National: Democrats call for a Senate vote on elections reform package | Jennifer McDermott/Associated Press

Democratic congressmen held an event Thursday in Rhode Island to try to pressure Republican Senate Majority Leader Mitch McConnell into allowing a vote on a comprehensive elections and ethics reform package. Maryland Democratic Rep. John Sarbanes, who is the bill’s main author, met with Rhode Island Rep. David Cicilline and Sen. Sheldon Whitehouse in North Providence. The influence of big money in politics is impeding efforts to address climate change, gun violence and prescription drug costs, they said. Activists working on those issues attended the event. “This isn’t just some theory, like wouldn’t it be good to reform government because good government is an abstract idea,” Cicilline said. “It has a direct effect on people’s lives. The corrupting influence of money and its impact on public policy is hurting the American people.”

Rhode Island: Security expert offers solution to prevent hacking of election computers in Rhode Island next year | Edward Fitzpatrick/The Boston Globe

A computer security expert is proposing a solution that would let the state Board of Elections bolster its cybersecurity on Election Day without having to rip out modems that make the state’s election system vulnerable to cyberattacks. On Aug. 2, the Board of Elections asked Tony Adams, an information security professional who lives in Providence, to write a memo suggesting ways to reduce the risk of hacking on election night, when modems are used to quickly report unofficial results. In an Aug. 14 memo, Adams suggests having the modems report unofficial results to computers that are separate from the state’s core election computer system, which configures ballots and tabulates official results. That way, if hackers did penetrate the system on election night, they couldn’t change the official results or hold the whole system hostage with ransomware, for example, he said. “This idea is so elegant you have to ask: Why didn’t I think of that?” Board of Elections Vice Chairman Stephen P. Erickson said this week. “Because you don’t have to spend a lot of money, it’s relatively simple to implement, and it will substantially increase the level of security — and the perceived security, which is important.”

Texas: Palo Pinto County to Block State Network Access for Security | David May/Mineral Wells Index

If state officials want to perform a security or other audits of the local elections office, they may have to come to Palo Pinto to do it. Joey Fenley, head of Palo Pinto County’s Information Technology department, said allowing remote access to the county’s network through an offsite connection – such as software using a virtual private network – puts the county’s network at risk of receiving a virus or, worse, ransomware. He said it is a breach of the county’s network security protocols. Fenley questions why the state would perform a network security audit using an insecure method. “It’s done by a third party and you don’t know who they are,” Fenley told the Index.

International: Intel, IBM, Google, Microsoft & others join new security-focused industry group | Catalin Cimpanu/ZDNet

Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices. Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. Named the Confidential Computing Consortium, this industry group’s goals will be to come up with strategies and tools to accelerate the adoption of “confidential computing.” By confidential computing, the group is referring to hardware and software-based technical solutions for isolating user data inside a computer’s memory while it’s being processed, to avoid exposing it to other applications, the operating system, or other cloud server tenants. The easiest way of supporting confidential computing practices is through the use of trusted execution environments (TEEs), also known as enclaves. These are hardware and/or software-enforced private regions of a computer’s CPU memory where only certain apps can write and read data.

Argentina: Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares | Eugenia Lostri/Lawfare

On Monday, Aug. 12, hackers leaked 700 GB of data obtained from the government of Argentina, including confidential documents, wiretaps and biometric information from the Argentine Federal Police, along with the personal data of police officers. The Twitter account of the Argentine Naval Prefecture was hacked as well, and used not only to share links to the stolen information but also to spread fake news about a nonexistent British attack on Argentine ships. An operation combining the hacking of law enforcement agencies, an attempt to spread misinformation through social media and the leaking of large amounts of sensitive data on the “Deep Web” would seem to check all the boxes for a major news story. But you most likely have not heard about any of this.

National: State Election Infrastructure Is Still Vulnerable, Report Finds | by Phil Goldstein/StateTech Magazine

The 2020 presidential election is more than 14 months away, but some experts are warning that state governments face an uphill battle in defending election infrastructure from cyberattacks. According to a recent report, “Defending Elections: Federal Funding Needs for State Election Security,” many election security projects at the state level are either unfunded or underfunded. The report calls on the federal government to provide more funding for state-level election security measures ahead of next year’s election. “In administering our elections, states face security challenges of unprecedented magnitude,” the report concludes. “They are, in many cases, ill-equipped to defend themselves against the sophisticated, well-resourced intelligence agencies of foreign governments. States should not be expected to defend against such attacks alone. Our federal government should work to provide the states with the resources they need to harden their infrastructure against cybersecurity threats.” The paper was authored by a bipartisan group of organizations including the Brennan Center for Justice, the Alliance for Securing Democracy, the R Street Institute and the University of Pittsburgh Institute for Cyber Law, Policy, and Security.

National: 2020 election security to face same vulnerabilities as in 2016 | Michael Heller/TechTarget

For the third year running, the Voting Village at DEF CON shined a light on election security and one thing was made clear: no one agrees on what to expect in 2020. In opening remarks at DEF CON, founders Harri Hursti, Matt Blaze and Jake Braun laid out the long road the Voting Village has traveled to raise awareness of election security issues. Blaze, who serves as the McDevitt Chair of Computer Science and Law at Georgetown University, pointed out the troubles began with the Help America Vote Act (HAVA), which passed in 2002 as an effort to modernize and improve election administration. “They didn’t understand as much at the time as we do now about building voting machines and almost everything produced to comply with the Help America Vote Act has terrible vulnerabilities associated with it,” Blaze said. “That’s partly because we’ve taken these systems that weren’t dependent on software before and made them dependent on software. And, as everybody here in Las Vegas can tell you, software is utterly terrible. So we essentially took a problem that was hard and we added software to it.” A new initiative at this year’s Voting Village was to connect security researchers and hackers directly to election officials to provide pro bono work to help secure the 2020 election. Braun, an executive director for the University of Chicago Harris School of Public Policy’s Cyber Policy Initiative, noted the past work of the Voting Village had been corroborated. “The Mueller report reinforced a lot of what we identified last year, like you can hack a website with a SQL injection and get into a voter registration database, which is exactly what Mueller said the Russians did in 2016,” Braun said. “And frankly, they didn’t even go as far as we said was possible [in last year’s election.]”

Editorials: The malware election: Returning to paper ballots only way to prevent hacking | Lulu Friesdat/The Hill

The key takeaway of special counsel Robert S. Mueller’s report on Russian interference in the 2016 election was that “There were multiple, systematic efforts to interfere in our election … and that allegation deserves the attention of every American.” But with so much attention on what happened in 2016, we have lost much of the time available to protect the 2020 election. This was immediately apparent recently at DEF CON, one of the largest hacker conventions on the planet. The conference, where tens of thousands of hackers descend on the pseudo-glamourous “pleasure pit” that is Las Vegas, includes the Voting Village, a pop-up research lab with an array of U.S. voting equipment available for security researchers to compromise. They were terrifyingly successful. High school hackers and security professionals united to take control of almost every voting system in the room, most of it currently in use around the U.S. They found systems with no passwords, no encryption, and operating systems so old that young hackers often had no previous experience with them. That did not prevent them from completely dominating the machines. They accessed USB, compact flash and ethernet ports that were glaringly unprotected, and then proceeded to play video games and run pink cat graphics across the screens of ballot-marking devices and voter registration database systems.

Illinois: ‘Iranian Hackers’ Claim Hack on Macon County Website | Kennedy Nolan/Decatur Herald & Review

Macon County, Ill., is the latest government entity to be targeted by hackers who hijacked a web page and disabled access. The Circuit Clerk’s Office main web page on Sunday night was overtaken by an image of a Guy Fawkes mask, Iranian flag and the text: “Hacked by Iranian Hackers. Hacked by Mamad Warning. We are always closer to you. Your identity is known to us. Your information is for us 😉 take care.” Circuit Clerk Lois Durbin said the county Information Technology department restored the page by 10 a.m. Monday. The office handles all records of traffic, civil and criminal cases in the county, but Durbin said personal identification information is stored on a separate system and wasn’t in danger of being accessed. “The firewall went up, and everything was protected and nothing was compromised,” she said. The county joins a growing list of government entities that are the victims of hacking attempts. Another technique involves disabling a website with malware and demanding money to restore it.

New Jersey: State’s Department of Homeland Security warned Russians could interfere in our elections next year. Trump’s not worried. | Jonathan D. Salant/NJ.com

New Jersey’s Department of Homeland Security has warned state and county elections officials that Russia or another foreign actor could hijack their websites or social media accounts, “severely impacting and eroding confidence in the election results.” The warning, which went to elections officials on the state level and in all 21 counties, was contained in a bulletin sent earlier this month by the state Cybersecurity and Communications Integration Cell. The state agency acted after the Senate Intelligence Committee warned about “Russian intentions to undermine the credibility of the election process” and a civil grand jury in San Mateo County, California, warned of hackers using government accounts to report false election results or issue false voting instructions. “The threat of foreign interference in our elections is a pressing national security issue,” said Rep. Mikie Sherrill, D-11th Dist., chairwoman of the House Science subcommittee on investigations and oversight, which held a hearing last month to highlight problems with state elections systems.

Texas: Ransomware Attack Hits 22 Texas Towns, Authorities Say | Manny Fernandez, Mihir Zaveri and Emily S. Rueb/The New York Times

Computer systems in 22 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack that has sent state emergency-management officials scrambling and prompted a federal investigation, the authorities said. The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the “ransomware attack,” in which hackers remotely block access to important data until a ransom is paid. Such attacks are a growing problem for city, county and state governments, court systems and school districts nationwide. By Tuesday afternoon, Texas officials had lowered the number of towns affected to 22 from 23 and said several government agencies whose systems were attacked were back to “operations as usual.” The ransomware virus appeared to affect certain agencies in the 22 towns, not entire government computer systems. Officials said that there were common threads among the 22 entities and that the attacks appeared not to be random, but they declined to elaborate, citing a federal investigation. It was unclear who was responsible. The state described the attacker only as “one single threat actor.”

Wisconsin: Outdated operating systems could affect Wisconsin elections | Capitol Report/HNG News

A Wisconsin Elections Commission security official is expressing concern that outdated operating systems are being used by local elections clerks across the state, raising the prospect of foreign interference in Wisconsin’s elections ahead of the 2020 presidential race. In a memo, Election Security Lead Tony Bridges details how a number of local clerks are using Windows XP or Windows 7 on office computers to access the WisVote voter database. According to Bridges, failure to maintain an up-to-date operating system poses “a tremendous risk.” Security patches on Windows XP have not been supported since 2014, while Windows 7 will reach its end-of-life cycle in January 2020, meaning Microsoft will no longer provide free security updates. Bridges pointed to a recent cyberattack in Georgia that brought down systems across Jackson County and warned a similar attack could “dramatically impact voter confidence in the electoral process” in Wisconsin. “It could, for example, expose confidential information, prevent the timely distribution of absentee ballots, prevent the timely printing of poll books, disrupt communications with voters, expose voters to potential cyberattack, destroy digital records, prevent the display of election night results,” he wrote recently.

National: America faces a voting security crisis in 2020. Here’s why – and what officials can do about it. | Emily Goldberg/Politico

Paperless voting machines are just waiting to be hacked in 2020. And “upgrading” to paper-based voting machines may sound like an oxymoron, but it’s something cybersecurity experts are urging election officials across the country to do. A POLITICO survey found that in 2018, hundreds of counties in 14 states used paperless voting machines — and almost half of the counties that responded to the survey said they don’t plan on changing that ahead of 2020. Security experts said paperless voting machines are vulnerable to hacking because they leave no paper trail and there’s no way to reliably audit the results when an error occurs. Thousands of Redditors joined us as cybersecurity reporter Eric Geller and voting security expert and University of Michigan professor J. Alex Halderman took on Reddit’s most pressing questions about the weaknesses in America’s election systems. We chatted about voting methods in various countries from the U.S. to India, how much the transition to paper ballots would cost, and even “Star Wars.”

National: Russian hackers, town budgets, Windows updates: Officials grapple with realities of election security | Ben Popken and Kenzi Abou-Sabe/NBC

The nation’s highest agency dedicated to election administration convened a security summit on Thursday to figure out how to confront a problem: The majority of the country’s 10,000 voting jurisdictions still run outdated software. In July, Associated Press reported that many counties still use Windows 7, initially released in 2009, or even older software in their back office election management systems used by officials to administer elections, but not on the machines where voters cast their ballots. It’s so old that Microsoft announced last year it will soon stop supporting it — shipping free updates to bugs or fixing security issues. After 2020, updates will require a fee. But inside a 21-seat conference room in Silver Spring, the discussion of the Election Assistance Commission — which included state election directors, secretaries of state and representatives from the Department of Homeland Security, election system manufacturers and testing laboratories — the hastily organized meeting also touched on broader frustrations over challenges local election officials face in trying to secure their voting systems as well as inaction from politicians in Washington. “We are talking about local communities having trouble funding roads and water bills, and now we want them to take part in defense against foreign and state actors,” said Kentucky State Election Director Jared Dearing.

National: Election Security in 2020 Comes Down to Money, and States Aren’t Ready | Kartikay Mehrotra and Alyza Sebenius/Bloomberg

The front line to protect the integrity of the U.S. presidential election is in a Springfield strip mall, next to a Chuck E. Cheese’s restaurant. There, inside the Illinois Board of Elections headquarters, a couple dozen bureaucrats, programmers, and security experts are furiously working to prevent a replay of 2016, when Russian hackers breached the state’s voter registration rolls. For 2020, Illinois is deploying new U.S. government software to detect malicious intrusions and dispatching technology experts to help local election officials. Even the National Guard, which started its own cyber unit several years ago, is on speed dial for election night if technicians needed to be rushed to a faraway county. Still, Illinois officials are nervous. The cash-strapped state remains far short of the resources needed to combat an increasing number of nations committing geopolitical breaches. “We’re in an unusual time, and yes, there is concern about whether we have enough to go into 2020 totally prepared for what the Chinese, Russians, or North Koreans or any enemy of the United States may do to influence our elections,” says Governor J.B. Pritzker, a Democrat. “We’re securing our elections with state resources, but there is a federal need. This is a national crisis.”

National: Only One Republican Supported That Divisive Election Security Bill. Here’s Why He Voted in Favor | Robert Hackett/Fortune

Last week we discussed election security. Let’s dig a little deeper into divisions provoked by one of the major pieces of proposed legislation, the Securing America’s Federal Elections Act. The bill has lately become a political flashpoint, blocked by Senate Majority Leader Mitch McConnell of Kentucky, who ostensibly fears further federalizing elections more than he fears the subversion of American democracy through hacking, foreign interference, or other hi-jinx. The bill primarily aims to require states to use voting machines that are up-to-date, not Internet-connected, made in America, and produce paper-based, voter-verifiable ballots. These are all sensible criteria, and it’s hard to argue against their adoption. In addition, the bill would earmark federal funds to help states get the new gear in place by 2020—a more contentious component. (See also this Wall Street Journal editorial which lays out other gripes.) While the Democratic House passed the bill with 225 votes in June, only one Republican voted in favor: Representative Brain Mast of Florida. It’s worth noting that Mast is not Republican in name only, as an analysis by the data junkie blog FiveThirtyEight makes clear. As of the end of last year, Mast had voted in line with President Donald Trump’s policy initiatives 92.7% of the time.

National: Windows 7 woes crash into 2020 election cycle | Derek B. Johnson/FCW

Thousands of jurisdictions are relying on a nearly obsolete operating system to run their election systems, and it’s not clear they will have the money or time to wean themselves off before the 2020 elections. At an Aug. 15 election security forum hosted by the U.S. Election Assistance Commission (EAC), state officials, vendors and experts warned that a lack of money and resources as well as technical and logistical hurdles are preventing them from migrating their election systems from the Windows 7 operating system to Windows 10. Lousiana Secretary of State Kyle Ardoin illustrated the costs and complexities associated with replacing outdated operating systems on election equipment like voter registration systems, e-pollbooks and other software. He said Louisiana will have spent more than $250,000 to replace computers using Windows 7 in clerks of court and voter registration offices. An additional $2 million has been spent to temporarily lease voting machines that require Windows 10 while the state waits for a new batch to go through the procurement process. He estimated the cost of updating to Windows 10 to be around $670 per machine, not including the costs associated with testing, configuration and deployment.

Editorials: There’s no excuse for failing to secure election systems from Russian meddling | St. Louis Post-Dispatch

More than a dozen states are still using electronic ballot systems that leave no paper trail — an invitation to Russia and anyone else who wants to hack into and disrupt America’s next national election. This gaping security hole is being blamed on lack of money in state and local budgets, and a lack of urgency among some Republican officials. Both reasons are unacceptable. Americans may be divided about the veracity of some aspects of the report and testimony from special counsel Robert Mueller, but those who think that renders debatable his conclusions about Russian election interference are simply not paying attention. Mueller’s unambiguous warning that Russia hacked into the election systems of all 50 states in 2016 and is planning to do so again next year has been confirmed on both sides of the aisle. U.S. intelligence agencies have long insisted it happened and will happen again. Even the Republican-controlled Senate Intelligence Committee reached the same conclusion in a recent report. “Russian activities demand renewed attention to vulnerabilities in U.S. voting infrastructure,” the report found. “In 2016, cybersecurity for electoral infrastructure at the state and local level was sorely lacking. … Aging voting equipment, particularly voting machines that had no paper record of votes, were vulnerable to exploitation by a committed adversary.”

Wisconsin: Election security threats and the proposed solution | WXOW

Outdated Windows systems could impact election security in Wisconsin. Officials say the Wisconsin Elections Commission (WEC) has started a pilot program to address concerns. The proposal, prepared by Election Security Lead Tony Bridges, cites concerns over aging computer systems. He states, “the strength or weakness of any one work station could affect the security of the entire state’s elections infrastructure.” Bridge then explained at least a handful of computers that access WisVote no longer receive security updates; that includes Windows XP which hasn’t been updated since 2014. WEC won’t specify which users are vulnerable due to privacy concerns. “We always want to be careful when we’re talking about elections security,” said WEC PIO Reid Magney. “We don’t want to divulge where there might be vulnerabilities in the system.”

Russia: Blockchain Voting System in Moscow Municipal Elections Vulnerable to Hacking: Research Report | Trevor Holman/CryptoNewsZ

A recent research report by a French cryptographer demonstrates that a blockchain voting framework utilized in Moscow’s municipal elections is susceptible to hacking. The researcher at the French government research establishment CNRS, Pierrick Gaudry, have examined the open code of the e-voting platform dependent on Ethereum in his paper. Gaudry inferred that the encryption plan utilized by a portion of the code is “totally insecure.” The research report titled, “Breaking the encryption scheme of the Moscow internet voting system” by Pierrick Gaudry, a researcher from CNRS, French governmental scientific institution had examined the encryption plan used to verify the open code of the Moscow city government’s Ethereum-based platform for e-voting. Gaudry concluded that the encryption scheme utilized by a portion of the code is entirely insecure by clarifying –

We will show in this note that the encryption scheme used in this part of the code is completely insecure. It can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. More precisely, it is possible to compute the private keys from the public keys. Once these are known, any encrypted data can be decrypted as quickly as they are created.

National: Election officials want security money, flexible standards | Dean DeChiaro/Roll Call

State officials from Louisiana and Connecticut on Thursday asked for more money and clear standards from the federal government to help secure voting systems before the 2020 elections. But the officials, Louisiana Secretary of State Kyle Ardoin and Connecticut Secretary of State Denise Merrill, stressed the differences between their election systems and asked for leeway from the federal government in deciding how to spend any future funding. “The cultures are different and the voters have different expectations,” Ardoin told commissioners from the federal Election Assistance Commission, or EAC, at a public forum. Both states received federal funds to upgrade cyber and physical security of their voting systems after Congress approved $380 million for election security in 2018. They spent their share of those funds differently. Connecticut has put much of its funding toward training, Merrill said, while Louisiana is scrambling to upgrade systems running Windows 7 to Windows 10 before Microsoft stops offering support for the older operating system in January. Ginny Badanes, the director of Microsoft’s Defending Democracy Program, which is working to help both states and companies that build voting machines and software to prepare for the switch in operating systems, said the company “will do whatever it takes to make sure these customers have access to updates that are straightforward and affordable.” Both the state officials and private sector witnesses urged the commission to adopt and publish standards that would set the best practices for election security.

National: States Struggle to Update Election Systems Ahead of 2020 | Alyza Sebenius and Kartikay Mehrotra/Bloomberg

U.S. states operating outdated and insecure voting machines face major hurdles in protecting them in time for the 2020 presidential election, officials said at a meeting of elections experts. Budgets are strained, decision-making authority is diffuse and standards put in place years ago haven’t kept up with today’s cyberthreats, according to testimony Thursday to the Election Assistance Commission in Silver Spring, Maryland. The Senate Intelligence Committee reported last month that Russia engaged in “extensive” efforts to manipulate elections systems throughout the U.S. from 2014 through “at least 2017.” The Brennan Center for Justice reported Thursday that states will have to spend more than $2 billion to protect their election systems in the next five years, including replacing outdated machines or purchasing the software improvements necessary to help harden existing equipment against hackers. Updating software is a “regular and important part” of cybersecurity, the Center for Democracy & Technology warned in a statement. But even when a software patch is available, states can’t compel “severely under-resourced” local elections officials to buy and implement the improvement, said Jared Dearing, executive director of the Kentucky State Board of Elections. On top of those hurdles, Dearing said, the process of certifying elections equipment to federal standards leaves machines in “a time capsule of when that system was developed.”

National: Hackers can easily break into voting machines used across the U.S.; play Doom, Nirvana | Igor Derysh/Salon

Voting machines used in states across the United States were easily penetrated by hackers at the Def Con conference in Las Vegas on Friday. Participants at Def Con, a large annual hacker conference, were asked to try their skills on voting machines to help expose weaknesses that could be used by hostile actors. A video published by CNN shows a hacker break into a Diebold machine, which is used in 18 different states, in a matter of minutes, using no special tools, to gain administrator-level access. Hackers also quickly discovered that many of the voting machines had internet connections, which could allow hackers to break into machines remotely, the Washington Post reported. Motherboard recently reported that election security experts found that election systems used in 10 different states have connected to the internet over the last year, despite assurances from voting machine vendors that they are never connected to the internet and therefore cannot be hacked. The websites where states post election results are even more susceptible. The event had 40 child hackers between the ages of 6 and 17 attempt to break into a mock version of the sites. Most were able to alter vote tallies and even change the candidates’ names to things like “Bob Da Builder,” CNNreported. “Unfortunately, it’s so easy to hack the websites that report election results that we couldn’t do it in this room because [adult hackers] would find it boring,” event organizer Jake Braun told CNN.

National: Election Assistance Commission Urged to Finalize 2020 Security Standards | Jack Rodgers/Courthouse News

During a forum on election security Thursday, Connecticut’s secretary of state urged a federal agency in charge of the process to act quickly in issuing new security standards for voting systems so states can update software in time for the 2020 election. The U.S. Election Assistance Commission hosted three panels of witnesses, all of whom testified on ways to improve the security of the nation’s election systems during a three-hour forum in Washington, D.C. Last year, Congress appropriated $380 million under the Help America Vote Act, which makes funds available for states to update election security measures and voter registration methods. However, the federal funds, coupled with a state-required match, were not enough to completely update voting equipment across the country. During Thursday’s first panel, the secretaries of state for Connecticut and Louisiana, Denise Merrill and Kyle Ardoin, respectively, both spoke to the benefits of this funding. Merrill said that with the $5 million in HAVA funds appropriated to her state last year, Connecticut had implemented a virtual system that allows those in election advisory roles to view every desktop used for counting and reporting votes in the state. In most of the state’s 169 towns, methods of recording votes differ depending on the area, Merrill said, also noting that some towns don’t use computers.

National: States and localities are on the front lines of fighting cyber-crimes in elections | Elaine Kamarck/Brookings

When it comes to fighting illegal intrusions into American elections, the states and localities are where the rubber meets the road—that is where American elections are administered. This authority is grounded in more than tradition; it derives from Article I, Section 4 of the Constitution. That section notes that while Congress has the authority to intervene in the setting of elections, election administration is largely a function of state and local government. Given this situation, election law and practice vary considerably from state to state, which leads to a number of ramifications. On the one hand, this decentralization makes it hard for a single cyberattack to take down the entire American election system. But having a fragmented system poses some disadvantages as well. Some states and localities are simply better equipped to protect against cyber intrusions than others, and an adversary seeking to sow doubt and confusion about the integrity of an election needs to compromise only a few parts of the entire system in order to undermine public confidence. The vulnerabilities in election administration exist at every step of the process, from the registration of voters, to the recruitment of poll workers for election day, to the books of registered voters at polling places, to the devices that capture and tally the vote, to the transmission of that data to a central place on election night and to the ability to execute an accurate recount. Every state and locality wants to run a fair election but they are limited by inadequate funding, the absence of trained personnel, and outdated technology.

National: Ex-CIA chief worries campaigns falling short on cybersecurity | Maggie Miller/The Hill

Democratic 2020 presidential campaigns say they are working to boost their cybersecurity, but experts worry those efforts may not be enough. Former acting CIA Director Michael Morell told The Hill he worries there is a “void” and that campaigns need outside help to fully address the issue. “There is not a lot of initial thought given to cybersecurity,” Morell said about the campaigns. Several campaigns insist they have prioritized the issue. Chris Meagher, the spokesman for South Bend, Ind., Mayor Pete Buttigieg’s campaign, told The Hill that “our campaign is committed to digital security,” noting the hiring of a full-time chief information security officer (CISO), Mick Baccio, last week. “Hiring a full-time CISO is one way we are protecting against cyberattacks,” Meagher added. A spokesperson for the presidential campaign of former Rep. Beto O’Rourke (D-Texas) told The Hill they are “actively engaged in defending our operation from disinformation and other cyberattacks.” The spokesperson emphasized that “whether it’s training staff as a part of our onboarding process, requiring staff to use complex passwords to protect mobile devices, or using secure messaging services, this campaign understands that protecting our information requires a comprehensive approach to prepare for and manage attacks.”

Editorials: Trump is holding election security hostage | Brian Klaas/The Washington Post

President Trump is holding American election security hostage in a bid to suppress votes in his reelection campaign. On Tuesday, Trump tweeted that “No debate on Election Security should go forward without first agreeing that Voter ID (Identification) must play a very strong part in any final agreement. Without Voter ID, it is all so meaningless!” In other words, he is explicitly acknowledging that he will allow known vulnerabilities in American election security infrastructure to remain as inviting targets to foreign adversaries of the United States — unless he gets his way on a long-standing Republican priority. But the evidence is clear: Foreign attacks on American democracy are an urgent, ongoing threat to national security that could result in the entire democratic process being rigged or hacked. On the other hand, voter fraud — the problem that voter ID legislation is ostensibly trying to solve — has already been solved. It’s a minuscule problem that poses virtually no threat to American elections.

Connecticut: Chief elections official says Connecticut’s electronic voting machines are ‘coming to the end of their useful life’ | Mark Pazniokas/CT Mirror

Connecticut’s current system of casting and counting votes has its roots in the chaotic presidential election of 2000. With the winner unclear for a month, it was a frightening moment in U.S. politics that led to a bipartisan consensus about the need to maintain confidence in the integrity of elections. Passage of the federal Help Americans Vote Act in 2002 established broad standards for the conduct of elections and provided funding for new hardware, leading Connecticut in 2006 to abandon its old mechanical lever voting machines for a mix of the old and new — paper ballots counted by computer-driven tabulators. “We fortunately made the right choice,” Secretary of the State Denise Merrill said Wednesday. A proposed Voter Empowerment Act now before Congress would make hybrid systems like Connecticut’s the new federal standard: Using computers to quickly count votes, while maintaining paper ballots as a check on computer hacking and other forms of cyber fraud. President Trump recently endorsed paper ballots on Twitter. But as Merrill and U.S. Sen. Richard Blumenthal made clear Wednesday at a press conference on elections security, the technical and political challenges in protecting U.S. elections are far more complex today than in the aftermath of the Florida recount in the Bush-Gore campaign of 2000. Blumenthal arrived at Merrill’s state Capitol office with his right arm in a sling. He had surgery last week for a torn rotator cuff.

Florida: Broward County elections chief says military adversary could hack US elections. ‘There are forces bigger than us.’ | Anthony Man/South Florida Sun-Sentinel

Broward Supervisor of Elections Peter Antonacci said Wednesday that a determined effort to hack elections — if it’s undertaken by the military of a significant foreign adversary — could prove successful. Antonacci said in an interview he was acknowledging the obvious reality, even though it’s something many people don’t want to recognize. “If the military organizations of our adversaries around the world decide to do something, technically they have the capability to do it,” he said. “There are forces bigger than us and people much bigger than us that may wish us wrong. If they have the intent and capacity, bad things can happen.” Antonacci said publicly offering the assessment isn’t the kind of thing that will endear him to the broad universe of people who run elections, including other county elections supervisors. “My fellow supervisors will probably drum me out of the club,” he said. “The general thing people in my business like to say is ‘Everything’s OK.’” Antonacci, who oversees elections in Florida’s second-largest county, said his job is to make sure that Broward County has as many safeguards as it can and to have systems in place that can detect if and when something happens. “What we can do as little people in that drama is make sure our system is protected as much as possible.”

Georgia: Judge Says Georgia To Use Old Electronic Voting Machines For 2019 Elections | Stephen Fowler/NPR

A federal judge has denied a request to move all of this fall’s municipal elections in Georgia away from “unsecure, unreliable and grossly outdated technology” and toward hand-marked paper ballots that are optically scanned and counted. The order from U.S. District Court Judge Amy Totenberg Thursday also requires the state to cease using its direct-recording electronic voting machines after 2019 and expresses doubts about the state’s ability to roll out its new ballot-marking device system in time for the March 24, 2020, presidential primary election. In the decision, Totenberg also directs the Georgia secretary of state’s office to develop a plan to “address errors and discrepancies in the voter registration database” and have paper copies of poll books at each voting precinct. The state must also create a contingency plan for the 2020 elections in case the new system is not completely rolled out. That includes designating several pilot jurisdictions that will use hand-marked paper ballots with optical scanners in their elections this fall. A group of election integrity advocates and Georgia voters sued the secretary of state’s office in 2017 alleging that the current DRE system is not secure and is vulnerable to hacking. Last year, Totenberg denied a similar motion for preliminary injunction that would have blocked the DREs from being used in the 2018 midterm election. The current motion sought to prevent the machines from being used this fall in several hundred local elections.