | Jason Clayworth/Des Moines Register

An Iowa election reporting delay that occurred the night President Barack Obama won a second term underscores longtime and ongoing dysfunction in the state’s voter system, says a county auditor who has filed an elections complaint against the state. A spokesman for Iowa Secretary of State Paul Pate, a Republican, disputed the contention by Linn County Auditor Joel Miller, a Democrat. “It’s totally irrelevant to anything this office has done,” spokesman Kevin Hall said this week. The 2012 delay was the result of a glitch in free computer software Iowa received from South Dakota, records the Des Moines Register obtained last week from the Iowa Secretary of State’s Office show. Because of a software crash, results from 126 Statehouse races were delayed and the balance of power in the Iowa Legislature remained unclear until the day after the election. BPro — a South Dakota company that designed the software and was hired via a no-bid contract to customize the system for Iowa — agreed to pay the state $150,000 in “liquidated damages” for the problem in its election night reporting system and its related work, according to an August 2014 termination agreement and a company spokesman.

Louisiana: Louisiana was hit by Ryuk, triggering another cyber-emergency | Sean Gallagher/Ars Technica

In October, the Federal Bureau of Investigation issued a warning of increased targeting by ransomware operators of “big game”—targets with deep pockets and critical data that were more likely to pay ransoms to restore their systems. The past week has shown that warning was for good reason. On November 18, a ransomware attack caused Louisiana’s Office of Technology Services to shut down parts of its network, including the systems of several major state agencies. These included the governor’s office, the Department of Health (including Medicare systems), the Department of Children and Family Services, the Department of Motor Vehicles, and the Department of Transportation. Louisiana Governor John Bel Edwards activated the state’s cybersecurity response team. While some services have been brought back online—in some cases, within hours—others are still in the process of being restored. Most of the interrupted services were caused by “our aggressive actions to combat the attack,” according to Louisiana Commissioner of Administration Jay Dardenne. “We are confident we did not have any lost data, and we appreciate the public’s patience as we continue to bring services online over the next few days.”

Virginia: State Board of Elections Approves 2020 Election Cybersecurity Standards | The Fredericksburg Free Lance-Star

The Virginia State Board of Elections on Monday unanimously passed minimum security standards for all Virginia elections administrators to follow beginning next year. In 2019, the General Assembly passed HB 2178, calling for new, modern cyber security standards that must be met throughout the Commonwealth before systems are allowed to access Virginia’s election database, according to a news release from the state board. Since July, the Department of Elections along with a workgroup comprised of local government IT professionals and general registrars have met to compose a list of standards that will help to ensure the integrity of Virginia’s voter registration system. These new minimum security requirements for election administrators include, but are not limited to: setting new standards for creating secure passwords, requiring an increased emphasis on utilizing anti-virus protection on their election systems, and developing and training on incident response plans, the release stated.

National: States and cities make cybersecurity pledge after Trump administration rejects it | Joseph Marks/The Washington Post

U.S. states and cities are breaking with the federal government and signing onto an international pledge aimed at making cyberspace safer. Virginia, Colorado and Washington state have all endorsed the Paris Call, which was first boosted last year by French President Emmanuel Macron and which commits members to combatting major cyberattacks, digital theft of intellectual property and foreign election interference. City governments in Louisville, San Jose and Huntington, W.Va., have also joined. The Trump administration, meanwhile, is still refusing to endorse the pledge — even though it was approved by 74 other nations including our closest allies in Britain, Canada, Australia and New Zealand. The move is another way that cities and states are breaking with the Trump administration. Others have done so on issues ranging from climate change, privacy to immigrant rights. It also underscores how states and localities, which have been pelted with costly ransomware attacks and struggled to protect their elections against highly sophisticated Russian hackers in recent years, are increasingly viewing cybersecurity as an existential threat. “It’s a problem that’s facing us and I really don’t give a flip whether a governor or a president is addressing it,” Huntington, W.Va., Mayor Stephen T. Williams told me. “I’m going to find people on common ground and we’re going to move forward and make our case. If the states and federal government want to come along, that’s fine, but, if not, we’ve got our own voice.”

National: Senate Democrats urge DHS to fund cyber threat information-sharing programs | Maggie Miller/The Hill

A group of three Senate Democrats is urging the Department of Homeland Security’s (DHS) cyber agency to help fund cybersecurity threat information-sharing centers involved in election security efforts. In a letter sent on Monday to Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency, Senate Minority Leader Charles Schumer (D-N.Y.), and Sens. Maggie Hassan (D-N.H.) and Gary Peters (D-Mich.) expressed concerns around the funding level for two information-sharing groups. Specifically, the senators noted that DHS’s proposed fiscal 2020 budget covers only around 70 percent of the estimated $15 million it would take for the Center for Internet Security to run both the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

National: Ex-U.S. security officials urge ‘aggressive steps’ to protect 2020 election | Mark Hosenball/Reuters

The United States should boost spending and take other “aggressive steps” to protect next year’s presidential election from foreign meddling, a group of former national security officials said on Monday. Citing what they said were signs U.S. rivals want to undermine the November 2020 poll, National Security Action – a group led by former advisers to President Barack Obama – said states and agencies should invest in paper ballot backups for digital voting machines, ensure audits of election results, improve cybersecurity and boost training for poll workers. Election security has become a major concern since U.S. intelligence agencies claimed Russia interfered in the 2016 presidential election to tilt the vote in Donald Trump’s favor. Moscow has denied here any interference. Congress has appropriated some $600 million for election security since 2018 and is working to approve another $250 million, an amount that National Security Action called a “modest start.” Its statement was signed by 70 former security officials from a range of agencies.

National: U.S. National Guard’s Evolving Mission Includes Assisting Local Governments Experiencing Cyber Attacks | Scott Ikeda/CPO

Cyber attacks on municipalities have been on the rise in the past year, particularly in smaller cities that have inadequate resources to deal with them. In the smallest of towns and cities, local government relies on state and federal resources to deal with remediation in the wake of a breach. For some, those resources now include the National Guard. Established at the national level in 1903, the National Guard is a reserve military force called upon for certain domestic emergencies; primarily, recovery efforts when natural disasters and major terrorist attacks occur. With cyber attacks evolving to target both the digital and physical infrastructure of towns and cities, states are now able to justify deploying the Guard to assist in supporting and protecting these vital services. As little as a few years ago, cyber defense was not even on the radar of most National Guard agencies. In the past two years, cyber brigades have begun to spring up around the country as the need for proactive defense and response to nation-state cyber attacks has become clear. Though each state has its own National Guard agency, many of these cyber brigades are responsible for covering multiple states. For example, the Army Nation Guard’s 91st Cyber Brigade is based in Virginia but is tasked with overseeing cyber response units in 30 states.

National: 3 Cybersecurity Threats Facing Campaigns in 2020 | Sean J. Miller/Campaigns & Elections

Cyber threats are a growing market this cycle. Security vendors, some free or low-cost, are stepping up to provide services for campaigns and groups to help protect themselves from hacking, which could come from a lengthening list of foreign adversaries. Still, awareness and adoption remain uneven, particularly down-ballot. Now, the industry vulnerabilities that exist aren’t just being probed by Russians. Other state actors are trying their hands at election inference, according to Matt Rhoades, co-founder of the non-profit group Defending Digital Campaigns, Inc. “We know that the Chinese play this game. But if you’re a Republican too, you know that the Iranians are now fully invested in this kind of effort, and they’re going to be targeting Republicans, especially, who have been hardcore on things like the Iranian nuclear deal,” Rhoades said last month during a panel at the George Washington University’s GSPM. “You have to look past just Putin.” The tactics that the state actors could use are established, with some new twists. Here are three threats campaigns face.

Louisiana: Government computers knocked out after ransomware attack | Christopher Bing & Raphael Satter/Reuters

Louisiana state government computers were knocked out following a ransomware attack, the governor said on Monday, as results from the close gubernatorial election in the southern state await certification. Many state agencies had their servers taken down in response to the attack, Governor John Bel Edwards said in a series of messages posted to Twitter. He said the agencies were coming back online but that full restoration could take “several days.” “There is no anticipated data loss and the state did not pay a ransom,” he said. Ransomware works by scrambling data held on vulnerable computers and demanding a payment to unlock it. Louisiana Secretary of State spokesman Tyler Brey said that while his office’s website was briefly offline, the tallying of Saturday’s vote, in which Bel Edwards narrowly won re-election, was unaffected. The vote drew national attention following U.S. President Donald Trump’s well-publicized endorsement of Bel Edward’s Republican challenger, Eddie Rispone.

Virginia: State Board of Elections approves election security standards for 2020 | Augusta Free Press

The Virginia State Board of Elections unanimously passed minimum security standards for all Virginia elections administrators to follow beginning next year. In 2019, the General Assembly passed HB 2178; this legislation called for new, modern cyber security standards that must be met throughout the Commonwealth before systems are allowed to access Virginia’s election database. Since July, the Department of Elections along with a workgroup comprised of local government IT professionals and general registrars have met to compose a list of standards that will help to ensure the integrity of Virginia’s voter registration system. These new minimum security requirements for election administrators include, but are not limited to: setting new standards for creating secure passwords, requiring an increased emphasis on utilizing anti-virus protection on their election systems, and developing and training on incident response plans.

Montenegro: US, Montenegro plot cyber warfare ahead of 2020 elections | Dusan Stojanovic/Associated Press

Deployed inside the sprawling communist-era army command headquarters in Montenegro’s capital, an elite team of U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. With its pristine rocky mountains, lush green forests and deep blue seas, the tiny Balkan state seems an unlikely location for waging global cyber warfare. But after the newest NATO nation was targeted by Russia-linked hackers and following a Moscow-backed coup attempt in Montenegro in 2016, the U.S. military dispatched their cyber experts to the Adriatic Sea nation. Montenegro is in the Balkans, a strategic area where Russia has been seeking to restore its historic influence. The country of just over 600,000 people joined NATO in 2017, defying strong opposition from Moscow. It has proven to be a key Western ally in the volatile region that went through a devastating war in the 1990s’.

United Kingdom: Notorious hackers claim responsibility for Labour DDoS | Alex Scroxton/Computer Weekly

Hacking group Lizard Squad has claimed responsibility for the 12 November distributed denial of service (DDoS) attack on the Labour Party, according to private messages exchanged with The Independent. Better known for targeting online gaming services, including Sony’s PlayStation and Microsoft’s Xbox networks, as well as celebrity social media accounts and, on one occasion, an airline, Lizard Squad tends to focus on large-scale DDoS attacks that generate substantial publicity. A Twitter account allegedly associated with the group said on 12 November that the DDoS attack was taking place because “no terrorist-supporting government should allow to rule [sic] a country”, a likely reference to Labour leader Jeremy Corbyn’s views on the Northern Ireland peace process and his frequent contacts with prominent Sinn Féin members during the Troubles. The account said the botnet used in the attack incorporated millions of devices on a global scale, to “enable more power to process such attacks”.

National: Election vendors should be vetted for security risks, says watchdog group | Joseph Marks/The Washington Post

The federal government should start vetting companies that sell election systems as seriously as it does defense contractors and energy firms, a top election security group argues in a proposal out this morning. Under the proposal from New York University’s Brennan Center for Justice, government auditors would verify election companies and their suppliers are following a raft of cybersecurity best practices. They would also have to run background checks to ensure employees aren’t likely to sabotage machines to help Russia or other U.S. adversaries. The suggestion comes as Congress continues to fight over whether to tighten election security as candidates ramp up for the 2020 election. Senate Republicans, especially, have stalled further security measures, even as observers warn that the next election is ripe for hacking by foreign adversaries such as Russia, which interfered in the 2016 contest. Vendors of voting machines, however, have traditionally been exempt from close review by federal regulators. “These vendors are a critical part of securing our elections, but we haven’t really focused on them at all,” Lawrence Norden, director of Brennan’s election reform program and one of the authors, told me. “We need to understand that they’re critically important but also represent a vulnerability that there needs to be oversight for.”

National: Arming agencies for ransomware attacks in an election year | Stephen Moore/GCN

In the past few months, we have seen just how imperative it is to stop ransomware attacks. Ransomware has the power to rob state and local governments of thousands — or hundreds of thousands — of budget dollars and grind productivity to a halt. Recovery can cost tens of millions, as Atlanta and Baltimore discovered. Just two months ago, a coordinated attack hit 22 local Texas governments simultaneously, forcing many municipalities to rely on backup systems. Fortunately, none of the demanded $2.5 million ransom was paid, but that does not mean the event was without consequence. Cities and their elected officials have learned that failing to protect networks housing taxpayer data risks losing the trust of constituents. While ransomware attacks can happen at any time, an election year is an opportune time for adversaries to conduct attacks — on voter registration systems, for example. In an attempt to prevent a ransomware attack affecting upcoming elections, the Department of Homeland Security recently  announced a program to provide state election officials with guidance and support, as well as pen testing and vulnerability scanning of their voting systems. The rollout of this program, and future programs, serves as a major step in helping local governments protect their networks ahead of the 2020 elections and beyond.

National: Bipartisan bill to secure election tech advances to House floor | Maggie Miller/TheHill

The House Science, Space and Technology Committee on Thursday unanimously approved legislation intended to secure voting technology against cyberattacks. The Election Technology Research Act would authorize the National Institute of Standards and Technology and the National Science Foundation to conduct research on ways to secure voting technology. The legislation would also establish a Center of Excellence in Election Systems that would test the security and accessibility of voting machines and research methods to certify voting system technology. The bill is sponsored by Reps. Anthony Gonzalez (R-Ohio) and Mikie Sherrill (D-N.J.), along with committee Chairwoman Eddie Bernice Johnson (D-Texas) and ranking member Frank Lucas (R-Okla.). All four sponsors enthusiastically praised the bill during the committee markup on Thursday, with Johnson saying that “transparent, fair, and secure elections are the bedrock of our democracy,” and that attacks in 2016 on online voter registration databases “have increased Americans’ concerns about the integrity of our elections.”

National: Election Assistance Commission Needs More Authority In Face of 2020 Threats, Report Finds | Courtney Bublé/Government Executive

With less than a year until the 2020 presidential election, a new report calls on Congress to bolster the authority of the agency that serves as the nation’s elections clearinghouse and devote more funding and resources to it. The Brennan Center for Justice, a nonpartisan law and public policy institute, released a report on Tuesday that proposes a new framework for protecting election systems. Its recommendations focus on the oversight and internal operations of the Election Assistance Commission, the understaffed and underfunded federal agency responsible for promoting election administration best practices and voting machine security standards. “The federal government regulates colored pencils, which are subject to mandatory standards promulgated by the Consumer Product Safety Commission, more strictly than it does America’s election infrastructure,” said the report. Although the Homeland Security Department designated election systems as critical infrastructure in 2017 following revelations of Russian interference in the 2016 presidential election, election systems don’t receive the same type of oversight as other sectors with the critical infrastructure classification.  “While voting systems are subject to some functional requirements under a voluntary federal testing and certification regime, the vendors themselves are largely free from federal oversight,” the report said. “Under our proposal, the EAC would extend its existing certification regime from voting systems to include all vendors that manufacture or service key parts of the nation’s election infrastructure.”

Editorials: Restoring Trust And Security In U.S. Elections | Earl Matthews/Forbes

There was a time when we didn’t think twice about the security of our election systems. We trusted that when we cast our votes, they would be accurately counted. That has changed. During the 2016 election, a powerful threat appeared from outside our own borders – the shadow of other governments hacking and attempting to unduly influence our election systems. If we care about voting and election security, and if we still believe that every voter and every vote counts, then there is a big existential question that we must be willing to address: Is cybersecurity fundamental to the health, if not the very existence, of a democracy today? I say absolutely yes. The issue is not significantly different from the challenges that businesses face as they try to protect their data and digital assets. It’s the ramifications that are so much bigger.

Arizona: County recorders falling short on web security, expert says | Andrew Oxford/Arizona Republic

Arizonans still vote on paper but much of an election unfolds online, from finding a polling place to requesting a mail ballot.

Cyber security experts worry election officials in some of the state’s counties are not doing enough to secure their websites and prevent fraudsters from sowing disinformation or spreading confusion. Most of the county recorders in Arizona are not using one of two basic safety measures that cyber security firm McAfee is encouraging local governments adopt. The company is urging election officials to use web addresses ending in .gov as well as secure sockets layer — encryption commonly used on websites that handle passwords, credit card information and other sensitive data. Without these measures, it could be easier for saboteurs to hijack a website and steal users’ data or provide false information, particularly heading into an election that experts anticipate will be targeted with disinformation.

Australia: Flaws found in New South Wales iVote system yet again | Stilgherrian/ZDNet

The “Days since last vulnerability found” indicator for the iVote system used in New South Wales’ elections was reset to zero on Wednesday thanks to a new research note from University of Melbourne cryptographer Dr Vanessa Teague. Or rather, the software vendor was notified 45 days earlier to keep with the terms of the source code access agreement while the rest of us found out today. iVote was purchased from Scytl Australia, a subsidiary of Barcelona-based election technology vendor Scytl Secure Electronic Voting, and is based on the system used by SwissPost. In March this year, Teague and her colleagues Sarah Jamie Lewis and Olivier Pereira found a flaw in the proof used by SwissPost system to prevent electoral fraud. Later that month, they detailed a second flaw that could be exploited to result in a tampered election outcome. NSWEC claimed it was safe from the second flaw, and had patched the first. In July, NSWEC ordered Scytl to release parts of the source code in a bid to prove it contained no further vulnerabilities. Vulnerabilities have now been found. “I examined the decryption proof and, surprise, it can easily be faked while passing verification,” Teague tweeted on Wednesday morning. “This exposes NSW elections to undetectable electoral fraud by trusted insiders & suppliers, people who guessed the passwords of the trusted insiders, people who successfully phished the trusted insiders, etc.” Teague’s analysis is detailed in the 8-page Faking an iVote decryption proof [PDF]

United Kingdom: Hackers hit UK political parties with back-to-back cyberattacks | Jack Stubbs/Reuters

Hackers hit Britain’s two main political parties with back-to-back cyberattacks on Tuesday, sources told Reuters, attempting to force political websites offline with a flood of malicious traffic just weeks ahead of a national election. The attacks come after Britain’s security agencies have warned that Russia and other countries may attempt to disrupt the Dec. 12 vote with cyberattacks or divisive political messages on social media, a charge Moscow denies. The opposition Labour Party said on Tuesday morning it had “experienced a sophisticated and large-scale cyberattack on Labour digital platforms,” but that the attack was repelled and no data was compromised. Just hours later, the party’s website and other online services came under a second digital bombardment, followed by a third attack on the website of the governing Conservative Party shortly before 1600 GMT, according to two people with knowledge of the matter and documents seen by Reuters. The sources said there was currently nothing to link the attacks on either party to a foreign state. One of sources said the attack on the Conservatives was larger and appeared to be conducted by different hackers, but did not take down any party websites.

United Kingdom: Labour Party hit by second cyber-attack | BBC

Labour is reportedly suffering a second cyber-attack after saying it successfully thwarted one on Monday. The party says it has “ongoing security processes in place” so users “may be experiencing some differences”, which it is dealing with “quickly”. The Distributed Denial of Service (DDoS) attack floods a computer server with traffic to try to take it offline. The BBC’s Gordon Corera has been told Monday’s attack was not linked to a state. Earlier, a Labour source said that attacks came from computers in Russia and Brazil. Our security correspondent said he had been told the first attack was a low-level incident – not a large-scale and sophisticated attack. A National Cyber Security Centre spokesman said the Labour Party followed the correct procedure and notified them swiftly of Monday’s cyber-attack, adding: “The attack was not successful and the incident is now closed.” Meanwhile, Labour has denied that there has been a data breach or a security flaw in its systems after the Times reported the party’s website had exposed the names of online donors.

National: Targets of foreign election interference may get a call from US intel officials | Kevin Collier and Zachary Cohen/CNN

The US government has set up a new process to alert targets of foreign election interference in an attempt to be more transparent and counter ongoing efforts by Russia and other adversaries to influence the American political process. The FBI, Department of Homeland Security, Department of Justice and relevant intelligence agencies announced Friday that the government will notify relevant members of Congress, state and local officials, private sector and the public of foreign interference “where necessary to protect national security and the integrity of our elections,” beyond existing laws and policies. Most intelligence concerning threats to election security is initially classified, making it difficult to quickly release to the public. When Russian intelligence conducted its election interference campaign in the leadup to the 2016 election, the FBI and DHS had difficulty conveying information about some cyber threats to county and state election officials who didn’t have security clearance.

National: Swing state election websites aren’t secure against Russian hacking, McAfee says | Joseph Marks/The Washington Post

County election websites in two battleground states are highly vulnerable to hacking by Russia or another adversary that might seek to disrupt the 2020 vote by misleading voters about polling locations or spreading other false information. About 55 percent of county election websites in Wisconsin and about 45 percent in Michigan, both states that President Trump flipped from Democratic to Republican in 2016 lack a key and fairly standard security protection, according to data provided exclusively to me by the cybersecurity firm McAfee. Without this protection, called HTTPS, it’s far easier for an adversary to hijack those sites to deliver false information, divert voters to phony sites that mimic the real ones or steal voters’ information, per McAfee. (You can often tell if a site has HTTPS protection if there’s a small lock icon to the left of a Web address.) The repercussions could be huge if Russia or another country decided to manipulate sites in key counties to send voters to the wrong polling places or at the wrong times. They could even flood people seeking voting information with malicious software so they spend much of Election Day getting their phones and laptops fixed and have less time to actually go vote. In states with incredibly tight margins of victory in the last presidential election, a hacker who prevented just a few thousand people from voting in one of them in 2020 could swing an election or create broad doubt about the results.

National: Spy, law enforcement agencies step up U.S. election security measures | Mark Hosenball/Reuters

U.S. spy and law enforcement agencies on Friday said they had strengthened procedures for informing Congress, state and local governments, private business and the public about foreign interference in U.S. elections. The FBI has already given some American election candidates “defensive” briefings on evidence U.S. agencies collected of possible election interference, an FBI official told a briefing for journalists. The official, who spoke on condition of anonymity, declined to give further details regarding who might have been warned about the interference or where and how such interference might have originated. An official, also speaking on condition of anonymity, said that U.S. agencies believe that Russia, China and Iran all present continuing potential threats to the U.S. electoral system. However, officials stressed that U.S. agencies had not seen direct threats to American election systems recently. An FBI official added that the bureau has “invested a lot of time” in trying to help social media companies detect inauthentic politically related message traffic, and shares information on this with social media companies.

National: As 2020 US presidential election nears, voter systems are still vulnerable | Lydia Emmanouilidou/Public Radio International

With just a little more than a year to go before the 2020 US presidential election, security experts and lawmakers say progress has been made to guard against foreign interference. But they warn the country’s election infrastructure could be vulnerable to the types of hacking operations that took place in the lead-up to the 2016 election. One such attack was directed at the Illinois State Board of Elections, an agency that oversees and facilitates parts of election processes in the state, including a statewide voter registration system. “One of our IT people noticed that our [voter registration] system was running extremely slowly,” said Matt Dietrich, a spokesperson for the agency. “It had practically shut down.” The IT member inspected the system, and discovered that an intruder had exploited a vulnerability on the board’s online voter application, broken into the statewide voter registration database and gained access to voter information, including names, addresses and drivers’ license numbers. “It was terrifying. … We took the entire system down,” Dietrich said.

National: Every State Was Given Funding to Increase Election Security. Here’s How They Spent It | Nicole Goodkind/Fortune

The U.S. is less than a year out from one of the most consequential elections of the century, which President Donald Trump’s Department of Homeland Security has called “the big game” for foreign adversaries looking to attack and undermine the Democratic process. Congress, meanwhile, is locked in a stalemate about how to secure systems in the country’s 8,000 largely disjointed voting jurisdictions. Tuesday marks the last test of security preparedness before the 2020 elections, as certain statewide polls take place around the country. The Department of Homeland Security is gearing up “war rooms” to monitor for potential interference and test voting infrastructure, but with sluggish movement at a federal level there is little they’ll be able to do to correct any issues within the next 12 months. There is, however, one beacon of hope: 2002’s Help America Vote Act (HAVA)—a block grant issued to states to bolster election security following the Bush v. Gore hanging chad debacle some 19 years ago. In 2018, Congress used the Omnibus Appropriations Act to pad HAVA with an extra $380 million to be divided up amongst the states in proportion to their voting age population. The idea was that they spend it to prepare for the 2020 elections, and Democrats and Republicans are likely to approve at least another $250 million through the act this year.

National: Retirements pose threat to cybersecurity expertise in Congress | Maggie Miller/The Hill

Rep. Pete King’s (R-N.Y.) planned retirement after the 2020 elections is the latest in a string of House departures that look likely to deal a blow to Republican cybersecurity expertise on Capitol Hill. King said on Monday he would not seek reelection after 14 terms in the House, including serving previously as chairman of the House Homeland Security Committee and as a member of the House Intelligence Committee. Those two panels have a focus on cyber issues, such as election security and other cyber threats from foreign countries, and the departure of a longtime member such as King could make it more difficult for Congress to address growing cyber threats in the future. His resignation comes on the heels of announcements by almost two dozen other House Republicans that they will not run for reelection, with several of these members having become key players in the cybersecurity debate on Capitol Hill, including Rep. Will Hurd (R-Texas). Cybersecurity is listed as an area of interest by King on his congressional website, with the lawmaker writing, “As the only senior member of Congress serving on the two Committees with the largest cybersecurity oversight mission, I have made it my goal to ensure we are building an effective cybersecurity program across the federal government.”

Colorado: Operating system update causes upset for county clerks | Christian Burney/La Junta Tribune-Democrat

Otero County Clerk and Recorder’s Office is lagging in some areas after an update last Wednesday to the operating systems of their office computers. Elections Clerk Lynda Scott said at the Monday Board of County Commissioners meeting that after the state assisted the clerk and recorder’s office in updating their computers from Windows 7 to Windows 10 they began experiencing severe slowdowns with computer systems in the clerk’s office and with county vehicle and licensing services. Scott said she was told by state officials that Windows 10 requires a higher bandwidth and that is the source of their technical issues. Scott also added that the state had been aware of Windows 10′s bandwidth requirements and that at least a heads up about the issue would have been appreciated before the install happened last week. “We’re doing the best we can to let them know we are working on it,” said Scott. “State informed us today that they are looking into Comcast, possibly, to put us on that (service provider). But it may be two weeks or a month or more before we know for sure.

Indiana: IU receives $300,000 grant to improve cybersecurity for 2020 election | Jessica Prucha/Indiana Daily Student

Indiana General Assembly legislators awarded IU $301,958 to improve election cybersecurity across the state’s 92 counties. Researchers at the IU Center for Applied Cybersecurity Research are partnering with the Indiana Secretary of State’s Office to create and teach incident response plans to election officials across the state for the 2020 election. Von Welch,Director of the Center for Applied Cybersecurity Research, and his team are working alongside Secretary of State Connie Lawson to develop incident response training material. The initiative will train election officials from the state’s 92 counties on how to respond to incidents, such as power outages, social media threats or ransomware attacks during the 2020 election process. Training initiatives will prepare election officials for computer problems or cybersecurity breaches. “One concern is what happens if there’s an incident related to the computers in the election?” Welch said. “Do they know how to appropriately respond?”

National: I study blockchain. It’s not ready to use in our elections | Nir Kshetri/Fast Company

A developing technology called blockchain has gotten attention from election officials, startups, and even Democratic presidential candidate Andrew Yang as a potential way to boost voter turnout and public trust in election results. I study blockchain technology and its potential use in fighting fraud, strengthening cybersecurity, and securing voting. I see promising signs that blockchain-based voting could make it more convenient for people to vote, thereby boosting voter turnout. And blockchain systems can be effective at strengthening the security of devices, networks, and critical systems such as electricity grids, as well as protecting personal privacy. The few small-scale tests run so far have identified problems and vulnerabilities in the digital systems and government administrative procedures that must be resolved before blockchain-based voting can be considered safe and trustworthy. Therefore I don’t see clear evidence that it can prevent, or even detect, election fraud.