National: Menendez calls for $2.5B to help strengthen election systems | NJTV

Brandishing a copy of the Mueller Report, Sen. Bob Menendez emphasized its findings about election security during the last presidential campaign and election and proposed spending $2.5 billion over 10 years to make the system more resilient. “The Russian government carried out a sweeping and systematic attack on the 2016 election and the Trump campaign actively welcomed it. Second, the president repeatedly tried to undermine and obstruct the special counsel’s investigation into that interference,” Menendez said. Menendez argued that the obstruction continues. This weekend, in fact, President Donald Trump continued to assail the Mueller Report as a political hoax. “The radical, liberal Democrats put all their hopes behind their ‘collusion delusion’, which has now been totally exposed to the world as a complete and total fraud,” Trump said on April 27 in Wisconsin. Trump’s chief of staff Mick Mulvaney warned White House officials not to mention Russian election activity to the president, The New York Times reported, because Trump believes it delegitimizes his election victory. But Menendez says the U.S. election system remains vulnerable to future attacks — noting that Mueller’s report underscored previous intel that Russians hacked 21 state elections systems, not including New Jersey’s and installed malware at a voting technology company’s computer network. Sen. Marco Rubio told The New York Times that Russian hackers could have tampered with rolls of registered voters in one Florida county. The FBI fully expects renewed cyberattacks.

National: U.S. Cyber Command has shifted its definition of success | CyberScoop

U.S. Cyber Command is shifting the way it measures success from solely military outcomes to how the command enables other government agencies to defend against foreign offensive cyber threats. Brig. Gen. Timothy Haugh, who is in charge of Cyber Command’s Cyber National Mission Force, said on Tuesday at an event hosted by the Atlantic Council that success is “not necessarily [about] the department’s outcome,” but is instead about “how can we enable our international partners [and] our domestic partners in industry to be able to defend those things that are critical to our nation’s success.” Haugh said Cyber Command is doing its job right if agencies are taking their own actions: State Department issuing démarches, Department of Homeland Security releasing alerts, and Treasury Department announcing sanctions “based off of information that is derived from our operations.” In the past, Haugh said he believes that these outcomes may not have been considered as wins. This shift in benchmarking comes amid newfound leeway at the Department of Defense to launch offensive cyber measures. Last year, President Donald Trump issued a revamp to the White House’s offensive cyber policy, which federal Chief Information Security Officer Grant Schneider last week deemed an “operational success.”

Florida: Russian Hackers Were ‘In a Position’ to Alter Florida Voter Rolls, Rubio Confirms | The New York Times

It was the day before the 2016 presidential election, and at the Volusia County elections office, near Florida’s Space Coast, workers were so busy that they had fallen behind on their correspondence. Lisa Lewis, the supervisor of elections, stumbled on an important email sent to her and three others in the office, by then a week old, that appeared to be from VR Systems, the vendor that sells electronic voter list equipment to nearly every county in the state. “Please take a look at the instructions for our modernised products,” it said, using British spelling and offering an attachment. Something about the email seemed off. “It was from Gmail,” Ms. Lewis said. “They don’t have Gmail.” Ms. Lewis, it turned out, was right to be suspicious. Though it had VR Systems’ distinctive logo, with a red V and a blue R, the email contained a malicious Trojan virus, and it originated not from the elections vendor but from the Russian military intelligence unit known as the G.R.U. The email had been sent to 120 elections email accounts across Florida. Also buried in Ms. Lewis’s inbox was a warning from VR’s chief operating officer, flagging the dangerous spearphishing attempt and warning all his customers not to click on it. But, it now appears, someone did. Slipped into the long-anticipated special counsel report on Russian interference in the 2016 election last week was a single sentence that caused a stir throughout the state and raised new questions about the vulnerability of the nation’s electoral systems.

Minnesota: Senators skip cybersecurity hearing | Minnesota Lawyer

Election cybersecurity, once described as one of the lightest legislative lifts of 2019, has devolved into a stubborn controversy that some Democrats worry foreshadows turbulence ahead as this year’s Capitol session enters the home stretch. It boils down to a simple unanswered question: How much of $6.6 million in Help America Vote Act funds, which the federal government granted Minnesota last year, should go to Secretary of State Steve Simon to shore up the state’s election cyber-defenses? The two chambers have quite different answers. On Feb. 21, the DFL-led House voted 105-23 to approve House File 14, with many Republicans joining the Democrats. That bill appropriates the full $6.6 million. On Feb. 28, the Senate voted 35-32 along party lines to give Simon access to only $1.5 million of the grant — the same amount included in last year’s vetoed Omnibus Prime supplemental finance bill. The discrepancy sent the HF14 to a joint House-Senate conference committee to iron out the differences. On Tuesday, for the second time since March 21, Senate Republicans — led by conference committee co-chair Sen. Mary Kiffmeyer, R-Big Lake — skipped a HAVA hearing. The meeting went ahead anyway. Democrats — including three Senate DFLers who aren’t conferees — heard testimony from Simon and former Cook County, Ill., election director Noah Praetz. But with no Senate Republicans on hand to continue negotiations or vote on a compromise, the issue remains unresolved.

National: Election tech vendors say they’re securing their systems. Does anyone believe them? | CyberScoop

The last few years have been an awakening for Election Systems & Software. Before 2016, very few people were publicly pressing the company to change the way it handled its cybersecurity practices. Now, the nation’s leading manufacturer of election technology has become a lightning rod for critics. Security experts say the small number of companies that dominate the nation’s election technology market, including ES&S, have failed to acknowledge and remedy vulnerabilities that lie in systems used to hold elections across the country. Once left to obscurity, the entire ecosystem has been called into question since the Russian government was found to have interfered with the 2016 presidential campaign. While there has never been any evidence to suggest that any voting machines were compromised, the Department of Homeland Security and FBI recently issued a memo that all 50 states were at least targeted by Russian intelligence. The peak of the criticism came after the Voting Village exhibition at the 2018 DEF CON security conference, where amateur hackers unearthed a bevy of flaws in the company’s tech. In a number of publications — including CyberScoop — ES&S disputed the notion that it didn’t take cybersecurity seriously, arguing its own due diligence was enough to satisfy any security worries. It didn’t help the Omaha, Nebraska-based company’s case when the Voting Village committee issued a report in September that found decades-old vulnerabilities in an ES&S ballot tabulator that has been used in elections in more than half of the states. In light of these issues, some of the election tech manufacturers are trying to change course, and ES&S is the most public about its efforts. With the country gearing up for the 2020 presidential election, the company has revamped its security testing procedures, putting together a plan to let penetration testers from both the public and private sector evaluate the safety of its systems. Furthermore, ES&S and its competitors are communicating in an unprecedented way about committing to a certain level of standards that can lift the entire industry to a better security baseline.

National: DHS is pushing cybersecurity support to presidential campaigns | The Washington Post

The Department of Homeland Security is offering to help test and improve the cybersecurity of Democratic presidential campaigns — and this time, these services are getting a lot of interest. “We haven’t had anyone decline to have a call with us or not be excited about the resources we’re offering or the support or services,” DHS senior adviser on election security Matt Masterson said of offers to the crowded field of 2020 candidates, during a panel discussion at the Atlantic Council’s International Conference on Cyber Engagement. That’s a far better reception than ahead of the 2018 midterms, when state election officials broadly rejected DHS’s offer to help with their cybersecurity early in the Trump administration. Despite the Russian hacking and influence operation that upended the presidential election, state officials were concerned DHS aid could lead to a federal takeover of election administration and were angered by the department’s slow pace sharing information about Russia’s 2016 hacking attempts. It was well into 2017 before some states changed their tune and began working with DHS on girding their election systems against hacking from Russia and elsewhere in the midterm elections. Now, the acceptance of free help from DHS is a sign the campaigns and states are getting on the same page as the federal government about the need for security to protect both voter information and the integrity of the vote.

National: Cybersecurity proposal pits cyber pros against campaign finance hawks | The Washington Post

The Federal Election Commission could decide today whether nonpartisan groups can offer political campaigns free cybersecurity services, an issue that has made bedfellows of Republicans and Democrats but divided cyber pros and campaign finance hawks. The proposal’s authors, Hillary Clinton’s 2016 campaign manager Robby Mook and Mitt Romney’s 2012 campaign manager Matt Rhoades, come to the issue from bitter experience. The Romney campaign was targeted by Chinese hackers, and Clinton’s campaign was upended by a Russian hacking and disinformation operation aimed at helping  Donald Trump. The bipartisan duo want to help presidential and congressional campaigns steer clear of similar hacking operations by allowing nonprofits to provide cybersecurity free of charge. But first they need the FEC to say those services don’t amount to an illegal campaign contribution. “This is warfare,” Mook told FEC commissioners during a review of the proposal April 11. “People are trying to disrupt our democracy.” The plan is a hit with many cybersecurity pros who say campaigns aren’t equipped to defend themselves against sophisticated, government-backed hacking operations from Russia and China, and think this might level the playing field. 

National: Managing unknown risks in the next election | GCN

As the nation heads into the 2020 election cycle, experts disagree over whether the nation should expect the same type of cyber threats and influence campaigns experienced in 2016 or if we should expect the unexpected. Matthew Masterson, a senior advisor at the Department of Homeland Security focusing on election security, said that he spends “a lot of time thinking through that undermining confidence [angle] and ways that we can build that resilience.” Speaking at an April 23 cybersecurity conference, he told the audience that “the reality is you don’t actually even have to touch a system to push a narrative that undermines confidence in the elections process.” Liisa Past, former chief research officer at the Cyber Security Branch of the Estonian Information System Authority, said at the same event that election influence campaigns operate on multiple fronts. “It really illustrates the adversarial activity, which is that they’re throwing spaghetti at the walls,” said Past. “Cyber is one wall, misinformation, disinformation and social media is another wall. We’re having to assume that using proxies and … useful idiots is another wall, and I’m afraid that behind it there might also be an element of blackmail and personal manipulation.” The challenge, she said, is “how do you come up with a risk management model that clearly has the same degree of flexibility as the adversary’s tactics have?”

National: In Push for 2020 Election Security, Top Official Was Warned: Don’t Tell Trump | The New York Times

In the months before Kirstjen Nielsen was forced to resign, she tried to focus the White House on one of her highest priorities as homeland security secretary: preparing for new and different Russian forms of interference in the 2020 election. President Trump’s chief of staff told her not to bring it up in front of the president. Ms. Nielsen left the Department of Homeland Security early this month after a tumultuous 16-month tenure and tensions with the White House. Officials said she had become increasingly concerned about Russia’s continued activity in the United States during and after the 2018 midterm elections — ranging from its search for new techniques to divide Americans using social media, to experiments by hackers, to rerouting internet traffic and infiltrating power grids. But in a meeting this year, Mick Mulvaney, the White House chief of staff, made it clear that Mr. Trump still equated any public discussion of malign Russian election activity with questions about the legitimacy of his victory. According to one senior administration official, Mr. Mulvaney said it “wasn’t a great subject and should be kept below his level.” Even though the Department of Homeland Security has primary responsibility for civilian cyberdefense, Ms. Nielsen eventually gave up on her effort to organize a White House meeting of cabinet secretaries to coordinate a strategy to protect next year’s elections. As a result, the issue did not gain the urgency or widespread attention that a president can command. And it meant that many Americans remain unaware of the latest versions of Russian interference.

California: Inside Contra Costa County’s election cybersecurity scare | San Jose Mercury News

The email that showed up in an employee’s inbox at the Contra Costa County elections office last month appeared harmless enough: It looked like it had been sent by a member of her church group and contained the innocuously named attachment “Request3.doc.” But when the employee clicked on the attachment on a work computer, malware laced into the document attempted to contact a Russian IP address, sparking a weeklong scare over the possibility of a foreign attempt to access county election internet systems. Emails from the elections office obtained by the Bay Area News Group through a public records request shed new light on the incident, which occurred the same week that Special Counsel Robert Mueller delivered his report on Russian interference in the 2016 election. The suspicious email was investigated by the FBI and the Department of Homeland Security, and state and federal authorities ultimately concluded that no county data had been compromised. State and local officials said they believe the elections office was not specifically targeted for the attack and it may have been a typical cyber scam motivated by money.

Florida: The other Mueller finding: How one state addresses Russian hacking risk | CSMonitor

Amid all the debate over whether the Mueller report incriminates or exonerates President Donald Trump, one salient point is being largely overlooked: Russia interfered in the 2016 election to undermine American democracy as a whole. And the damaging effects go beyond any one party or candidate. The intent of Russian meddling was to sow discord in the U.S. political system, said special counsel Robert Mueller in his report to the U.S. Justice Department. The intelligence community and others say that the Kremlin will likely launch more sophisticated attacks in 2020 – both cyberattacks and disinformation campaigns on social media. “I guarantee you that Russia is working on hacking this election right now,” says Seth Moulton, a decorated Marine and Democratic congressman from Massachusetts who entered the presidential race this week on promises to bolster national security and restore America’s moral authority in the world. “And the fact that we are just letting them undermine our democracy, undermine the very fundamental principle that every vote counts in a democracy, is complete dereliction of duty by the commander in chief of the United States,” says Representative Moulton, responding to a question amid campaigning in Bedford, New Hampshire, on Wednesday. Nearly half the nation’s states were targeted by Russian hacking in 2016, and the Mueller report revealed that at least one county government in Florida was breached by it. It also revealed that Russians compromised the computer network of Illinois’ Board of Elections and gained access to information about millions of voters there. Florida is of particular concern as a key swing state and one which has faced numerous crises in its election system going back to the “hanging chad” controversy in the 2000 race between George W. Bush and Al Gore. And it makes an important case study for other reasons. Its efforts since 2016 to step up election security and improve its cyber defenses illustrate both the scope of the challenge and possible paths to address it.

Florida: FBI to brief Ron DeSantis, Rick Scott on Russian hacking attempts | Tampa Bay Times

Silent so far on new information that Russian hackers may have phished their way into a local elections office, the FBI has agreed to meet next month with Florida officials to brief them on the topic. Gov. Ron DeSantis and U.S. Sen. Rick Scott each said Thursday that the FBI has reached out about scheduling a meeting within the next few weeks to discuss elections hacking. Both the current and former governor have been critical of federal authorities for remaining silent in the weeks since Robert Mueller’s Russian elections interference report said the FBI believes Russian hackers were able to “gain access” to “at least one” Florida county government computer network. “They won’t tell us which county it was. Are you kidding me? Why would you not say something immediately?” DeSantis said Thursday in Miami, where he made an appearance to name two new members of the Third District Court of Appeal. “We’re looking for answers. I think finally next week we’re going to get somebody, or maybe the week after we’re going to have somebody come brief us on what happened.” DeSantis’ office did not provide additional details about the meeting, and the FBI did not immediately respond to a request for comment.

Minnesota: Minnesota hasn’t accepted election security funding. Why not? | KMSP

A Republican state senator is putting election security upgrades at risk by blocking federal funding from getting to Minnesota, Secretary of State Steve Simon said Thursday. Minnesota is the only state that has not accepted its share of the federal money under the Help America Vote Act, which amounts to $6.6 million. State Sen. Mary Kiffmeyer is blocking it, and said during a wide-ranging news conference Thursday that she was concerned about how the funding would be used. Now, Minnesota’s four-year project to recode its statewide voter database is in jeopardy because the state has three years and 11 months before it would have to return the money to the feds. “We literally don’t have all the time we need to do the cornerstone project here,” Simon said. “That’s dangerous. It’s putting our election system at risk. And it’s got to stop right now.” Kiffmeyer – a former secretary of state – defended her actions Thursday while claiming she was misquoted last week saying that hacking was “no big deal.” “I found that in the information we had to date, there was a lot lacking. We had more questions,” Kiffmeyer told reporters about why she was blocking the funding. But Simon said Kiffmeyer has never come to him to get more information. “We have offered her the opportunity to ask a question, make a comment, make a suggestion. Nothing. Absolutely nothing,” Simon said in an interview.

Australia: Cyber spooks hint at hard work defending election from hackers | Sydney Morning Herald

The international Five Eyes network of cyber spies believes Australia is at risk from foreign interference in its federal election, including direct hacks and targeted “fake news”, a security conference has been told. Disinformation is proving to be a broader challenge for the agencies because of how it intersects with free speech, one expert said. Australia’s top secret cyber security agency revealed on Wednesday it is on high alert to guard Australia against such threats during the campaign. Scott MacLeod, assistant director-general for “Protect, Assure and Enable” at the Australian Signals Directorate, made a rare public appearance at the CyberUK security conference in Scotland on Wednesday. Alongside colleagues from security agencies in the other Five Eyes nations, MacLeod said electoral security was a critical priority.

Israel: Voting to stay secure: Israel a long way from electronic ballots | Ynet

Tears could be seen on the face of Orly Adas, the director of the Central Elections Committee, two weeks ago, when she began speaking at a meeting to discuss the final election results. The tears were an expression of the enormous tension and frustration felt by members of the committee during the period between Election Day and the release of the results. “We were under ferocious attack,” says Adas, referring to efforts by the New Right party to undermine the validity of election results that put them just 1,500 votes short of the threshold to enter the Knesset. That said, one must not cast aside claims made on social media by voters unaligned to a particular political party, who cite examples of distortions in the vote count. In the end, the question is whether there a way to improve the voting system and the count, both of which have barely been modified since the establishment of the State of Israel in 1948, despite the enormous technological improvements made in the past decades?

Spain: Spain on the front line of election security ahead of EU-wide poll | The Daily Swig

Spain is boosting its cybersecurity preparedness and ramping up its efforts to fight the spread of disinformation ahead of national elections this weekend. The April 28 general election in Spain may act as a testing ground for measures to protect the integrity of the European Parliament elections in late May, the Associated Press reports. Europe-wide election security efforts include a “rapid alert system” linking specialized coordination units across all EU member states, as well as a plan to get internet firms to team up and share intelligence on disinformation campaigns. The Spanish government has tasked a division of its National Cybersecurity Institute, or INCIBE, to coordinate defenses against cyber-attacks and combat fake news. A national security report released in March described a rising tide of disinformation amid a myriad of “hybrid threats”, some stemming from international political intrigue. Allegations of foreign interference in Spain have centered on events around Catalonia’s highly contentious independence referendum back in October 2017. Allegations of cyber-spying have also been a factor in a number of domestic cases. “Espionage is now a huge issue in Spain because of three different scandals: these are the Villarejo case, the Pablo Iglesias case, and the Catalan independence protest,” Joe Haslam, a professor at the IE Business School in Madrid and executive director and chairman of hot.es, a mobile hotel booking app, told The Daily Swig. “The spooks are active, but little attention is being paid to threats from outside Spain.”

National: Election security offers leading edge in CISA’s funding push as budget hearings approach | InsideCyberSecurity

Leaders of the Cybersecurity and Infrastructure Security Agency argue that ensuring the security of the 2020 election will require increased funds for the new agency, and are citing the recent Mueller report as new evidence of CISA’s critical role in countering Russian interference. The Mueller report released last week, and renewed CISA assertions about election security, come as House lawmakers kick off review of the DHS budget for fiscal 2020 next week. CISA Director Christopher Krebs said the redacted report by special counsel Robert Mueller on Russian interference reinforces ongoing concerns about election security, while he emphasized that CISA will continue asking for more funding in this area. “When I look at the Mueller report, I think it’s an extension of prior law enforcement intelligence activity, it was pretty consistent with the intelligence community assessment,” Krebs said to Inside Cybersecurity following his speech at the AFCEA meeting of government and largely defense industry officials today. “It’s just a reinforcement that they were incredibly active in 2016, they were active in 2018, and we’re going to be ready for them in 2020,” Krebs said.

National: Mueller report: Russia hacked state databases and voting machine companies | Roll Call

The Russian military intelligence unit known by its initials GRU targeted U.S. state election offices as well as U.S. makers of voting machines, according to Mueller’s report. Victims of the Russian hacking operation “included U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and county governments, as well as individuals who worked for those entities,” the report said. “The GRU also targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter registration software and electronic polling stations.” The Russian intelligence officers at GRU exploited known vulnerabilities on websites of state and local election offices by injecting malicious SQL code on such websites that then ran commands on underlying databases to extract information. Using those techniques in June 2016, “the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website,” the report said. “The GRU then gained access to a database containing information on millions of registered Illinois voters, and extracted data related to thousands of U.S. voters before the malicious activity was identified.”

National: Russia’s hack into the US election was surprisingly inexpensive, Mueller report shows | CNBC

Techniques used by state-backed Russian hackers to interfere in the 2016 U.S. elections were apparently inexpensive, experts told CNBC, highlighting the ease at which a foreign government was able to meddle in a Western democracy. The report released by special counsel Robert Mueller lays out how Russian trolls used social media to try to influence the outcome of the election in which Donald Trump was made president and outlines the way in which hackers stole documents from the campaign of Hillary Clinton. Beginning in March 2016, units of Russia’s military intelligence unit known as GRU hacked the computers and email accounts of organizations, employees and volunteers supporting the Clinton presidential campaign, including the email account of campaign chairman John Podesta, the Mueller report said. The Russian group also hacked the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). Initially, the GRU employed a hacking technique known as spearphishing. That’s when a hacker sends an email to a person that contains something like a link to a fake website or an attachment. When a person clicks that link or downloads that document, it could lead to malicious software being installed on that person’s computer or mobile device. The spoof website might ask for personal details about a person, which could include passwords to certain services they use.

National: Threats known and unknown loom in 2020 elections | FCW

U.S. cybersecurity officials are gearing up to prevent foreign malign influence campaigns from impacting the 2020 vote. Experts are divided over whether local election officials and federal agencies should expect the same type of threats targeting election infrastructure and online discourse as they experienced in 2016 or if they should expect the unexpected. On Election Day in 2018, federal officials said they had no indication that voting infrastructure was successfully targeted by cyberattacks or other efforts at manipulation designed to strike voters from the rolls, change vote counts or hinder officials from completing election tallies. But the issue of influence campaigns and as yet unknown vectors of attack remain ripe for discussion as the nation heads into the 2020 vote. Matthew Masterson, a senior advisor at DHS who focuses on election security, said at an April 23 cybersecurity conference that he spends “a lot of time thinking through that undermining confidence [angle] and ways that we can build that resilience, because the reality is you don’t actually even have to touch a system to push a narrative that undermines confidence in the elections process.” Liisa Past, former Chief Research Officer at the Cyber Security Branch of the Estonian Information System Authority, said at the same event that election influence campaigns operate on multiple fronts.

Editorials: The 2020 Election Is Going to Make 2016 Look Like a Student Council Election | Matt Lewis/Daily Beast

It’s time we face facts about 2020. It will be so dirty, brimming with disinformation, and packed with hackers that it’ll make 2016 look like a student council election. On Sunday, Rudy Giuliani went on CNN’s State of the Union and declared, “There’s nothing wrong with taking information from Russians.” “You’re assuming that the giving of information is a campaign contribution,” Rudy averred to CNN’s Jake Tapper. “Read the report carefully. The report says we can’t conclude that because the law is pretty much against that. People get information from this person, that person.” Talk about defining deviancy down. Of course, Rudy’s interpretation is open to debate. My read of the Mueller report suggests that opposition research may constitute a “thing of value,” which is tantamount to a contribution. The question, though, is whether anyone on Trump’s team “knowingly and willfully” violated the law. Intent is hard to prove. But let’s assume that Rudy is correct about the legality (he’s a lawyer—I’m not). As the president’s personal attorney, his words have weight. And taking Rudy at his word, why wouldn’t a 2020 campaign be willing to avail itself of information from Russia, Turkey, or China? And why wouldn’t Russia, Turkey, or China oblige?

Florida: Former Sen. Bill Nelson says Florida hacking claims vindicated by Mueller report | The Washington Post

A politician is declaring victory after the Mueller report, and it’s not the one you’re thinking of. Former Sen. Bill Nelson (D-Fla.) told The Cybersecurity 202 in a statement that the special counsel’s report vindicates his claims before the 2018 midterms that hackers had penetrated Florida county-level computer networks and could cause grave harm. The FBI and Homeland Security Department both disputed those statements last year as did Florida election officials. The Washington Post’s Fact Checker gave the comments four Pinocchios. The Mueller report provides some context for Nelson’s claim, revealing for the first time that the FBI believes Kremlin hackers did penetrate the networks of “at least one” Florida county before the 2016 election. But the report, which was released in redacted form Thursday, does not back up the full claim from Nelson, who ultimately lost his reelection bid in 2018 to then-Florida Gov. Rick Scott (R), made during the heat of the campaign. Specifically, Nelson told the Tampa Bay Times that Russian hackers were active inside Florida county networks in 2018, which isn’t stated in the Mueller report. (However, it’s not directly refuted, either.)

Georgia: Election Security Bill Hangs on Governor’s Signature | Atlanta Journal-Constitution

When some Georgia voters showed up at the polls last fall, their registrations had mysteriously disappeared without a trace. They couldn’t vote except on provisional ballots. The unsolved case of the missing voter registrations and a federal lawsuit prompted state lawmakers to pass a bill requiring election officials to strengthen protections against hacking, tampering and computer errors.Secretary of State Brad Raffensperger would be responsible for creating security protocols for voter registration information consistent with standards set by national cybersecurity and election organizations, according to House Bill 392.The bill is awaiting Gov. Brian Kemp’s signature or veto. Kemp’s office didn’t respond to an email seeking comment.“If the governor signs it, this bill will represent a significant upgrade to the security of the system,” said Max Feldman, an attorney for the Brennan Center for Justice, a policy institute at New York University focused on democracy and criminal justice that is representing plaintiffs in the lawsuit. “Ensuring that any sort of gaps in security that would expose voters’ registration information or allow third parties to change registration information on the voter registration list is what we’re hoping will be addressed here.”Deputy Secretary of State Jordan Fuchs said the legislation puts the force of law behind the state’s existing security procedures.“Security of the voting system is Secretary Raffensperger’s top priority,” Fuchs said. “This law recognizes that priority and should help put an end to unfounded speculation and meritless claims that our election data is not secure.”

Minnesota: Partisan drama erupts over election security funds as Republicans skip possible vote | Twin Cities Pioneer Press

What was supposed to be one of the biggest no-brainers of the Minnesota Legislature has erupted into a partisan issue with Republican lawmakers blocking the spending of federal election dollars that every other state in the nation has put to use. On Tuesday, three Republican senators for the second time skipped a meeting that could have resulted in a vote on up to $6.6 million in federal funds that have been approved for more than a year for election cybersecurity as part of the Help America Vote Act, or HAVA. In an odd twist: the Republican Senators aren’t saying exactly why they’re blocking it. With the release of special counsel Robert Mueller’s report detailing Russian meddling in U.S. elections, and election officials warning that now is the time to gird against hacking attempts in the 2020 elections, the issue has taken on added urgency as the Legislature hurtles toward a tense final weeks when disagreements over larger issues often drags down smaller issues. That’s what happened last year when Gov. Mark Dayton vetoed a massive bill that contained volumes of unrelated matters, including a portion of the HAVA funds. The stalling of the money has caught Democrats, including Secretary of State Steve Simon, off guard because the money is sitting in a federal account; it’s not new money and requires only $167,000 in state spending for a local match to free up the federal funds. That’s a pittance of the state’s nearly $50 billion two-year budget.

Editorials: Whether our elections were hacked or not, New Jersey needs new voting machines, politician says | Brendan W. Gill/nj.com

As the election year of 2020 approaches, it is clear that technology has changed the world we live in. The overwhelming majority of the changes have been beneficial, but we must always remember that as time and technology progress, we must adapt accordingly. In the days, months, and years following our most recent presidential election, all of us have been bombarded with allegations and news coverage about the possibility that our elections were manipulated. I am compelled to express, emphatically, that protecting the accuracy and veracity of our election results is the most important issue that we need to address to protect our democracy. To that end, I wholeheartedly support Essex County purchasing voting machines that will employ the use of optical scanners and hand-written ballots. My decision to support the purchase and implementation of these voting machines is not driven by the results of the previous presidential election, or any election. There have been many occasions in which an entire segment of a given electorate has been disappointed with the outcome at the polls. However, we can all agree that the integrity of our voting process must be protected.

Utah: Election officials working to thwart cyberattacks like those detailed in Mueller report | Deseret News

While questions continue to resonate after last week’s release of the Mueller report, one of the few undisputed conclusions in the epic document was that the Russian government interfered with the 2016 U.S. elections “in sweeping and systematic fashion.” And special counsel Robert Mueller’s team unveiled new allegations about how Russian intelligence group GRU targeted the country’s election apparatus — even down to the level of county election offices — in an attempt to disrupt and manipulate outcomes. Techniques employed by those state actors underscored what continues to be the most vulnerable component of any cybersecurity system — human operators. Utah election officials say the impacts of those intrusion attempts, on their radars long before the Mueller report became public, have elevated the work and money that is going into keeping the state’s own election process free from bad actors. And the process is one that has no end in sight.

Ukraine: How IBM X-Force IRIS Prepared for the Ukraine Election | Security Intelligence

You may not have been aware there was a presidential election in Ukraine last Sunday, but all eyes in the cybersecurity and intelligence communities were keenly focused on this event. In the past few years, cyberattacks targeting elections in democratic countries, including the U.S., have become increasingly disruptive. And in the past few months, international observers have seen disinformation campaigns attempting to influence the outcome of the Ukraine election. Leading up to the election, the IBM X-Force Incident Response and Intelligence Services (IRIS) team had been preparing to observe and analyze possible attempts of foreign interference in the election. Although it appears that a major cyber disaster was averted, we were ready for the worst. After the cascading damage of the NotPetya attack in 2017 — which originally targeted Ukraine before hitting organizations and users in dozens of countries, at an estimated cost of up to $10 billion, according to Wired — we recognize that the risk of a major cyberattack on Ukraine could be the bleed-over to the rest of the world. IBM Security has many clients, including some of the largest financial and logistics companies, that need to be resilient in an attack or face potential damages in the millions or hundreds of millions of dollars. We needed to prepare a response to go at a moment’s notice.

National: America’s new voting machines bring new fears of election tampering | The Guardian

By design, tens of millions of votes are cast across America on machines that cannot be audited, where the votes cannot be verified, and there is no meaningful paper trail to catch problems – such as a major error or a hack. For almost 17 years, states and counties around the country have conducted elections on machines that have been repeatedly shown to be vulnerable to hacking, errors, breakdowns, and that leave behind no proof that the votes counted actually match the votes that were cast. Now, in a climate of fear and suspicion over attacks to America’s voting system sparked by Russia’s attacks on the 2016 elections, states and counties across the country are working to replace these outdated machines with new ones. The goal is to make the 2020 elections secure. “There’s a lot of work to do before 2020 but I think there’s definitely opportunities to make sure that the reported outcomes are correct in 2020,” said Marian Schneider, president of the election integrity watchdog Verified Voting. “I think that people are focusing on it in a way that has never happened before. It’s thanks to the Russians.” The purchases replace machines from the turn of the century that raise serious security concerns. But the same companies that made and sold those machines are behind the new generation of technology, and a history of distrust between election security advocates and voting machine vendors has led to a bitter debate over the viability of the new voting equipment – leaving some campaigners wondering if America’s election system in 2020 might still be just as vulnerable to attack.