The Federal Election Commission delayed a vote on a plan to provide free cybersecurity assistance for campaigns, with the panel’s chairwoman voicing concerns it could the open the door to corporate money in campaigns. Ellen Weintraub said she supported the goal of cybersecurity but questioned whether the proposal could grant broad leeway for providing aid to campaigns outside the limits and restrictions of campaign finance law, including a longstanding ban on corporate contributions to candidates. “We do not want to inadvertently blow a hole in the corporate contribution ban,” the Democratic chairwoman said at a commission meeting today. The nonprofit watchdog Campaign Legal Center, which had voiced similar concern about the initial proposal, has signed off on a compromise that includes language emphasizing the aid is tied to the imminent threat of illegal foreign interference in elections. The commission may take up the issue again at its scheduled April 25 meeting.Full Article: Cybersecurity Campaign Aid Delayed by Corporate Money Fears.
In June 2016, five months before the American presidential election, Julian Assange made a bold prediction during a little-noticed interview with a British television show. “WikiLeaks has a very big year ahead,” he said, just seconds after announcing that the website he founded would soon be publishing a cache of emails related to Hillary Clinton. He was right. But an indictment unsealed on Thursday charging Mr. Assange with conspiring to hack into a Pentagon computer in 2010 makes no mention of the central role that WikiLeaks played in the Russian campaign to undermine Mrs. Clinton’s presidential chances and help elect President Trump. It remains unclear whether the arrest of Mr. Assange will be a key to unlocking any of the lingering mysteries surrounding the Russians, the Trump campaign and the plot to hack an election. The Justice Department spent years examining whether Mr. Assange was working directly with the Russian government, but legal experts point out that what is known about his activities in 2016 — including publishing stolen emails — is not criminal, and therefore it would be difficult to bring charges against him related to the Russian interference campaign. Numerous significant questions are left unanswered, including what, if anything, Mr. Assange knew about the identity of Guccifer 2.0, a mysterious hacker who American intelligence and law enforcement officials have identified as a front for Russian military intelligence operatives.Full Article: After Arrest of Julian Assange, the Russian Mysteries Remain - The New York Times.
Former FBI Director James Comey said the U.S. remains unprepared for another attack on its elections and faulted the attorney general for suggesting that the government was “spying” on Donald Trump’s presidential campaign in 2016. Echoing the findings of U.S. intelligence agencies, Comey said Russia intervened in the 2016 election to damage American democracy, undermine Democratic nominee Hillary Clinton and bolster Trump. Russian officials have denied the accusations. But Comey said Trump’s “denial of a fundamental attack” on the U.S. means “we’re inviting it to happen again with our president’s silence.” The former FBI leader also said he was concerned by Attorney General William Barr’s comments on Wednesday that he’s starting his own inquiry into counterintelligence decisions that may have amounted to political espionage, including actions taken during the Russia probe in 2016. “I really don’t know what he’s talking about when he talks about spying on the campaign,” Comey said. “The FBI and Department of Justice conduct court-ordered surveillance. If the attorney general has come to the belief that that should be called spying, wow, that’s going to inspire a whole lot of conversations in the Department of Justice.”Full Article: Cybersecurity - Bloomberg.
A denial of service (DoS) attack against the official online election results service is under investigation in Finland. The National Bureau of Investigation (KRP) on Wednesday reported that the attack took place last weekend, stressing that the attack can have no impact whatsoever on the election results as the targeted service is not related to the casting or counting of votes. The short and low-volume attack caused intermittent disruptions to the results service in the wee hours of last weekend, Arto Jääskeläinen, the head of electoral administration at the Ministry of Justice, told Lännen Media. The service on vaalit.fi is used primarily by small news outlets, he added to Helsingin Sanomat. YLE, Helsingin Sanomat and other major outlets, in turn, have an agreement in place that provides them access to the results data through a secure connection.Full Article: DoS attack against election results portal under investigation in Finland.
While the 2019 Knesset elections had some unprecedented cyber issues, future elections will have even more, cyber expert and founder and editor-in-chief of Cybertech Magazine Amir Rapaport says. Speaking to The Jerusalem Post on Wednesday, Rapaport divided the impact of cyber on the elections into three spheres. He said that Israel’s Central Elections Committee, in coordination with the Israel National Cyber Directorate (INCD) and other agencies (the Shin Bet Israel Security Agency is known to have a heavy role), seem to have succeeded in protecting from actual hacking of physical election systems. To that extent, no one has called into question the voter totals produced by the committee based on accusations of a cyber attack. (There are some minor controversies, but not related to the cyber sphere.) Further, some of the dark scenarios to prevent voters from reaching the polling stations, including the hacking of trains and other public transit, did not transpire.Full Article: Cyber expert: Future elections will have even more cyber issues - Israel Elections - Jerusalem Post.
Despite clear and compelling evidence of a Russian plot to disrupt the 2016 presidential election, partisanship has all but killed any chance that Congress will pass legislation to shore up election security before voters cast their ballots next year. Republicans and Democrats in Congress largely agree with Special Counsel Robert Mueller’s finding that Russia tried to meddle in U.S. democracy — and that foreign interference remains a serious threat. “Russia’s ongoing efforts to interfere with our democracy are dangerous and disturbing,” said Senate Majority Leader Mitch McConnell, R-Kentucky, after Mueller finalized his investigation last month. But McConnell has made it clear that he’s unlikely to allow the Senate to vote on any election-related legislation for the foreseeable future. Republican Sen. Roy Blunt of Missouri, who chairs the Senate Rules Committee that has jurisdiction over election security legislation, blames House Democrats for McConnell’s hardline stance. Blunt said Democrats overreached in January when they passed H.R. 1, a sweeping measure focused on voting rights, campaign finance, and government ethics.Full Article: Partisan Congress resists election security upgrades for 2020 | McClatchy Washington Bureau.
The founder of Craigslist and the Global Cyber Alliance are teaming up to provide free cyber defense toolkits to election officials, nonprofit election rights groups and the media modeled after the ones GCA recently pioneered for small businesses. Craig Newmark Philanthropies is offering GCA more than $1 million for the project, and GCA is netting $1.5 million from other sources, the groups are announcing today. “Elections bodies and the media are facing increasingly sophisticated cyberattacks that can impair the exercise of democracy and affect election results, and they are not prepared to deal with the threat,” Phil Reitinger, president and CEO of the GCA, told MC. The idea is to assemble a set of immediately available resources, rather than just advice. “I’ve been lucky enough to do well and put my money where my mouth is and help protect the people who protect our country,” Newmark told MC.Full Article: Cybersecurity toolkits ahead for elections and media people - POLITICO.
The abrupt ouster of Homeland Security Secretary Kirstjen Nielsen could be a blow to the department’s efforts to bolster America’s defenses against growing cybersecurity threats, former officials from the department, advocates and lobbyists say. “The worst-case scenario is that our adversaries use this moment of leadership transition, and use it as a Trojan Horse to launch some sort of attack,” Caitlin Durkovich, former DHS assistant secretary for infrastructure protection for the Obama administration, said in an interview. “Who’s to say that the new acting secretary’s priorities aren’t different and that there will be the same emphasis on cyber when there’s such an emphasis on immigration?” said Durkovich, who now works with risk advisory firm Toffler Associates. Nielsen may be most remembered as the face of President Donald Trump’s most hard-line immigration policies. But over her 16-month tenure, cyber specialists and federal officials have applauded her relentless championing of cybersecurity priorities. She frequently warned that increasing threats of hijacking critical infrastructure—from the electric grid to voting machines—were a greater threat to America’s security than terrorism.Full Article: Nielsen Firing Leaves Cybersecurity Concerns Without a Champion.
With looming fears of foreign interference in last year’s midterm elections, Congress rushed to send almost $6.2 million to help Alabama secure its voting system. But the state did not spend a dime of it, according to a report this month from the U.S. Election Assistance Commission, which disbursed the funds. The money came from the so-called omnibus spending bill approved in March 2018. But Alabama Secretary of State John Merrill said the money did not come in time to spend before the November midterm election. In order to spend federal grant money, he told FOX10 News, the state has to going through a competitive bidding process and get companies on an approved vendor list, among other requirements. “That’s an arduous process, at best,” he said. “We’re not gonna get in a hurry because someone thinks we should be in a hurry to spend it.”Full Article: Alabama failed to spend federal grants for election security | News | fox10tv.com.
California: Hackers attacked California DMV voter registration system marred by bugs, glitches | Los Angeles Times
California has launched few government projects with higher stakes than its ambitious 2018 program for registering millions of new voters at the Department of Motor Vehicles, an effort with the potential to shape elections for years to come. Yet six days before the scheduled launch of the DMV’s new “motor voter” system last April, state computer security officials noticed something ominous: The department’s computer network was trying to connect to internet servers in Croatia. “This is pretty typical of a compromised device phoning home,” a California Department of Technology official wrote in an April 10, 2018, email obtained by The Times. “My Latin is a bit rusty, but I think Croatia translates to Hacker Heaven.” Although the email described the incident as the DMV system attempting “communication with foreign nations,” a department spokesperson later insisted voter information wasn’t at risk. The apparent hacking incident was the most glaring of several unexpected problems — never disclosed to the public — in rolling out a project that cost taxpayers close to $15 million. The Times conducted a four-month review of nearly 1,300 pages of documents and interviewed state employees and other individuals who worked on the project — most of whom declined to be identified for fear of reprisal. Neither the emails nor the interviews made clear who was ultimately responsible for the botched rollout, though an independent audit is expected to be released in the coming days.Full Article: Hackers attacked California DMV voter registration system marred by bugs, glitches - Los Angeles Times.
Critics of Georgia’s outdated voting system told a judge on Tuesday that a new system outlined by lawmakers has many of the same fundamental flaws and is unconstitutional. A law signed last week by Gov. Brian Kemp provides specifications for a new voting system. Bids are due later this month, and state officials say they plan to implement the new system in time for next year’s presidential election. Lawyers for the Coalition for Good Governance and for a group of voters, who had filed a lawsuit challenging Georgia’s election system, told U.S. District Judge Amy Totenberg they plan to ask her initially to stop the state from using the current machines for special and municipal elections scheduled this year. Ultimately, they said, they want her to prohibit the state from using the current paperless machines, as well as the ballot-marking machines provided for in the new law. Lawyers for the state argued complaints about the current voting system have been made irrelevant by the new law and that complaints about ballot-marking machines can’t be considered yet because the state hasn’t even selected a new system.Full Article: Critics say new voting system planned for Georgia is flawed | WSB-TV.
Europe: Member states test their #CybersecurityPreparedness for fair and free 2019 EU elections | EU Reporter
The European Parliament, the EU member states, the European Commission and the EU Agency for cybersecurity (ENISA) have organized an exercise to test the EU’s response to and crisis plans for potential cybersecurity incidents affecting the EU elections. The objective of the exercise, which took place today in the European Parliament, was to test how effective EU member states and the EU’s response practices and crisis plans are and to identify ways to prevent, detect and mitigate cybersecurity incidents that may affect the upcoming EU elections. This exercise is part of the measures being implemented by the European Union to ensure free and fair elections in May 2019. Digital Single Market Vice President Andrus Ansip said:”We must protect our free and fair elections. This is the cornerstone of our democracy. To secure our democratic processes from manipulation or malicious cyber activities by private interests or third countries, the European Commission proposed in September 2018 a set of actions. Together with the EU Member States, and other EU institutions we are implementing these actions. We also decided to test our cybersecurity vigilance and readiness towards secure, fair and free EU elections 2019 by organising the first in its kind EU exercise on elections. I believe that this is an important step forward for more resilient EU elections in a connected society.”Full Article: Member states test their #CybersecurityPreparedness for fair and free 2019 EU elections : EU Reporter.
Editorials: Canada’s federal election could be under attack. Are we prepared? | Wesley Wark/The Globe and Mail
Canadians have witnessed a steady drumbeat of stern warnings about likely foreign interference in the coming federal election. The Minister for Democratic Institutions, Karina Gould, sounded the latest alarm in a news conference Monday, in which she delivered the latest report on election threats authored by the government’s cybersecurity agency, the Communications Security Establishment (CSE), which laid out the potential for a sophisticated, co-ordinated and determined effort by foreign state actors to maliciously interfere in the upcoming election. “Nothing is more important to this government than protecting our democracy and ensuring that our next election is fair, free and secure,” Ms. Gould said. Her concern around the Canadian federal election is based on the rising tempo of foreign interference in elections globally, and of technological change that has made cyber meddling easier and cheaper. CSE argues that for foreign adversaries, the potential benefits of cyber electoral interference – which can range from sowing confusion and loss of faith in politics, to trying to steer an election – far outweigh the costs. The threat was basically non-existent in the 2015 federal election, and the true scale of the threat to the 2019 election and our ability to meet it remain to be seen. But there have been some positive developments around our readiness. There’s more public attention than ever on the issue, and intelligence capabilities to detect and assess threats have been increased substantially. A system to alert the public has been created, based on an intelligence fusion centre and a senior panel of government officials who can independently ring the alarm bells.Full Article: Canada’s federal election could be under attack. Are we prepared? - The Globe and Mail.
The National Bureau of Investigation NBI is looking into the circumstances around an apparent cyber attack against Finland’s election information systems. It happened over the weekend, when the official results service was hit by a denial of service attack. The service sends results to the media, among others. The incident is being investigated as ‘grave telecommunications harassment’ under Finnish law. “The preliminary investigation is at an early stage, so the exact type of criminal charge might become more accurate as the investigation progresses” says Marko Leponen from the NBI’s Cyber Centre. “The authorities have prepared for this type of suspected cyber crime in the elections. In general, attacks on public services are quite common, and especially current or publicly available services are often attractive targets” Leponen explains. Meanwhile more than 1.5 million eligible Finns voted in advance of the general election, as the early voting period came to a close on Monday night.Full Article: Cyber attack on election system, as 1.5 million Finns vote in advance | News Now Finland.
Spanish Prime Minister Pedro Sánchez on Tuesday called on all political forces in the country to back a new national cybersecurity fight against “attempts to hack democracy and undermine citizens’ trust in the political system.” Spain’s April 28 general election is seen as a testing ground for new measures that the European Union is adopting to shield elections to the European Parliament a month later. The Europe-wide efforts include a “rapid alert system” linking specialized coordination units in all EU member states and require internet companies to share regular updates on their efforts to eradicate disinformation campaigns. Spain joined the Europe-wide initiative in early March, establishing a high-level unit to coordinate the fight against cyberattacks and fake news. The experts report directly to Sánchez, who on Tuesday equated disinformation to attacks on “the quality of democracy.” “We need to protect Europe in order for Europe to be able to protect its citizens,” the Socialist leader said during a visit to the national cybersecurity institute, or INCIBE, in the northern province of León. Sánchez also called for new cybersecurity guidelines that are currently being designed to be backed by all national parties, regardless of who wins the upcoming election.Full Article: Spain vows to boost cybersecurity, fight disinformation - StarTribune.com.
Only half the members of a federal commission advising states on election threats have security clearances, raising questions about whether it can effectively help local and state officials defend against adversaries such as Russian hackers. And no members of the four-person Election Assistance Commission had clearances during the past two election cycles, including the period when Kremlin-linked hackers are suspected of mounting a range of cyberattacks against state election offices, the Democratic Party and Hillary Clinton’s campaign in 2016. The delay in issuing security clearances for commission members is part of a massive backlog of application approvals throughout the entire federal government. But it’s a particularly acute problem for the EAC, one of the key agencies offering guidance to state and local officials about how to protect themselves from security risks. “The people entrusted with securing our elections need to know what threats they’re supposed to address,” Sen. Ron Wyden (D-Ore.), one of the lawmakers who has focused the most on election security, told POLITICO in a statement. “An Election Assistance [Commission member] without a security clearance is like making a baseball player hit without a bat.”Full Article: Lack of security clearances hampers federal election panel - POLITICO.
National: Nielsen departure could deal a blow to Trump administration’s cybersecurity efforts | The Washington Post
Kirstjen Nielsen’s resignation as secretary of homeland security could deal a blow to the Trump administration’s cybersecurity efforts — as she was one of the last civilians in its top ranks with extensive cybersecurity expertise. That’s a dangerous position, experts say, as the nation barrels toward a 2020 election that will likely be targeted by Russian hackers and the Homeland Security Department launches a major campaign to get government and industry to stop buying technology from China’s Huawei and other companies deemed national security threats. “Hopefully whoever runs DHS will prioritize its vital cybersecurity mission, but it makes a difference if the person at the top has a background in cyber and knows from experience how important it is rather than just being told,” former State Department cyber coordinator Chris Painter told me. “DHS is spread thin among multiple priorities as it is, and without a clear mandate from department leadership that cybersecurity is a prime mission, their efforts risk being sidelined.” Nielsen – who The Post reported was forced to step down because Trump was dissatisfied with her handling of the border — had, by far, the longest cybersecurity resume of any DHS secretary in history. She advised President George W. Bush on cybersecurity and homeland security issues, founded a consulting group called Sunesis Consulting focused on cybersecurity and critical infrastructure, and served as a senior fellow at George Washington University’s Center for Cyber and Homeland Security. Her acting successor, U.S. Customs and Border Protection Commissioner Kevin K. McAleenan, by contrast, has no substantial background in the field.Full Article: The Cybersecurity 202: Nielsen departure could deal a blow to Trump administration's cybersecurity efforts - The Washington Post.
On the eve of the 2018 midterm elections, computer security specialists from across the country descended on the DEFCON 26 Hacking Conference in Las Vegas. These “white hat” hackers sought to probe the security features of voting machines and election systems in an effort to identify weaknesses. The results were alarming to election security experts. Hackers at DEFCON’s Voting Village found that an 11-year old trained only in basic coding techniques was able to hack into a mock-up of Florida’s election results website and change its reported vote totals. Conference attendees were also able to identify a vote tabulation machine — the Election Systems & Software M650 — that could be hacked in under two minutes, or as the report says, “within the time it takes to vote.” In recent years, Wisconsin’s election security practices have come under scrutiny, most notably by Democrats in the U.S. House Administration Committee, who concluded in July 2018 that Wisconsin was one of the 18 states most vulnerable to cyber attacks on election infrastructure.Full Article: Election security bolstered by cybersecurity, other measures | Opinion | hngnews.com.
Malign foreign actors will likely try to meddle in the Canadian federal election in October, Foreign Affairs Minister Chrystia Freeland warned Friday, and Prime Minister Justin Trudeau pointed the finger at Russia as the most likely culprit. Freeland sounded the alarm over election interference at a G7 foreign ministers’ gathering in France. At a parallel G7 meeting of interior ministers, Public Safety Minister Ralph Goodale said the bloc wants the world’s big internet companies — Google, Facebook, Twitter and Microsoft — to do more to stop their platforms from being exploited. The dual G7 ministerial mirrored a similar joint meeting in Toronto almost one year ago that unfolded against the backdrop of a van attack on Yonge Street that left 10 people dead. A year later, their meetings occurred just weeks after 50 people were killed in two attacks on mosques in Christchurch, New Zealand. Canada’s upcoming federal election also attracted interest, sparking a question to Freeland about the likelihood of Russian interference. “We are very concerned,” the minister replied. “I think our judgment is interference is very likely and we think there has probably already been efforts by malign foreign actors to disrupt our democracy.”Full Article: Freeland says foreign election meddling in October federal vote is likely | CTV News.
A group of Israel based hackers claimed that just a few days prior to the parliamentary election, they conducted a cyber-attack into the database of Israeli voters. But the officials have dismissed the claims. Israel’s parliamentary election or Knesset election will take place on Tuesday, April 9. But, on Saturday, April 6 the hacking group claimed that they have stolen important information of on millions of Israelis as they successfully broke into the voter registry. Later, the Central Elections Committee of Israel stated that they had no evidence of any cyber breach. As per a Hebrew-language daily newspaper, Hamodia, the authority has dismissed the hackers’ claims and mentioned that the accessed data was from another data leak in 2006. The report also added that there are thousands of hackers around the world and they aim regularly to attack Israel-based web sites.Full Article: Hackers stole Israeli voters information; officials deny theft.