Canada: Cyber security expert briefs parties on protecting themselves during election campaign | CBC

One of Canada’s top cyber security experts says he’s been quietly giving the main political parties threat briefings in the lead-up to the upcoming federal election. “It’s an ongoing conversation,” Scott Jones, head of the Canadian Centre for Cyber Security within the Communications Security Establishment, told CBC News in an interview. “We told them basic cyber security matters. Taking action and thinking about how this could be turned against you is really important.” Earlier this week, Canada’s chief electoral officer raised concerns about the parties’ abilities to protect themselves from cyberattacks.

National: Lawmakers Push for the State Department to Help Secure Foreign Elections | Nextgov

As misinformation campaigns and cyberattacks threaten to undermine democracy around the world, lawmakers want the State Department to play a bigger role in helping other countries secure their elections. Sens. Amy Klobuchar, D-Minn., and Dan Sullivan, R-Alaska, on Tuesday reintroduced legislation that would create a program at State to share information about election threats with other countries. Through the Global Electoral Exchange Program, the department would assist allies in adopting best practices around election cybersecurity, transparency and auditing. It would support work to combat misinformation campaigns and end discriminatory voter registration practices. An earlier version of the bill passed the House in September but was never put to a vote in the Senate. “Our election systems—and those of our allies—have become a target for foreign adversaries,” Klobuchar said in a statement. “Safeguarding our democracies must be a priority for us all.”

National: Midterm election infrastructure deemed meddle-free, but states seek equipment funding | GCN

The federal government has determined there is no evidence that foreign interference in the 2018 midterm election “had a material impact on the integrity or security of election infrastructure or political [and] campaign infrastructure,” the Justice Department announced. DOJ and the Department of Homeland Security said Feb. 5 that they have submitted a classified report to President Donald Trump in accordance with an executive order issued last year to root out and investigate foreign interference targeting American elections or campaigns. The conclusions represent the second half of an interagency process created late last year to assess whether foreign governments made any efforts to hack into voting machines and election systems or alter voter behavior through covert influence campaigns on social platforms and other media.

National: DHS prioritizes restart of election security programs post-shutdown | CNN

Since the shutdown ended, the Department of Homeland Security has prioritized the resumption of its election security programs, some of which were forced to go on hiatus during the lapse in government funding, according to Cybersecurity and Infrastructure Security Agency Director Chris Krebs. “Coming out of the shutdown, anything that had paused on election security-related activities was put on the top of the priority list for restart,” he said. Krebs told CNN that if there was an active threat during the shutdown, the department was able to respond by conducting assessments and hunting down the threat. “What paused was the more routine vulnerability assessments,” he said. Those included a “couple of the election security-related” assessments run by the department, specifically focused on state networks.

Ukraine: Exiled ex-president claims possible vote rigging | Associated Press

Ukraine’s exiled former president, who was found guilty of fueling a deadly separatist conflict in the east, on Wednesday claimed there could be possible vote rigging in the country’s upcoming presidential election. Ukrainians will vote March 31 to elect a new president. Former President Viktor Yanukovych fled the country in February 2014 following months of anti-government protests. Weeks later, Russia used his appeal to send troops to Ukraine as a justification for annexing the Crimean peninsula. Yanukovych, 68, spoke to the press Wednesday in Moscow, breaking more than a year of silence. He would not endorse any of the over 30 Ukrainian presidential candidates but accused President Petro Poroshenko of plotting vote rigging. He offered no proof for his claims.

National: DOJ, DHS say foreign influence campaigns didn’t alter 2018 elections | FCW

The federal government has determined that foreign interference campaigns had no material impact on the outcomes of the 2018 midterm elections. The Departments of Justice and Homeland Security announced Feb. 5 that they have submitted a classified report to President Donald Trump in accordance with an executive order issued last year to root out and investigate foreign interference targeting American elections or campaigns. “Although the specific conclusions within the joint report must remain classified, the Departments have concluded there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political [and] campaign infrastructure used in the 2018 midterm elections for the United States Congress,” said DOJ in a statement.

Israel: Facebook Introduces Election Protection Features to Israel’s Central Elections Committee | CTech

Two months ahead of Israel’s general election, Facebook’s global politics and government outreach director Katie Harbath met Sunday with Israel’s Central Elections Committee, the committee announced Monday. The meeting took place following correspondence between the committee and Facebook concerning the ways in which the social media company is planning to increase transparency ahead of the Israeli election process. In the meeting, Facebook representatives reiterated the company’s plans to launch special features in Israel in March, including the association of political ads with the advertising page, and the launch of a political ad archive. Facebook will also prevent users from posting political ads from outside the country.

Indiana: Counties could be required to have paper trail for voting by 2024 | Indianapolis Business Journal

A bill that would require counties using electronic voting systems to also maintain a paper trail is moving forward at the Indiana General Assembly. Senate Bill 570, authored by Columbus Republican Greg Walker, would require counties to have a voter-verifiable paper trail in addition to any electronic system the county uses. Indiana Election Division Co-Director Brad King said a voter-verifiable paper trail would work much the way an ATM generates a paper receipt to reflect a transaction. He said about half of Indiana counties already have such systems.  But those who don’t use the systems already could face costly upgrades.

Maryland: Company with Russian investment no longer owns firm that hosts Maryland election data | Baltimore Sun

new firm has taken ownership of hosting Maryland’s elections data after a federal investigation into the Russian ties of the previous vendor. Maryland elections administrator Linda Lamone said Monday the state will use Intelishift, a Virginia-based data center, and its subsidiary, The Sidus Group, through Dec. 31. The Sidus Group was previously a unit of ByteGrid LLC. The FBI revealed in July that ByteGrid was connected to Vladimir Potanin, a wealthy ally of Russian President Vladimir Putin. Potanin is an investor in a private equity firm, Altpoint Capital of Greenwich, Connecticut, that bought an ownership stake in ByteGrid in 2011. ByteGrid — through The Sidus Group — hosted Maryland’s online voter services, election-night website and voter registration, candidacy and election management systems.

Editorials: Pennsylvania needs paper ballots to secure our elections | Charlie Dent/Philadelphia Inquirer

Pennsylvania’s elections — like many other states’ — are vulnerable to cyber attack, leaving our democracy in a precarious state. As a former Pennsylvania legislator and member of Congress representing the Keystone State, I know how important free, fair, and secure elections are to governing. A lack of public trust in the vote imperils our great American experiment in popular sovereignty. Despite these serious threats to our election architecture, there are known solutions that we can, and must, implement. The report of the Blue Ribbon Commission on Pennsylvania’s Election Security provides this blueprint to secure our elections.

Canada: Chief electoral officer worries parties are weak link in cybersecurity chain | Calgary Herald

Canada’s chief electoral officer is “pretty confident” that Elections Canada has good safeguards to prevent cyberattacks from robbing Canadians of their right to vote in this year’s federal election. But Stephane Perrault is worried that political parties aren’t so well equipped. “They don’t have access to the resources we have access to,” Perrault said in an interview Monday, noting that “securing (computer) systems is quite expensive… Even the larger parties have nowhere near our resources and you’ve got much smaller parties with very little resources.” Moreover, with thousands of volunteers involved in campaigns, he said it’s difficult to ensure no one falls prey to “fairly basic cyber tricks,” like phishing, that could inadvertently give hackers access to a party’s databases. “You can spend a lot of money on those (security) systems and if the human (fails), that’s the weak link.”

Kentucky: The Curious Case of a Kentucky Cybersecurity Contract | ProPublica

In the months after the 2016 elections, state election administrators spent millions of dollars investigating and addressing the cyber intrusions that had penetrated voting systems in dozens of states. Kentucky Secretary of State Alison Lundergan Grimes emerged as one of the loudest voices calling for improvements. In February 2017, at an elections conference dominated by talk of cybersecurity, Grimes claimed to have found the perfect answer to the threat: A small company called CyberScout, which she said would comb through Kentucky’s voting systems, identify its vulnerabilities to hacking and propose solutions. Three days later, Assistant Secretary of State Lindsay Hughes Thurston submitted paperwork to give the company a no-bid two-year contract with the State Board of Elections, or SBE, for $150,000 a year. She did not inform the SBE — the agency that oversees the state’s voting systems — that she was doing so.

New Jersey: State continues its decade-long stall of securing its voting machines | Press of Atlantic City

New Jersey is one of just five states in which almost none of its voting machines have a way to verify that their results are valid. All the state’s counties but one use machines that record votes directly and only into an electronic memory module. Only small Warren County uses machines that simultaneously record votes on paper, the gold standard nationwide for ensuring that what the computer says is what voters intended. Last year, New Jersey received a $10 million federal grant to help update its voting systems. The administration of Gov. Phil Murphy instead spent the biggest part of the grant on efforts to increase the number of people registered to vote, including signing up anyone at a motor vehicle agency claiming to be a New Jersey citizen, no license or other documentation required. Some of the money funded a tiny pilot program with paper-backup voting machines in small election districts, one each in three counties in the state.

Ireland: Government fortifying IT systems for ‘fear of Russian interference’ in European elections | The Journal

The Irish government is in the process of upgrading its IT security across various departments ahead of the local and European elections for fear that they could be subject to outside interference. TheJournal.ie understands that sophisticated cyber security features were added to the internal infrastructure of many Government department’s systems in recent weeks. Late last year, the Government issued a report which identified the cyber related risks to the electoral process and made a number of recommendations to mitigate them. While the Government has not explicitly said that the upgrade is to protect elections, there is a serious fear that Russia may attempt to influence European elections, meaning Ireland could be compromised despite the small number of MEPs we have.

Switzerland: Swiss look into online manipulation ahead of federal polls | SWI

Several federal offices in Switzerland are investigating whether online manipulation could affect upcoming elections, says a newspaper report. The Federal Office of Communicationsexternal link (OFCOM) has set up a government working group to look into the effects of artificial intelligence on the media and public opinion, writes the NZZ am Sonntag paper. This group was set up last September and is headed by the education and research ministry, spokesman Francis Meier told the paper. Last October Swiss intelligence chief Jean-Philippe Gaudin also warned that foreign actors could try to influence the next federal elections through online artificial intelligence, saying he would propose appropriate measures to the government.

National: Russian DNC Hackers Launch Fresh Wave of Cyberattacks on U.S. | Daily Beast

Russia’s military intelligence directorate, the GRU, has been caught in a new round of computer intrusion attempts, this time aimed at the Center for Strategic and International Studies, a prominent Washington, D.C. think tank heavy with ex-government officials. The new efforts by the Kremlin hackers who notoriously breached the DNC and Hillary Clinton campaign to support Donald Trump suggests that indictments, international sanctions, a botched assassination and an unprecedented global spotlight have done little to deter Vladimir Putin from continuing to target the West with his hacker army, even as American intelligence agencies warn that Russia is gearing up to interfere in the 2020 election. “We’ve about exhausted our ability to achieve some kind of deterrent model that works,” said Robert Johnston, the security expert who investigated the 2016 DNC breach, and now heads the financial cybersecurity firm Adlumin. “You have indictments. You have Cyber Command releasing Russian malware. We ran psyops inside of Russia saying, ‘We know what you’re up to, stop it.’ Sanctions and diplomatic measures. The combination of all those isn’t enough to make it come to a complete halt.”

National: Purported hackers stole U.S. evidence to discredit Mueller probe: filing | Reuters

U.S. Special Counsel Robert Mueller’s office said on Wednesday that self-proclaimed hackers in Russia stole evidence in an attempt to tarnish its investigation of a firm charged with funding a Russian propaganda campaign to interfere in the 2016 U.S. election. Prosecutors said in a court filing in Washington that a Twitter handle called @HackingRedstone came online last Oct. 22 to brag it had hacked some of the evidence in the case. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case,” the court document quoted the Twitter post as saying. In February 2018, Mueller indicted 13 Russians and three Russian companies with allegations of tampering in 2016 to support then-Republican candidate Donald Trump. In all, 34 people have pleaded guilty, been indicted or otherwise swept up in the broader inquiry.

National: What was the cybersecurity impact of the shutdown? | FCW

For 35 days, former high-ranking feds and Congress publicly warned about the potential negative ramifications of the partial shutdown on federal cybersecurity initiatives. Now with a short-term spending deal in place, many on Capitol Hill are shifting focus towards sifting through the wreckage to determine just how much damage was actually done. House Homeland Security Committee chairman Bennie Thompson (D-Miss.) said earlier this month that DHS and Congress “will be dealing with the consequences of [the shutdown] for months — or even years — to come.” At the Jan. 29 State of the Net conference in Washington D.C., Moira Bergin, subcommittee director for the House Homeland subcommittee on Cybersecurity and Infrastructure Protection listed a number of cybersecurity initiatives at DHS — from pipeline security to botnets to election security and activities at the new National Risk Management Center — that simply stopped during the shutdown.

Illinois: Audit: Chicago Elections Board Not Ready for a Cyberattack | Governing

The Chicago elections board can’t guarantee the integrity of voting results in the event of a natural disaster or cyberattack, the city’s watchdog warned Tuesday in a highly critical report of the agency’s operations. The wide-ranging audit by Inspector General Joseph Ferguson also concluded that the Chicago Board of Election Commissioners does not post many job openings and has not conducted employee performance reviews in a at least 10 years. Ferguson said the board was warned a decade ago about many of the financial problems he’s uncovered and failed to correct them. It’s the technological vulnerabilities, however, that the inspector general’s office found that could attract the most public attention. Governments have become increasingly concerned about computer hacks and the possibility of meddling in elections.

Pennsylvania: State’s voting machines pose ‘clear and present danger,’ warns election security commission | StateScoop

A 21-member panel of elected officials, former U.S. Justice department officers and nonprofit leaders convened last year by a University of Pittsburgh research institute to review Pennsylvania’s election systems released its final report Tuesday, recommending the state move as quickly as possible to replace its touchscreen voting machines and implement stronger cybersecurity procedures to protect the statewide voter registration database. Pennsylvania and the federal government, the report reads, should help the state’s 67 counties purchase new voting systems before the 2020 presidential election, if not before elections for local offices later this year. “Given the clear and present danger that these paperless machines pose, replacing the systems with those that employ voter-marked paper ballots should be the most pressing priority for Pennsylvania officials to secure the Commonwealth’s elections,” the report reads.

Canada: Canada unveils plan to warn of potential election meddling | The Guardian

Canada will set up a special panel to warn voters of any attempts by foreign actors to interfere with a federal election set for October, senior government officials have said. The Democratic institutions minister, Karina Gould, said Ottawa expects social media platforms such as Facebook, Twitter and Google to help safeguard the vote by promoting transparency, authenticity and integrity on their platforms. The announcement comes amid an investigation by US officials into connections between Donald Trump’s 2016 election win and Russian efforts to influence the vote. Canada’s response was also influenced by the fact that Britain, France and Germany had also experienced foreign interference in recent elections, Gould said. An impartial group of senior bureaucrats would monitor possible interference during the Canadian campaign and sound the alarm if they felt the vote could be compromised, Gould said.

Pennsylvania: Commission recommends Pennsylvania security measures for elections | Pittsburgh Tribune-Review

Pennsylvania lawmakers and county leaders must move quickly to secure the state’s election infrastructure in advance of the 2020 presidential election, an independent bipartisan commission said Tuesday. The Blue Ribbon Commission on Pennsylvania’s Election Security recommended that the state and federal government provide money to help underwrite the costs for counties facing a major investment to replace electronic voting machines with machines that incorporate voter-verified paper ballots. Although they found no evidence that Pennsylvania elections had been hacked, commission co-chairmen David Hickton, a former U.S. attorney who founded the University of Pittsburgh Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty, a former deputy U.S. attorney general, said the threats to election security are great. “We have little doubt that foreign adversaries will increase their efforts in the lead-up to the presidential election in 2020. The persistence and sophistication of these actors are only increasing.

National: The government’s cyber workers are back in action. First task: Checking for hacks | The Washington Post

Thousands of federal cyber workers are returning to their posts after more than a month on furlough today. And they have a big to-do list. The first priority: Looking for evidence of any major hacks that wormed through government defenses the past 35 days while agencies were working with a skeleton crew of security pros. It will take them days or weeks to pore through security logs to assess how much damage the shutdown did to the security of government computer networks and the sensitive data they hold. The attacks did not abate because the government was closed: One cyber manager who worked without pay during the shutdown described an uptick in attacks on his agency — including phishing emails containing malware, attempts to reset employee passwords and attempts to trick users into downloading malicious software cloaked as a legitimate update. Also on the docket: Figuring out how to adjust the multimillion-dollar contracts to upgrade and secure federal IT systems that have spent more than a month on ice.

National: Intelligence heads warn of more aggressive election meddling in 2020 | Politico

Foreign adversaries are likely already planning to interfere in the 2020 U.S. election, the nation’s top intelligence official warned on Tuesday. In a worldwide threat assessment to the Senate Intelligence Committee, Director of National Intelligence Dan Coats wrote that competitors such as Russia, China and Iran “probably already are looking to the 2020 U.S. elections as an opportunity to advance their interests.” In his statement, he predicted that these countries “will use online influence operations to try to weaken democratic institutions, undermine U.S. alliances and partnerships and shape policy outcomes in the United States and elsewhere.” Furthermore, he said, they’ll “refine their capabilities and add new tactics as they learn from each other’s experiences, suggesting the threat landscape could look very different in 2020 and future elections.”

Editorials: A call for action: Now is the time to secure Pennsylvania’s elections | David Hickton and Paul McNulty/Penn Live

Pennsylvania’s democracy is at a critical juncture. Weaknesses in the security of our elections present a threat both to our electoral outcomes and to public faith and trust in government of, by, and for the people. We have been fortunate thus far to avoid such an assault on our democracy. Recognizing the gravity of what is at stake, The Blue Ribbon Commission on Pennsylvania’s Election Security (which we co-chair) endeavored to research and analyze the security of the Commonwealth’s election architecture. The commission’s just-released report, which documents those efforts and offers actionable and achievable solutions, provides a blueprint for how Pennsylvania’s leaders can do what is needed to protect our elections.

Verified Voting in the News: Electronic return of ballots worries aired | Daily Press

One of the toughest things for the digital world to manage is keeping a transaction private while at the same time assuring everyone it has accurately recorded the deal. That’s what Virginia Wesleyan University mathematician Audrey Malagon, an adviser to the non-profit group Verified Voting, has been telling legislators. Her concern is with a particular transaction: voting when voters far from their polling place return their ballots electronically. Del. Nick Rush, R-Christiansburg, wants to launch a pilot program to allow military personnel serving overseas to do just that. He’s hoping the same kind of blockchain technology used in cybercurrency dealings will make it easier for them to vote. But the problem, Malagon told legislators, is preserving the anonymity of the voting booth or absentee ballot while letting both voter and vote-counter know that a vote was accurately recorded.

Europe: To fight election meddling, Google’s cyber unit Jigsaw extends its anti-DDoS protections to European politicos | TechCrunch

Jigsaw, the cybersecurity-focused division owned by Google parent Alphabet, is now allowing political organizations in Europe to sign up for its anti-web-flooding technology for free. Until now, the free-to-use technology designed to protect political campaigns and websites against distributed denial-of-service (DDoS) attacks — dubbed Project Shield — was only available to news sites and journalists, human rights sites and elections monitoring sites in the U.S. Now, Jigsaw is extending those protections to European political operators ahead of contentious parliamentary elections later this year. The anti-DDoS technology aims to protect websites and services from being pummeled with tons of junk internet traffic from multiple sources at once. It protects against several types of DDoS attacks — and not just the traditional layer 3 or 4 protocol-based attacks but also the more powerful layer 7 attacks that involve large volume, often thanks to DNS amplification.

National: Election Security Advocates Battle the National Association of Secretaries of State over Opposition to Strengthening Voting Systems | Politico

Indiana’s top election official is refusing to release her communications with the National Association of Secretaries of State, limiting the public’s understanding of both her role and the role of NASS in squashing federal legislation to upgrade voting systems, Eric reports. Indiana Secretary of State Connie Lawson is fighting a public records request that could shed light on both the NASS stance in election security debates and the influence that the small community of voting technology vendors has over the organization.

Israel: Experts call for international cooperation against election cyber attacks | Jerusalem Post

Governments around the world must join forces to detect the sources of foreign cyberattacks aimed at impacting elections and prevent such intervention in the future, Israel Democracy Institute and Hebrew University researchers said Sunday. They spoke after Russian cyberattacks reportedly impacted elections in the US, France and Germany and in the British referendum on exiting the European Union. The researchers from IDI and the Law and Cyber Program at the Federman Center for Cyber Studies at the Hebrew University of Jerusalem spoke at IDI on the subject of cyberattacks and foreign intervention in the April 9 election. They issued recommendations for implementing policies and regulating the chain of command between law enforcement agencies on this issue. The ability of hackers to attack has improved, and it is easier than ever for them to obtain their tools, which makes them even more dangerous,” said former Shin Bet (Israel Security Agency) technological division head Ron Shamir.

Ukraine: Head of cyber police says it sees surge in cyber attacks targeting election | Reuters

Hackers likely controlled by Russia are stepping up efforts to disrupt Ukraine’s presidential election in March with cyber attacks on electoral servers and personal computers of election staff, the head of Ukraine’s cyber police said on Friday. Serhiy Demedyuk told Reuters the attackers were using virus-infected greeting cards, shopping invitations, offers for software updates and other malicious “phishing” material intended to steal passwords and personal information. Ten weeks before the elections, hackers were also buying personal details of election officials, Demedyuk said, paying in cryptocurrency on the dark web, part of the internet accessible only through certain software and typically used anonymously.