National: Voting Experts: Why the Heck Are People Still Voting Online? | Nextgov

The government’s all-hands effort to secure election systems after a Russian assault on the 2016 contest missed one glaring vulnerability: online ballots, according to a Wednesday report by voting security experts. Online voting is not common in the U.S., but Americans cast at least 100,000 online ballots in the 2016 election, according to the authors’ tally. Many of those ballots were cast by military members overseas taking advantage of state laws that allow them to return ballots by email or digital fax. In total, 32 states allow some subset of residents to return ballots by email, fax or through an internet portal, and Alaska and Hawaii offer electronic ballot return for all voters, according to the report from security experts at the Association for Computing Machinery US Technology Policy Committee, Common Cause Education Fund, the National Election Defense Coalition and the R Street Institute.

National: Senators Question Supermicro on Report of Chinese Hardware Hack | Bloomberg

Two U.S. senators sent a letter to Super Micro Computer Inc. asking if and when the company found evidence of tampering with hardware components after a Bloomberg Businessweek report described how China’s intelligence services used subcontractors to plant malicious chips in the company’s server motherboards. Florida Republican Marco Rubio and Connecticut Democrat Richard Blumenthal on Tuesday gave the company until Oct. 17 to respond to a list of questions that also includes whether the company investigated its supply chain and cooperated with U.S. law enforcement. In Bloomberg Businessweek’s report, one official said investigators found that the Chinese infiltration through Super Micro reached almost 30 companies, including Amazon.com Inc. and Apple Inc. Super Micro and both Amazon and Apple disputed the findings. The U.S. Department of Homeland Security said it has “no reason to doubt” the companies’ denials of Bloomberg Businessweek’s reporting.

Editorials: Midterm elections are four weeks away. Russian hacking is not the only worry ahead. | USA Today

Four weeks from Election Day, it’s hard to be confident that every eligible American who wants to vote will be able to do so, and that every vote will be recorded accurately. Hacking has gotten the most attention since the 2016 Russian attacks on the presidential race. In July, Director of National Intelligence Dan Coats warned that the “lights are blinking red again.” Along with possible foreign interference, other problems — some the fault of federal and state inaction — loom over this crucial election. Among the most serious:

Aging equipment. Thirteen states still use voting machines without a paper trail in some or all counties, leaving no reliable way to audit votes after an election. Five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — use these outdated machines in every county, although election experts have been warning for years about their inadequacies. Officials in some states are in denial about how vulnerable the systems are and have fought improvements. Even where problems are recognized, some states have failed to make replacement a budget priority.

Michigan: Experts: Modem use makes Michigan elections vulnerable | Detroit Free Press

With the Nov. 6 election less than 30 days away, Michigan officials tout the fact that the state’s election machines are not connected to the Internet — eliminating a major hacking risk. But does that fact alone make Michigan’s election machines impervious to hacking? Many researchers and election integrity activists say no. They say Michigan could be vulnerable as one of at least four states — along with Florida, Illinois, and Wisconsin — that use cellular modems to transmit unofficial election results. In an Oct. 2 letter to the U.S. Department of Homeland Security and the U.S. Election Assistance Commission, 30 academics, security experts and election integrity activists — including a computer science professor at the University of Michigan — expressed “grave concerns” about the devices.

West Virginia: Critics call for halt of West Virginia program to vote by app | McClatchy

Four advocacy groups for elections and cybersecurity called Wednesday for the halt of a pilot project in West Virginia that allows military personnel posted overseas and other U.S. citizens living abroad to cast ballots for the 2018 midtersm using a smartphone app. “Military voters … deserve any help the government can give them to participate in democracy equally with all other citizens. However, in this threat environment, online voting endangers the very democracy the U.S. military is charged with protecting,” the groups said. Proponents argued that with voter turnout so low, technology like the app is worth the risk. The report was issued by the New York-based National Election Defense Coalition, the nonpartisan watchdog group Common Cause, the center-right think tank R Street Institute, and the Technology Policy Committee of the Association for Computing Machinery, a group that says it provides neutral input on issues involving computing technology.

National: How hackers could disrupt Election Day — and how the bad guys could be stopped | The Boston Globe

Election Day presents a tantalizing target for a malicious hacker. The complex, multifaceted US voting system is rife with technological weak spots, from problems with the electronic voting machines in use in some states to vulnerabilities in the websites government officials use to disseminate information. In an era where public trust in American institutions is at an ebb, and conspiracy theories threaten to metastasize online, public safety officials and cybersecurity experts say they have to be careful how they talk about the vulnerabilities. “If the people do not trust that it’s a fair system, then the whole thing is going to fall apart,” said Cris Thomas, a well-known hacker who often goes by the name “Space Rogue” and now works in security at IBM. … This November, 15 states — none of them in New England — will use at least some electronic voting machines that leave no paper trail, according to the Verified Voting Foundation.

National: Technology giants face big test in midterm elections | The Washington Post

With less than a month before the midterm elections, technology companies are fighting to prove they can adequately shore up their platforms and products against foreign influence. Their success may mean the difference between getting to police their own house and having lawmakers do it for them. Election Day could be a tipping point for Silicon Valley titans, who are increasingly in Washington’s harsh glare following revelations that disinformation campaigns linked to Russia were widely disseminated on their platforms ahead of the 2016 elections. Tech moguls like Facebook’s Mark Zuckerberg and Twitter’s Jack Dorsey were dragged to Capitol Hill to give mea culpas for their past practices and publicly pledge to do better next time. The companies contend they have learned from their missteps during the 2016 election and are improving their election-integrity efforts as other elections have taken place around the world. They’ve promised to do more to identify and stamp out fake accounts, and they have increased transparency around political ads. Facebook opened a 20-person war room on its Menlo Park campus aimed at quashing disinformation and deleting fake accounts. 

National: DNC builds a tech team with deep bench in wake of 2016 hack | McClatchy

The digital operations team at the Democratic National Committee hit some dark days after Russian hackers mauled their networks in 2016, hijacking dozens of computers and pilfering tens of thousands of emails to hand over to WikiLeaks and onto the internet. Remnants of that digital bruising linger. “I feel like everyone’s still feeling, like, the PTSD from ’16,” said Raffi Krikorian, who now is the chief technology officer for a newly beefed-up unit of the Democratic National Committee, referring to post-traumatic stress disorder. The mood today of the DNC’s tech security team is one of cautious vigilance. The unit has grown in size and now employs cybersecurity experts who have come from some of the biggest Silicon Valley companies. Every day, the security team spots anomalies and strange behavior that could indicate a new cyberattack.

Florida: Florida Wrestles with Election Cybersecurity | American Prospect

Ever since the infamous election of 2000, Florida has been ground zero in the struggle to improve the technology and security of voting. Unfortunately, those critical issues have been conflated with deliberate political efforts to suppress voting and undermine confidence in voting systems, and 2018 is no exception. The reforms instituted since the 2000 debacle, such as early voting, served to make voting more convenient and restored confidence that all votes would be counted accurately. Even Republican Governor Rick Scott, no fan of convenience or expanding the franchise, finally went along with online voter registration last year. Thanks to the work of county election officials and civic reform groups, as well as good-faith efforts by Scott’s Republican predecessor, Charlie Crist, Florida had already made significant strides on election administration and had extended voting rights to certain disenfranchised former felons as well.

Texas: With Various Threats, How Secure Is the 2018 Vote? | Government Technology

Across the country, voter registration deadlines began this week. Texas has already seen an all-time high of registrations ahead of Tuesday’s deadline to register. That’s despite the fact that the state announced recently that thousands of voters who registered online through Vote.org may not have officially registered. This is because Texas does not offer online voter registration. So when all those potential voters show up to vote in November, how confident can they be that their vote will count? Short answer: Very. Long answer: While experts feel the voting process itself is secure, they have concerns about the protection of voter rights, accessibility of the vote and the risk for misinformation, particularly from foreign sources looking to sway election results, which they say has not been adequately addressed.

Latvia: Russia launched cyber-attacks against Latvia, claims security service | LSM.LV

Latvia’s state security service the Constitution Protection Bureau (SAB) said October 8 that Russia has in the past launched several cyber-attacks against Latvia. In a rare statement posted to its website, SAB said that like the Netherlands – which recently went public with claims it had been subjected to cyber-attacks from the Russian Federation – Latvia too had been targeted several times, naming Russia’s GRU military intelligence service specifically as the perpetrator. “The cyber attacks in Latvia were carried out by the GRU for espionage purposes, and the most frequent attacks were directed against state institutions, including the foreign and defense sectors. Rarely, attacks were targeted at private companies, including the media. The essence of cyber-attacks carried out by GRU is to enter an information system, operate in it unnoticed, and obtain long-term data from the system – for example, regular access to e-mail correspondence and documents processed at the workstation,” SAB said.

National: Election security is a mess, and the cleanup wont arrive by the midterms | CNET

For many, the most intense race leading up to Election Day won’t be among politicians. It’ll be the mad, final scramble by county officials and tech companies to make sure your votes are safe from hackers. But with the slow pace of funding, unprepared campaigns and lack of cooperation among counties, many cybersecurity experts wonder if they’ll reach that finish line by the first Tuesday in November. An election director in Illinois, for instance, still hasn’t received any federal funding for cybersecurity. A security expert who traveled across the country to train campaigns found shockingly inadequate protection.  

National: Ahead of US election, angst over hacking threats | AFP

At a Boston technology conference last month, computer scientist Alex Halderman showed how easy it was to hack into an electronic voting machine and change the result, without leaving a trace. Halderman staged a mock election in which three conference attendees voted for George Washington, but an infected memory card switched the result to give a 2-1 victory to Benedict Arnold, the military officer who sold secrets during the Revolutionary War. Halderman’s demonstration was on a voting machine still in use in 20 US states, which had no paper ballots that could be compared to the electronic output, and thus no way to determine if vote totals had been altered. “What keeps me up at night is the threat that a hostile nation-state could probe every swing state or swing district (and) find the ones most weakly protected, to silently change the results of a national election,” the University of Michigan professor said.

National: Are wireless voting machines vulnerable? | McClatchy

Barely a month before midterm elections, voting integrity advocates and electronic voting experts want the federal government to issue an official warning to states that use voting machines with integrated cellular modems that the machines are vulnerable to hacks, potentially interfering with the ballot counting. Once seen as a useful tool to provide quick election results, voting machines with cellular modems are now subject to fierce debate over how easy it would be to break into them and change the results. Such machines are certified for use in Florida, Illinois, Michigan and Wisconsin. … But a number of voting machine researchers take issue with such assertions, saying that cellular networks increasingly overlap with the internet and open avenues for hackers to interfere with unofficial early results even when there are paper ballots that can be tallied for a slower official count. They say interfering with unofficial early results, even when corrected later, could increase mistrust among voters and add uncertainty immediately after elections conclude.

California: Primary season cyberattacks illuminate campaign vulnerabilities | The Hill

The spotlight on cyber vulnerabilities of political campaigns has grown brighter after three Democratic campaigns in California were hacked during the state’s primary elections. The campaigns of Bryan Caforio, Hans Keirstead and David Min all fell victim to cyber intrusions this year, underscoring a shortcoming that applies to political operations of various sizes: insufficient protections to guard against cyberattacks. The problem is particularly acute for smaller-scale campaigns, which often have fewer resources to ensure their technology and communications are secure, while incumbents can draw from bigger campaign accounts. But having more cash on hand doesn’t always mean it’ll be used to beef up protections. A recent McClatchy analysis of Federal Election Commission filings found that only six candidates running for seats in the House and Senate this election cycle have spent more than $1,000 on cybersecurity measures.

Australia: State government hacked in massive computer network attacks | WAToday

The state government has faced a massive onslaught of computer network attacks since the last election, with tens of millions of attempted intrusions and successful hacks on the Premier’s department, Main Roads, the finance and local government departments. In answers to parliamentary questions asked by opposition frontbencher Zak Kirkup, the government also revealed it had been subject to attacks on its information systems by “nation-state foreign actors”. The Department of Finance, which also provides information security for the Department of Treasury, bore the brunt of the attacks, recording 15.5 million intrusion attempts on its networks and website. Of these, 11 attacks were successful, but Treasurer Ben Wyatt said there had been “no indication that any Cabinet or customer-related material was compromised”.

National: Keep calm and trust the feds on Election Day, national security officials tell states | The Washington Post

With midterm races in the home stretch and the 2020 presidential election on the horizon, a pair of top national security officials have a message for state election administrators: Trust us when we warn you about cyberthreats. William Evanina, director of the National Counterintelligence and Security Center, and Christopher Krebs, the Department of Homeland Security’s cybersecurity chief, urged state officials to keep their lines open to the feds as Election Day approaches and the possibility of an attack on their systems looms large. “At some point in your future, next month or 2020, there will be a piece of intelligence that comes so fast and furious in the community, the phone call will be made to Chris that will tell him, ‘Hey, this happened and we need to act,’ ” Evanina said Wednesday at an election security summit on Capitol Hill with state leaders and members of Congress. “Chris will pick up the phone and call a state and say, ‘You need to do something.’ And you have to trust Chris.” 

National: Senate Punts on Beefed-Up Election Security Until After Midterms | Bloomberg

Legislation to increase protection of voting systems from foreign hackers is gaining support in the Senate. Just don’t expect the chamber to take it up before the November elections. Senate Rules and Administration Committee Chairman Roy Blunt (R-Mo.) said he supports the bill (S. 2593). It just isn’t needed to make sure the midterm elections are safe, Blunt told state and local election officials at a Capitol Hill conference sponsored by the U.S. Election Assistance Commission.“We’re not going to get anything in law between now and Election Day,” Blunt said. “Everything we want is basically happening, but I still would like to see it in law,” Blunt said. He said heightened awareness of security threats since 2016 would help protect voting this November, though it would still be worthwhile to enact changes to protect future elections.

Utah: Mitt Romney’s Senate run makes Utah’s election a target for Russian hackers, lieutenant governor says | The Salt Lake Tribune

Utah’s government systems face “hundreds of millions” of attacks each day from hackers in Russia, China and elsewhere, Lt. Gov. Spencer Cox said Tuesday. And those attacks are likely to intensify ahead of November’s election, Cox said, as a result of past criticisms of Russia by Mitt Romney, the state’s Republican nominee for U.S. Senate. “We knew that alone might make us more of a target,” Cox said of Romney’s candidacy. Cox, who oversees elections in Utah, was confident the state’s government websites and voting systems can withstand the attacks. Millions of dollars have gone into updating Utah’s voting machines and cybersecurity protocols, he said, and the transition to a statewide vote-by-mail process decreases the likelihood of fraudulent votes on a mass scale. “We have a paper trail for every vote that is cast in the state,” he said.

National: Secure Elections Act sponsors eye lame duck session | FCW

Meanwhile, Sen. Amy Klobuchar (D-Minn.), the primary Democratic sponsor, said she and other senators are working on refining the legislation, but noted that lawmakers have a short window of opportunity to pass the Secure Elections Act before the midterms reset the legislative calendar. “We have a new version [of the bill] coming out, and we just ask you to work with us; I would love to have it get passed in the lame duck,” Klobuchar said. “For people that want to delay it or stall it beyond that, well that’s up to you because then we’ll have a new Congress.” The Secure Elections Act looked poised for a floor vote in August or September before a Rules Committee markup was abruptly canceled. Blunt’s staff told FCW at the time that Republican senators were balking at some of the provisions after receiving complaints from state and local election officials, while Reuters reported that the White House came out against the bill at the last minute for similar reasons. Lankford and Klobuchar have continued to fight for the bill’s passage, but several prominent Democratic senators, including original co-sponsor Kamala Harris (D-Calif.), signed on to rival legislation spearheaded by Sen. Ron Wyden (D-Ore.).

National: Senators say midterms will inspire revived version of stalled election security bill | Washington Times

Senators supportive of the Secure Elections Act, a bipartisan bill to protect political contests from cyberattacks, said lessons learned from next month’s midterms could make their way into a revised version in the works. Sen. Roy Blunt, Missouri Republican, and Sen. Amy Klobuchar, Minnesota Democrat, addressed efforts to rekindle the stalled Secure Elections Act during an event held Wednesday by the U.S. Election Assistance Commission in Washington, D.C. The bill will not be passed prior to the Nov. 6 midterms, according to both Mr. Blunt and Ms. Klobuchar’s co-sponsor, Sen. James Lankford, Oklahoma Republican, meaning states are missing out on millions of dollars that would have otherwise been allocated toward upgrading and securing voting and election systems, neglecting a major vulnerability raised by Russian hackers meddling in the 2016 race.

National: ‘No indication’ China intends to interfere with election infrastructure, Homeland Security Secretary Nielsen says | The Washington Post

The Department of Homeland Security hasn’t seen signs that China seeks to interfere in the midterm elections by targeting election infrastructure, Homeland Security Secretary Kirstjen Nielsen said Tuesday — a statement that appears to be at odds with remarks President Trump made about Beijing last week. “We currently have no indication that a foreign adversary intends to disrupt our election infrastructure,” Nielsen told me at a cybersecurity summit hosted by The Washington Post. Nielsen did not endorse Trump’s alarming claim at the United Nations that China “has been attempting to interfere in our upcoming 2018 election.” Without offering evidence, Trump said China does not “want me or us to win because I am the first president to ever challenge China on trade” — an especially striking comment considering the president has repeatedly equivocated on his support for the intelligence community’s assessment that Russia interfered in the 2016 election to help him win. 

National: U.S. infrastructure vulnerable to cyberattacks designed to suppress voter turnout | CBS

Your voting booth might — or might not — be safe from hackers. But imagine a cyberattack that keeps you from going to your polling station in the first place. Security experts warn that critical infrastructure systems in the United States are vulnerable to crippling cyberattacks designed to suppress voter turnout by disrupting systems that cities and towns rely on. “If ransomware hits, what’s the backup plan to allow people to vote? Do we extend it a day? Do we hold off the tally of the votes? Do we take absentee ballots? What do we do?” said Fortalice Solutions CEO and former White House chief information officer Theresa Payton.

South Carolina: Letter warns against connecting voting machines to networks | WYFF

A letter addressed to officials at the Department of Homeland Security and the U.S. Election Assistance Commission cites “grave concerns” over connecting voting machines to wireless networks. “The convenience of transmitting vote totals online does not outweigh the need of the American people to be assured their votes will be accurately transmitted and counted,” the letter reads. The South Carolina Election Commission’s website says touch screen voting machines are not accessible to wireless or wire-based computer systems. They aren’t connected to phone or network lines. “We often hear the assertion voting machines are not connected to the internet, and in many cases the voting machine you actually vote on in the polling location is not connected to the internet,” said Susan Greenhalgh, the policy director for the National Election Defense Coalition. “However, there are many states that the voting machine that is in the polling location is connected to the internet, perhaps temporarily with the use of these wireless modems.”

National: DHS says teamwork is improving election security | FCW

A month out from the 2018 midterms, all eyes are on the Department of Homeland Security as it approaches its first real test since being given a broader election security mandate in the wake of the 2016 presidential elections. Speaking at a cybersecurity event hosted by the Washington Post, DHS Secretary Kirstjen Nielsen highlighted improvements in information sharing across the federal government and with state and local officials as well as closer relationships with stakeholders that will lead to faster coordination in the wake of an emerging threat. “First of all, the information sharing is much stronger than it even has been before,” said Nielsen when asked what had changed in the department’s approach since 2016. “So [we’re] working very closely with the intel community, and the moment that we see something significant we are — in conjunction with the IC — sharing with our state and local partners. The sharing is quicker, faster, more tailored.”

Utah: Cox says Utah election system under fire, but safe from malefactors | Deseret News

Utah Lt. Gov. Spencer Cox offered a positive message Tuesday speaking about election security issues — even amid unprecedented levels of hacking attempts, voters can cast their upcoming midterm ballot in confidence that it will be duly and fairly tallied. “We would encourage Utah voters to know that we’re on the front lines fighting this battle for you,” Cox said. “Know that this election is secure and you can be sure that your vote will count.” Cox, whose oversight of state elections is part of his duties as lieutenant governor, outlined the millions in new state funding and federal assistance that’s been dedicated to beefing up security measures for this election cycle, including the latest in voting machine technology, upgrades to the voter registration database protections and partnerships that have helped bolster the state’s digital resilience to those who would seek to infiltrate and disrupt the election process.

India: Fearing breach, Election Commission moves to secure cyber walls for 2019 | The Indian Express

Amid allegations and fear of cyber-meddling in polls abroad, the Election Commission (EC) has initiated an unprecedented drive to protect its voter registration database and office networks from unauthorised influence and access during the Lok Sabha polls next year. A chief information security officer in Delhi and a cyber security nodal officer in each state; regulations on cyber security exclusively for the Commission; third-party security audit of all poll-related applications and websites; workshops to train officers in cyber hygiene; and a proposal to recognise elections as ‘critical information’ under the IT Act, 2000. These are the key steps taken by the EC over the last nine months to secure elections from cyber threats, The Indian Express has learnt.

National: The Government Isn’t Doing Enough to Protect Voting Systems from Hackers | VICE

For many, the most important question as the midterms approach isn’t whether the Democrats or Republicans will win control of Congress, but whether the elections themselves will be secure. In 2016, Russian hackers likely targeted election systems in many states and penetrated Illinois’s registration database; this year there is concern that hackers will go after both government and private systems. In March, Congress made $380 million available to states seeking to improve their election systems’ cybersecurity. But state officials and election security experts say this doesn’t even come close to addressing the nation’s electoral cybersecurity needs. So what exactly do states need to do in order to secure their election systems? Although experts largely agree on basic guidelines, there is no one playbook for how to beef up electoral cybersecurity. America’s elections infrastructure is highly decentralized, with every state managing its own system. This is a benefit in some ways, said Jim Condos, Vermont’s secretary of state and a prominent voice in election cybersecurity discussions. It means bad actors can’t just break into one centralized system. But it also means states employ a patchwork of approaches to elections cybersecurity. The contours of threats and their fixes are constantly shifting as well.

Australia: E-voting systems are still too vulnerable to be feasible for Australia | Tech Wire Asia

Voting in Australia has long followed the same formula – use pencils to mark on a piece of paper behind a cardboard booth, then folding said paper and slotting it into a box. For years, having humans manually count paper ballots have created an electoral system that is deemed highly secure and tamper-resistant. Compulsory voting in the country has helped secure against suppression tactics that have affected elections in the US and the UK. In the digital age, it is tempting to move voting online; the Australian Electoral Commission (AEC) tried dabbling in e-voting in 2013. However, experts warned that e-voting brings more harm than good. The trouble of electronic voting has been in the spotlight for the past few years at DefCon, the world’s largest hacker conference taking place annually in the US, where hackers have been showcasing vulnerabilities to the US election equipment, databases, and infrastructure. In fact, this year an 11-year-old managed to hack into replica websites to manipulate vote tallies in just 10 minutes.

Canada: New cybersecurity centre to look at election interference threats | Associated Press

A fresh look at Canada’s ability to defend against possible online threats to the next national election will be one of a new federal cybersecurity centre’s first tasks. An updated version of a groundbreaking report on lurking dangers to electoral integrity will be issued in the new year, said Scott Jones, head of the fledgling Canadian Centre for Cyber Security. The new federal body aims to be a clearinghouse of information, advice and guidance on threats for the public, Canadian businesses, and owners and operators of critical infrastructure, such as power grids and banking systems. “We want to be that trusted source of information for Canadians,” Jones said in an interview.