National: Despite Trump’s assurances, states struggling to protect 2020 election | Politico

President Donald Trump on Friday promised an intense, “whole-of-government” focus on securing the nation’s elections from cyberattacks — but a POLITICO survey of states finds ample reasons to worry about both this year’s midterms and 2020. Only 14 states plus Washington, D.C., say they plan to replace their voting machines in time for the next presidential election using their shares of the $380 million in election technology funding that Congress approved in March, according to POLITICO’s survey of election agencies nationwide. At least seven other states have paid for new voting equipment with other money. But 21 states either have decided not to upgrade their machines or are unsure of their plans — with some saying they would need much more federal aid to swap out their equipment.

National: Lacking direction from White House, intelligence agencies scramble to protect midterm elections from hackers | CNN

With the midterm election only a few months away, government officials working to counter election interference from Russia have been operating with no strategy from the top, including from President Donald Trump’s fractured National Security Council, leaving each agency to fend for itself without White House support or direction, according to lawmakers and national security officials who spoke with CNN. On Friday, following bipartisan criticism about the White House’s focus on pressuring Russia on election interference, Trump is expected to convene a meeting of the NSC to discuss election interference efforts where high-ranking officials including Secretary of State Mike Pompeo are expected to attend. Further details, including Trump’s planned remarks, weren’t available.
Defense of America’s electoral system has traditionally centered around the security of election infrastructure, like voting machines and voter rolls. However, as indictments from special counsel Robert Mueller allege, Russian operatives also seek to exploit weaknesses in the cyber infrastructure of individual political campaigns, while weaponizing social media platforms to spread targeted disinformation.

Editorials: Democracy is under threat from the malicious use of technology. The EU is fighting back | Julian King/The Guardian

Alongside traditional canvassing, political parties can now get their messages across using the internet and social media, tools that have not only made it possible to reach large numbers of people but also, increasingly, to micro-target individuals with tailormade messages. This should, in theory, mean an electorate better informed than ever before. But those same tools can easily be hijacked by malicious actors – both state and non-state – to subvert our democratic systems and be used as a weapon against us. And unfortunately, such interference has become increasingly common in the past few years, be it regarding a referendum on an EU agreement with Ukraine or a US presidential election. Preventing our democratic processes, the very building blocks of our society, from being affected is not a concern for the future. It is a task of the utmost importance now, one that requires immediate action. Indeed, we have been working on addressing this threat for a while and are looking to step up our response, together with our member states.

National: We have the first documented case of Russian hacking in the 2018 election | Vox

Russia is already trying to hack the 2018 midterm elections, going after Sen. Claire McCaskill (D-MO), one of the most vulnerable Senate Democrats up for reelection this year. That’s the key takeaway from a piece published Thursday afternoon by the Daily Beast. Reporters Andrew Desiderio and Kevin Poulsen used a combination of court records and internet sleuthing to identify that malicious emails to a McCaskill aide were sent from a server that likely belongs to Fancy Bear, the same Russian intelligence group that did the 2016 hacks. The attack, launched in the second half of last year, seems to have failed. The evidence in the Daily Beast piece that this attack was launched by Russians is reasonably compelling. If it’s correct, then this is the first publicly identified case of Russian interference in a specific 2018 election campaign.

National: Partisan clash over election system security looming in Senate | The Virginian Pilot

A partisan clash over Russian hacking of state elections systems appears to be coming to a head in the Senate, where a provision to add $250 million to a four-bill spending package for states to beef up election system security may be headed for a floor vote. Democrats are using an announcement from the Election Assistance Commission and President Donald Trump’s comments in Helsinki, Finland, on July 16 to pressure Republicans to allow a floor vote on Sen. Patrick J. Leahy’s amendment to provide $250 million in grant aid to states to secure election systems. “Our states are under attack,” Leahy, ranking member of the Senate Appropriations Committee, said on the floor Thursday. His amendment would provide the $250 million as part of the four-bill fiscal 2019 spending package that is expected to get a floor vote next week.

Illinois: Russian Hacking Points To Need For Cybersecurity Specialists | WGLT

The Illinois State Board of Elections (ISBE) faced scrutiny after Illinois became one of 39 states hacked by the Russians in the 2016 election. ISBE said only voter rolls were hacked, and no ballots were tampered with. The board’s IT Director Matt Emmons said Tuesday that’s why cybersecurity specialists are imperative. “There’s always a threat,” Emmons said. “Threat is an outside factor, an outside force. So we’re operating under the assumption that there will be a threat 100 percent of the time.” Emmons spoke Tuesday in Normal to the Central Illinois chapter of BDPA, an organization for African-Americans and other minorities in the information technology (IT) and STEM fields. He was joined by McLean County Clerk Kathy Michael and the county’s chief information officer, Craig Nelson.

National: The next Russian attack on U.S. elections could be more serious than Facebook memes | Mashable

This is not a drill. Nor, alas, is it the fever dream of a Cold War hack novelist, as much as it sounds like one. In 2017, Russian hackers gained control of the U.S. power grid to the point where they could cause blackouts. And the U.S. government doesn’t know if they’re still able to do it. Worse yet, there’s reason to believe this is part of an attack on the 2018 election — one that could make Russia’s pivotal 2016 shenanigans (its fake news machine, DNC email hacking, voter registration hacking and Facebook meme-making) look like child’s play.  We learned about a Russian attack on American infrastructure when the FBI and the Department of Homeland Security released a report in March, but we didn’t know how bad it was until a DHS briefing on Monday. Hundreds of utility companies had fallen victim to the hackers; there may be many more out there that have been hacked and don’t know it. Energetic Bear managed to get into the control rooms of power stations, even into supposedly secure “air-gapped” networks, via vendors.  “They got to the point where they could have thrown switches” and blacked out portions of the U.S., one DHS analyst told the Wall Street Journal. 

National: GOP Voters Grow More Skeptical of Election Cybersecurity Ahead of 2018 Midterms | The Morning Consult

Majorities of U.S. voters believe state and local officials, as well as political campaigns and committees, are not prepared to combat cyberattacks or hacking efforts targeting the 2018 midterms, according to a new Morning Consult/Politico poll — with Republican voters in particular growing more skeptical about cyber preparedness in advance of the November elections. The survey, conducted July 19-23 among a national sample of 1,996 registered voters, comes after the U.S. Justice Department announced indictments against 12 Russian intelligence officers in the hacking of the Democratic National and Democratic Congressional Campaign committees and Hillary Clinton’s 2016 presidential campaign. Fifty-one percent of survey respondents said both election officials and campaign and committee officials are not prepared to deal with cyberthreats. Thirty-six percent said state and local officials are prepared and 35 percent said the same about political campaigns and committees.

National: Congress isn’t happy with Trump’s cyber strategy. It wants a commission to help. | The Washington Post

Sen. Ben Sasse (R-Neb.) says the Trump administration needs to get serious about cyberdefense. And he’s taking some cues from history with the hope of kicking the administration into action. Tucked in a massive defense policy bill Congress appears poised to pass in the coming weeks is a measure from Sasse that would create a commission of top national security officials, lawmakers and experts to draw up a comprehensive cyberdefense strategy for the country. The proposal is based on the Project Solarium Commission, a Cold War effort President Dwight D. Eisenhower launched in the 1950s to counter the Soviet threat. It’s another way Congress is trying to force President Trump’s hand in developing a clear doctrine for how the United States responds to cyberthreats from nation states like Russia, which Trump refuses to unequivocally state interfered in the 2016 election. As Trump waffles on Russia’s interference in the election, and his White House sheds top cybersecurity talent, the measure would give Congress and its hand-picked experts a more direct role in steering the national discussion.

National: States and counties are not ‘sitting back’ on election cybersecurity, officials tell Congress | StateScoop

Four state, local and federal officials briefed members of Congress Tuesday on the need to increase cybersecurity around voting infrastructure, a task that grows more urgent for state and local governments as the November midterm elections approach. While the nearly three-hour hearing before the House Oversight Committee was frequently sidetracked by representatives’ diversions into topics including the investigation being conducted by Special Counsel Robert Mueller, federal agencies’ search rankings and President Donald Trump’s latest tweets, the witnesses also got a few words in about how ready election officials are to repel cyberattacks and how well states are partnering with the federal government to make voting more secure.

National: The White Hats in the War Against Election Meddling | Inc.com

The underlying mechanism of American democracy–the U.S. election system–has been under attack by foreign hackers. Special Counsel Robert Mueller last week indicted 12 Russian intelligence officers accused of interfering in the 2016 U.S. presidential election. While the Russians are charged with hacking the Democratic National Committee and Hillary Clinton’s campaign, the Department of Homeland Security found that hackers also targeted election systems in 21 states, including battleground states such as Pennsylvania, Virginia, and Florida. And while Congress approved $380 million in grant money for state election officials to upgrade their cybersecurity posture, many American states are ill- equipped to defend against cyberwar waged by nation states. That’s why Cloudflare, a San Francisco-based cybersecurity company, is offering its services free to state and county government websites that support elections, report election results, host voter registration services, and poll location information.

California: Could Russia hack California’s elections? It would be hard, but not impossible | San Francisco Chronicle

Although California has received an “all-clear” from government agencies looking into Russian attempts to hack into voting data for states across the nation, safe today doesn’t mean safe tomorrow, a leading computer security expert warned. “The bottom line is, be nervous,” said Matt Bishop, a UC Davis computer science professor who specializes in computer security. California has been pushing hard to make its voting systems more secure and more efficient since Florida’s famous “hanging chad” election of 2000. …  San Francisco’s system is typical, said John Arntz, the city’s elections chief. There’s an “air gap” in the electronic voting machines and the equipment that tallies the votes, he said.

Georgia: Trump, Election Hacking, and the Georgia Governor’s Race | The New Yorker

Last week, when Donald Trump endorsed Brian Kemp over Casey Cagle in Georgia’s Republican-gubernatorial-primary runoff election—which takes place on Tuesday—it looked like the President was simply choosing the candidate who was running as the self-proclaimed “politically incorrect conservative.” But, in fact, there is very little political distance between Kemp, Georgia’s secretary of state, and Cagle, the lieutenant governor: both are avowed right-wing Christians who extol the blessed trinity of school choice, the elimination of abortion rights, and the primacy of the Second Amendment, and both are vocal supporters of Trump. They are so closely aligned politically that the New York Times called the President’s endorsement “unexpected.” And, though it’s possible that Trump split the difference by focussing on the candidates’ most significant policy disagreement—Kemp is a vociferous critic of the Affordable Care Act, and Cagle wants to expand Medicaid in Georgia—he also happened to endorse a candidate whose views on election hacking and Russian meddling most reflect his own.

Georgia: A closer look: Election system security in Georgia | WSAV

There has been a lot of talk about election security over the last year. Now, there is word that the national controversy over Russians meddling in the 2016 election may be closer to home than many believed. In a recent report from the U.S. House of Representatives, Georgia was named as one of the top four states with vulnerable election systems. The report says that in 2016, Russian hackers tried to penetrate the state system and maybe even county election offices.

North Carolina: State details plans for $13M in election security upgrades | WRAL

State officials will spend more than $7 million over the next two years to upgrade and secure the decade-old system that forms the backbone of the state’s elections. They’ll use several million more in mostly federal dollars to fund additional auditing and cybersecurity measures as the state works to harden election systems in the wake of nationwide Russian interference in 2016. State Board of Elections and Ethics Enforcement spokesman Patrick Gannon said the agency has no indication of any “successful infiltration” into North Carolina election systems during the last election. But state officials are taking seriously mounting evidence from the U.S. intelligence community and federal investigators of widespread disinformation campaigns and repeated attacks on critical election infrastructure across the country.

National: The Midterm Elections Are Already Under Attack | WIRED

With primaries underway and less than four months to go until this year’s midterm elections, early signs of attack have already arrived—just as the US intelligence community warned. And yet Congress has still not done everything in its power to defend against them. At the Aspen Security Forum on Thursday, Microsoft executive Tom Burt said that phishing attacks—reminiscent of those carried out in 2016 against Hillary Clinton’s campaign—have targeted three midterm campaigns this year. Burt stopped short of attributing those efforts to Russia, but the disclosure is the first concrete evidence this year that candidates are being actively targeted online. They seem unlikely to be the last. “The 2018 midterms remain a potential target for Russian actors,” said Matt Masterson, a senior cybersecurity adviser to DHS, at a Senate hearing last week. “The risks to elections are real.”

National: Week Of Trump Reversals Puts 2018 Election Security In The Spotlight | NPR

With less than four months to go, how much are this year’s midterm elections at risk for the kind of interference sowed by Russia in 2016? It’s a question that’s coming up again after President Trump’s seemingly shifting positions this week about Russia’s responsibility for the interference in 2016, and after special counsel Robert Mueller’s recent indictments of 12 Russian intelligence officers accused of hacking the Democratic Party and state election computer networks. It would be “foolish” to think Russia is not trying to influence the 2018 elections, said Homeland Security Secretary Kirstjen Nielsen on Thursday at the Aspen Security Forum. “They have the capability and they have the will,” Nielsen also said. But two years after the first tendrils of the Russian influence and disruption campaign were detected, the U.S. response remains incomplete because of partisan politics, bureaucratic confusion and differing priorities among state and local governments.

Maryland: Following Maryland revelation, bills would ban election vendors from foreign control | Baltimore Sun

Maryland lawmakers have introduced two U.S. House bills seeking to better safeguard election systems following the disclosure that a state election software vendor had ties to a Russian investor. A measure by Democratic Rep. John Delaney and Republican Rep. Andy Harris would mandate that vendors associated with federal elections be owned and controlled by U.S. companies. The legislation follows last week’s disclosure by state legislative leaders in Annapolis that, without the state’s knowledge, a Russian investor had bought a local software vendor that maintains part of the State Board of Elections’ voter registration system.

Editorials: Maryland can’t protect its elections | Mary Kiraly/The Washington Post

It was heartening to learn that Maryland’s leaders raised alarmover a recent warning from the FBI that an election contractor with financial ties to a Russian oligarch and with tentacles into most of the major components of the Maryland voting system has been unmasked. The historical context for the current situation should be understood. In 2007, after years of citizen advocacy, the General Assembly passed legislation that would move the state to paper-ballot/optical-scan voting. During that process, cybersecurity and computer experts from major institutions, including Princeton University and the Brennan Center for Justice, testified about the urgent need to abandon paperless touch-screen voting and to secure computerized election tabulation systems with a paper ballot. A talented and prescient computer scientist at Johns Hopkins University had his career savaged in this process, as the full displeasure of a voting system vendor was directed at this research.

Editorials: The threat to our democracy? Our indifference to fixing our voting machines. | Philadelphia Inquirer

Not that anyone living in the reality-based world needed more convincing, but the recent indictment of 12 Russian intelligence officials charged with interfering in the 2016 election, and President Trump’s apparent alliance with Russian President Vladimir Putin in denying the hacks, underscores the seriousness of this attack on the United States’ democracy. Prior to the indictment, the Republican-led Senate Intelligence Committee said in May that the Russian government “conducted an unprecedented, coordinated cyber campaign against state election infrastructure.” Trump’s willful blindness to the Russian cyberattacks means the U.S. remains vulnerable to interference in future elections.   All the more reason why states, including Pennsylvania, must move to protect our voting system from such attacks.

National: Microsoft discloses first known hacking attempts in midterm elections | The Hill

Microsoft disclosed Thursday that it identified and helped thwart hacking attempts on three congressional candidates earlier this year, marking the first publicly known hacking efforts targeting candidates in the 2018 midterm elections. “Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections,” he added. Burt said that Microsoft and the government were able to take the domain down and block the phishing messages.

National: Justice Department unveils strategy to fight election meddling, cybercrime | Politico

The Justice Department on Thursday issued a wide-ranging report describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks. Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling. “That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it,” Deputy Attorney General Rod Rosenstein said in unveiling the report at the Aspen Security Forum.

National: How is it even possible that most state election offices are still security nightmares? | BGR

Well, this is reassuring. The midterms are almost upon us, the country is still reeling from the revelations associated with hackers meddling in the 2016 presidential election. And, somehow, most states still have glaring security holes in their election offices that will probably stay that way through the midterms. That’s according to a new report from Politico, which found via a survey of all 50 states that few are planning to shore up their systems before November. Even after getting their share of $380 million in funding Congress appropriated for election security in March. “Only 13 states said they intend to use the federal dollars to buy new voting machines,” Politico reports. “At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.

National: Why security company Cloudflare is protecting U.S. election sites for free | Fast Company

Whatever President Trump says or un-says, it’s clear that election authorities in the U.S. and around the world have faced and will continue to face an onslaught of hacking attacks. While it’s unclear if hackers have been able to actually manipulate vote tallies, anyone from a Russian agent to a “400-pound” hacker sitting on his bed can easily seed mayhem and doubt by knocking voter registration sites offline or posting forged announcements of election results. Now San Francisco-based cloud security provider Cloudflare is offering a free service, called the Athenian Project, to any U.S. election authority for the 2018 polls. About 70 agencies, including 10 state election authorities as well as county- and city- level bodies have signed up, the company announced today. (If other companies are also providing pro-bono election security services, please let me know!) Cloudflare CEO Matthew Prince acknowledges that these are just a “drop in the bucket” out of the over 8,500 election authorities in the US, and he said that any other ones are welcome to join.

National: “Don’t count Russia out,” experts warn on election hacking amid relative calm | Fast Company

As the 2018 midterm election season heats up across the country, U.S. government officials say they’ve yet to see digital attacks by Russia on the scale of the 2016 presidential election–but cybersecurity experts warn that it’s too early to tell, noting that it’s still early in the election cycle. “Right now, there are no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016,” Homeland Security Secretary Kirstjen Nielsen told the National Association of Secretaries of State on Saturday.

National: New voting machines are important, but here are three other ways states are investing in election security | StateScoop

In the past eight days, federal officials — including Dan Coats, the director of national intelligence; Kirstjen Nielsen, the homeland security secretary; and Christopher Krebs, the homeland security undersecretary for cybersecurity — have warned that the Russian hackers who attempted to meddle in the 2016 election are on the prowl again. Depending on who you ask, state election officials are either implementing sweeping new security measures or making minimal progress in safeguarding voters ahead of this November’s general election. Every state has claimed its piece of the $380 million the federal Election Assistance Commission offered for new security measures, and several states’ top election officials have told Congress they’re using the money to harden the firewalls around their voter registration files and to replace antiquated ballot equipment with new machines that offer paper records.

Virginia: Campaign’s Election Data Exposed in Virginia | Infosecurity Magazine

A Virginia-based political campaign and robocalling company Robocent left hundreds of thousands of voter records on a public, exposed and unprotected Amazon S3 bucket. This year has already seen a lineup of attempted attacks on local elections and campaigns, but this news comes less than a week after the indictment of 12 Russian officials for meddling in the 2016 US presidential election. According to an 18 July blog post by Bob Diachenko, head of communications at Kromtech Security, Robocent’s self-titled bucket was reportedly “indexed by GrayhatWarfare, a searchable database where a current list of 48,623 open S3 buckets can be found. Repository contained both audio files, with pre-recorded political messages for robocalls dials (*.mp3, *.wav), and voter data (*.csv, *.xls files).”

National: States slow to prepare for hacking threats | Politico

U.S. intelligence officials and security experts have spent years urging states to shore up their elections’ digital defenses, and the latest indictments from special counsel Robert Mueller drew fresh attention to Russia’s cyberattacks on the 2016 presidential election. But less than four months before the midterm elections that will shape the rest of Donald Trump’s presidency, most states’ election offices have failed to fix their most glaring security weaknesses, according to a POLITICO survey of all 50 states. And few states are planning steps that would improve their safeguards before November, even after they receive their shares of the $380 million in election security funding that Congress approved in March. Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.

National: Yes, The Midterms Will Be Hacked – It’s only a question of how, when — and whether we’ll notice | Weekly Standard

Election meddling may not have been the foremost matter on the president’s mind during his hours-long one-on-one with Vladimir Putin in Helsinki, where Putin publicly denied the findings of American intelligence and Trump didn’t disagree. But Moscow’s interference in our national parties, political campaigns, state election boards, and voter registration software have dominated discussions at state elections meetings and in Washington since 2016. After more than a dozen congressional hearings on the subject, a special DHS commission to monitor election security state-by-state, and one $380-million slice of the omnibus later, are our election systems ready to fight off foreign interference in the midterms? The movement to replace every last highly hackable touch-screen voting machine with a less corruptible one that leaves a paper trail has new momentum, thanks to an influx of federal dollars and a loss of public faith in the integrity of our elections systems. “There’s been an attitude shift,” says Lawrence Norden, of NYU Law School’s Brennan Center. But it’s not enough to fix the problem that makes us vulnerable to the persistent threat of election tampering by Russia or perhaps other nefarious actors. National meetings of secretaries of state—like the one this weekend—and other elections directors’ gatherings have all made “cyber hygiene” a topmost priority, Norden said, “Whereas, in the past a lot of people thought of the need for protection against these threats and the warnings about them as hypothetical and exaggerated.”

National: While Trump Reverses on Election Meddling, States Work to Prevent a ‘Digital Watergate’ | Governing

Many of the nation’s secretaries of state were meeting in Philadelphia with federal Department of Homeland Security (DHS) officials about election security last Friday when news broke that a dozen Russian agents had been indicted for interfering with the 2016 election. “Obviously, this is on the forefront of our minds,” says Vermont Secretary of State Jim Condos, who attended the meeting. “All 50 states and territories are focused on security.” But the indictments aren’t the only bit of troubling news election officials have received in recent days. Last week, Maryland officials announced that the FBI had informed them that ByteGrid LLC, an election vendor that handles the state’s voter registration, election management and election night results sites, is financed by a fund whose manager is Russian and whose top investor is a Russian oligarch. Over the weekend, a Russian woman named Maria Butina was arrested and appeared in court Monday on charges that she was a Kremlin agent who worked to infiltrate the National Rifle Association and other conservative groups in an effort to influence U.S. politics.