Switzerland: Swiss Post’s e-voting system pulled for May votes | SWI

The e-voting system operated by Swiss Post will not be available for nationwide votes on May 19. This is the consequence of “critical errors” found during a public intrusion test, the Federal Chancellery and Swiss Post announced on Friday. The Federal Chancellery said in a statementexternal link it would review the licensing and certification procedures for e-voting systems. It added that it had no indication that these flaws had resulted in votes being manipulated in previous ballots. Swiss Post’s e-voting system had been in use in four cantons: Basel City, Fribourg, Neuchâtel and Thurgau. The Organisation of the Swiss Abroad said on Fridayexternal link it was deeply disappointed by the news, describing it as a blow against online voting “and thus a denial of the democratic rights of the Swiss Abroad”.

National: 2020 Census likely target of hacking, disinformation campaigns, officials say | The Washington Post

With just a year to go before the 2020 Census, the U.S. government is urgently working to safeguard against hacking and disinformation campaigns as it perfects a plan to count about 330 million people largely online for the first time. Going digital is intended to cut costs. But cybersecurity experts say it may also put the survey at unprecedented risk in a nation embroiled in fallout from Russian interference in the 2016 election. Any outside attempt to discredit or manipulate the decennial survey could drive down response rates, imperiling the integrity of data that help determine a decade’s worth of federal funding, congressional apportionment and redistricting throughout the country. “Just as with voting, completing the census is a powerful exercise in our democracy, and there are always people who want to prevent others from exercising their power,” said Indivar Dutta-Gupta, co-executive director of the Georgetown Center on Poverty and Inequality and an expert on the census. “I think there will be lots of attempts. We should be concerned.”

National: American Security Requires a Cyber-Savvy Congress | The National Interest

On March 13, Arkansas Sen. Tom Cotton and Oregon Sen. Ron Wyden submitted a bipartisan letter to the Senate sergeant-at-arms asking for an annual report tallying the number of times Senate computers have been hacked. The letter also requests the SAA adopt a policy of informing Senate leadership within five days of any new data breaches that occur. Cotton and Wyden should be lauded for requesting greater clarity regarding government cybersecurity. Yet this important and reasonable petition reveals an unfortunate reality: We expect our lawmakers to enact policy protecting our nation from cyberattacks when they don’t even know whether their own computers have been hacked. For the sake of national security, this must change. Government agencies, in general, are legally required to disclose breaches, but Congress is under no similar obligation. According to the letter, the last time there was a publicly disclosed report of a congressional data breach was in 2009. Indeed, the two examples of cyberattacks on Senate computers that Cotton and Wyden cite (one against former Virginia representative Frank Wolf in 2006 and one against former Florida senator Bill Nelson in 2009) are both at least a decade old. But a lack of data for the years since then doesn’t mean that hackers haven’t been active. In fact, in 2018, both the Democratic National Committee and the National Republican Congressional Committee lost emails in data breaches. Moreover, the Department of Defense wards off approximately thirty-six million attempted data breaches each day. 

Minnesota: Election security bill in limbo | KARE

Three months into the 2019 legislative session, lawmakers still haven’t released federal funds set aside for election security. As part of the Help America Vote Act or HAVA, Congress allotted $6.6 million to Minnesota to combat cyber threats and other attacks against the state’s elections infrastructure. As of the first week in April, Minnesota is the only state in the nation to leave the money on the table, unspent. “We want to re-secure our voter registration data base. It’s the spine of the system,” Minnesota Secretary of State Steve Simon told KARE. “It does more than just voter registration. It does a lot of things in the election system and it needs to be substantially recoded and fortified against attacks.” We now know that Russian operatives tried to hack into Minnesota’s elections Internet framework in 2016. They were able to breach the system, but unable to alter any records or processes. Secretary Simon wants to use the money to modernize the registration system, build a voter database backup, add real-time monitoring of cyber threats, and create a new position in his office to help local elections officials with security issues. Federal officials made many of these recommendations after a site visit to Minnesota last year. But Simon can’t take any of these actions without first getting permission from the legislature. That hasn’t happened yet.

National: Voting Machine Firms Add Lobbyists Amid Election Hacker Concerns | Bloomberg

Voting machine manufacturers are increasing their Capitol Hill presence as lawmakers demand they do more to protect U.S. elections against foreign hackers. Dominion Voting Systems — which commands more than a third of the voting-machine market without having Washington lobbyists — has hired its first, a high-powered firm that includes a longtime aide to Speaker Nancy Pelosi. The No. 1 vendor, Election Systems & Software, added two new lobbying firms last fall. Members of Congress have criticized those and other companies for their security methods and business practices.

Uncategorized: Top Democrats press voting vendors over election security concerns | The Hill

Democratic senators sent a letter to three of the country’s top election system vendors on Tuesday, pressing them on what they will do to help secure the 2020 election from foreign attacks. The letter, sent to the heads of voting vendors Election Systems & Software LLC, Hart InterCivic Inc. and Dominion Voting Systems, requested that the companies inform Democratic leaders of efforts to improve their systems to guard against cyber vulnerabilities. Sen. Amy Klobuchar (D-Minn.), the ranking member of the Senate Rules Committee, was joined on the letter by Senate Intelligence Committee Vice Chairman Mark Warner (D-Va.), Senate Homeland Security Committee ranking member Gary Peters (D-Mich.) and Senate Armed Services Committee ranking member Jack Reed (D-R.I.). “Despite the progress that has been made, election security experts and federal and state government officials continue to warn that more must be done to fortify our election systems,” the senators wrote. “Of particular concern is the fact that many of the machines that Americans use to vote have not been meaningfully updated in nearly two decades.”

National: Bill Seeks to Aid Senators in Protecting Personal Devices | GovInfo Security

Legislation introduced last week would give the U.S. Senate’s sergeant at arms responsibility to help secure the personal devices and online accounts used by senators and their staff to help ward off cyberattacks and other threats. The bill, known as the “Senate Cybersecurity Protection Act of 2019,” was introduced by senators Ron Wyden, D-Ore., and Tom Cotton, R-Ark., who both serve on the Intelligence Committee. While there is not yet a similar bill pending in the House to provide members with similar services, backers of the Senate bill are urging the House to take up a similar measure. The Senate bill would allow the sergeant at arms, who is already responsible for cybersecurity within the Senate, to provide voluntary cybersecurity assistance for personal accounts and devices to senators and certain staff members. This could include assistance with security for personal hardware, such as laptops, desktops, cell phones, tablets and other internet-connected devices, as well as personal accounts, including email, text messaging, cloud computing and social media as well as residential internet, healthcare and financial services, according to a summary.

California: Russian meddling and election integrity in California | Los Angeles Daily News

Now that Special Counsel Robert Mueller’s investigation “did not establish that members of the Trump campaign conspired or coordinated with the Russian government in its election interference activities,” we can all move on to fighting over whether those activities actually changed the outcome of the 2016 presidential election. Attorney General William Barr’s letter to Congress summarizing the Mueller report says the special counsel determined that there were two main Russian efforts to influence the 2016 election: “The first involved attempts by a Russian organization, the Internet Research Agency (IRA), to conduct disinformation and social media operations in the United States designed to sow social discord, eventually with the aim of interfering with the election. The second element involved the Russian government’s efforts to conduct computer hacking operations designed to gather and disseminate information to influence the election. The Special Counsel found that Russian government actors successfully hacked into computers and obtained emails from persons affiliated with the Clinton campaign and Democratic Party organizations, and publicly disseminated those materials through various intermediaries, including WikiLeaks.” Mueller has brought criminal charges against a number of Russian individuals, Russian military officers, and Russian companies or entities in connection with these activities. They’re never going to be in a U.S. courtroom, but the indictments tell us what happened.

Australia: Government allocates funds to boost election security | iTWire

The Federal Government has allocated an unspecified amount in Tuesday’s Federal Budget to improve cyber security arrangements for the forthcoming election. The amount was not specified due to what the government said were national security reasons. The Budget papers say the money will be for mitigating potential threats through enhanced monitoring and response capabilities. It will also be spent towards the creation of cyber “Sprint Teams” within the Australian Cyber Security Centre and a Cyber Security Response Fund. In February this year, it was announced that the network of the Australian Parliament had been breached by hackers whose affiliations have not yet been revealed. The networks of the three major political parties — Liberal, Labor and National — were also infiltrated.

National: Feds Seek To Up Their Cybersecurity Game | Forbes

The idea that the U.S. federal government could play a dominant and effective role in protecting the nation from malicious cyberattacks on everything from Internet of Things (IoT) devices to critical infrastructure to election voting systems might strike some people as absurd. Its catastrophic security failures are well known.

– The Office of Personnel Management (OPM) couldn’t protect the personally identifiable information (PII) of more than 22 million current and former federal employees.

– The National Security Agency (NSA) couldn’t protect its own stash of so-called zero-day vulnerabilities that it hoped to use to spy on, or attack, hostile nation states or terrorist groups. Instead, the stash ended up in the hands of Wikileaks.

National: Former CIA leaders give ‘briefing book’ to 2020 candidates to counteract ‘fake news’ and ‘foreign election interference’ | The Washington Post

Two former top CIA officials have compiled an unclassified report on the major national security challenges facing the United States, which they are distributing to every candidate running for president. The report, which former acting CIA directors Michael Morell and John McLaughlin call a “briefing book,” is modeled on the classified oral briefing that the intelligence community provides to the nominees of each major political party running for president, usually after the nominating conventions. The former officials said they’re distributing their briefing now, more than a year before nominees are selected, in response to “the recent rise and abundance of fake news and foreign election interference,” according to a copy reviewed by The Washington Post. The 37-page document, which has not been previously reported, was sent this month to nearly every announced candidate and will soon be sent to President Trump, the former officials said. Intelligence agencies have usually viewed their discussions with nominees as a chance to prepare a potential president for the kinds of issues that he or she will have to grapple with, and to give them a sense of the kind of capabilities and expertise that the U.S. government can bring to bear.

Editorials: Fixing US Elections Is Easier—and Harder—Than You’d Think | Max Eddy/PCMag

When I flew out to San Francisco for the RSA Convention (RSAC) in early March, I planned to attend all the election security talks I could fit into my schedule. It’s an obvious choice. While the 2018 midterms concluded without much controversy, we’re still fighting over the 2016 presidential election, and we’re halfway to the next one. That’s in addition to the US system of casting and counting votes being, at best, a barely functional shambles. I expected the usual doom-and-gloom about election security, with researchers bemoaning the sorry state of voting machines in the US. I was even looking forward to it, because you have to be a little masochistic to be in this industry. There was a bit of the usual misery, but I wasn’t prepared for a double whammy of optimism and despair. I left convinced that we’ve actually sorted out the most pressing of the technological problems with voting. What has us stumped is the other stuff. And that’s a lot of stuff.

Australia: Committee pushes ‘cyber taskforce’ for security of Australia’s election system | ZDNet

The Joint Standing Committee on Electoral Matters is tasked with overseeing the Australian electoral system, specifically the activities of the Australian Electoral Commission (AEC). Its Status Report [PDF], released on Friday, follows the November publication of the Report on the conduct of the 2016 federal election and matters related thereto [PDF], which made 31 recommendations to the AEC regarding cybersecurity, in particular where the manipulation of elections was concerned. One of the recommendations made by the committee was that the Australian government establish a permanent taskforce to “prevent and combat cyber manipulation in Australia’s democratic process” and to “provide transparent, post-election findings regarding any pertinent incidents”. Specifically, the taskforce, the committee wrote, would focus on “systemic privacy breaches”. In its latest report, the committee again recommended the taskforce be established.

Canada: Officials worry that foreign actors are trying to meddle in 2019 election | The Toronto Star

Canadian intelligence agencies have identified persistent foreign state-backed cyber campaigns against government and civilian targets that have some officials worried efforts to interfere with this year’s federal election have already begun. Two intelligence sources with direct knowledge of efforts to safeguard Canada’s 2019 election say the rate of cyber attacks against federal institutions, political parties and private companies has been steadily increasing. Between 2013 and 2015, an average of 2,500 state-sponsored “cyber activities” against government networks were detected each year. The rate of success of those activities declined over that period, from six per cent in 2013 to two per cent in 2015 — but that still works out to one successful attack per week. The government officials, who requested anonymity to speak about ongoing national security matters, said just because a hostile state have political and government systems targets does not necessarily mean they intend to disrupt the election. But others are treating it as a foregone conclusion.

Finland: Russia’s Neighbor Finland Mounts Defenses Against Election Meddling | Bloomberg

The country that shares a bigger border with Russia than the rest of the European Union combined is ramping up its defenses against the threat of foreign meddling in its April 14 election. Finland has always had a love-hate relationship with its much bigger neighbor. A history of tension and bloody confrontations has given way to a strong trading partnership, and the country’s diplomatic role as a bridge between Russia and the West is one reason why its capital was picked for last year’s summit between Donald Trump and Vladimir Putin. But with evidence of Russian interference in Western politics mounting, the euro area’s northernmost member state remains on high alert. Social media influence campaigns or direct cyber attacks are already thought to have impacted key votes such as the U.S. election in 2016 and the U.K’s Brexit referendum.

Ukraine: Intelligence Service elaborates on Russia’s election meddling plans | Reuters

The Foreign Intelligence Service of Ukraine (SZRU) has released a report on the features of Russia’s approaches to affecting the course and results of Ukraine elections. Russia’s main action plan on Ukraine in the short and medium term envisages further provoking extensive destabilization to facilitate the revenge of pro-Russian forces following the 2019 election, the Information Resistance OSINT Group wrote citing the SZRU report published on its website Wednesday, March 27. This will include systemic and versatile measures for influencing the course of the election process and the vote count during the presidential and parliamentary elections, the report says. In this context, the main areas where Russia is most likely to intensify its efforts is destabilization, including on the contact line in Donetsk and Luhansk regions, incitement of military-political confrontation with elements of economic influence; propaganda campaigns in the Ukrainian media and using instruments for cyber interference; measures to provide electoral support to individual candidates; and discrediting the electoral process in the international media space and through Kremlin’s positions in international organizations, as well as Western political and expert circles.

National: States Need Way More Money to Fix Crumbling Voting Machines | WIRED

THE 2018 MIDTERM elections were hardly a glowing reflection on the state of America’s voting technology. Even after Congress set aside millions of dollars for state election infrastructure last year, voters across the country still waited in hours-long lines to cast their ballots on their precincts’ finicky, outdated voting machines. Now, a new report published by New York University’s Brennan Center for Justice finds that unless state governments and Congress come up with additional funding this year, the situation may not be much better when millions more Americans cast their vote for president in 2020. In a survey that the center disseminated across the country this winter, 121 election officials in 31 states said they need to upgrade their voting machines before 2020—but only about a third of them have enough money to do so. That’s a considerable threat to election security given that 40 states are using machines that are at least a decade old, and 45 states are using equipment that’s not even manufactured anymore. This creates security vulnerabilities that can’t be patched and leads to machines breaking down when the pressure’s on. The faultier these machines are, the more voters are potentially disenfranchised by prohibitively long lines on election day. “We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting up,” one South Carolina election official told the Brennan Center’s researchers, noting that he feels “lucky” to be able to find spare parts.

National: Senate Democrats investigate cybersecurity of election machines, introduce version of H.R. 1 | InsideCyberSecurity.com

A group of senior Senate Democrats is seeking information on what the three largest manufacturers of U.S. voting machines are doing to secure the systems ahead of the 2020 elections, while the entire Democratic Caucus on Wednesday signed on to sponsor the Senate version of House-passed H.R. 1, the “For the People Act,” which includes language on securing election machines. A letter — signed by Senate Rules ranking member Amy Klobuchar (D-MN), Intelligence ranking member Mark Warner (D-VA), Homeland Security and Governmental Affairs ranking member Gary Peters (D-MI), and Armed Services ranking member Jack Reed (D-RI) — was sent Tuesday to voting machine vendors Hart InterCivic, Dominion Voting Systems, and Election Systems and Software, or ES&S. “Despite the progress that has been made, election security experts and federal and state government officials continue to warn that more must be done to fortify our election systems,” the senators wrote. “Of particular concern is the fact that many of the machines that Americans use to vote have not been meaningfully updated in nearly two decades. Although each of your companies has a combination of older legacy machines and newer systems, vulnerabilities in each present a problem for the security of our democracy and they must be addressed.” The senators posed questions on steps the companies are taking to secure their machines ahead of 2020, and how Congress can assist in these efforts; what the plans are for updating “legacy” voting machines; whether the companies would support legislation requiring “expanded use of post-election audits”; if the companies have vulnerability disclosure programs; and if they employ full-time cybersecurity experts.

Switzerland: Second flaw found in Swiss election system could change ‘valid votes into nonsense,’ researchers say | CyberScoop

Researchers have uncovered a second security flaw in the electronic voting system employed by the Swiss government. The vulnerability involves a problem with the implementation of a cryptographic protocol used to generate decryption proofs, a weakness that could be leveraged “to change valid votes into nonsense that could not be counted,” researchers Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague wrote in a paper published Monday. This disclosure comes weeks after the same team of researchers announced they had uncovered a flaw in the e-voting system that could allow hackers to replace legitimate votes with fraudulent ones. Swiss Post, the country’s national postal service, which developed the system along with Spanish technology maker Scytl, said earlier this month that first vulnerability had been resolved. Researchers said at the time that the vulnerability demonstrated what can go wrong when governments shift to electronic voting with no alternative plan. The security and integrity of electronic voting systems vary by country, and the vulnerabilities outlined in this research are specific to Switzerland, but other areas of the world increasingly are moving toward a voting infrastructure where it could soon be impossible to verify whether vote tampering has occurred. Christopher Krebs, head of the U.S. Cybersecurity and Infrastructure Agency told Congress last month election officials must have the ability to audit election results.

National: Election security in 2020 means a focus on county officials, DHS says | CNET

As special counsel Robert Mueller’s investigation on Russian hacking and collusion with the Trump campaign ends, the Department of Homeland Security is gearing up to prevent a repeat for the 2020 US presidential election. The federal agency, which formed the Cybersecurity and Infrastructure Security Agency last November, said that it’s “doubling down” on its efforts, calling election security for 2020 a top priority. It hopes to do that by focusing on local election officials, Matt Masterson, a DHS senior adviser on election security, said in an interview with CNET. The emphasis on local represents a new tact as the DHS tries to shut down foreign interference in the US elections. While the agency worked with all 50 states during the 2018 midterm elections, security experts said the outreach needs to zoom in on a county level. There are about 8,800 county election officials across the US, and they are the people responsible for your voting machines, your polling place’s security and handling vote auditing.

National: What Will Mueller’s Russia Report Mean For Election Security In 2020? | WMOT

The release of special counsel Robert Mueller’s report may provide Americans with the best playbook yet on how to defend democracy in the lead-up to the 2020 presidential election. In the days since Attorney General William Barr’s letter to Congress, much of the focus has boiled down to one line from President Trump: “No Collusion, No Obstruction.” But judging by Barr’s language and the details that have come to light through indictments filed by Mueller’s team over the past two years, the report may also reveal more about how Russia attacked the 2016 U.S. presidential election. The report’s first section, according to Barr, focuses on Russian “computer hacking operations,” which included the theft of emails from the Democratic National Committee and Hillary Clinton’s campaign, as well as agitation online to try to exacerbate divisions among Americans. Barr’s summary didn’t address an aspect of the interference that Mueller has described elsewhere, including the cyberattacks that targeted state elections infrastructure.

National: ‘Russian playbook’ remains after Mueller report wraps up | Associated Press

The collusion question now answered, another one looms ahead of 2020: Will U.S. elections be secure from more Russian interference? The 22-month-long special counsel investigation underscored how vulnerable the U.S. was to a foreign adversary seeking to sow discord on social media, spread misinformation and exploit security gaps in state election systems. With the presidential primaries less than a year away, security experts and elected officials wonder whether the federal government and the states have done enough since 2016 to fend off another attack by Russia or other hostile foreign actors. “Although we believe that Russia didn’t succeed in changing any vote totals, the Russian playbook is out there for other adversaries to use,” said Virginia Sen. Mark Warner, a Democrat and vice chairman of the Senate Committee on Intelligence. “As we head towards the 2020 presidential elections, we’ve got to be more proactive in protecting our democratic process.” Special counsel Robert Mueller detailed the sweeping conspiracy by the Kremlin to meddle in the 2016 election in an indictment last year, charging 12 Russian military intelligence officers with hacking the email accounts of Clinton campaign officials and breaching the networks of the Democratic Party. The indictment also included allegations the Russians conspired to hack state election systems and stole information on about 500,000 voters from one state board of elections’ computers.

Michigan: Secretary Benson forms Election Security Commission | UPMatters

Secretary of State Jocelyn Benson today announced an Election Security Commission to recommend reforms and strategies for ensuring the security of elections in Michigan. The first-of-its-kind effort brings together 18 local and national experts on cybersecurity and elections to secure elections and protect the integrity of every vote. Together they will advise the secretary of state and Bureau of Elections on best practices. … The commission will convene in early April to begin its review and assessment of election security in Michigan. It later will host hearings throughout the state and invite citizen and expert input on election problems and security. The commission will deliver a set of recommended reforms and actions to the secretary of state by the end of 2019. Its work is funded through a federal grant for election security. Benson has named David Becker, executive director of the nonprofit Center for Election Innovation & Research, and J. Alex Halderman, professor of computer science and engineering at the University of Michigan, as co-chairs of the commission. It will be staffed and facilitated by designated secretary of state employees.

Pennsylvania: Cyber security expert urges Pennsylvania to find the money for new voting machines | WITF

A national cyber security expert says the state legislature must find the money to upgrade Pennsylvania’s voting system ahead of the 2020 election. Anthony Shaffer is a retired Army Lieutenant Colonel and intelligence officer who now works for a conservative think tank. At a state capitol news conference Tuesday, he warned Pennsylvania, as a swing state, is a target for foreign agents looking to sow doubt in the next election. But he noted adversaries typically look for easy prey. “So, if Russia, if China sees the state of Pennsylvania is doing something, they’re probably going to go to another state and take another target which they perceive as less able to defend itself or less prepared,” Shaffer said. He added the legislature needs the proper funding, technology, and perception to protect the state’s voting system.

Israel: Cybersecurity researchers find security flaws in Likud, Labor party Android apps | The Times of Israel

Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said Wednesday that they had found “serious security breaches” granting access to “highly sensitive personal information” in the Android phone apps of the Likud and Labor parties. “There has been much talk of impact attacks on social networks and we learn more and more about the offensive capabilities of various countries and entities in cyberspace. But we often ignore the factor that allows these attacks — access to sensitive information we share, sometimes without any intention of doing so,” Check Point said in a emailed statement. “Sensitive information such as political opinion, social contacts, demographic data, telephone numbers, and addresses of us and those close to us can be of great help to the various elements operating in cyberspace,” the statement said.

Ukraine: With elections just days away, Ukraine faces disinformation, cyber attacks and further Russian interference | Global Voices

UkraineUkrainians will head for the polls on Sunday 31 March in what will be the first regular national elections since the country’s 2014 Euromaidan revolution. With its Crimean peninsula still occupied by Russian forces, an ongoing military conflict in eastern Ukraine, and rising activity of far-right groups, the country is a prime target for both domestic and external information influence operations. Ukraine has been in the crossfire of disinformation warfare since 2014, with multiple political actors attempting to disrupt its democratic development. The elections for both the office of the president and parliamentary seats will be a crucial test for Ukraine’s democracy and stability. Much of the action has taken place on Facebook, which is the country’s most popular social network. Despite persistent efforts of civil society and media groups, Facebook has done relatively little to respond to Ukraine’s disinformation problem in the past. But the company changed its tune in January, when it publicly announced that it had taken steps to counter some of these issues.

National: DARPA Is Building a $10 Million, Open Source, Secure Voting System | Motherboard

For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven’t been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don’t have to blindly trust that the machines and election officials delivered correct results.

National: U.S. Military Steps Up Cyberwarfare Effort | Govenment Technology

The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process. It started with texts in October 2018. Russian hackers operating in the Internet Research Agency – the infamous “troll factory” linked to Russian intelligence, Russian private military contractors and Putin-friendly oligarchs – received warnings via pop-ups, texts and emails not to interfere with U.S. interests. Then, during the day of the election, the servers that connected the troll factory to the outside world went down.

National: Election security threats loom as presidential campaigns begin | TechTarget

Never has it been more important to have a mechanism to audit U.S. voting results, but experts say election security risks combined with the weaponization of social media make the task more difficult than ever. The electronic voting systems used in a number of states are a concern for security experts who have seen serious flaws in these systems. If the 2020 U.S. election results are disputed by a candidate, there must be a clear way to show voting results are accurate to ensure a peaceful transition of government, said Avi Rubin a computer science professor at Johns Hopkins University, during an RSA Conference 2019 session on election hacking. … Ronald Rivest, a professor in MIT’s Cryptography and Information Security research group, said during a separate session at RSA Conference that “keeping it simple with low-tech paper ballots” is the lesson learned over the past decade. We still need to know that the tabulation of those ballots is accurate, via audits, and states like Colorado and Rhode Island are piloting new risk-limiting audit systems, Rivest said.

California: Contra Costa County elections detects attempted hacking into system | San Jose Mercury News

An unknown hacker recently tried to access Contra Costa County’s election internet system, according to an email sent by the county’s elections chief. The unsuccessful hacking attempt “fits a pattern of other attempts/attacks that trace back to foreign interests,” Clerk-Recorder and Registrar of Voters Joe Canciamilla wrote, in an internal email to county staff on Friday morning. He said the elections office notified the California Secretary of State’s office, as well as the Department of Homeland Security, about the “attempted intrusion.” “Our security protocols captured and isolated the threat almost immediately,” Canciamilla wrote in the email. It’s unclear when the attack took place. Elections spokesman Paul Burgarino said the investigation into the incident is still in its early stages, but preliminary information indicated the attempt was unsuccessful.