National: Democrats launch ‘full court press’ on election security | Joseph Marks/The Washington Post

Democrats are pressing hard this week in what could be their final chance to pass legislation aimed at protecting the 2020 contest against Russian hackers. Senate Democrats have failed for months to force Senate Majority Leader Mitch McConnell (R-Ky.) to allow a vote on bills committing an additional $600 million to election security and also mandating security reforms such as paper ballots and post-election cybersecurity audits. Now they’re shifting tactics and trying to force some of that funding into a must-pass spending bill. Round one of the fight starts Thursday at a Senate Appropriations Committee meeting where the top-ranking Democrat, Sen. Patrick Leahy (Vt.), and the top Democrat on the committee’s general government panel, Sen. Chris Coons (Del.), will try to force the money into the Republican draft of a spending bill. If that doesn’t work, Democrats can keep trying to push Republicans to add the measure through the lengthy give-and-take of the appropriations process that’s likely to drag on for several months. Aides for Leahy and Coons declined to tell me precisely what was in the amendment they’ll be introducing Thursday, but Sen. Ron Wyden (D-Ore.) and other senators are pushing for at least the $600 million that’s included in legislation already passed by the House. If the last-ditch effort fails, many Americans are likely to cast votes in 2020 in a process still governed by the same lax rules as in 2016 – when a Russian hacking and disinformation operation upended the election and severely damaged voters’ confidence in the democratic process. The federal government has surged its cybersecurity help to state election officials since then and several states and localities have voluntarily improved protections, but the improvements are far from universal.

National: Election security funds caught in crosshairs of spending debate | Maggies Miller-The Hill

Funding to bolster election security efforts at the state level could become a sticking point during the ongoing government spending talks, with the House approving the funds while Republicans in the Senate remain staunchly opposed. The spotlight will be on the Senate on Tuesday, as the Appropriations Subcommittee on Financial Services and General Government marks up its portion of the annual spending bill, with the full committee due to vote on the bill Thursday. While the subcommittee will wait until after the markup to release its version of the annual financial services and general government funding bill, which includes appropriations for the Election Assistance Commission (EAC), it’s unlikely to include election security funds due to Republican opposition. This could become a factor in negotiations between the House and Senate over government funding bills and make it even more difficult for Congress to approve funding legislation prior to the end of the fiscal year on Sept. 30, which is needed to avert a shutdown.

National: How state election officials are contributing to weak security in 2020 | Joseph Marks/The Washington Post

It’s not just a question of paper ballots. The offices charged with administering elections across the country are falling short on a slew of basic cybersecurity measures that could make the 2020 contest far more vulnerable to hacking, according to a report out this morning. Numerous state election offices aren’t patching their computer systems against known digital attacks and rely heavily on outdated, weak software, the report from the cybersecurity company NormShield found. They’re not fully protecting their websites against attacks or taking technical steps that would help prevent hackers from impersonating employees over email. And employee emails and passwords have leaked online. Any one of those vulnerabilities could be the weak spot that allows hackers to compromise a swath of election systems — especially since several states with the worst security practices were swing states, the company’s Chief Security Officer Bob Maley told me. He declined to disclose how specific states fared at this time.

National: How counties are war-gaming Election Day cyberattacks | Joseph Marks/The Washington Post

If Russian hackers seek to disrupt the 2020 election, it will be county election officials on the front lines. And some are diving in to war games so they can be ready for anything Moscow or another U.S. adversary can throw at them. Election officials from New Jersey’s 21 counties huddled at tables in a hotel ballroom here, hashing out how they’d respond to Election Day cyberattacks. In some attack scenarios, hackers shut down voter registration databases, loaded voter files with phony information, or compromised county social media accounts so they start spreading false information about polling locations. They also prepared for what happens if attackers locked up election office computers with ransomware or shut down cellphone towers across multiple states. How the U.S. fares during an Election Day hack is likely to rest on the response of local election administrators in the first few hours, state and federal officials told me. “The county level is where all the risk is,” a Homeland Security Department cybersecurity official who was helping one county with its response-planning told me. “They own it in a way no state official does and certainly no federal official could. It’s always live or die at the county level.” The war-games are a sign of how drastically local politics has changed in this new era of cyberwar — preparing responses to attacks by a powerful nation-state is a far cry from more ordinary tasks of getting poll workers to voting locations on time and planning contingency operations for storms or other physical disasters. And there’s no turning back, as federal offiicals have warned Russia is likely to try to repeat its hacking and disinformation campaign in 2020 and other U.S. adversaries, including China, Iran and North Korea, may try as well.

National: Cyber firm examines supply-chain challenge in securing election ecosystem | Charlie Mitchell/InsideCyberSecurity.com

State election officials are doing a better job of securing systems but still need to pay more attention to “internet facing infrastructure” and possible weak links in their supply chains, according to a new report from NormShield, a cybersecurity firm that develops risk scorecards for companies. According to NormShield, “We noticed … that states may be focusing on their internal assets and may not be examining their broader cyber ecosystem footprint. So we undertook the exercise of examining that broader footprint to better understand what election system integrity looks like from that perspective.” The firm did not examine cyber hygiene around voting machines, but did look at “Network Connected Systems and Components” as identified in the Center for Internet Security “Handbook for Elections Infrastructure Security.” It found significant improvements between an initial scan in July and a follow-up August, according to the report issued today. “NormShield privately provided its findings to the Secretaries of State and election commissions in July in order to empower them with the information needed to remediate vulnerabilities,” the firm said. “NormShield ran a second scan in August and found significant improvement in the security posture of several election commissions.”

Editorials: Cyber attacks threaten security of 2020 election | Ray Rothrock/San Jose Mercury-News

Following the 2016 elections, investigators found evidence that Russian hackers successfully infiltrated the computerized voting systems of several states. Hackers also stole data from campaigns and weaponized social media polarizing the electorate against and for certain candidates.  All of this undermines the trust we all place in the United States’ election system. There is nothing more powerful in a democratic country than a legitimate election.  Unchecked, these actions and future similar future actions against our elections are a significant danger to our democracy.  It’s clear we’ll be facing similar threats in the 2020 election cycle. Elections have become a new target in asymmetrical cyber warfare, allowing smaller groups to launch targeted attacks that have an outsized impact. To ensure our democracy is resilient in the face of these bad actors and nation-states, Congress must take action to adequately fund our election system’s cyber defenses and implement programs that bring about greater digital resilience in our government systems and in candidate’s campaigns. More importantly, something so fundamental to the country – trust in our elections – must be pursued with vigor on a bipartisan basis and in a manner that makes our systems more resilient.

Arizona: Is Arizona doing enough to protect 2020 elections? Computer security experts weigh in | Andrew Oxford/Arizona Republic

Some aspects of how to secure Arizona’s elections from hackers and fraudsters may seem obvious. Change the passwords on equipment every once in a while, for a start. Oh, and make it complicated, with some numbers and uppercase letters tossed in. Of course, there is a lot more to fending off cyber attacks. The Arizona Secretary of State’s Office is writing a new manual for county election officials and its first draft includes additional provisions on security. While experts praise some of those measures as big steps to prevent tampering, they are raising concerns about potential vulnerabilities with other measures. County officials who administer elections can adopt tighter security standards than those set by the state, but the new election procedures manual will set out the minimum requirements that local officials must follow. It revises policies last updated in 2014. Among the provisions that raised concerns is a suggestion that a USB stick used to transfer files from one device to another can be re-used if it is cleaned and reformatted.

Australia: Australia concluded China was behind hack on parliament, political parties – sources | Colin Packham/Reuters

Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters. Australia’s cyber intelligence agency – the Australian Signals Directorate (ASD) – concluded in March that China’s Ministry of State Security was responsible for the attack, the five people with direct knowledge of the findings of the investigation told Reuters. The five sources declined to be identified due to the sensitivity of the issue. Reuters has not reviewed the classified report. The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, two of the people said. The Australian government has not disclosed who it believes was behind the attack or any details of the report.

Israel: ‘Election on Tuesday will be target of cyber-attacks’ | Maayan Jaffe-Hoffman/Jerusalem Post

t the conclusion of the April 9 election, an Israeli watchdog group exposed a network of hundreds of social media accounts, many of them fake, used to smear opponents of Prime Minister Benjamin Netanyahu and to amplify the messages of his Likud Party. Shortly before that, in January, it was reported that Iranians had been using hundreds of fake accounts on Israeli social media pages, in an effort to sow social division and influence the then upcoming Israeli election. Now right before Israelis go to the polls, due to the proximity of the two elections as well as the immediacy and scale of the threats, it is highly doubtful that Israel has built a digital defense against cyberattacks this time around either, said Dr. Gabriel Weimann, a professor of communications at the University of Haifa. He told The Jerusalem Post that this Israeli election is likely to be marred by online election interference just like the last election, something that will only be fully understood after Tuesday. #url#

National: Former Homeland Security secretaries call for action to address cybersecurity threats | Maggie Miller/TheHill

Three former secretaries of the Department of Homeland Security (DHS) on Monday testified that cybersecurity threats to elections and other critical infrastructure are major issues that could impact the security of the nation. Former DHS Secretaries Michael Chertoff, Janet Napolitano and Jeh Johnson all discussed the severity of cyber threats to the U.S. while testifying in New York City during a field hearing at the National September 11 Memorial Museum held by the Senate Homeland Security and Governmental Affairs Committee. Napolitano, who served as secretary under former President Obama from 2009 through 2013, listed cybersecurity as one of the top three threats DHS “can and must confront,” pointing to vulnerabilities in election infrastructure, utility grids and other critical infrastructure as putting the country at risk.  “Our adversaries and international criminal organizations have become more determined and more brazen in their efforts to attack us and to steal from us,” Napolitano said. “We need a whole of government and a whole of public and private sector response to this threat, and it needs to happen immediately.

National: Even conservative Democrats are savaging GOP over election security | Joseph Marks/The Washington Post

A group of centrist House Democrats that usually aims for bipartisanship is coming out swinging against Senate Majority Leader Mitch McConnell (R-Ky.) and other Republicans for blocking election security legislation. Members of the Democrats’ Blue Dog Coalition, which includes the conservative wing of the party, charged Republican senators with endangering the country’s democratic process for not forcing a vote on election security legislation during a press briefing. And they leveled their most pointed criticism at McConnell, who has steadfastly refused to allow major election security bills to get a vote on the Senate floor. “The underlying trust of our citizens in their electoral system and who they choose to elect is at the base of this whole process,” Rep. Tom O’Halleran (D-Ariz.) said. “The question should be put day in and day out to Mr. McConnell: ‘Why are you not wanting to protect the electoral system in this nation?’”

National: Here’s why Mitch McConnell is blocking election security bills | Joseph Marks/The Washington Post

As Congress returns this week, Mitch McConnell remains the one-man roadblock for Democrats’ election security bills. He’s still refusing to allow a vote, even as Democrats deride him as “Moscow Mitch” and accuse him of inviting Russia to interfere on Republicans’ behalf in the 2020 election. But why is McConnell so staunchly opposed? Republicans and Democrats offer a fairly straightforward theory: McConnell is wary of drawing the ire of President Trump, who has repeatedly wavered on whether Russia interfered in the presidential contest — and seems to view traditionally bipartisan discussions about election security as delegitimizing his unexpected 2016 victory over Hillary Clinton. “This is a narrative that the White House doesn’t want to approach,” David Jolly, a former Republican House member from Florida and an outspoken Trump critic, told me. “The president’s not comfortable talking about it. He’s someone with a fragile ego. And McConnell is happy to coordinate with this White House. That’s the only thing that explains it.” McConnell is likely also concerned about the political fallout for Republican senators, several of whom have supported and even co-sponsored election security bills in the past, says a former Democratic Senate staffer who worked extensively on cybersecurity issues during the Obama administration.

National: Americans Prepare To Safeguard 2020 Vote. Is It Too Much — Or Will It Be Enough? | Philip Ewing/ NPR

Americans are preparing more than ever to safeguard voting as the nation looks ahead to the Democratic primaries and the general election next year. What no one can say for certain today is whether all the work may turn out to be supeous — or whether it’ll be enough. National security officials have been clear about two things: First, that the Russian government attacked the 2016 election with a wave of “active measures” documented in prosecution documents and the final report of former Justice Department special counsel Robert Mueller. And second, that those measures have never stopped and that interference is likely in coming elections. With that understanding, the United States has spent hundreds of millions of dollars since 2016 to change practices at every level of government. A lot has changed

National: Expanding the Definition of “Election Systems” also Expands Cyber Security Funding Options | Steve Smith/Governing

In our previous article, the concept of elections systems as an integrated ecosystem of both specific (voter registration, vote collection, results reporting) and general (citizen data from multiple agencies) applications was presented. The point was that elections systems exist in perpetuity and not just in and around an election cycle and that data associated with elections are submitted and in process all year every year. The perpetual nature of the elections systems ecosystem has not traditionally been addressed with matching funding streams. The federal government has been reactive, appropriating funds via the Help America Vote Act (HAVA) on as as-needed basis, as in the aftermath of situations like the 2016 federal election, in which alleged vote tampering was reported. HAVA funding reaches state and local governments too late to take action in the current election cycle and results in the creation of reserve funds that remain until they can be effectively be utilized for future election cycles. State and local governments rely heavily on federal funding like HAVA funding to make large-scale investments in elections systems, which often further delays the impact these investments can have due to long and time-consuming procurement processes.

National: Democrats make renewed push for election security | Maggie Miller/The Hill

Congressional Democrats are shining the spotlight back on election security as they struggle to push various bills across the finish line in the face of Republican opposition. Democrats in both the House and Senate are renewing efforts to force the GOP-controlled Senate to allow votes on election security measures that have been stalled due to Republican concerns about federalizing elections and re-litigating the 2016 election interference by Russia. Both House Majority Leader Steny Hoyer (D-Md.) and Senate Minority Leader Charles Schumer (D-N.Y.) on Thursday sent letters to colleagues detailing their goals around election security for the fall. “We must continue our push to protect our elections at the federal, state, and local levels, especially in the upcoming Senate appropriations process,” Schumer wrote, while criticizing Senate Majority Leader Mitch McConnell (R-Ky.) for not allowing any votes on the topic. Hoyer wrote that “the House may take up additional legislation to strengthen election security.” A spokesperson for Hoyer did not respond to a request for details about which legislation Hoyer was referring to.

National: Lankford goes around roadblock on election security measures: ‘I’ve not waited on the bill to get passed’ | Randy Krehbiel/Tulsa World

U.S. Sen. James Lankford’s name is coming up in connection with Senate Majority Leader Mitch McConnell in a potentially uncomfortable way for such stories about election security that refer to McConnell as “Moscow Mitch.” Also often mentioned is Lankford’s pending legislation on the subject and his warnings about the vulnerability of U.S. elections and voting technology. Lankford, though, said he’s OK with being set up as something of a foil against the leader of his own party. “I’ve been working on this 2½ years,” Lankford said in Tulsa last week. “When people say my name’s being dropped (into the discussion), it’s because I’ve been working on it. And I think it should actually get done.” Lankford feels so strongly about it that he’s been going around his congressional colleagues to get security measures implemented.

New Jersey: New Jersey and Homeland Security are teaming up to spot potential election security risks | Dustin Racioppi/NorthJersey.com

State and federal officials plan a daylong series of exercises Tuesday to assess New Jersey’s election security and spot potential weaknesses ahead of voting in November. New Jersey’s Division of Elections is partnering with the U.S. Office of Homeland Security to conduct what is known as the Election Security Tabletop Exercise. The two offices routinely work together on election security, but the event planned for Tuesday is the first of its kind in New Jersey, officials said, bringing together representatives from all of the state’s 21 counties as well as those from 13 other states. In addition, former Homeland Security Secretary Jeh Johnson and current U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency Director Christopher Krebs will address the hundreds of people expected to attend, according to an advisory detailing the event.

National: Distrust, Staffing and Funding Shortages Imperil Election Security | Courtney Bublé/Government Executive

pecial Counsel Robert Mueller was emphatic when he testified before the House Intelligence Committee on July 24 about Russian interference in the 2016 election: “It wasn’t a single attempt. They’re doing it as we sit here, and they expect to do it during the next campaign.” In an earlier, less partisan era, Mueller’s warning likely would have galvanized lawmakers and propelled them to action to ensure the security and integrity of American elections. While federal agencies have taken critical steps to improve security around U.S. elections since 2016, those efforts have been hampered by inadequate funding; staffing problems; mixed messages from Congress and the administration; and, not insignificantly, by Constitutional questions—states and localities hold primary authority for administering elections, and some Republicans worry about the federal government usurping state powers in the name of security. But the special counsel’s warning had no such galvanizing effect. Hours after Mueller testified in the House, Sen. Cindy Hyde-Smith, R-Miss., blocked, without giving a reason, election security bills in the Senate, one of which would have required campaigns to alert the FBI and the Federal Election Commission about election assistance offers from foreign countries. The next day, Senate Majority Leader Mitch McConnell, R-Ky., denied the Democrats’ request for a vote on the House-passed Securing America’s Federal Elections Act, which would have authorized $775 million to bolster state election systems and required paper ballots as a guard against vote tampering. McConnell said the legislation, which passed the House with just a single Republican vote, would nationalize election authorities that “properly belong to the states.”  While few things are more fundamental to democracy than the integrity of the election system, finding a bipartisan consensus for ensuring that integrity has been elusive, and as a result, agencies’s efforts are far less effective than they could be otherwise.

National: Voting Machine Makers Give U.S. Access in Fight Against Hackers | Chris Strohm and Alyza Sebenius/Bloomberg

Companies that make voting machines and election systems have given the Homeland Security Department access to engineering details and operations so the U.S. can identify potential vulnerabilities hackers might exploit heading into the 2020 election, a department official said. The new cooperation has allowed Homeland Security to map out the ecosystem of election voting systems and processes to help state and local governments, as well as private companies, defend against hackers, Jeanette Manfra, assistant director for cybersecurity, said at an Intelligence and National Security Summit on Thursday. Makers of voting machines and election systems are cooperating voluntarily, representing a breakthrough for the government, Manfra said in an interview after the conference in the Washington suburbs. “I think we’ve made a lot of progress with the vendors of those systems,” Manfra said. “We know what makes up the systems and how it actually works.” Officials, citing Russian interference in the 2016 campaign, predicted lively combat between hackers and government protectors of cybersecurity in the run-up to next year’s presidential election.

National: ‘No One Is Accountable for This’: Why the 2020 Campaigns Are Struggling With Security | Uri Friedman/The Atlantic

It’s the eve of Election Day 2020, and political reporters have just received an incendiary email. Donald Trump’s campaign has sent out grainy cellphone footage of his Democratic challenger, Joe Biden, at a private meeting with wealthy donors, ridiculing Americans who voted for the president in 2016 and plotting how to trick them into backing him instead. Except Biden never made the remarks and Trump never shared them. A few overeager journalists post the video on Twitter before fully investigating its authenticity, causing the clip to spread on social media faster than the presidential campaigns and the press can expose it as a fraud. U.S. authorities will eventually attribute the deception to North Korean hackers, impersonating the Trump campaign’s domain name and deploying deepfake technology to keep their preferred nuclear-talks counterpart in office. But that won’t happen for weeks, well after Americans have chosen their next leader. Such a hypothetical scenario isn’t implausible. In fact, it’s a type of threat that the email-security firm Agari flagged in a recent report. Three and a half years have passed since John Podesta, the chairman of Hillary Clinton’s presidential campaign, fell for a phishing email—granting Russian hackers, and thereby the world, access to his Gmail account and coming to embody the devastating ways foreign governments can meddle in democratic politics. In light of that trauma, the current crop of presidential campaigns has made progress in fortifying their digital operations. But according to those who have worked with the campaigns on these efforts, they nevertheless remain vulnerable to attack and lack cybersecurity best practices. “The risk is more than reasonable that another Podesta-like attack could take place,” Armen Najarian, Agari’s chief marketing officer, told me.

National: New NSA cyber lead says agency must share more info about digital threats | Joseph Marks/The Washington Post

The NSA is the U.S. government’s premier digital spying agency and it has a well-earned reputation for keeping secrets. But the agency needs to stop keeping so many things confidential and classified if it wants to protect the nation from cyberattacks. That’s the assessment from Anne Neuberger, director of NSA’s first Cybersecurity Directorate, which will launch Oct. 1 and essentially combine the work of many disparate NSA divisions dealing with cybersecurity, including its offensive and defensive operations. The directorate’s mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July. Neuberger acknowledged the difficulty of her mission during an onstage interview at the Billington Cybersecurity Summit, but also said the growing hacking threats from Russia, China and other U.S. adversaries mean the nation “must” achieve it. “The nation needs it … the threat demands it and the nation deserves that we achieve it,” Neuberger said. That mission also means, however, that NSA, which was once colloquially known as “no such agency” and has traditionally kept mum to protect its own hacking operations and secret sources, must start sharing more threat data with cybersecurity pros in the private sector, she said. And the NSA will have to share that information far more quickly than it has in the past when many recipients hcomplained that, by the time they get the information, it’s no longer useful, she said. In some instances, the agency will have to look for “creative approaches” to share that information, Neuberger told reporters after her talk.

National: Blue Dog Democrats urge action on election security | Maggie Miller/The Hill

The leaders of the House Blue Dog Coalition and the House Blue Dog Task Force on National Security on Thursday sent a letter to House and Senate leaders calling for action to prevent foreign interference in U.S. elections and to secure election systems. The House Blue Dog Coalition, a group of 26 moderate Democrats, urged congressional leaders to “put politics aside and pursue bipartisan solutions” to bolster election security ahead of 2020. “We are calling on Congress to take further action to secure our elections, punish Russia for its attempts to meddle in the 2016 and 2018 elections, and deter our adversaries from meddling in future U.S. elections,” the leaders of the Blue Dog Coalition and the Task Force wrote. “The threat to our national security could not be more clear.” The letter was sent to Speaker Nancy Pelosi (D-Calif.), House Majority Leader Steny Hoyer (D-Md.), Minority Leader Kevin McCarthy (R-Calif.), Senate Majority Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Charles Schumer (D-N.Y.).  The House has passed two major election security bills earlier this year, both along party lines. The SAFE Act, passed in June, would provide states with $600 million for election security efforts, and would also ban voting machines from being connected to the internet and from being manufactured outside the U.S. The House also approved the For the People Act, which includes sweeping language on election security and voting reform. Both bills have been blocked from a vote in the Senate by Republicans, who cite concerns around federalizing elections.

Ohio: Secretary of State to ask for $1.7 million to monitor cyber-security threats | Jim Provance/Toledo Blade

Ohio’s top elections official on Monday will ask a state budgetary panel to allow him to tap just more than $1.7 million in federal funds to monitor county boards of elections for potential cyber-security threats going into the 2020 presidential election. If approved, Ohio would become just the third state, following Nevada and Florida, to have such devices in all of its counties. Secretary of State Frank LaRose has asked the bipartisan Ohio Controlling Board to release the funds made available through the federal Help America Vote Act to contract with the Center for Internet Security. The New York-based nonprofit organization is the sole vendor approved by the U.S. Department of Homeland Security and has staff at the National Cybersecurity and Communications Integration Center in Washington. “The security directive is intended to protect that infrastructure that is connected to the Internet — stations where board staff work, email systems, voter registration databases, the board of election website…,” Mr. LaRose said. Voting machines and tabulating equipment would not be included since they are not connected to the Internet.

National: DNC move against phone-in caucuses pits cybersecurity vs. voter participation | Joseph Marks/The Washington Post

The Democratic National Committee’s decision to recommend scrapping phone-in virtual caucuses in Iowa and Nevada is pitting security hawks, who say those systems are ripe for hacking, against Democratic activists who want to increase voter participation. The DNC announcement on Friday comes after a test of the phone-in systems showed they were vulnerable to hacking, as my colleagues Isaac Stanley-Becker and Michael Scherer reported. That confirmed the suspicions of cybersecurity experts who have long argued there’s no way to ensure the authenticity of votes that aren’t cast in person — including votes cast by email, websites or mobile phones. But it was a blow to activists who want to make it easier for people to participate in the democratic process — and who say lengthy in-person caucuses exclude people who work long hours or are caring for young children. Iowa and Nevada developed their phone-in systems after the DNC urged caucus states in 2018 to either switch to primaries — which are speedier  — or make it easier for people to participate remotely. The Iowa system would have allowed voters to register for a unique PIN number and use that PIN when they called in to vote for a candidate, my colleagues reported. The DNC move also sparked the ire of some 2020 presidential hopefuls.

Iowa: A Virtual Iowa Caucus Would Have Been A Hacking Nightmare | Maggie Koerth-Baker/FiveThirtyEight

When the Democratic National Committee put the kibosh on plans for virtual caucuses in Iowa and Nevada, they may have pissed off the people who saw the event as a chance to give more people the opportunity to vote. But at least the DNC made the cybersecurity community happy. “It was absolutely the right decision,” said Herb Lin, senior research scholar at Stanford’s Center for International Security and Cooperation. Lin and other experts praised the DNC for deciding the risks of a virtual caucus outweighed the benefits of making the time-consuming and byzantine caucus system more accessible. Yes, that has thrown state parties into a bit of chaos as they scramble to come up with new plans by a Sept. 13 deadline. But, Lin and others told me, there’s no getting around the fact that a virtual caucus would be massively hackable — easy to steal, and even easier to simply disrupt. If anything, they said, they wished more political leaders would take the same stance against such schemes, both in the U.S. and abroad.

Pennsylvania: Election security advocates criticize Pennsylvania Department of State over re-examination of voting machines | Ed Mahon and Emily Previti/PA Post

Election security advocates are criticizing the Pennsylvania Department of State over the way it re-examined an electronic voting machine from a leading election technology company. “We are profoundly disappointed that the Secretary’s office has conducted this re-examination in secret, without transparency or public engagement, which we believe to be in contravention of the requirements of the Commonwealth and the provisions of the Stein settlement,” Susan Greenhalgh, vice-president of programs for the National Election Defense Coalition, said in a news release. “We are examining our options for further action.” Several other groups, including Protect Our Vote Philly and the Pennsylvania-based Citizens for Better Elections, joined in criticizing the state department. In July, Greenhalgh and other election security advocates submitted a petition to the Department of State, requesting a re-examination of the ES&S ExpressVote XL electronic voting machine. The petition included 200 signatures from voters across the state. “They’ve never refused to let the public come in and observe these systems,” said petitioner and VotePA founder Mary Beth Kuznik. “It’s distressing.”

National: Cyber Experts Warn Of Vulnerabilities Facing 2020 Election Machines | Miles Parks/NPR

A group of guys are starring into a laptop, exchanging excited giggles. Every couple minutes there’s an “oooooh” that morphs into an expectant hush. The Las Vegas scene seems more like a college dorm party than a deep dive into the democratic process. Cans of Pabst Blue Ribbon are being tossed around. One is cracked open and spews foam all over a computer keyboard. “That’s a new vulnerability!” someone yells. The laptop that’s drawing the most attention in this moment is plugged into a voting machine that was used just last year in Virginia. “Right now, we’re trying to develop a way to remotely control the voting machine,” said a hacker named Alex. He’s seated next to Ryan, and like a lot of the hackers at the Defcon conference, they didn’t feel comfortable giving their full names. What they’re doing — messing around with voting equipment, the innards of democracy — falls into a legal gray area. The voting machine looks sort of like a game of Operation. The cover is off and dozens of cords are sticking out, leading to multiple keyboards and laptop computers. No one could get that kind of access on a real Election Day, which is when most people come into contact with voting machines for a few minutes at most. Election supervisors are quick to point out that any vulnerabilities found under these conditions aren’t indicative of problems that actually could be exploited during an election. All the same, hackers like Alex and Ryan say the work they’re doing is important because it’s the highest profile public investigation of the equipment U.S. citizens use to vote. And if they can exploit it, so could government-sponsored specialists working for another nation’s intelligence agency.

Editorials: Why is the Russian medding in 2016 such a big secret? I’m not allowed to say. | Stephanie Murphy/The Washington Post

In May, other members of Florida’s congressional delegation and I were briefed for 90 minutes in the U.S. Capitol by officials from the FBI and the Department of Homeland Security regarding Russia’s interference in the 2016 election. I sought the briefing after then-special counsel Robert S. Mueller III’s report showed Russia had probed and even pierced election networks in Florida, among the most closely contested states in U.S. politics. Although our briefers supplied new details, much remained unknown. What I do know, I can’t talk about. Why that’s the case is itself a mystery. The Mueller report noted that Moscow’s meddling involved three lines of effort, and Florida was a target of each. First, a Russian entity conducted a social media campaign to sow discord and help then-candidate Donald Trump, including by organizing pro-Trump rallies in Florida. Second, a Russian intelligence agency — the GRU — hacked computer accounts connected to Hillary Clinton’s campaign. As part of this effort, it published Florida-related data stolen from House Democrats’ campaign arm. Finally, Mueller reported, the GRU sought to infiltrate computer networks involved in the administration of elections, which could enable Russia to alter voter registration databases or perhaps vote tabulation systems. That would be tantamount to an act of war, with malware rather than missiles as the weapon of choice. While Russian cyber actors cast a wide net, Florida’s county-based election supervisors were a focal point.

Pennsylvania: Guard’s Cyber Defense Team meets with Acting Secretary of the Commonwealth | DVIDS

Members of Pennsylvania National Guard’s Cyber Defense Team met with Pennsylvania Acting Secretary of the Commonwealth Kathy Boockvar to discuss current mutual projects, including election security, in early August during a Pennsylvania State Department orientation of the Pennsylvania National Guard’s capabilities and assets which included a tour of Fort Indiantown Gap, Pennsylvania. “This visit covered a variety of topics,” explained Maj. Christine Pierce, defensive cyber operations team chief. “We have been working with multiple Pennsylvania state agencies to provide a variety of services and we were excited to assist the Pennsylvania Department of State with the 2018 midterms as well as other cyber requirements.” Pennsylvania National Guard’s Cyber Defense Team provides comprehensive cyber defense services such as: vulnerability assessments, critical infrastructure assessment, penetration testing, and network monitoring. Network monitoring assistance was provided to the Pennsylvania State Department during the 2018 midterm elections. The team is preparing to assist the Pennsylvania Department of State during the 2020 elections.

Wisconsin: Outdated systems could affect state vote | Capitol Report

A Wisconsin Elections Commission security official is expressing concern that outdated operating systems are being used by local elections clerks across the state, raising the prospect of foreign interference in Wisconsin’s elections ahead of the 2020 presidential race. In a memo, Election Security Lead Tony Bridges details how a number of local clerks are using Windows XP or Windows 7 on office computers to access the WisVote voter database. According to Bridges, failure to maintain an up-to-date operating system poses “a tremendous risk.” Security patches on Windows XP have not been supported since 2014, while Windows 7 will reach its end-of-life cycle in January 2020, meaning Microsoft will no longer provide free security updates. Bridges pointed to a recent cyberattack in Georgia that brought down systems across Jackson County and warned a similar attack could “dramatically impact voter confidence in the electoral process” in Wisconsin.