Washington: How Washington is fighting back against attempts to hack ballots | Nick Bowman/KIRO

A week ago, Washington Secretary of State Kim Wyman told KIRO Radio that the state’s election system routinely faces faces tens of thousands of hacking attempts daily. But how exactly is Washington’s system designed to fight those attacks? Wyman stopped in again to detail the various measures in place. “The biggest thing is we moved to the VoteWA system, and so this has enabled us not only to build a stronger firewall, more robust security, and monitoring systems around it, but now … any user that gets into our system, they have to be pre-approved,” Wyman told KIRO Radio’s Dave Ross. VoteWA is system that was first enacted for August’s primary election, featuring a handful of new security measures to ensure results aren’t altered, hacked, or tampered with in any way. Results from each of the state’s 39 counties are tabulated from paper ballots, and then transferred to an air-gapped machine (i.e. a computer not connected to the internet). The results are then transferred to a flash drive, which is plugged into an internet-enabled computer to transmit the final results.

Wisconsin: Election Commission takes steps to strengthen security of Wisconsin’s voting process | The Milwaukee Independent

The Wisconsin Elections Commission unanimously approved a $1.1 million grant program on September 24 that aimed to help cities and towns beef up their election security. The program would make up to $1,200 in federal funding available for qualified participants to update operating systems or buy new computers. Municipalities that already meet baseline security standards could use the funding to make security improvements, like setting up a firewall. These measures are meant to protect Wisconsin’s electronic voting system and voters’ personal information. Commission Administrator Meagan Wolfe said the sooner municipalities have completed the improvements, the better. Wolfe told the commission during its meeting in Tuesday in Madison that every municipality that receives funds will need to be up to minimum security standards by January. The grant program will prioritize the lowest of Wisconsin’s low-tech municipalities. Before approving the program, the commission decided to wait until after those cities and towns get their grants in November before giving money to communities that already meet the security baseline.

Afghanistan: Election Commission confirms cyberattacks on its main server | MENAFN

A member of Afghanistan’s Independent Election Commission (IEC) has said that the cyber-security of IEC’s data center has been enhanced in order to counter any threat of cyber-attacks. Mohammad Hanif Danishyar, a member of the IEC told Ariana News that two German experts from Dermalog, a German company, have arrived in Kabul to resolve the problem of low data transferring from biometric devices to main server. He also confirmed cyber-attacks on IEC main server. ‘Our server is the main thing in elections. We have taken special measures to avoid any possible threats. Even there was such attempts but experts have arrived. We want to make sure that the security of our server is not decreasing again,’ Mr. Danishyar said. In addition, officials said that around 23,000 result sheets and a complete data of voters from 5,000 biometric devices have been transferred to the IEC main server in Kabul.

Israel: Preventing electoral interference – the next frontier for the National Cyber Directorate? | Tamir Libel/Jerusalem Post

In recent years, the threat of foreign interference in elections by governmental and non-governmental actors alike became prominent in public discourse due to the alleged actions taken by Russians and others in various Western election campaigns, such as the 2016 US presidential elections. Such interferences, or “influence operations,” are not limited to the formal election period itself; they are often preceded by the lengthy establishment of large networks for message dissemination and resonance. Even in cases where the interference operation was either unsuccessful or did not take place at all, the mere possibility of such influence becomes a polarizing point in and of itself. The threat of electoral interference should therefore be avoided, especially in contested societies like Israel, necessitating the appointment of a national authority tasked with the observation, disruption and prevention of influence operations.

National: Bipartisan Senate report calls for sweeping effort to prevent Russian interference in 2020 election | Craig Timberg and Tony Romm/The Washington Post

A bipartisan panel of U.S. senators Tuesday called for sweeping action by Congress, the White House and Silicon Valley to ensure social media sites aren’t used to interfere in the coming presidential election, delivering a sobering assessment about the weaknesses that Russian operatives exploited in the 2016 campaign. The Senate Intelligence Committee, a Republican-led panel that has been investigating foreign electoral interference for more than 2½ years, said in blunt language that Russians worked to damage Democrat Hillary Clinton while bolstering Republican Donald Trump — and made clear that fresh rounds of interference are likely ahead of the 2020 vote. “Russia is waging an information warfare campaign against the U.S. that didn’t start and didn’t end with the 2016 election,” said Sen. Richard Burr (R-N.C.), the committee’s chairman. “Their goal is broader: to sow societal discord and erode public confidence in the machinery of government. By flooding social media with false reports, conspiracy theories, and trolls, and by exploiting existing divisions, Russia is trying to breed distrust of our democratic institutions and our fellow Americans.”

National: Cybersecurity and Democracy Collide: Locking Down Elections | Andrew Westrope/Governing

When asked at a congressional hearing if Russia would attack U.S. election systems again in 2020, Special Counsel Robert Mueller was unequivocal: “It wasn’t a single attempt,” he said. “They’re doing it as we sit here, and they expect to do it during the next campaign.” Presidential campaigns are now underway, and election systems are still vulnerable. From voter registration databases to result-reporting websites to the voting machines themselves, researchers have identified soft spots across the system for hackers to exploit, meaning cybersecurity is now a front line of defense for American democracy. There are many parties working on this problem — secretaries of state, the Department of Homeland Security (DHS), EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center), various nonprofits and private companies — and a few common refrains between them. They’re all pushing for paper ballots, vulnerability screenings, staff training, contingency plans, audits and, above all, more consistent funding. And they all have the same basic message for state and local officials: The security of our elections is riding on you.

National: Iranian Hackers Target Trump Campaign as Threats to 2020 Mount | Nicole Perlroth and David E. Sanger/The New York Times

The 2020 presidential election is still 13 months away, but already Iranians are following in the footsteps of Russia and have begun cyberattacks aimed at disrupting the campaigns. Microsoft said on Friday that Iranian hackers, with apparent backing from the government, had made more than 2,700 attempts to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign. Though the company would not identify the presidential campaign involved, two people with knowledge of the hacking, who were not allowed to discuss it publicly, said it was President Trump’s. In addition to Iran, hackers from Russia and North Korea have started targeting organizations that work closely with presidential candidates, according to security researchers and intelligence officials. “We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” said Oren Falkowitz, the chief executive of the cybersecurity company Area 1, in an interview.

National: Iranian attacks expose vulnerability of campaign email accounts | Maggie Miller/The Hill

A recent hacking attempt by Iran targeting a U.S. presidential campaign highlighted the vulnerability of email accounts heading into the 2020 elections. Microsoft revealed last week that it had tracked an Iranian group named “Phosphorus” attempting to access the email accounts of an unnamed presidential campaign, along with accounts tied to journalists and former and current U.S. officials. While the group compromised only four accounts, it identified 2,700 accounts for targeting and attacked 241 of them. The accounts associated with the unnamed presidential campaign, which Reuters identified as the Trump campaign, were not successfully compromised. The Trump campaign told The Hill they had “no indication that any of our campaign infrastructure was targeted.” Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration, said campaigns should ensure “modern cybersecurity technologies” are being used to insulate endpoints, and that “websites and mobile apps should be tested for vulnerabilities and hardened accordingly.” But even if campaigns take those steps, Kellermann said, rising tensions between the U.S. and Iran could lead to attacks on other aspects of campaigns and elections.

Arizona: Secretary of State toughens election rules for cybersecurity | Andrew Oxford/Arizona Republic

Arizona officials are considering tougher cybersecurity standards for the state’s elections ahead of 2020, according to a proposed set of protocols the Secretary of State’s Office published this week. Some of the changes come after The Arizona Republic highlighted concerns about policies included in a first draft of a manual that county officials across the state will use to administer next year’s election. Experts contacted by the newspaper pointed to provisions that did not mandate the use of encryption in some circumstances or would allow officials to re-use USB sticks when working with election systems. The Secretary of State’s Office toughened policies on both of those issues in its final draft of the election procedures manual, published this week. Digital security is just a small piece of the proposed manual, which totals more than 500 pages. But cybersecurity has drawn particular scrutiny amid concerns about meddling in American elections.

Washington: ‘Tens of thousands’ of attempts daily to hack Washington’s election system | Dyer Oxley/MyNorthwest

Washington state’s general election is one month away and aside from making sure the process is ready to run smoothly, Secretary of State Kim Wyman has another concern on her mind — cybersecurity and election hacking. “We have attempts every day,” she told KIRO Radio. “Tens of thousands of attempts to get into our system … right now, we are just blocking all of them.” “Some (hackers) are just trying to see what they can see, ‘what can we get to and what can we play with,’” Wyman said. “And some have bigger chess moves. They are trying to undermine confidence that voters have in our system.”

Iran: Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come | Jai Vijayan/Dark Reading

A recently detected Iranian cyberattack targeting a US presidential campaign may well be a harbinger of what’s in store for political parties and election systems in the run-up to next year’s general elections. Last Friday Microsoft disclosed it had observed significant threat activity over the past two months by Phosphorus, a threat group believed linked to the Iranian government. Phosphorus, which is also known as APT25 and Charming Kitten, made over 2,700 attempts to break into specific email accounts belonging to Microsoft customers. In many cases, Phosphorus used information about the targets — including phone numbers and secondary email addresses — to try and infiltrate their email accounts. In the end, Phosphorus attacked 241 targeted email accounts and eventually managed to compromise four of them. In a blog Friday, Microsoft corporate vice president Tom Burt described the targeted accounts as being associated with a US presidential campaign, current and former US government officials, journalists covering politics, and Iranian nationals residing outside the country. The four accounts that were actually breached, however, were not connected to the presidential campaign or to the government officials.

Editorials: Voting machines pose a greater threat to our elections than foreign agents | Lulu Friesdat/The Hill

As the election security conversation widens beyond Russia, to include countries like Iran and China, it’s important to examine how security flaws in our country’s voting equipment increase the vulnerability of our elections. In 2010 a university cyber team conducted a test attack on an internet voting pilot project in Washington, D.C. The team successfully picked the winner of the election remotely from its Michigan lab. Writing about the attack, computer science professor J. Alex Halderman said, “Within 36 hours of the system going live, our team had … the ability to change votes.” In follow-up testimony, Halderman offered some chilling details: “While we were in control of these systems, we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.” Security experts have long warned that short passwords provide easy targets, but hackers at DEF CON, an annual security convention, recently found U.S. election systems with no passwords at all.  How did the security bar get set so low?

Ohio: House Lawmakers Approve Civilian Cyber Reserve | Jim Provance/Toledo Blade

The Ohio House on Wednesday voted unanimously to create a civilian cyberforce within the Ohio National Guard to respond to cyberattacks against elections systems, governments, businesses, and critical infrastructure. Senate Bill 52, sponsored by Sen. Theresa Gavarone (R., Bowling Green), now returns to the Senate for consideration of House changes. The bill passed the upper chamber unanimously earlier this year. A city’s mayor could ask the governor to call out the Ohio Cyber Reserve if the city finds itself in over its head in fending off or mitigating a ransomware attack or other cyberintrusion, much as governments can now ask for help after natural disasters. “By their nature, elections are vulnerable to threats both foreign and domestic,” Rep. Doug Green (R., Mt. Orab) said. “Creating the Ohio Cyber Reserve allows for preparedness in mitigating those cyberattacks and ensures Ohio’s voters that their elections are secure and accessible.”

India: Election Commission releases new cybersecurity guidelines | Samaya Dharmaraj/OpenGov Asia

The Election Commission of India (ECI) recently released a document outlining cybersecurity guidelines for the upcoming Assembly elections. All Indian states have received detailed cybersecurity guidelines, which include a special audit of all ICT applications hosted by the chief electoral officer, cyber hygiene for the electoral staff, and detailed application/infrastructure level guidelines. According to the document, ECI has taken several steps to ensure cyber safety for the Lok Sabha (House of the People) Elections. ECI has created clear regulations for cybersecurity and educated its entire electoral staff through several workshops. One of its major initiatives was to revamp old applications, reduce the number of applications, and consolidate them into a few manageable ones. Furthermore, all applications have been built with cybersecurity measures in design by default. The core principles are to reduce the attack surface area, deploy defence-in-depth, and to fix security issues correctly.

National: Some Voting Machines Still Have Decade-Old Vulnerabilities | Lily Hay Newman/WIRED

In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers released findings from this year’s event—including urgent vulnerabilities from a decade ago that still plague voting machines currently in use. Voting Village participants have confirmed the persistence of these flaws in previous years as well, along with a raft of new ones. But that makes their continued presence this year all the more alarming, underscoring how slow progress on replacing or repairing vulnerable machines remains. Participants vetted dozens of voting machines at Defcon this year, including a prototype model built on secure, verified hardware through a Defense Advanced Research Projects Agency program. Today’s report highlights detailed vulnerability findings related to six models of voting machines, most of which are currently in use. That includes the ES&S AutoMARK, used in 28 states in 2018, and Premier/Diebold AccuVote-OS, used in 26 states that same year.

National: Hacking 2020 voting systems is a ‘piece of cake’ | Lisa Vaas/Naked Security

It’s still child’s play to pick apart election systems that will be used in the 2020 US presidential election, as ethical hackers did, once again, over the course of two and a half days at the Voting Village corner of the DefCon 27 security conference in August. The results are sobering. This is the third year they’ve been at it, and security is still abysmal. On Thursday, Voting Village organizers went to Capitol Hill to release their findings, in an event attended by election security funding boosters Sen. Ron Wyden and Rep. Jackie Speier. In a nutshell: in August, hackers easily compromised every single one of the more than 100 machines to which they were given access, many with what they called “trivial attacks” that required “no sophistication or special knowledge on the part of the attacker.” They didn’t get their hands on every flavor of voting system in use in the country, but every one of the machines they compromised is currently certified for use in at least one voting jurisdiction, including direct-recording electronic (DRE) voting machines, electronic poll books, Ballot Marking Devices (BMDs), optical scanners and hybrid systems.

Illinois: McHenry County officials requesting Board of Elections support during 2020 elections | Drew Zimmerman/Northwest Herald

Over the past few years, McHenry County has been subjected to multiple election errors, including technology failures and incorrect ballots. To ensure these problems don’t crop up in the 2020 primary and general elections – which are shaping up to have record turnouts – McHenry County officials are looking toward the Illinois Board of Elections for assistance to ensure a smooth and accurate process. On Monday, McHenry County Board member Michael Vijuk sent a letter to IBOE Executive Director Steve Sandvoss requesting any support and resources the agency could bring to ensure the entire voting process is secure. “My plea is not one based on a hasty reaction to a comment or two, but to the problems that I have observed as an election judge, McHenry County Board member and citizen of the county,” Vijuk wrote. “The McHenry County Clerk’s Office has had [sobering] problems that may have directly and indirectly deprived the rights of voters in the 2016 election, the 2018 election, and the 2019 consolidated election. My faith has been shaken in the office’s ability to prevail over these deficiencies without your office’s assistance.”

Michigan: State officials move to secure voting systems ahead of 2020 elections | Quinn Klinefelter/Michigan Radio

Michigan is taking steps to secure the state’s voting systems from potential cyberattacks during the 2020 elections. Federal officials warn that hackers are targeting the upcoming elections — plotting everything from obtaining voter information to spreading disinformation by planting stories online that ballots had been changed. To help combat that, Michigan has hired its first-ever election security specialist. Secretary of State Jocelyn Benson says it’s just one in a series of moves designed to safeguard the sanctity of the voting booth. “Well, we are far better than other states in that we have optical scan machines. So we have hand-marked paper ballots and our machines, for the most part, are not connected to the Internet or transmitting over the Internet,” says Benson.

Verified Voting Blog: Verified Voting Urges Congress to Pass Comprehensive, Bipartisan Election Security Funding

With the 2020 election rapidly approaching, Verified Voting continues to urge Congress to pass comprehensive election security legislation and allocate adequate funding for state and local officials to make critical improvements to our country’s election infrastructure. Congress is negotiating a spending package for the U.S. Election Assistance Commission (EAC) to allocate funding for states to…

National: Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report | Zak Doffman/Forbes

The FBI has warned that “the threat” to U.S. election security “from nation-state actors remains a persistent concern,” that it is “working aggressively” to uncover and stop, and the U.S. Director of National Intelligence has appointed an election threats executive, explaining that election security is now “a top priority for the intelligence community—which must bring the strongest level of support to this critical issue.” With this in mind, a new report from cybersecurity powerhouse Check Point makes for sobering reading. “It is unequivocally clear to us,” the firm warns, “that the Russians invested a significant amount of money and effort in the first half of this year to build large-scale espionage capabilities. Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see such an attack carried out near the 2020 U.S. Elections.” None of which is new—it would be more surprising if there wasn’t an attack of some sort, to some level. What is new, though, is Check Point’s unveiling of the sheer scale of Russia’s cyberattack machine, the way it is organised, the staggering investment required. And the most chilling finding is that Russia has built its ecosystem to ensure resilience, with cost no object. It has formed a fire-walled structure designed to attack in waves. Check Point believes this has been a decade or more in the making and now makes concerted Russian attacks on the U.S. “almost impossible” to defend against. The new research was conducted by Check Point in conjunction with Intezer—a specialist in Genetic Malware Analysis. It was led by Itay Cohen and Omri Ben Bassat, and has taken a deep dive to get “a broader perspective” of Russia’s threat ecosystem. “The fog behind these complicated operations made us realize that while we know a lot about single actors,” the team explains, “we are short of seeing a whole ecosystem.”

National: After Resisting, McConnell and Senate G.O.P. Back Election Security Funding | Carl Hulse/The New York Times

Facing mounting criticism for blocking proposals to bolster election security, Senator Mitch McConnell on Thursday threw his weight behind a new infusion of $250 million to help states guard against outside interference in the 2020 voting. Mr. McConnell, Republican of Kentucky and the majority leader, has been under regular attack from both Democrats and a conservative group for refusing to allow the Senate to vote on various election security proposals, some of them bipartisan, despite dire warnings from the intelligence community that Russia is already trying to replicate the elaborate meddling campaign it carried out during the 2016 presidential contest. The additional funding, Mr. McConnell said in announcing his support, “will bring our total allocation for election security — listen to this — to more than $600 million since fiscal 2018.” The money was quickly approved by the Appropriations Committee later Thursday. Though Mr. McConnell has embraced other seemingly derogatory nicknames over the years, he was incensed at being called “Moscow Mitch” by those who claimed his opposition showed he was willing to accept foreign election interference because it had benefited his own party by helping to elect President Trump, despite the senator’s long record of taking a hard line against Russia.

National: For latest election security moves, the devil is in the details | Derek B. Johnson/FCW

Last week it looked like a logjam was cleared on election security. The Senate approved $250 million in funding to states to secure election infrastructure ahead of 2020. Microsoft announced it would continue supporting Windows 7, the soon-to-be-obsolete operating system used on voting machines in thousands of jurisdictions, throughout the 2020 election cycle. Additionally, the Election Assistance Commission met to discuss its latest security standards for voting machines. While new federal dollars for election security are welcome, experts caution that more money might be required and more direction is needed on how to spend the money in the form of new legislation to put smart policy behind congressional outlays. The Brennan Center for Justice estimates the cost of replacing all paperless voting machines in the country at $734 million over five years. When added to the costs estimated to tackle other problems like protecting voter registration data, implementing post-election audits and extending cybersecurity assistance to state and local governments, the total price comes out to more than $2.1 billion. According to research from the OSET Institute, software licenses, maintenance fees and other costs to support voting machines past their first year are hard to quantify and can end up costing more than the initial equipment purchase. Contract language tends to leave the timing, nature and additional costs of such updates at the discretion of voting machine manufacturers.

National: McConnell’s support for election security funding is just the start of a big fight | Joseph Marks/The Washington Post

Senate Majority Leader Mitch McConnell (R-Ky.) partially relented yesterday in the fight over election security by throwing his support behind a $250 million infusion of cash for state election officials. But that concession is likely just the start of what could be a battle royal in Congress. Democrats, who have derided McConnell as “Moscow Mitch” for blocking progress on election security after the Russian interference in the 2016 election, were already arguing the majority leader had only embraced a half measure. McConnell signed on to a measure, which is expected to be approved as part of a must-pass spending bill, to provide cash to states to upgrade their election systems, but it doesn’t mandate how it should be spent. Senate Minority Leader Chuck Schumer (D-N.Y.) took to the Senate floor to bemoan the language supported by McConnell for not requiring changes such as paper ballots and post-election security audits experts say are vital to thwart hackers from Russia and elsewhere. “It doesn’t include a single solitary reform that virtually everyone knows we need, but it’s a start,” Schumer said. A bill that delivers money for election security but doesn’t mandate any particular fixes is a good bargain for McConnell and many Republicans who are wary of expanding federal authority over state and local-run elections — and who fear blowback from President Trump if they talk too much about Russia’s 2016 hacking and influence operation aimed at helping Trump’s election.

National: States try to combat election interference as Washington deadlocks | Evan Halper/ Los Angeles Times

With the White House and Congress paralyzed over how — or even whether — to act on intelligence agency warnings about foreign interference in U.S. elections, Maryland opted to take matters into its own hands. The state adopted transparency rules for political advertising on Facebook, Twitter and elsewhere online. The pioneering move drew praise from election reformers as a blow against foreign meddling. Then came the backlash. And it wasn’t from Russia. Newspaper publishers hauled the state into federal court. The new rules ran afoul of the 1st Amendment and created burdens on media organizations that could push struggling local papers under, they protested. Even one of the world’s most vocal advocates for transparency, the Reporters Committee for Freedom of the Press, joined the objectors. Along with the Washington Post, Associated Press and others, they successfully blocked the state’s effort in federal court.

National: Microsoft will offer free Windows 7 support for election officials through 2020 | Sean Lyngaas/CyberScoop

Microsoft said Friday it will offer state and local election officials free security support for Windows 7 operating systems used in voting systems through 2020. “We want to make sure that Windows 7 end-of-life doesn’t…become a barrier to having a secure and safe election,” Jan Neutze, head of Microsoft’s cybersecurity and democracy team, said in announcing the news, which CyberScoop was first to report. “It’s the right thing to do,” he said at a conference hosted by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Microsoft has long planned to stop providing security updates for Windows 7 users in general in January 2020, but was allowing users to pay for those updates through January 2023. But the offer of free services through next year’s U.S. presidential election is an additional effort to make it easier to update operating software used in voting systems, such as the election management systems that format ballots. Some systems that support voting in the U.S. still rely on Windows 7, which is not nearly as straightforward to update on those machines as it is on a personal computer. Patches require installation and testing to verify that they will not disrupt a voting system.

Georgia: Election security investigation opened after Atlanta computers stolen | Mark Niesse and Arielle Kass/The Atlanta Journal-Constitution

Georgia Secretary of State Brad Raffensperger opened an investigation Wednesday into Fulton County’s election security procedures after two voting check-in computers were stolen from an Atlanta precinct. “It is unacceptable that bad actors entered a polling location under the cover of night and were able to steal critical elections machinery,” Raffensperger said. Atlanta police are also investigating the theft of the express poll computers from the Grove Park Recreation Center, which occurred the night before Tuesday’s special election for a seat on the city school board. New computers were brought in before polls opened Tuesday morning. Richard Barron, Fulton’s director of registration and elections, said the county will be reviewing its procedures, but poll workers did what they were supposed to do. “Other than providing 24-hour security at all polling locations, I’m unsure how you secure every building,” he said. “Ours was in a government facility that had an alarm and was locked.”

Indiana: Election upgrade leaves widespread paperless voting | Brynna Sentel/South Bend Tribune

By the next election, one in 10 direct recording electronic (DREs) voting machines will have a small black box attached to them that will let voters see a printout of their ballot, providing a paper trial that can be used in post-election audits. Secretary of State Connie Lawson held one-on-one interviews with reporters to discuss the new voting equipment as well as the other steps her office is taking to assure Hoosiers that every ballot cast in an election will be accurately counted. “I still believe that the most important concern for us is voter confidence,” Lawson said Wednesday. “We want voters to know that the vote they cast is counted the way it was cast and that elections are safe and secure.” Lawson will go to the State Budget Committee Friday to ask for the release of $10 million that had been budgeted during the legislative session for election security. The committee is meeting at Purdue University. “There were so many priorities this last budget cycle,” Lawson said. “Honestly, I felt very fortunate that our original $10 million request, and that’s what it was when the session began, stayed the same and did not change.”

Kansas: Cyberattacks vandalized Kansas county websites in August, exposing security weaknesses | Jonathan Shorman/The Wichita Eagle

Cyberattacks crippled the websites of about a dozen Kansas counties in early August — replacing their homepages with cryptic messages and an image of Mecca. One county, which was conducting an election during the assault, decided against posting results online. The attacks did not affect vote counting but meant citizens didn’t have access to normal government information, such as contacts for local agencies, for several hours. The hacks defaced websites, but did not affect other systems. It does not appear the hacker or hackers took data hostage, as has happened elsewhere in the country. State officials don’t think the hacking was connected to the August primary election. But the attacks — not widely known until now — showcased the cyber vulnerabilities of local governments in Kansas. And they took place as online threats are rising.

Maine: Voter database unaffected after computers in Maine election office hit by cyber attack | Christopher Burns/Bangor Daily News

A virus hit several state computers and servers, including in the state’s election office, on Wednesday afternoon, the Maine secretary of state’s office said. The virus was detected about 3 p.m. and affected Maine Bureau of Corporations, Elections and Commissions staff computers, two servers at the Maine Bureau of Motor Vehicles and a server at the Maine State Archive, according to Kristen Schulze Muszynski, a spokeswoman for the Maine secretary of state’s office. The Bureau of Motor Vehicles’ servers are only used for internal testing purposes, while the state archive server is used for scanning documents. The Office of Information Technology and the secretary of state’s office are working to restore computer services, Muszynski said Thursday morning. They were expected to be restored later on Thursday. No public data was accessed and the state’s voter database was not affected, she said. The cyber attack consisted of 1,600 emails, but only 18 emails reached employee inboxes, Muszynski said, adding that the virus appeared to have entered through a spam email that included a malicious link.

Minnesota: Guard’s coders, hackers may help shore up election defenses | Stephen Montemayor/Minneapolis Star Tribune

Minnesota election officials working to beef up the state’s cyber defenses against hackers now want to call in the National Guard. In an effort to protect the 2020 election just months before early primary voting starts, Secretary of State Steve Simon said he wants to formalize a long-term agreement to work with a new “cyber protection team” developed by the Minnesota National Guard ahead of a workshop planned this week in St. Paul as part of a national “policy academy” on election security. The gathering of federal and state officials comes as Congress deepens its impeachment inquiry over a whistleblower allegation that President Donald Trump solicited Ukrainian help in undermining former Vice President Joe Biden, one of his top Democratic challengers in 2020. But a more pressing concern for local and state election officials is the prospect of foreign hacking and social media disinformation. Simon and other state election officials have warned that more foreign sources are likely to try to penetrate states’ election systems than in 2016, adding that there are already signs of widespread online disinformation campaigns underway. “This is a security issue,” Simon said. “It isn’t just about bullets or boots on the ground, it’s about this cyber realm and the fact that adversaries try to expose or exploit weaknesses in the cyber world just as they would in other areas as well.”