National: US Elections Must Go Back to Paper — Report | Infosecurity Magazine

US voting infrastructure should return to paper ballots by the next presidential election, according to a major new report from the non-profit The National Academies of Sciences, Engineering, and Medicine. Commissioned by the non-profit Carnegie Corporation of New York and charity the William and Flora Hewlett Foundation, the two-year report concluded that online voting apparatus is too exposed to potential compromise. Citing Russian infiltration ahead of the 2016 presidential election, it warns that “aging equipment and a lack of sustained funding” have further undermined efforts to maintain resilience. Ideally by the mid-terms later this year but certainly by the next presidential election in 2020, all US local, state and federal elections should return to human-readable paper ballots, the report argued. Not only this, but marked ballots should also not be sent over the internet or any connected network, as no technology can currently guarantee their “secrecy, security, and verifiability.” These ballots could be made and counted by hand or machine, but any systems which don’t allow for independent auditing should be removed, the report continued.

National: US wages ‘cyber combat’ to protect elections, could ‘do more’ | NBC

Behind a locked steel door somewhere in northern Virginia, America’s fight in cyberspace never shuts down. On the eve of the National Election Security Summit in St. Louis, where elections officials from across the country will meet with homeland security and cyber experts, the Hearst Television National Investigative Unit is taking viewers inside the secure center outside the nation’s Capitol where the United States wages “cyber combat” to protect the voting process. “This is the place where we coordinate everything,” explained DHS Assistant Secretary for Cybersecurity Jeanette Manfra while giving Hearst Television a one-on-one tour of the watch floor of the National Cybersecurity and Communications Integration Center (NCCIC).

District of Columbia: DC awarded $3 million for new election security & upgrades, $0 spent as midterms loom | WUSA

It was a clarion call from the White House briefing room, that the threat from Russia was real. The nation’s top national intelligence officials took to the West Wing podium, as Director of Homeland Security Kirstjen Nielsen encapsulated the message in stark terms. “Our democracy is in the crosshairs,” Nielsen said. She added, “we have seen a willingness and a capability on the part of the Russians,” to hack the American election infrastructure, including voter rolls and voting machines. But only six blocks from the August news conference, the urgency may not have seemed apparent, with the D.C. Council in summer recess, and a $3 million election security grant waiting to be approved. With less than 60 days before the midterm elections, the District has spent $0 of the $3 million grant, according to interviews and documents reviewed by WUSA9.

Indiana: Party leaders throw barbs over replacing state’s voting machines | WISH

Indiana Democrats want to replace the state’s voting machines, all in the name of election security. The nonpartisan nonprofit Verified Voting created a map of the myriad of equipment that will be used in Indiana counties on Nov. 6. Marion County and Vigo County will use paper ballots. Others will use use a mix of electronic and paper machines. Most counties, including Allen and Vanderburgh, are all electronic. Indiana’s Democratic Party Chairman John Zody said he wants all of Indiana’s 92 counties to use voting machines that leave a paper trail.

National: Scientific collective calls for paper-based voting machines, no more internet voting | StateScoop

The United States should stop holding elections conducted without human-readable paper ballots as soon as possible, urges a report published Thursday by the National Academies of Sciences, Engineering, and Medicine. In a press release announcing the NASEM report, Lee Bollinger, president of Columbia University and co-chair of the committee that produced the report said “this is a critical time for our country” and called on all levels of government to prioritize the use of paper ballots. NASEM’s recommendations are all oriented around ensuring that election infrastructure is not vulnerable to tampering and that results can be verified. Chief among the recommendations is that all voting machines that do not create a paper trail allowing for independent auditing be “removed from service as soon as possible.” The report follows two years of federal and state activity centered on protecting election systems from foreign meddling, specifically groups linked to Russian intelligence agencies. State chief information officers first got a warning from the Department of Homeland Security in August 2016 about potential outside attacks, and federal agencies have increased their attention on the issue throughout 2018.

National: 6 Ways to Fight Election Hacking and Voter Fraud, According to an Expert Panel | The New York Times

Amid a chorus of warnings that the American election system is ground zero for foreign attackers, a panel of leading scholars and election experts issued a sweeping set of recommendations on Thursday for how to make elections more secure. Several similar reports have been issued lately, but this one is different. It not only carries a blue-ribbon pedigree from the National Academies of Science, Engineering and Medicine, but it also suggests ways to address allegations of domestic voter fraud, which Republicans have leveled for years. The report notes the significant challenges of securing elections. In 2016, Americans voted in 178,217 precincts and 116,990 polling places. Under the Constitution, each state controls its own election procedures, and officials jealously guard their authority against federal interference. The rules vary so wildly that uniform standards are almost impossible. Still, many of the report’s proposals can be applied nationwide. Here are six ways the panel says that election security can be improved:

1. Use paper ballots to establish a backup record of each vote. Even if voter databases and other equipment aren’t connected to the internet, experts said, it will be hard to protect computer systems from cyber threats. As a result, they recommend that by 2020, every voting machine nationwide should generate a backup paper record of each vote. Currently, five states — Georgia, South Carolina, Louisiana, Delaware and New Jersey — and portions of several others do not maintain a paper trail.

National: From encryption to deepfakes, lawmakers geek out during Facebook and Twitter hearing | The Washington Post

Jack Dorsey and Sheryl Sandberg relentlessly practiced before taking hot seats on Capitol Hill, engaging in role play and panels of questioning with colleagues and consultants. But the tech executives weren’t the only ones who came prepared for class on Wednesday. Senators on the Intelligence Committee clearly did their homework on a wide range of technical topics, and they peppered the executives with questions on issues ranging from doctored videos known as “deepfakes” to encryption. The grilling marked a stark departure from hearings earlier this year with Facebook Chief Executive Mark Zuckerberg, when senators on the Judiciary and Commerce committees were panned for their technical illiteracy. 

Colorado: Election prep summit included topics like cybersecurity threats and fake news | TheDenverChannel

It’s being billed as war games, election style. National leaders in cybersecurity, including the Secretary of Homeland Security, were in Colorado Thursday night to learn how to protect our ballots from bad actors. Colorado’s Republican Secretary of State, Wayne Williams, hosted election officials from all over the state to prepare for the November elections.  A battleground state, Colorado elections can come down to a few votes, which is why protecting the integrity of every one of them is of utmost importance. “Every vote is important. We want to make sure that voters know their votes matters, and it’s going to be counted right,” said Williams.

National: Why the Midterm Elections Are Hackable | BankInfoSecurity

With the midterm elections just around the corner, Barbara Simons, author of the election security book “Broken Ballots,” explains why some voting computers remain inherently flawed. The genesis of problems with today’s voting machines was the controversy involved in counting certain paper ballots in the 2000 presidential election in Florida, Simons explains. “What we really have are voting computers, and anybody who has been reading the news for the past few years understands that computers are vulnerable to attack by hacking; they’re also vulnerable to software bugs and other unintentional errors that can occur,” Simons says in an interview with Information Security Media Group. “And yet as a result of this early, wrong perception that paper was not a good technology to use for voting, many of these initial voting computers that came out were paperless, which meant that it was impossible to do a recount.”

National: DHS ramping up election security coordination | Politico

DHS will boost coordination and information sharing efforts on election security threats later this month in the run-up to the midterms, a senior agency official said Tuesday. The “heightened operational posture” will take effect Sept. 21, as absentee ballots begin streaming in, Bob Kolasky, director of DHS’s new National Risk Management Center, told reporters after a panel discussion at the Intelligence and National Security Summit in National Harbor, Md. The agency’s Election Task Force “continues to be the hub of DHS election activity,” according to Kolasky. But there will be “enhanced coordination” and “heightened information sharing” among the department’s various agencies and partners, including the Defense Department, 45 days before voters go to the polls, Kolasky explained. He noted that while the increase is in part time-driven, there are no plans “to change the nature of how we work with states in the run-up to the elections.”

National: Phishing for political secrets: Hackers take aim at midterm campaigns | CBS

The best hacks are always the simplest. When Russian hackers successfully attacked Hillary Clinton’s presidential campaign chairman John Podesta in 2016, they didn’t need to use crippling ransomware or a complex zero-day exploit. Instead, the Russians used one of the oldest tricks in the hacker playbook: Email phishing. “Phishing is all about the bad guy — the attacker — sending a malicious email to a victim and fooling that person either to click on a link within the email or open up an attachment,” said hacker and computer security consultant Kevin Mitnick in an interview with CBS News. “When the victim [clicks the link or opens the attachment] their computer ends up being compromised and malware is installed so the bad guy has full control.” The goal of phishing attacks like those aimed at the Clinton campaign in 2016, says Mitnick, is to swipe sensitive information or to implant malware that will give the attacker access to the entire network. Once inside, hackers can move laterally across the computer system and swipe information from multiple email accounts, copy intellectual property, and cause irreparable damage.  

Editorials: Canada needs to prevent meddling in our elections | The Toronto Star

Make no mistake: Facebook is feeling the pressure. Scarred by criticism that it enabled Russian meddling during the 2016 U.S. presidential election, the social media giant summoned its biggest tech peers to a summit late last month, meeting behind closed doors with Google, Microsoft, Snapchat and others at Twitter headquarters in San Francisco. The meeting’s objective was proactive — compare and co-ordinate plans of action on how the platforms can best prevent similar foreign attacks, distortions and disinformation campaigns targeting the upcoming American midterm elections. But even as the companies huddled, one of their own senior security leaders sounded a sobering warning: It’s already too late to protect the 2018 election, declared Alex Stamos, Facebook’s recently departed chief security officer. The best the United States can hope for now, said Stamos, is to shift its security effort beyond the vulnerable midterms as “there is still a chance to defend American democracy in 2020,” when Americans choose their next president.

National: ‘Our House Is on Fire.’ Elections Officials Worry About Midterms Security | Time

Greasing the machinery of democracy can be tedious business. Aside from the occasional recount or a hanging chad, the bureaucrats who run state elections don’t usually see much drama in their work. But this year’s all-important midterms are no ordinary election cycle. So it was that election administrators from all 50 states received rarified, red-carpet treatment outside Washington earlier this year, as federal intelligence gurus granted them secret clearances for the day, shuttled them to a secure facility, and gave them eye-opening, classified briefings on the looming threat. The message, participants said, was chilling. Officials from the FBI, the Department of Homeland Security, the National Security Agency and other agencies warned that the Russians had already shown they could hit hard in the 2016 presidential campaign, and they have been preparing to hit even harder — and no doubt in different ways — this time around. “This was a first for me,” Steve Sandvoss, who heads the Illinois elections office and attended the briefing, said in a recent interview. “I came out of there with the understanding that the threat is not going to go away.” The midterms will determine control of Congress, where a flip to the Democrats in the House or the Senate would no doubt intensify the pressure Trump is already facing from Special Counsel Robert Mueller’s Russia investigation.

National: No Let Up in Cyberattacks, Influence Campaigns Targeting US | VoA News

Top U.S. intelligence and defense officials caution the threat to the U.S. in cyberspace is not diminishing ahead of November’s midterm elections despite indications that Russia’s efforts to disrupt or influence the vote may not match what it did in 2016. The warnings of an ever more insidious and persistent danger come as lawmakers and security officials have increasingly focused on hardening defenses for the country’s voter rolls and voting systems. It also comes as top executives from social media giants Facebook, Twitter and Google prepare to testify on Capitol Hill about their effort to curtail the types of disinformation campaigns used by Moscow and which are increasingly being copied by other U.S. adversaries.

National: Are We Making Elections Less Secure Just to Save Time? | The Intercept

Something strange happens on election night. With polls closing, American supporters of both parties briefly, intensely align as one: We all want to know who’s going to win, and we don’t want to wait one more minute. The ravenous national appetite for an immediate victor, pumped up by frenzied cable news coverage and now Twitter, means delivering hyper-updated results and projections before any official tally is available. But the technologies that help ferry lightning-quick results out of polling places and onto CNN are also some of the riskiest, experts say. It’s been almost two years since Russian military hackers attempted to hijack computers used by both local election officials and VR Systems, an e-voting company that helps make Election Day possible in several key swing states. Since then, reports detailing the potent duo of inherent technical risk and abject negligence have made election security a national topic. In November, millions of Americans will vote again — but despite hundreds of millions of dollars in federal aid poured into beefing up the security of your local polling station, tension between experts, corporations, and the status quo over what secure even means is leaving key questions unanswered: Should every single vote be recorded on paper, so there’s a physical trail to follow? Should every election be audited after the fact, as both a deterrent and check against fraud? And, in an age where basically everything else is online, should election equipment be allowed anywhere near the internet?

National: Tech mobilizes to boost election security | The Hill

Private companies are stepping up to offer cybersecurity programs for midterm campaigns as Congress stalls on passing election security legislation. Microsoft is the most prominent name, unveiling a free cybersecurity program in August after the company revealed it had detected Russian hackers who appeared to target a pair of conservative think tanks. The company is joining a broad list of firms providing free or discounted security services, such as McAfee, Cloudflare and most recently Valimail, which is offering its anti-fraud email service to campaigns. Officials at companies said they felt obligated to step up to the plate and offer services that election officials or campaigns might otherwise not have access to — shortcomings that have been widely highlighted ahead of November’s midterm elections.

Massachusetts: State to spend millions on election security – after November | Marshfield Mariner

Massachusetts has received millions of dollars in federal funding to bolster election security, but most of it will not be spent until after the November election. Massachusetts has received millions of dollars in federal funding to bolster election security, but most of it will not be spent until after the November election. The Bay State has received $7.9 million from the federal government, which election officials plan to spend on voting equipment, voter registration systems and cybersecurity, according to documents shared with Wicked Local. About 81 percent, however, will be spent after the upcoming midterm election. State officials, nonetheless, say the federal dollars — while helpful — are not vital to running a safe and accurate election.

National: Once Bipartisan, an Election Security Bill Collapses in Rancor | The New York Times

The purpose of the bill seemed unassailable: to ensure that state officials could protect their elections against the kind of hacking or interference that has clouded the 2016 campaign. Although it started out backed by election integrity advocates and powerful senators from both parties, the Secure Elections Act has now all but collapsed. Lawmakers modified one of the bill’s key provisions after hearing relentless complaints from state officials, prompting many of its advocates to pull their support. Then last week delivered what one of the bill’s co-sponsors called “the gut punch” — the formal meeting to draft the bill before sending it to the floor was abruptly postponed, and the White House offered a statement critical of the legislation later that same day. No timetable has since been offered to reschedule it, and the election is two months away.

National: Election security bill backers say delay helps Russia | Associated Press

Just two months before the midterm elections, bipartisan legislation to try to prevent foreign hacking into U.S. election systems is stalled in Congress as the White House and some Republicans worry it could exert too much federal control over the states. Supporters of the bill say the delay could embolden Russia, which targeted election infrastructure in at least 21 states in 2016. A committee vote on the bipartisan bill was abruptly canceled two weeks ago after objections from some Republican senators and the states they represent. And Republicans and Democrats who are supporting the bill say they don’t know when — or if — it will be taken up again in the few remaining weeks Congress is in session before the midterms. The delay has some concerned that Congress could punt on the only piece of legislation that is designed to fix what went wrong in 2016 — and to prevent Russia or other countries from trying again. There is no evidence that the Russian targeting of state election systems was successful or changed any votes, but lawmakers, intelligence officials and elections experts say that they believe Russia will return in 2018 and beyond with more sophisticated tools.

National: States want more money, but aren’t waiting around to improve election cybersecurity | Washington Examiner

Election officials at the state and local levels are unhappily coming to terms with the idea that more funding probably isn’t coming for securing electoral systems from hacks this fall. But with help from the Department of Homeland Security, their confidence appears to be growing about how well they will perform on Election Day. Those officials are the front-line soldiers in the battle to combat Russian and any other cyber interference aimed at the midterm elections. In turn, they are becoming cybersecurity managers, according to Noah Praetz, director of elections in Cook County, Ill. He warned that $380 million in recent federal assistance to the 50 states “is not nearly enough to do a technology refresh” to update all of the antiquated elections systems across the country, but it has helped put state cyber experts “on the street” in five counties across Illinois. “It’s kind of like Andy in Mayberry being sent to deal with a foreign invasion,” he joked. DHS official Jeanette Manfra, speaking at a recent cyber conference, said the department is collaborating with states to shield voter registration from manipulation, ensuring the machines that tally votes are secure, and helping ensure that “unofficial tallies” released before the final election results aren’t altered to sow confusion and discord.

National: State Department unit created to fight foreign election interference still waiting on funding: report | The Hill

A State Department unit established to blunt election interference efforts by foreign countries has still not received funding that was allocated for the project two years ago, HuffPost reported. The news outlet reported that the Defense Department agreed to provide $40 million in funding to the Global Engagement Center earlier this year following complaints from lawmakers. However, the money still had not arrived as of last week, and a Senate aide told HuffPost that the amount had since been cut in half to $20 million. A State Department official told the news outlet that the Global Engagement Center would “be fine” even with the reduced amount of funding. The official said the center is waiting on another $20 million through the State Department’s budget.

National: Why the latest election security bill is stalled in Congress | The Washington Post

For a while there, the Senate’s flagship bill to help states improve election security appeared to be gaining steam. Lawmakers from both sides of the aisle signed onto it. And an unlikely coalition of former national security officials, technologists and public policy groups urged lawmakers to pass the legislation. But the Secure Elections Act stalled last week after the Senate Rules Committee canceled a key vote on the legislation at the last minute — and now its future is uncertain. Some Republicans who seemed poised to support the bill balked after the White House raised concerns about giving the federal government too much authority in election administration, while state officials objected to some of its requirements. Election security experts, meanwhile, worry the legislation is getting too watered down. The delay highlights the tension at the core of the debate over how to best secure the country’s elections as officials warn about Russia’s ongoing campaign to disrupt U.S. politics. And the lack of progress in Congress underscores how difficult it is for lawmakers to balance competing concerns from state election administrators to national security officials to voting integrity groups.

National: Will Russian Hackers Affect This Year’s US Election? | Associated Press

Nearly a year after Russian government hackers meddled in the 2016 U.S. election, researchers at cybersecurity firm Trend Micro zeroed in on a new sign of trouble: a group of suspect websites. The sites mimicked a portal used by U.S. senators and their staffs, with easy-to-miss discrepancies. Emails to Senate users urged them to reset their passwords — an apparent attempt to steal them. Once again, hackers on the outside of the American political system were probing for a way in. “Their attack methods continue to take advantage of human nature and when you get into an election cycle the targets are very public ,” said Mark Nunnikhoven, vice president of cloud research at Trend Micro. Now the U.S. has entered a new election cycle. And the attempt to infiltrate the Senate network, linked to hackers aligned with Russia and brought to public attention in July, is a reminder of the risks, and the difficulty of assessing them.

Rhode Island: 5,000 voter records caught in computer glitch | Providence Journal

As a result of an “IT” snafu in the Rhode Island Division of Motor Vehicles’ automatic-voter-registration system, the new and newly-updated records of at least 5,000 potential primary day voters got stuck in limbo. Secretary of State Nellie Gorbea is asking the state Board of Elections to take emergency steps at its next meeting on Wednesday to rectify the situation. More specifically, she is asking the state board to give the go-ahead for elections officials in all 39 cities and towns to add at least 1,400 new voters to their local rolls before the Sept. 12 primary, and change their own records to reflect changes — such as a move to a new address — of another 3,600 previously registered voters who did business with the DMV in the last year.

National: Election Hacking: Security Upgrades Are Too Little, Too Late for 2018 Midterms, and Race is Already on for 2020, Experts Say | Newsweek

Election experts, cybersecurity experts and those who are overseeing the upcoming midterms have one thing to say about stopping Russian interference in American elections: Forget 2018. It’s too late. Focus on 2020. Before President Donald Trump had even been sworn into office, intelligence agencies revealed that cyberattacks spanning across 21 states had been conducted under the direct order of Russian President Vladimir Putin. The FBI, CIA and National Security Agency’s report concluded that “Russia’s goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.”  Despite this, lawmakers and federal officials took months, sometimes longer, to take action, with the result that most federal assistance arrived too late to protect the midterm elections. 

National: Does the CFAA apply to voting machine hacks? | FCW

For decades, the Computer Fraud and Abuse Act served as the U.S. government’s most powerful tool to prosecute hackers. Over the years, virtually every high-profile cybercrime case in which federal prosecutors brought forth charges – from Aaron Swartz and Marcus Hutchins to Russian and Iranian -backed hacking groups – has used the CFAA as its cornerstone statute. As the U.S. heads into the 2018 mid-term elections, the government is facing intense political pressure to harden the security around election systems, while the Trump administration has also come under fire for not doing enough to draw bright lines around election infrastructure and signal to foreign nations that interference will come with great consequences.

Editorials: Passing the Secure Elections Act is the best way to shore up our democracy | Ben Parker/The Hill

It’s likely too late to save the midterms. Without a miracle, the weaknesses and vulnerabilities in some states’ voting systems can’t be hardened against foreign cyber threats. But, at least, the damage that can be inflicted in November is limited to just a few states and localities. The looming crisis is in 2020. If, in mid-November two years hence, officials announce that foreign hackers infiltrated elections systems and the vote totals can’t be independently verified, we could face the biggest democratic crisis since 1876. Luckily, there is a bipartisan solution slowly working its way through Congress. Congress has received a lot of criticism of late for its inability to craft and pass productive legislation that does anything besides spend money (and even that it can barely do sometimes). The Secure Elections Act is a welcome exception to that rule. The bill has co-sponsors from across the partisan spectrum, from Sen. Lindsey Graham (R-S.C.) on the right to Sen. Kamala Harris (D-Calif.) on the left. It makes sense that a group of people who rely on elections for their jobs and their legitimacy wouldn’t want a hacker in Moscow or Beijing having more of a say than their constituents.

National: Focusing on the long tail of cybersecurity | FCW

When the Department of Homeland Security announced the formation of a new National Risk Management Center in July to handle cybersecurity threats and engage with the private sector, some wondered how the center’s mission would overlap or conflict with another DHS organ, the National Cybersecurity and Communications Integration Center. Matthew Travis, deputy undersecretary of the National Protections and Programs Directorate, elaborated further on how DHS views the differing missions of the NCCIC and the NRMC while giving a speech at an Aug. 28 conference in Washington D.C. The NCCIC, Travis said, will still serve as a threat and information sharing hub designed to react to problems and facilitate cooperation with state, local, private and critical infrastructure sectors in the face of immediate threats, like the ransomware attack that hit Atlanta earlier this year or the 2017 WannaCry attacks. The center will continue its role sharing threat indicators, conducting trainings, providing malware analysis for specific incidents and sending out technical advisories about emerging threats.

National: Here’s What Keeps The Democratic Party’s Technology Boss Awake At Night | KTTZ

The 2016 campaign was a nightmare for Democrats. So Democratic National Committee Chief Technology Officer Raffi Krikorian was brought in to the DNC in 2017 to make sure embarrassing breaches — and the subsequent leak of internal communications — weren’t repeated. But with fewer than 70 days to go until the midterm elections, there’s still a lot of room for improvement, he acknowledged, both inside and outside the organization. “We all still have work to do. And we’re not getting the support that I think we need from … governmental agencies,” Krikorian said. “This is the thing that keeps me up at night.”