Europe: Ensuring Legitimacy of the Vote by Boosting Cybersecurity | EuBulletin

As the May’s European elections are slowly approaching, EU institution have been intensively testing their own cyber systems to help prevent any potential outside attacks or breaches into their systems. Together with observers from the European Parliament, the European Commission and the EU Agency for Cybersecurity, over 80 representatives from EU governments have participated in a recent (5 April) exercise. Rainer Wieland, Vice-President of the European Parliament and German EPP MEP and many others voiced their concern about the dependability of the upcoming elections should cybersecurity be compromised. “A cyber-attack on elections could dramatically undermine the legitimacy of our institutions,” Mr. Wieland said. “The legitimacy of elections is based on the understanding that we can trust in their results.”

National: DHS, FBI say election systems in all 50 states were targeted in 2016 | Ars Technica

A joint intelligence bulletin (JIB) has been issued by the Department of Homeland Security and Federal Bureau of Investigation to state and local authorities regarding Russian hacking activities during the 2016 presidential election. While the bulletin contains no new technical information, it is the first official report to confirm that the Russian reconnaissance and hacking efforts in advance of the election went well beyond the 21 states confirmed in previous reports. As reported by the intelligence newsletter OODA Loop, the JIB stated that, while the FBI and DHS “previously observed suspicious or malicious cyber activity against government networks in 21 states that we assessed was a Russian campaign seeking vulnerabilities and access to election infrastructure,” new information obtained by the agencies “indicates that Russian government cyber actors engaged in research on—as well as direct visits to—election websites and networks in the majority of US states.” While not providing specific details, the bulletin continued, “The FBI and DHS assess that Russian government cyber actors probably conducted research and reconnaissance against all US states’ election networks leading up to the 2016 Presidential elections.” DHS-FBI JIBs are unclassified documents, but they’re usually marked “FOUO” (for official use only) and are shared through the DHS’ state and major metropolitan Fusion Centers with state and local authorities. The details within the report are mostly well-known. “The information contained in this bulletin is consistent with what we have said publicly and what we have briefed to election officials on multiple occasions,” a DHS spokesperson told Ars. “We assume the Russian government researched and in some cases targeted election infrastructure in all 50 states in an attempt to sow discord and influence the 2016 election.”

National: Election machine vendors back legislation requiring post-election audits, vulnerability disclosure | InsideCyberSecurity

Two major election machine vendors stated their support for requiring post-election audits to ensure the validity of election results in the case of a cyber attack or other tampering, in response to questions recently posed by senior Senate Democrats. Sens. Amy Klobuchar (D-MN), Gary Peters (D-MI), Jack Reed (D-RI), and Mark Warner (D-VA) sent letters last month to the three largest election machine vendors asking whether the companies would support legislation around post-election audits and what cyber controls are in place to secure the vote. In its response submitted on Tuesday, Hart InterCivic wrote that “robust post-election audits are the most compelling response” to threats posed by outdated technology. “Auditing is the most transparent and effective means to demonstrate that election outcomes accurately reflect the intention of voters,” Hart wrote. “Hart unequivocally supports state efforts to strengthen auditing procedures.” Tom Burt, the president and CEO of Election Systems and Software, also supported the idea of legislation around post-election audits, writing that the company “strongly supports legislation that would expand the use of routine post-election audits. ES&S believes that successful post-election audits, including risk-limiting audits such as those which have recently occurred in several jurisdictions, will increase confidence in our country’s election process.”

National: Cybersecurity Campaign Aid Delayed by Corporate Money Fears | Bloomberg

The Federal Election Commission delayed a vote on a plan to provide free cybersecurity assistance for campaigns, with the panel’s chairwoman voicing concerns it could the open the door to corporate money in campaigns. Ellen Weintraub said she supported the goal of cybersecurity but questioned whether the proposal could grant broad leeway for providing aid to campaigns outside the limits and restrictions of campaign finance law, including a longstanding ban on corporate contributions to candidates. “We do not want to inadvertently blow a hole in the corporate contribution ban,” the Democratic chairwoman said at a commission meeting today. The nonprofit watchdog Campaign Legal Center, which had voiced similar concern about the initial proposal, has signed off on a compromise that includes language emphasizing the aid is tied to the imminent threat of illegal foreign interference in elections. The commission may take up the issue again at its scheduled April 25 meeting.

National: After Arrest of Julian Assange, the Russian Mysteries Remain | The New York Times

In June 2016, five months before the American presidential election, Julian Assange made a bold prediction during a little-noticed interview with a British television show. “WikiLeaks has a very big year ahead,” he said, just seconds after announcing that the website he founded would soon be publishing a cache of emails related to Hillary Clinton. He was right. But an indictment unsealed on Thursday charging Mr. Assange with conspiring to hack into a Pentagon computer in 2010 makes no mention of the central role that WikiLeaks played in the Russian campaign to undermine Mrs. Clinton’s presidential chances and help elect President Trump. It remains unclear whether the arrest of Mr. Assange will be a key to unlocking any of the lingering mysteries surrounding the Russians, the Trump campaign and the plot to hack an election. The Justice Department spent years examining whether Mr. Assange was working directly with the Russian government, but legal experts point out that what is known about his activities in 2016 — including publishing stolen emails — is not criminal, and therefore it would be difficult to bring charges against him related to the Russian interference campaign. Numerous significant questions are left unanswered, including what, if anything, Mr. Assange knew about the identity of Guccifer 2.0, a mysterious hacker who American intelligence and law enforcement officials have identified as a front for Russian military intelligence operatives.

National: Comey Says Trump’s Silence Invites Another Russia Election Hack | Bloomberg

Former FBI Director James Comey said the U.S. remains unprepared for another attack on its elections and faulted the attorney general for suggesting that the government was “spying” on Donald Trump’s presidential campaign in 2016. Echoing the findings of U.S. intelligence agencies, Comey said Russia intervened in the 2016 election to damage American democracy, undermine Democratic nominee Hillary Clinton and bolster Trump. Russian officials have denied the accusations. But Comey said Trump’s “denial of a fundamental attack” on the U.S. means “we’re inviting it to happen again with our president’s silence.” The former FBI leader also said he was concerned by Attorney General William Barr’s comments on Wednesday that he’s starting his own inquiry into counterintelligence decisions that may have amounted to political espionage, including actions taken during the Russia probe in 2016. “I really don’t know what he’s talking about when he talks about spying on the campaign,” Comey said. “The FBI and Department of Justice conduct court-ordered surveillance. If the attorney general has come to the belief that that should be called spying, wow, that’s going to inspire a whole lot of conversations in the Department of Justice.”

Finland: DoS attack against election results portal under investigation in Finland | Helsinki Times

A denial of service (DoS) attack against the official online election results service is under investigation in Finland. The National Bureau of Investigation (KRP) on Wednesday reported that the attack took place last weekend, stressing that the attack can have no impact whatsoever on the election results as the targeted service is not related to the casting or counting of votes. The short and low-volume attack caused intermittent disruptions to the results service in the wee hours of last weekend, Arto Jääskeläinen, the head of electoral administration at the Ministry of Justice, told Lännen Media. The service on vaalit.fi is used primarily by small news outlets, he added to Helsingin Sanomat. YLE, Helsingin Sanomat and other major outlets, in turn, have an agreement in place that provides them access to the results data through a secure connection.

Israel: Cyber expert: Future elections will have even more cyber issues | Jerusalem Post

While the 2019 Knesset elections had some unprecedented cyber issues, future elections will have even more, cyber expert and founder and editor-in-chief of Cybertech Magazine Amir Rapaport says. Speaking to The Jerusalem Post on Wednesday, Rapaport divided the impact of cyber on the elections into three spheres. He said that Israel’s Central Elections Committee, in coordination with the Israel National Cyber Directorate (INCD) and other agencies (the Shin Bet Israel Security Agency is known to have a heavy role), seem to have succeeded in protecting from actual hacking of physical election systems. To that extent, no one has called into question the voter totals produced by the committee based on accusations of a cyber attack. (There are some minor controversies, but not related to the cyber sphere.) Further, some of the dark scenarios to prevent voters from reaching the polling stations, including the hacking of trains and other public transit, did not transpire.

National: Divided Congress can’t agree on fix for ‘dangerous’ Russian election meddling | McClatchy

Despite clear and compelling evidence of a Russian plot to disrupt the 2016 presidential election, partisanship has all but killed any chance that Congress will pass legislation to shore up election security before voters cast their ballots next year. Republicans and Democrats in Congress largely agree with Special Counsel Robert Mueller’s finding that Russia tried to meddle in U.S. democracy — and that foreign interference remains a serious threat. “Russia’s ongoing efforts to interfere with our democracy are dangerous and disturbing,” said Senate Majority Leader Mitch McConnell, R-Kentucky, after Mueller finalized his investigation last month. But McConnell has made it clear that he’s unlikely to allow the Senate to vote on any election-related legislation for the foreseeable future. Republican Sen. Roy Blunt of Missouri, who chairs the Senate Rules Committee that has jurisdiction over election security legislation, blames House Democrats for McConnell’s hardline stance. Blunt said Democrats overreached in January when they passed H.R. 1, a sweeping measure focused on voting rights, campaign finance, and government ethics.

National: Cybersecurity toolkits ahead for elections and media people | Politico

The founder of Craigslist and the Global Cyber Alliance are teaming up to provide free cyber defense toolkits to election officials, nonprofit election rights groups and the media modeled after the ones GCA recently pioneered for small businesses. Craig Newmark Philanthropies is offering GCA more than $1 million for the project, and GCA is netting $1.5 million from other sources, the groups are announcing today. “Elections bodies and the media are facing increasingly sophisticated cyberattacks that can impair the exercise of democracy and affect election results, and they are not prepared to deal with the threat,” Phil Reitinger, president and CEO of the GCA, told MC. The idea is to assemble a set of immediately available resources, rather than just advice. “I’ve been lucky enough to do well and put my money where my mouth is and help protect the people who protect our country,” Newmark told MC.

National: Nielsen Firing Leaves Cybersecurity Concerns Without a Champion | Bloomberg

The abrupt ouster of Homeland Security Secretary Kirstjen Nielsen could be a blow to the department’s efforts to bolster America’s defenses against growing cybersecurity threats, former officials from the department, advocates and lobbyists say. “The worst-case scenario is that our adversaries use this moment of leadership transition, and use it as a Trojan Horse to launch some sort of attack,” Caitlin Durkovich, former DHS assistant secretary for infrastructure protection for the Obama administration, said in an interview. “Who’s to say that the new acting secretary’s priorities aren’t different and that there will be the same emphasis on cyber when there’s such an emphasis on immigration?” said Durkovich, who now works with risk advisory firm Toffler Associates. Nielsen may be most remembered as the face of President Donald Trump’s most hard-line immigration policies. But over her 16-month tenure, cyber specialists and federal officials have applauded her relentless championing of cybersecurity priorities. She frequently warned that increasing threats of hijacking critical infrastructure—from the electric grid to voting machines—were a greater threat to America’s security than terrorism.

Alabama: Alabama failed to spend federal grants for election security | WALA

With looming fears of foreign interference in last year’s midterm elections, Congress rushed to send almost $6.2 million to help Alabama secure its voting system. But the state did not spend a dime of it, according to a report this month from the U.S. Election Assistance Commission, which disbursed the funds. The money came from the so-called omnibus spending bill approved in March 2018. But Alabama Secretary of State John Merrill said the money did not come in time to spend before the November midterm election. In order to spend federal grant money, he told FOX10 News, the state has to going through a competitive bidding process and get companies on an approved vendor list, among other requirements. “That’s an arduous process, at best,” he said. “We’re not gonna get in a hurry because someone thinks we should be in a hurry to spend it.”

California: Hackers attacked California DMV voter registration system marred by bugs, glitches | Los Angeles Times

California has launched few government projects with higher stakes than its ambitious 2018 program for registering millions of new voters at the Department of Motor Vehicles, an effort with the potential to shape elections for years to come. Yet six days before the scheduled launch of the DMV’s new “motor voter” system last April, state computer security officials noticed something ominous: The department’s computer network was trying to connect to internet servers in Croatia. “This is pretty typical of a compromised device phoning home,” a California Department of Technology official wrote in an April 10, 2018, email obtained by The Times. “My Latin is a bit rusty, but I think Croatia translates to Hacker Heaven.” Although the email described the incident as the DMV system attempting “communication with foreign nations,” a department spokesperson later insisted voter information wasn’t at risk. The apparent hacking incident was the most glaring of several unexpected problems — never disclosed to the public — in rolling out a project that cost taxpayers close to $15 million. The Times conducted a four-month review of nearly 1,300 pages of documents and interviewed state employees and other individuals who worked on the project — most of whom declined to be identified for fear of reprisal. Neither the emails nor the interviews made clear who was ultimately responsible for the botched rollout, though an independent audit is expected to be released in the coming days.

Georgia: Critics say new voting system planned for Georgia is flawed | Associated Press

Critics of Georgia’s outdated voting system told a judge on Tuesday that a new system outlined by lawmakers has many of the same fundamental flaws and is unconstitutional. A law signed last week by Gov. Brian Kemp provides specifications for a new voting system. Bids are due later this month, and state officials say they plan to implement the new system in time for next year’s presidential election. Lawyers for the Coalition for Good Governance and for a group of voters, who had filed a lawsuit challenging Georgia’s election system, told U.S. District Judge Amy Totenberg they plan to ask her initially to stop the state from using the current machines for special and municipal elections scheduled this year. Ultimately, they said, they want her to prohibit the state from using the current paperless machines, as well as the ballot-marking machines provided for in the new law. Lawyers for the state argued complaints about the current voting system have been made irrelevant by the new law and that complaints about ballot-marking machines can’t be considered yet because the state hasn’t even selected a new system.

Europe: Member states test their #CybersecurityPreparedness for fair and free 2019 EU elections | EU Reporter

The European Parliament, the EU member states, the European Commission and the EU Agency for cybersecurity (ENISA) have organized an exercise to test the EU’s response to and crisis plans for potential cybersecurity incidents affecting the EU elections. The objective of the exercise, which took place today in the European Parliament, was to test how effective EU member states and the EU’s response practices and crisis plans are and to identify ways to prevent, detect and mitigate cybersecurity incidents that may affect the upcoming EU elections. This exercise is part of the measures being implemented by the European Union to ensure free and fair elections in May 2019. Digital Single Market Vice President Andrus Ansip said:”We must protect our free and fair elections. This is the cornerstone of our democracy. To secure our democratic processes from manipulation or malicious cyber activities by private interests or third countries, the European Commission proposed in September 2018 a set of actions. Together with the EU Member States, and other EU institutions we are implementing these actions. We also decided to test our cybersecurity vigilance and readiness towards secure, fair and free EU elections 2019 by organising the first in its kind EU exercise on elections. I believe that this is an important step forward for more resilient EU elections in a connected society.”

Editorials: Canada’s federal election could be under attack. Are we prepared? | Wesley Wark/The Globe and Mail

Canadians have witnessed a steady drumbeat of stern warnings about likely foreign interference in the coming federal election. The Minister for Democratic Institutions, Karina Gould, sounded the latest alarm in a news conference Monday, in which she delivered the latest report on election threats authored by the government’s cybersecurity agency, the Communications Security Establishment (CSE), which laid out the potential for a sophisticated, co-ordinated and determined effort by foreign state actors to maliciously interfere in the upcoming election. “Nothing is more important to this government than protecting our democracy and ensuring that our next election is fair, free and secure,” Ms. Gould said. Her concern around the Canadian federal election is based on the rising tempo of foreign interference in elections globally, and of technological change that has made cyber meddling easier and cheaper. CSE argues that for foreign adversaries, the potential benefits of cyber electoral interference – which can range from sowing confusion and loss of faith in politics, to trying to steer an election – far outweigh the costs. The threat was basically non-existent in the 2015 federal election, and the true scale of the threat to the 2019 election and our ability to meet it remain to be seen. But there have been some positive developments around our readiness. There’s more public attention than ever on the issue, and intelligence capabilities to detect and assess threats have been increased substantially. A system to alert the public has been created, based on an intelligence fusion centre and a senior panel of government officials who can independently ring the alarm bells.

Finland: Cyber attack on election system, as 1.5 million Finns vote in advance | News Now Finland

The National Bureau of Investigation NBI is looking into the circumstances around an apparent cyber attack against Finland’s election information systems. It happened over the weekend, when the official results service was hit by a denial of service attack. The service sends results to the media, among others. The incident is being investigated as ‘grave telecommunications harassment’ under Finnish law. “The preliminary investigation is at an early stage, so the exact type of criminal charge might become more accurate as the investigation progresses” says Marko Leponen from the NBI’s Cyber Centre. “The authorities have prepared for this type of suspected cyber crime in the elections. In general, attacks on public services are quite common, and especially current or publicly available services are often attractive targets” Leponen explains. Meanwhile more than 1.5 million eligible Finns voted in advance of the general election, as the early voting period came to a close on Monday night.

Spain: Spain vows to boost cybersecurity, fight disinformation | Associated Press

Spanish Prime Minister Pedro Sánchez on Tuesday called on all political forces in the country to back a new national cybersecurity fight against “attempts to hack democracy and undermine citizens’ trust in the political system.” Spain’s April 28 general election is seen as a testing ground for new measures that the European Union is adopting to shield elections to the European Parliament a month later. The Europe-wide efforts include a “rapid alert system” linking specialized coordination units in all EU member states and require internet companies to share regular updates on their efforts to eradicate disinformation campaigns. Spain joined the Europe-wide initiative in early March, establishing a high-level unit to coordinate the fight against cyberattacks and fake news. The experts report directly to Sánchez, who on Tuesday equated disinformation to attacks on “the quality of democracy.” “We need to protect Europe in order for Europe to be able to protect its citizens,” the Socialist leader said during a visit to the national cybersecurity institute, or INCIBE, in the northern province of León. Sánchez also called for new cybersecurity guidelines that are currently being designed to be backed by all national parties, regardless of who wins the upcoming election.

National: Lack of security clearances hampers federal Election Assistance Commission | Politico

Only half the members of a federal commission advising states on election threats have security clearances, raising questions about whether it can effectively help local and state officials defend against adversaries such as Russian hackers. And no members of the four-person Election Assistance Commission had clearances during the past two election cycles, including the period when Kremlin-linked hackers are suspected of mounting a range of cyberattacks against state election offices, the Democratic Party and Hillary Clinton’s campaign in 2016. The delay in issuing security clearances for commission members is part of a massive backlog of application approvals throughout the entire federal government. But it’s a particularly acute problem for the EAC, one of the key agencies offering guidance to state and local officials about how to protect themselves from security risks. “The people entrusted with securing our elections need to know what threats they’re supposed to address,” Sen. Ron Wyden (D-Ore.), one of the lawmakers who has focused the most on election security, told POLITICO in a statement. “An Election Assistance [Commission member] without a security clearance is like making a baseball player hit without a bat.”

National: Nielsen departure could deal a blow to Trump administration’s cybersecurity efforts | The Washington Post

Kirstjen Nielsen’s resignation as secretary of homeland security could deal a blow to the Trump administration’s cybersecurity efforts — as she was one of the last civilians in its top ranks with extensive cybersecurity expertise. That’s a dangerous position, experts say, as the nation barrels toward a 2020 election that will likely be targeted by Russian hackers and the Homeland Security Department launches a major campaign to get government and industry to stop buying technology from China’s Huawei and other companies deemed national security threats. “Hopefully whoever runs DHS will prioritize its vital cybersecurity mission, but it makes a difference if the person at the top has a background in cyber and knows from experience how important it is rather than just being told,” former State Department cyber coordinator Chris Painter told me. “DHS is spread thin among multiple priorities as it is, and without a clear mandate from department leadership that cybersecurity is a prime mission, their efforts risk being sidelined.” Nielsen – who The Post reported was forced to step down because Trump was dissatisfied with her handling of the border — had, by far, the longest cybersecurity resume of any DHS secretary in history. She advised President George W. Bush on cybersecurity and homeland security issues, founded a consulting group called Sunesis Consulting focused on cybersecurity and critical infrastructure, and served as a senior fellow at George Washington University’s Center for Cyber and Homeland Security. Her acting successor, U.S. Customs and Border Protection Commissioner Kevin K. McAleenan, by contrast, has no substantial background in the field.

Wisconsin: Election security bolstered by cybersecurity, other measures | The Capitol Report

On the eve of the 2018 midterm elections, computer security specialists from across the country descended on the DEFCON 26 Hacking Conference in Las Vegas. These “white hat” hackers sought to probe the security features of voting machines and election systems in an effort to identify weaknesses. The results were alarming to election security experts. Hackers at DEFCON’s Voting Village found that an 11-year old trained only in basic coding techniques was able to hack into a mock-up of Florida’s election results website and change its reported vote totals. Conference attendees were also able to identify a vote tabulation machine — the Election Systems & Software M650 — that could be hacked in under two minutes, or as the report says, “within the time it takes to vote.” In recent years, Wisconsin’s election security practices have come under scrutiny, most notably by Democrats in the U.S. House Administration Committee, who concluded in July 2018 that Wisconsin was one of the 18 states most vulnerable to cyber attacks on election infrastructure.

Canada: Freeland says foreign election meddling in October federal vote is likely | CTV

Malign foreign actors will likely try to meddle in the Canadian federal election in October, Foreign Affairs Minister Chrystia Freeland warned Friday, and Prime Minister Justin Trudeau pointed the finger at Russia as the most likely culprit. Freeland sounded the alarm over election interference at a G7 foreign ministers’ gathering in France. At a parallel G7 meeting of interior ministers, Public Safety Minister Ralph Goodale said the bloc wants the world’s big internet companies — Google, Facebook, Twitter and Microsoft — to do more to stop their platforms from being exploited. The dual G7 ministerial mirrored a similar joint meeting in Toronto almost one year ago that unfolded against the backdrop of a van attack on Yonge Street that left 10 people dead. A year later, their meetings occurred just weeks after 50 people were killed in two attacks on mosques in Christchurch, New Zealand. Canada’s upcoming federal election also attracted interest, sparking a question to Freeland about the likelihood of Russian interference. “We are very concerned,” the minister replied. “I think our judgment is interference is very likely and we think there has probably already been efforts by malign foreign actors to disrupt our democracy.”

Israel: Hackers stole Israeli voters information; officials deny theft | IBT

A group of Israel based hackers claimed that just a few days prior to the parliamentary election, they conducted a cyber-attack into the database of Israeli voters. But the officials have dismissed the claims. Israel’s parliamentary election or Knesset election will take place on Tuesday, April 9. But, on Saturday, April 6 the hacking group claimed that they have stolen important information of on millions of Israelis as they successfully broke into the voter registry. Later, the Central Elections Committee of Israel stated that they had no evidence of any cyber breach. As per a Hebrew-language daily newspaper, Hamodia, the authority has dismissed the hackers’ claims and mentioned that the accessed data was from another data leak in 2006. The report also added that there are thousands of hackers around the world and they aim regularly to attack Israel-based web sites.

National: States slow to spend funds to enhance election security, report finds | CNN

US states and territories given $380 million in combined federal funds for election upgrades last year only spent 8.1% of that money in the first six months it was available, the agency responsible for distributing the funds said on Thursday. That money was distributed as part of a 2018 bill, which was passed after Homeland Security secretary Kirstjen Nielsen warned it is a “national security concern” that US elections can’t be audited with paper ballots.
Security experts have in recent years called for major elections to have a physical paper trail so a trustworthy audit can be performed. However, brands and types of voting equipment vary by state. Many states use some machines that don’t leave a paper trail, and five states are entirely paperless for the general population. The report from the US Election Assistance Commission only tracked spending through September 2018, and many states have since spent or plan to spend some of their money on cybersecurity features or staff or upgraded equipment that badly needs replacing.

National: States spent just a fraction of $380 million in election security money before midterms | The Washington Post

Congress scrambled in early 2018 to deliver a surge in election security money before the midterms. But it turns out that states only spent about 8 percent of the $380 million Congress approved by the time the elections rolled around. That’s the bad news in a spending report released Thursday by the Election Assistance Commission, which is responsible for disbursing the money. The good news is that states are on track to spend the majority of the money before the 2020 elections — which intelligence officials say are far likelier than the midterms to be a hacking target for Russia and other U.S. adversaries. The report highlights the lengthy process of investigations and reviews that are necessary before states can make major upgrades to specialized election equipment. Given the tight time frame — Congress approved the money in March and the EAC began disbursing it to states in June — EAC Chairwoman Christy McCormick told me that 8 percent is a reasonable amount to have spent and about what the commission expected. It’s also a warning to Congress that the clock is ticking if it wants to deliver more election security money that will make a meaningful difference in 2020.

National: States’ spending on election security expected to pick up in 2019 | StateScoop

States and territories spent just 8 percent of the $380 million in federal election-security grants in the six months after they were distributed last year, according to the U.S. Election Assistance Commission. But in a report Thursday, the commission said it expects the bulk of that funding to be spent before the 2020 presidential election. The report follows states’ spending on new voting equipment, cybersecurity resources and personnel between last April and Sept. 30, when the federal government’s 2018 fiscal year ended. But the EAC said it expects spending to pick up this year as more grant money is transferred to states and as legislatures approve spending plans. “There hasn’t been a lot of money spent, but there is a lot of activity,” Mark Abbott, the commission’s grants director, told StateScoop. Of the $31.4 million states spent through last September, more than half — $18.3 million — went toward cybersecurity, including hiring new personnel dedicated to network security, implementing risk assessments and vulnerability scans and putting up stronger firewalls around statewide voter registration systems, which were infamously targeted by Russian hackers during the 2016 presidential election.

Ohio: Senate OKs creation of cyber security division | Richland Source

Ohio Senate President Larry Obhof (R-Medina) Thursday announced passage of legislation to create the Ohio Cyber Reserve — a new division of the Ohio National Guard that specializes in cyber security. “Cyberattacks are a growing threat,” said Obhof, who co-sponsored the bill. “This legislation will help our state better prepare against these sophisticated attacks.” Obhof’s district includes Richland and Ashland counties. The new force will consist of qualified, civilian cyber security experts and will maintain regional Cyber Response Teams capable of deterring, mitigating, and remedying cyber-attacks against our local governments, businesses, critical infrastructure and citizens. Senate Bill 52 was initially suggested by Ohio Secretary of State Frank LaRose, in order to address concerns related to elections and protecting the integrity of election-related data.

Australia: Electoral Commission gets AU$11m for polling place tech and IT upgrades | ZDNet

The Australian Electoral Commission (AEC) will be given AU$10.8 million over the next two years to upgrade its IT infrastructure and implement more polling place technology under the 2019-20 Federal Budget. The funding will be separated into AU$4 million in 2019-20 and AU$6.7 million in 2020-21. It will specifically see the AEC “approach the market to scope the deployment of new polling place technology and upgrades to the AEC’s ageing core ICT infrastructure”, according to the Budget documents. The funding follows electronic voting for citizens previously gaining bipartisan support, with both former Prime Minister Malcolm Turnbull and current opposition leader Bill Shorten advocating for electronic voting following the 2016 federal election. “We’re a grown-up democracy; it shouldn’t be taking eight days to find out who’s won and who’s lost,” Shorten said while conceding the election a week after polls closed.

Israel: The cybersecurity election | Jerusalem Post

There has been one theme running through this election almost from the day it was called: Cybersecurity. The past few months have been colored with stories of online influence campaigns, hacking, bots and Internet trolls. It began in November, when the Knesset hadn’t been dissolved yet but election fever was in the air, and The Jerusalem Post uncovered Twitter accounts sending links to falsified websites with outlandish news stories about Israeli politicians. The Foreign Ministry reported some incidents to Twitter and got some of the accounts shut down, but it also sent a warning to journalists, a top target for these scams: “The modes of action to influence the political discourse in Israel are similar to those that were seen in the elections in the United States, the vote on Brexit in the United Kingdom and the elections in France. Their preferred network is Twitter, which is seen as a social media of influencers and opinion leaders.” In January, less than two weeks after the Knesset made the elections official, Shin Bet (Israel Security Agency) chief Nadav Argaman warned about foreign intervention in the election using cyber capabilities, though he did not say which country was interfering and to what end. Many in the political field assumed he was referring to Russia, based on the aforementioned precedents, but Argaman has yet to make a follow-up statement nor has there been any serious evidence of a Russian effort.

Israel: Israelis prepare for elections as experts cite cyber threats | Associated Press

As Israel prepares to hold a national election next week, experts say it is vulnerable to the kind of foreign hacks and cyber campaigns that have disrupted the political process in other countries. Prime Minister Benjamin Netanyahu says there is “no country better prepared” to combat election interference. But despite Israel’s thriving tech sector and vaunted security capabilities, experts say its laws are outdated and that Netanyahu’s government hasn’t made cyber threats a priority. Campaigning had just started to ramp up in January when the director of the Shin Bet, Israel’s internal security agency, told a closed audience that a world power had tried to disrupt the April 9 vote. Suspicion fell on Russian operatives, now infamous for their alleged cyber meddling in America’s 2016 presidential race and the Brexit referendum. Soon after, news erupted that Iranian agents had hacked the cellphone of Benny Gantz, a former general who is the main challenger to Netanyahu. Although the breach occurred months before Gantz joined the race, the scandal threatened to derail his campaign, which is largely based on his security credentials.