National: Lankford says his Secure Elections Act isn’t dead, despite delays | newsOK

U.S. Sen. James Lankford says election security legislation he has touted for months is not dead, despite delays by a Senate committee and mixed messages from the White House. The Secure Elections Act, which was introduced by the Oklahoma City Republican late last year, appeared to be headed for passage this fall. It has attracted a bipartisan following as intelligence officials continue to warn of Russian attempts to hack America’s elections. But last week, the Senate Rules Committee abruptly pulled the bill from consideration and a White House spokesperson suggested it was unnecessary because the Department of Homeland Security already “has all the statutory authority it needs to assist state and local officials” as they seek to ensure their elections are secure.

National: Senators Want Independent Security Testing of Voting Machines | Decipher

While a proposed measure that would have given state officials more tools to help secure elections has bogged down in the Senate, four members of that body’s Intelligence Committee are pressuring a major manufacturer of electronic voting machines to allow independent tests of their products by election agencies and to work with researchers to assess the security of the machines. In a letter sent to the president and CEO of Election Systems & Software, a maker of voting machines used in many states, a bipartisan group of senators expressed concerns about the company’s reaction to the Voting Village hacking contest at the DEF CON security conference earlier this month. The Voting Village gave participants the opportunity to get their hands on various electronic voting machines, look for vulnerabilities, and see whether they could find ways around the defenses on the machines. Before DEF CON, ES&S officials sent a FAQ to customers, informing them of the contest and somewhat downplaying any negative results that might come from it.

Editorials: Election security can’t wait. Someone should convince the White House. | The Washington Post

Compared to what Congress should be doing in the face of multiple foreign threats to the integrity of U.S. elections, the Secure Elections Act is just a first step. Yet the Senate is having trouble taking even this initial move. The fault lies with a shortsighted White House, which has poured cold water on the bill, and some state leaders, who complain about being required to make some basic changes. The bipartisan bill, shepherded by Sen. James Lankford (R-Okla.) and Sen. Amy Klobuchar (D-Minn.), appeared to be on its way to easy passage in October. But a committee session to consider the modest bill was suddenly and curiously canceled last week. Yahoo News reported that one cause was the White House, quoting a Trump administration spokeswoman who expressed opposition to “legislation with inappropriate mandates or that moves power or funding from the states to Washington for the planning and operation of elections.”

Georgia: Companies vie to replace Georgia voting system | WXIA

The effort begins in earnest later this week to replace Georgia’s elections system. Georgia’s current voting system is a very familiar electronic touchscreen that uses technology developed 20 years ago. A half-dozen companies have told the Georgia Secretary of State’s office they are submitting proposals. Most of them appear to want to give voters a new touchscreen interface. After tapping their choices in the new systems, voters would hit the “print” button and produce a paper ballot, then submitting the paper ballot to a scanner. But several of the new systems translate voter choices into barcodes. And many election watchdogs are skeptical of them. “The problem with a barcode on a voter verified paper ballot is that the voter can’t actually verify the barcode. Because we can’t read barcode marks,” said Susan Greenhalgh of the National Election Defense Coalition.

Florida: Cyber-threats abound as Florida gets ready to vote | Tampa Bay Times

Tuesday’s primary is a dry run for democracy in a tense time of cyber-threats. It will be the most thorough test of voting operations since Russian operatives tried to hack Florida voting rolls before the 2016 presidential election. But it’s not one election, it’s 67 — one in every county from the Keys to Pensacola. As counties plan for what’s often a low-turnout election, they have spent millions of dollars safeguarding computer servers, installing surveillance cameras and card readers, building security barriers and training workers to detect threats they can’t see. “We want to make sure that our employees know what a phishing email looks like,” says Lisa Lewis, supervisor of elections in Volusia County, a county the Russians targeted two years ago. “If there’s no subject line, I tell people, ‘Don’t open it.’ “

National: List of U.S. Senators Targeted by Foreign Phishing Attacks Mounts | Government Technology

Sen. Patrick J. Toomey is the latest U.S. politician to announce his campaign was the target of an attempt to hack into its emails. Google notified Toomey’s office that “hackers from a nation state may have attempted to infiltrate specific email accounts associated with his campaign apparatus” through a phishing scam, Steve Kelly, a spokesman for the Pennsylvania Republican, said in a statement. “This underscores the cybersecurity threats our government, campaigns, and elections are currently facing,” Kelly said. “It is essential that Congress impose tough penalties on any entity that undermines our institutions.” The attacks were not successful. Toomey’s Senate office has not been the target of similar hacking attempts.

National: Report: Election Offices ‘Highly Susceptible’ to Spoofing | GovernmentCIO

Despite warnings about possible cyberattacks aimed at undermining midterm election security, new research reveals an overwhelming number of evaluated state, territory and District of Columbia election offices as highly vulnerable to email spoofing. Released today, the “Email Spoofing Threat to the 2018 U.S. Midterm Elections” report by Anomali Labs, the R&D arm of threat intelligence company Anomali, explores the strength of email security programs for election-related infrastructure. And of the 90 state, territory and District of Columbia election offices Anomali Labs assessed, 96 percent are “highly susceptible” to email spoofing attacks. The report found a low adoption rate of strong email authentication and email security standards among the majority of state-level election offices and their online voter registration sites. Adoption overall is inconsistent across the board. Being spoofable means threat actors could falsify the sender’s origins to appear as if the fraudulent email came from a legitimate government organization, according to the report. This type of threat is “100 percent real, and as far as urgency, given that phishing is the No. 1 attack vector, not just against election officials but also in industry in general, I think it’s very, very high,” said Roberto Sanchez, Anomali director of threat and sharing analysis and the lead researcher for the election security report.

Editorials: It’s Election Day in Florida. Who’s making sure our votes count? | Miami Herald

On Election Day, the people most in the dark about the security threats to Florida’s voting systems are Floridians. U.S. Sen. Bill Nelson has made alarming claims about cyberattacks by Russian hackers, while citing classified sources and offering no evidence, but the response from state officials has only added confusion and rancor to what should be a sober discussion. Voters need clearer, concrete information in order to have confidence that their elections are secure. Since the 2016 presidential election, Americans have known that Russian operatives have attempted various means of hacking into states’ voting systems. An indictment this summer of 12 Russian intelligence officers stated that operatives in 2016 faked a real election vendor email account to send more than 100 “spearphishing” emails to election administrators in several Florida counties. Sen. Marco Rubio has said those threats remain as hackers continue to probe for cyber vulnerabilities, and he suggested that county elections supervisors have “overconfidence” in their systems.

National: Facebook and Microsoft briefed state officials on election security efforts today | TechCrunch

So much for summer Fridays. Yesterday, BuzzFeed reported that a dozen tech companies, including Facebook, Google, Microsoft and Snapchat, would meet at Twitter headquarters on Friday to discuss election security. For two of them, that wasn’t the only meeting in the books. In what appears to be a separate event on Friday, Facebook and Microsoft also met with the Department of Homeland Security, the FBI and two bodies of state election officials, the National Association of State Election Directors (NASED) and the National Association of Secretaries of State (NASS), about their election security efforts.

National: Midterm Campaigns Fight to Prevent Cyber Attacks | New York Magazine

Melting in South Florida’s humidity, a young congressional campaign manager let his nerves show. Sitting across from a pair of visitors on a café patio, he widened his eyes when they asked if there were any tool he wished he had to help protect his campaign from cyber attacks. “I have no idea! I don’t even know what that would be, to be honest.” Weeks away from Election Day, the operative’s fear is increasingly common — practically unavoidable in 2018, in fact. Midterm campaigns are entering the fall more anxious than ever about looming threats of email phishing, text hacking, and countless other ominous possibilities that could derail their hopes with the touch of a Muscovite button. And it’s becoming increasingly clear to many that they may just not be ready for what’s coming — or what’s already occurred.

Florida: Primary is big test for security of voting process | Miami Herald

Tuesday’s primary is a dry run for democracy in a tense time of cyber-threats. It will be the most thorough test of voting operations since Russian operatives tried to hack Florida voting rolls before the 2016 presidential election. But it’s not one election, it’s 67 — one in every county from the Key West to Pensacola. As counties plan for what’s often a low-turnout election, they have spent millions of dollars safeguarding computer servers, installing surveillance cameras and card readers, building security barriers and training workers to detect threats they can’t see. “We want to make sure that our employees know what a phishing email looks like,” says Lisa Lewis, supervisor of elections in Volusia County, a county the Russians targeted two years ago. “If there’s no subject line, I tell people, ‘Don’t open it.’ ”

Indiana: Election security plans don’t include new machines | The Hour

Indiana’s top elections official is planning to use more than $7.5 million in federal funding on improving the state’s election security but won’t upgrade its voting machines. Republican Secretary of State Connie Lawson has announced plans for using the federal assistance to strengthen voting systems ahead of the November election. Indiana was among the states and territories to receive money from the $380 million approved by Congress amid ongoing threats from Russia and others. Indiana will also spend an additional $659,000 on election security under the requirement to match 5 percent of grant funding with state money, The Indianapolis Star reported. The state money will go toward evaluating election infrastructure, conducting third-party testing, implementing email encryption and training state and county officials, according to Lawson.

New Hampshire: Election System Might Be Vulnerable | Associated Press

mid concerns about hacking from Russia, Iran and other countries, New Hampshire plans to spend a quarter of a million dollars in federal grant money on assessing whether its election systems are vulnerable to intruders. David Scanlan, the deputy secretary of state, said that $250,000 from the five-year grant will be used to hire a firm that will attempt to hack the election system to help identify any weaknesses. The state also plans to embed software in the election database that can recognize abnormal activity and shut it down. The state also wil monitor the “dark web” for signs the state is being discussed among hackers. “It’s kind of an ear to the ground to find if New Hampshire is being discussed in any way to give us a heads up of when a potential attempt to hack might happen,” Scanlan said of the “dark web” effort. Scanlan said there is no evidence so far that anyone has attempted to hack and get into New Hampshire’s election system.

National: Trump Objections to Senate Election Security Bill Stalled Measure | Roll Call

President Donald Trump is objecting to the Senate’s effort to help improve election security, citing concerns about imposing federal burdens on state and local governments. The Rules and Administration Committee abruptly scrapped a Wednesday  markup of bipartisan election security legislation, and there were rumors that the White House might have been at least in part behind the delay. Some Republican members of the committee were against the bill, including former Chairman Richard C. Shelby, R-Ala. … The White House is asking the Senate, “Do not violate the principles of Federalism — Elections are the responsibility of the states and local governments,” according to the Walters statement. “We cannot support legislation with inappropriate mandates or that moves power or funding from the states to Washington for the planning and operation of elections.”

National: White House blocks bill that would protect elections | Yahoo News

A bill that would have significantly bolstered the nation’s defenses against electoral interference has been held up in the Senate at the behest of the White House, which opposed the proposed legislation, according to congressional sources. The Secure Elections Act, introduced by Sen. James Lankford, R-Okla., in December 2017, had co-sponsorship from two of the Senate’s most prominent liberals, Kamala Harris, D-Calif., and Amy Klobuchar, D-Minn., as well as from conservative stalwart Lindsey Graham, R-S.C., and consummate centrist Susan Collins, R-Me. Sen. Roy Blunt, R-Mo., was set to conduct a markup of the bill on Wednesday morning in the Senate Rules Committee, which he chairs. The bill had widespread support, including from some of the committee’s Republican members, and was expected to come to a full Senate vote in October. But then the chairman’s mark, as the critical step is known, was canceled, and no explanation was given.

National: What’s next for postponed Secure Elections Act | Politico

The Senate Rules Committee’s last-minute decision Wednesday to postpone a markup of the Secure Elections Act (S. 2593) was a significant setback for a bill that had been considered a bipartisan bright spot in a bitterly divided Congress. “For everyone else who delayed this action today, I hope that you will listen to the clarion cry of our intelligence community and continue to work with us and reschedule the markup and pass the bill into law,” Sen. Amy Klobuchar, the ranking member on the Rules Committee and the bill’s chief Democratic co-sponsor, said in a statement. Rules announced the delay hours before DHS Secretary Kirstjen Nielsen urged states to have a “verifiable and auditable ballot,” though she deferred on the question of whether paper was essential, saying, “I don’t know that we’re interested in mandating how.”

National: Former Facebook security chief warns its too late to protect 2018 elections | CNET

Former Facebook security chief Alex Stamos has issued a sobering warning about the continuing threat of foreign interference in US elections, saying it’s “too late to protect the 2018 elections.” But he believes the 2020 election can still be saved. Stamos, who departed Facebook for Stanford University earlier this month, is well acquainted with the subject, having played a central role in Facebook’s response to interference by Russian trolls in the 2016 US presidential election that took place on the social media giant. In a blog post published Wednesday on Lawfare, Stamos seizes on two pieces of news he says proves that “America’s adversaries believe that it is still both safe and effective to attack U.S. democracy using American technologies and the freedoms we cherish.”

National: ES&S to boost security following criticism | The Hill

A major election systems vendor on Thursday announced steps to boost the security of its products, just one day after lawmakers raised concerns that the company is not doing enough to safeguard itself from hackers. Election Systems and Software (ES&S), which is the third largest election system vendor in the U.S., announced it will work more closely with the Department of Homeland Security (DHS) and Information Sharing and Analysis Centers (ISAC) in an effort to increase security of its systems ahead of the 2018 midterm elections. The company in a press release said it has formed “new partnerships with multiple DHS offices that include its key cyber office known as the National Protection and Programs Directorate (NPPD) as well as the National Cybersecurity Assessment and Technical Services (NCATS). 

Maryland: Federal Team Evaluating Election System in Maryland | NBC4 Washington

A U.S. Department of Homeland Security team is in Maryland this week to evaluate the state’s election systems after officials learned last month about a transaction between a venture fund with Russian ties and a company involved in the state’s election infrastructure, Maryland’s elections administrator said Tuesday. The Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center is checking to ensure the election systems hosted by ByteGrid remain secure. “They’re evaluating whether or not there’s any issues with ByteGrid,” said Linda Lamone, the state’s elections administrator. Gov. Larry Hogan, Senate President Thomas V. Mike Miller and House Speaker Michael Busch asked for the technical assistance to evaluate the network last month.

Michigan: Democrats’ attempted hacker? A test from Michigan Democrats | Associated Press

A would-be hacking attempt into the national Democratic Party’s massive voter file wasn’t that at all. It turns out to be the work of a technology company hired by Michigan Democrats, all in the name of testing how secure the party can keep information on tens of millions of Americans. “This was an unauthorized test, not an attack,” Bob Lord, the Democratic National Committee’s chief security officer, told The Associated Press in an interview Thursday. That finding, discovered after national party officials already had contacted federal law enforcement fearing a malicious hacking attempt, marks an odd and potentially embarrassing twist to the party’s data security efforts two years after Russians penetrated DNC computers and released internal communications the upended the 2016 presidential election. The chairman of the Michigan Democratic Party, Brandon Dillon, did not respond to a request for comment.

Texas: Millions of Texas voter records exposed online | TechCrunch

massive trove of voter records containing personal information on millions of Texas residents has been found online. The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters. It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to influence elections. TechCrunch obtained a copy of the file, which was first found by a New Zealand-based data breach hunter who goes by the pseudonym Flash Gordon. It’s not clear who owned the server where the exposed file was found, but an analysis of the data reveals that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data.

Sweden: Social Democrats’ website hacked in attack linked to Russia and North Korea | The Local

The website of Sweden’s centre-left Social Democrats has been hacked for a second time, and the IP address responsible was linked to Russia and North Korea, according to the party’s IT provider. The hack was a distributed denial-of-service (DDoS) attack, meaning those responsible disrupted the site to make it unavailable to users. “This is serious. Citizens don’t have access to our site, the heart of our election campaign, where the information about our policies is,” the party’s head of communications, Helena Salomonson, told TT. The site was attacked at around 9pm on Monday, and was down for around six minutes in total, Salomonson said. The party has reported the incident to police.

National: Senate Panel Abruptly Cancels Markup of Election Security Bill | Roll Call

A Senate committee on Wednesday abruptly postponed the planned markup of a key election security bill that had bipartisan support and would have imposed new audit requirements on states. The markup of the Secure Elections Act, authored by Oklahoma Republican James Lankford and Minnesota Democrat Amy Klobuchar, is “postponed until further notice,” the Senate Rules and Administration Committee said on its website. The bill had the backing of several GOP lawmakers, including Richard M. Burr of North Carolina, Susan Collins of Maine and Lindsey Graham of South Carolina, as well as Democrats such as Mark Warner of Virginia, Kamala Harris of California and Martin Heinrich of New Mexico. But a senior Republican lawmaker, Sen. Richard C. Shelby, objected to the bill’s provisions expanding the federal role in elections. 

National: Senate Intelligence Committee members raise concerns about voting system vulnerabilities | The Hill

A bipartisan group of lawmakers on the Senate Intelligence Committee raised concerns Wednesday about the election voting systems provided by one of the largest vendors in the United States, questioning whether the company is doing enough to safeguard itself from hackers. Four committee members wrote in a letter they were disappointed that Election Systems & Software (ES&S) has not agreed to undergo independent testing to determine the security level of its systems. The letter comes after an annual hacking conference earlier this month appeared to reveal security vulnerabilities in ES&S voting systems. “We are concerned that ES&S and other election system providers may not be prepared for the growing threats to our elections,” Senate Intelligence Committee Vice Chairman Mark Warner (D-Va.) and Sens. Susan Collins (R-Maine), James Lankford (R-Okla.), and Kamala Harris (D-Calif.) wrote in a letter to the company.

National: DHS chief calls on officials in all 50 states to have ‘verifiable’ ballots by 2020 election | The Hill

Homeland Security Secretary Kirstjen Nielsen on Wednesday called on election officials in all 50 states to ensure that ballots used during the 2020 presidential election are able to be audited. Nielsen told a group of reporters touring the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., that she wants “all state and local election officials to make certain that by the 2020 presidential election, every American votes on a verifiable and auditable ballot.” “Our systems must be resilient. We must be able to demonstrate that the votes count and that they are counted correctly,” she added.

National: The Votes Are In: Election Security Matters | Dark Reading

No matter what side of the political divide on which one falls, everyone agrees that the security and integrity of elections are critical. Throughout history, foreign adversaries have attempted to influence election outcomes to their benefit and, in 2016, the efforts escalated to cyberattacks. For this reason, the security of US elections and election infrastructure remains a top national concern, and in early 2017, the government designated the election system as one of our critical infrastructures. With the number of cyberattacks growing every day, improving cybersecurity will be a mandatory component in preserving our political process. The US Department of Homeland Security (DHS) confirmed that at least 21 states have had their networks scanned by Russian adversaries. Scanning is the cyber equivalent of checking for holes in a fence, an unlocked door, or an open window. There are also confirmed reports of a few specific intrusions into government-owned voter registration databases.

National: Democratic Party Says It Thwarted Attempted Hack of Voter Database | The New York Times

The Democratic National Committee said Wednesday that it was alerted to an attempted hack of its voter database this week and that it had notified law enforcement. The effort to target the Democratic Party’s voter file, known as Votebuilder, was not successful, and a party official said the identities of the culprits were unclear. When the Democratic National Committee was hacked in 2016 during the presidential campaign, the incident was traced to Russia. This week’s attempt was aggressive, two officials briefed on it said. The hackers set up a fake page that mimicked the party’s login page for its voter-registration website, a tactic that could gather names, passwords and other credentials of those using the voter database. The hackers also may have sent emails to people within the national committee to try to trick them into using the fake page, a tactic known as “spearphishing,” the officials said. The Federal Bureau of Investigation is looking into the incident, one of the officials said.

National: Officials fear voter registries vulnerable to hackers, could lead to problems on Election Day | Associated Press

A top Department of Homeland Security official said on Tuesday that while it would be difficult for hackers to meaningfully change vote totals in the upcoming elections, they could attack more vulnerable voter registration files, which an expert said could sow “chaos” on Election Day. “Our assessment is that it would be exceedingly complex to change vote totals, and that in trying to attempt to do so [it’s] likely that something would be noticed,” DHS’s National Risk Management Center Director Robert Kolasky said in a Senate hearing. “Voter registration files we’ve assessed as more of a vulnerability than the actual vote count process.”

National: Tech giants open up about election cyberthreats as specter of regulation looms | The Washington Post

Tech companies are taking a more transparent approach than usual in disclosing cyberthreats against their platforms — especially when it comes to election interference. One high-profile example came this week when Microsoft announced that Russian hackers tried to use the company’s domains to launch phishing attacks on U.S. political institutions. The company also revealed recently that hackers had used similar means to target 2018 congressional candidates. And just last month, Facebook said that it had uncovered a sophisticated political disinformation campaign involving nearly two dozen fraudulent pages and profiles. The disclosures are not just limited to U.S. election threats. Late Tuesday, Facebook announced that it had identified new social media influence campaigns — one backed by the Iranian government, another linked to Russian military intelligence — and removed hundreds of fraudulent accounts that it said were designed to manipulate users in other countries around the globe.

National: Senators duel over audit requirements in election security bill | FCW

As the Secure Elections Act barrels towards a crucial markup in the Senate, two of its original cosponsors expressed divergent views on whether the bill must mandate hand counted post-election audits. The latest version of the bill released by Senate Rules Committee chair Roy Blunt (R-Mo.) would, like its predecessors, mandate that every state conduct a post-election audit to verify the results. However, Blunt’s version would allow states to conduct those audits by hand as well as through electronic means. Previous versions of the bill specified that audits be inspected “by hand and not by device.” During a hearing on cybersecurity, Sen. Amy Klobuchar (D-Minn.), one of the original co-sponsors of the bill, pressed her colleagues to fight to reinsert the language. “I would love to see that risk-limiting audit requirement across the country,” said Klobuchar. “What we have right now in the bill is a requirement that simply audits be required and they have to report back to us. We have backup paper ballots in 14 states now, nine as you know have partial [paper backups], five don’t have any at all….I don’t know how you could prove what happened in an election if there was a hacking.”