National: House GOP refuses to renew election security funding as Democrats fume over Russian interference | The Washington Post

“Maybe the special counsel will announce something in two weeks: ‘Oh, here’s what the Russian indictments really are.’ If we learn something, authorizing committees will come right back to it and we’ll go to it,” Sessions said. “But there is no new data or information, it’s at the end of 3½ billion dollars, and there are no requests.” Democrats dismissed the Republicans’ explanations, saying the need for election security funding has never been clearer in the wake of Trump’s summit with Putin, where the president appeared to give credence to Putin’s assertion that Russia did not interfere in the 2016 election, despite the conclusion of U.S. intelligence agencies that he did. The controversy was inflamed anew Wednesday when Trump appeared to declare that Russia was no longer targeting the United States, contrary to the assertions of the intelligence community — although the White House later said the president was just saying “no” to further questions from the press.

National: Election security bill picks up new support in Senate | The Hill

A legislative proposal aimed at securing U.S. election systems from cyberattack is picking up additional support in the Senate as lawmakers grapple with how to respond to Russian election interference. The bill, spearheaded by Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.), is designed to help states upgrade their digital voting systems and boost information sharing between state and federal officials on potential cyber threats to U.S. elections. The bill picked up new cosponsors in Sens. Mike Rounds and Bill Nelson (D-Fla.), the bipartisan leaders of the Senate Armed Services cyber subcommittee, on Tuesday. Lankford is also hoping that Special Counsel Robert Mueller’s recent indictment of 12 Russian intelligence officers for launching cyberattacks in an effort to interfere with the 2016 election will add more urgency to passing the bill.

National: Thousands of US voters’ data exposed by robocall firm | ZDNet

Another cache of US voter data has leaked. A Virginia-based political campaign and robocalling company, which claims it can “reach thousands of voters instantly,” left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password. The bucket contained close to 2,600 files, including spreadsheets and audio recordings, for several US political campaigns. Kromtech Security’s Bob Diachenko, who discovered the exposed data and blogged his findings, shared prior to publication several screenshots of data, packed with voters’ full names, home addresses, and political affiliations.

National: Trump’s intel chiefs fight Russia’s election interference — with or without him | The Washington Post

President Trump’s top intelligence and national security officials are forging ahead with plans to disrupt any Russian interference ahead of the 2018 midterms. But they may be going it alone following Trump’s performance this week at the summit with Russian President Vladimir Putin in Helsinki. Just hours after Trump cast doubt on his own country’s conclusions about Moscow’s 2016 election interference at Monday’s presser, Director of National Intelligence Daniel Coats said the intelligence community “will continue to provide unvarnished and objective intelligence in support of our national security.”  And on Tuesday, the day after Trump suggested he believed Putin’s denials, my colleague Ellen Nakashima reported that the National Security Agency is partnering with the military’s cyberwarfare arm to counter threats from Moscow going into November. “Trump will keep waffling on Russia’s role in the 2016 election. If Russia interferes again, the national security agencies will have no problem running their past playbook: Name and shame, indict, and sanction,” said Stewart Baker, a former Department of Homeland Security assistant secretary and former general counsel for the NSA. But, he added, “the agencies are going to have to get White House approval for anything more, and I’m guessing the president won’t grant it.”

Editorials: It’s Time to Pretend We’re Shocked by Yet Another Voter File Data Breach | Dell Cameron/Gizmodo

A security researcher has, yet again, discovered thousands of U.S. voter files with a minimal amount of effort. Given that over the past year virtually every registered U.S. voter has been exposed by one data breach or another, it’s becoming increasingly difficult to feign our surprise. According to the researcher, Kromtech Security’s Bob Dianchenko, the files were available online for virtually anyone to download and had long been indexed by GreyhatWarfare, a website that currently lists more than 48,000 Amazon S3 buckets, in which potentially confidential files can be found. Dianchenko linked the Amazon server containing the voter files to Robocent, a Virginia-based political campaign and robocalling company. More than 2,600 files were exposed, including voter file spreadsheets and audio recordings for several political campaigns. The voter data itself contained names, phones numbers, addresses, political affiliations, age and year of birth, gender, voting district, and other demographic information, such as language and ethnicity.

Florida: Amid cyber-worries, election tensions persist between counties and state | Tampa Bay Times

Amid ongoing concern of new interference in Florida’s elections, tensions persist between counties and Gov. Rick Scott’s administration over how to use federal election security money. The feds created a $380 million program for states to fortify their voting systems against the threat of cyber attacks. Florida, a battleground state where Russians tried and failed to penetrate systems in 2016, remains an obvious target. Now, the latest: Florida’s Division of Elections has told counties that the state’s $19 million share of new federal voting security money cannot be spent to reimburse counties for expenses already made. Some counties acted on their own because the state applied for the money later than other states did.

Georgia: Was Georgia’s Election System Hacked in 2016? | Politico

The indictment last week of 12 Russian military officers is focusing new attention on election servers in Georgia that are currently embroiled in a lawsuit between election integrity activists and the secretary of state. The activists, intent on proving that the state’s paperless voting machines are not secure and should be replaced, want to examine two state election servers to look for evidence that Russian hackers or others might have compromised them to subvert elections. But the state has been fighting them for more than a year, citing sovereign immunity from lawsuits and also insisting to the news media that Georgia was never targeted by Russian hackers. For the past year it seemed the latter might be true.

National: ES&S Admits It Installed Remote-Access Software on Systems Sold to States | Motherboard

The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them. The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,” the spokesperson said.

National: ES&S Admits Installing Remote-Access Software on State Voting Systems | ExtremeTech

In February 2018, Election Systems and Software told the press that it had never installed remote-access software in any of the e-voting systems it has sold in the various US states or to local governments. In April, the company told Senator Ron Wyden’s office (D-OR), that it had sold pcAnywhere remote connection software “to a small number of customers between 2000 and 2006.” The good news about this disclosure is that the systems in question have all been retired and are no longer in use across the United States. But the fact that this happened in the first place, combined with ongoing warnings about the generally poor state of e-voting security, speaks to the depth and breadth of the issues facing the United States’ e-voting system as the 2018 midterm election approaches. The fact that ES&S lied about its own previous behavior to the public until pressured by Senator Wyden’s office says little good about the civic responsibility these companies feel towards ensuring that voting is handled safely. It’s important — just not as important as minimizing any hint of corporate liability.

National: NSA and Cyber Command to coordinate actions to counter Russian election interference in 2018 amid absence of White House guidance | The Washington Post

The head of the nation’s largest electronic spy agency and the military’s cyberwarfare arm has directed the two organizations to coordinate actions to counter potential Russian interference in the 2018 midterm elections. The move, announced to staff at the National Security Agency last week by NSA Director Paul Nakasone, is an attempt to maximize the efforts of the two groups and comes as President Trump in Helsinki on Monday said Russian President Vladi­mir Putin was “extremely strong and powerful” in denying Russian involvement in the presidential election two years ago. It is the latest initiative by national security agencies to push back against Russian aggression in the absence of direct guidance from the White House on the issue.

Arizona: Prosecutors say Russian hackers leased servers in Arizona, Illinois | Associated Press

Exactly seven months before the 2016 presidential election, Russian government hackers made it onto a Democratic committee’s network. One of their carefully crafted fraudulent emails had hit pay dirt, enticing an employee to click a link and enter her password. That breach of the Democratic Congressional Campaign Committee was the first significant step in gaining access to the Democratic National Committee network. To steal politically sensitive information, prosecutors say, the hackers exploited some of the United States’ own computer infrastructure against it, using servers they leased in Arizona and Illinois. The details were included in an indictment released Friday by special counsel Robert Mueller, who accused the GRU, Russia’s military intelligence agency, of taking part in a wide-ranging conspiracy to interfere in the 2016 presidential election. The companies operating the servers were not identified in the court papers.

Illinois: Hacked Voter Records in Illinois Soar to Half a Million | Government Technology

Last week, Department of Justice Deputy Attorney General Rod Rosenstein announced that a dozen Russians were indicted for hacking offenses tied to the 2016 presidential elections. In addition to the indictments, Rosenstein asserted that Russian intelligence officers stole information on approximately 500,000 voters from a hacked state election board website. Illinois previously disclosed that it notified 76,000 residents that they may have had their voter registration data viewed by the attackers. And although the Illinois State Board of Elections is not specifically mentioned in Rosenstein’s speech nor in the grand jury indictment issued by the DOJ, the Illinois State Board of Elections believes the reference relates to it.  “As far as we know, we are the only state that experienced an actual breach, which is why we stated that we believe we are the ‘SBOE 1’ referred to in Count 11, paragraph 72 [of the indictment],” Matt Dietrich, public information officer for the Illinois State Board of Elections, told Government Technology.

Zimbabwe: Electoral Commision Chairperson Claims Their Website Was Cloned: Does That Statement Really Mean Anything? | Techzim

Priscilla Chigumba the chairperson of the Zimbabwe Electoral Commision has claimed that their website was cloned and it seems there has been a lot of confusion because of the statement. Chigumba was being interviewed at Capitalk FM when she was asked about the privacy concerns that come with a detailed voters’ roll being online and easily accessible. In response to the question “…and what of the voters’ roll published that has peoples private information, the one that’s available on the internet… That is a cyber-security breach on every level ”, Chigumba said:

That’s a cyber-security breach. They cloned our site and we are in the process of doing something about it and we should have that site taken down in… during the course of the next ( get’s cut by presenter asking “It’s not yet down?”) Uhmm as of 12 midday today it wasn’t yet down.

Editorials: Russia election hacking: Mueller’s latest indictment suggests it could be even more damaging next time. | Lawrence Norden/Slate

Much of the analysis following special counsel Robert Mueller’s Friday indictment of 12 Russian intelligence officers has focused on their alleged conspiracy to hack into Clinton campaign and Democratic Party computers and email systems during the 2016 election, and on questions about coordination between then-candidate Donald Trump’s campaign and the Russian infiltrators. But the indictment also included new revelations about the extent of Russia’s attacks on our election systems in 2016—and those details provide a warning that we need to get serious about preparing for even more damaging attacks in this year’s midterms. The latest indictment alleges that Russian intelligence officers hacked into the website of a yet-unidentified state board of elections. Among other new information, it alleges Russia used that hack to steal information related to 500,000 voters.

California: New law requires voter data breach reporting | Associated Press

Journalists, researchers and political campaigns that receive voter data must tell California officials if it may have been stolen under a new law Gov. Jerry Brown announced he signed Monday. It requires people and organizations that have California voter registration data to report security breaches affecting the storage of that information, which can include names, birth dates and addresses. Counties and the secretary of state’s office provide voter registration information to people and organizations who agree to use the data only for journalistic, scholarly, political or government purposes. The new law directs the secretary of state to develop guidelines for how such information should be securely stored. Additionally, it makes intentionally misinforming a voter about voting locations, eligibility or times a misdemeanor.

National: Mueller reveals depth of states’ election vulnerabilities | Poitico

Special counsel Robert Mueller’s latest indictment offers new details of just how deeply Russian operatives have infiltrated state and local election agencies across the U.S. — adding to years of warnings about the technologies that underpin American democracy. Deputy Attorney General Rod Rosenstein said Friday that hackers within Russia’s GRU military intelligence service targeted state and local election boards, infiltrated a Florida-based company that supplies software for voting machines across the country, and broke into a state election website to steal sensitive information on about 500,000 American voters. While the FBI had issued warnings in 2016 about hackers breaching state election websites in Illinois and Arizona, the latest indictments in Mueller’s ongoing Russia probe surfaced the most granular account yet on foreign operatives’ efforts to tamper with U.S. election systems. Sen. James Lankford (R-Okla.) said the charges outline a Russian “attack on our democracy.”

National: Mueller Indictment Adds Urgency to Securing 2018 Midterm Elections | Wall Street Journal

Special counsel Robert Mueller’s latest move briefly hijacked a closed-door meeting of state election officials and federal cybersecurity personnel here last Friday, as phones buzzed with news alerts about his indictment against Russians allegedly behind a spree of hacks before the 2016 election. The interruption, described by several people in attendance, caught the room off guard. Some of the details in the indictment, describing the persistent efforts to compromise both Democratic Party and state election networks, were new to the officials present. That added urgency to the gathering’s mission—protecting the nation’s election machinery in November. It also reflected how tightly the secrets unearthed by Mueller’s investigators are held, even from the officials responsible for preventing a repeat in 2018.

National: States with ‘most vulnerable’ voting systems named in congressional report | StateScoop

Eighteen states made a list of the “most vulnerable” election systems in the country in a report published Thursday by the U.S. House Administration Committee. The states included in the report were faulted for lacking several of the things voting-security advocates frequently call for, including paper records of ballots and post-election audits. The report also states that the $380 million in funds currently being distributed to states by the federal Election Assistance Commission isn’t nearly enough, and that it could cost another $1.4 billion over the next decade for every state to properly secure its election systems. All 50 states plus the District of Columbia have now requested their share of the EAC’s grant money, but the report claims that much more will be needed to upgrade election officials’ information technology, implement cybersecurity training and swap out paper-free Direct Recording Electronic ballot machines, known as DREs.

National: State election officials in US meet amid security concerns | Associated Press

The top state election officials from throughout the U.S. are gathering this weekend in Philadelphia amid fresh revelations of Russia’s interference in the 2016 presidential election and just before President Donald Trump holds one-on-one talks with Russian President Vladimir Putin. The annual gathering has typically been a low-key affair highlighting such things as voter registration and balloting devices. This year’s meetings of the National Association of Secretaries of State and the National Association of State Election Directors are generating far greater interest. The conference is sandwiched between Friday’s indictments of 12 Russian military intelligence officers alleged to have hacked into Democratic party and campaign accounts, and Trump’s long-awaited meeting with Putin.

National: Secretaries of State gavel in at annual conference | Politico

Democratic secretaries of state consider election security a priority and will raise it repeatedly at a gathering of secretaries that begins today — in contrast, they say, to what they call President Donald Trump’s dithering on the subject. “While Trump continues to deny Russia’s interference in the 2016 elections, and his administration neglects the urgent need to better safeguard our elections, it has never been more important for Secretaries of State to lead,” the Democratic Association of Secretaries of State said in a statement. “It is critical that state election officials do everything we can to defend our elections from foreign interference and cyber threats.” The National Association of Secretaries of State’s summer conference, which runs from today through Monday in Philadelphia, includes several sessions focused on cyber threats to elections, including a meeting of the recently created group that coordinates state and federal security efforts.

Maryland: Officials: Russian firm used in Maryland election systems | The Washington Post

A vendor that provides key services for Maryland elections has been acquired by a parent company with links to a Russian oligarch, state officials said Friday after a briefing a day earlier from the FBI. Senate President Thomas V. Mike Miller and House Speaker Michael Busch made the announcement at a news conference in the Maryland State House, a gathering that included staff members of Gov. Larry Hogan. “The FBI conveyed to us that there is no criminal activity that they’ve seen,” Busch said. “They believe that the system that we have has not been breached.” In a letter Friday, Hogan, Busch and Miller asked the U.S. Department of Homeland Security for technical assistance to evaluate the network used by the elections board.

New Jersey: How secure are New Jersey’s voting machines from hacking? This report may worry you. | NJ.com

New Jersey has some of the weakest election security in the country, according to a congressional report that placed the blame on former Gov. Chris Christie. New Jersey was named one of the five most vulnerable states to hacking in the report by the Democratic members of the House Administration Committee. The report said New Jersey’s voting machines do not have a paper record, making it “nearly impossible” to tell if they had been hacked and vote tallied changed. It said the state has requested funds from the federal Election Assistance Commission to improve security, and is considering legislation to require a paper trail for all voting machines. The other states with the worst security were Delaware, Georgia, Louisiana and South Carolina. In all, 18 states were vulnerable to hacking, the report said.

National: Would Asking People To Hack America’s Election Systems Make Them More Safe? | FiveThirtyEight

There are four months until the midterm elections, and the security of state election systems remains a concern. The clock is ticking to ferret out problems and fix them before Nov. 6. Websites associated with voting continue to have poor cybersecurity hygiene, even after the revelation that hackers probed the systems of 21 states in the lead-up to the 2016 election. And while Congress has increased the funds available to states to improve their election systems, many are still jumping through bureaucratic hoops to actually access the money. One way to supplement much-needed security checks of election systems would be to replicate the security practices of tech-savvy companies. Many private tech companies treat cybersecurity differently than the government does, adapting security practices to deal with inevitable mistakes quickly and through the wisdom of the crowd. They rely partly on outside feedback to suss out vulnerabilities, something that many in the elections community seem allergic to. This could mean that fixable security flaws are left on the table for bad actors to exploit.

National: Elections Seen Safer From Hacking, but Meddling Threat Lingers | Bloomberg

U.S. elections are safer from hacking than they were two years ago, but the threat of foreign meddling hasn’t been stamped out, lawmakers said. “People are much more aware of the problem and taking steps to protect themselves” from hacking before the November elections, Sen. Amy Klobuchar(D-Minn.) said in a phone interview. “We’ve reached a new era” with lawmakers of both parties concerned about Russia’s interference in 2016 and are “trying to solve the problem going forward,” she said. Klobuchar spoke after the Senate Rules and Administration Committee took testimony from experts on how to safeguard U.S. elections. Congress provided $380 million for grants in response to Department of Homeland Security revelations that Russia targeted election systems in at least 21 states for possible interference in 2016. The DHS found no evidence of actual ballot tampering, but said steps are needed to secure future elections.

National: Nation’s top voting equipment vendors grilled by Senate on election security | Washington Times

The Senate’s leading election security advocates blasted the country’s top voting equipment vendors on Wednesday for potentially failing to shore up ballot boxes despite November’s midterm elections already being underway with primaries. Mark Warner, also the top Democrat in the Senate’s probe into Russian interference in the 2016 election, scolded Texas-based Hart InterCivic for failing to cooperate with a security review in his home state of Virginia after that contest. “I am very concerned that there is a lot of chest thumping about how well we did in 2016,” Mr. Warner said during a Senate Rules and Administration Committee’s hearing on election safety — the second on the subject in less than a month. Peter Lichtenheld, vice president of operations for Hart InterCivic, had earlier told lawmakers of the firm’s “strong working relationships” with federal, state and local election officials.

National: Elections officials have a lot of security work to do before November, state and federal officials tell Congress | StateScoop

Russian hackers might not be as active in interfering with U.S. voting systems this year as they were in 2016, but that doesn’t mean states don’t have plenty of work to do to secure future elections, state and federal officials told members of the House of Representatives Wednesday. “Many elections across our country are being run on equipment that is either obsolete or near the end of its useful life,” Rhode Island Secretary of State Nellie Gorbea told the House Homeland Security Committee. But Gorbea, who said her state started buying new paper-ballot optical scanning machines to count votes in 2015, said replacing hardware is only one part of making the elections she oversees less vulnerable. In her experience, she said, the state-, county- and city-level officials who actually manage elections are “ill-prepared” to deal with cyberthreats.

National: The 5 States Most Vulnerable to a 2018 Election Hack | U.S. News & World Report

Around one year ago, Liz Howard, the deputy commissioner of elections in Virginia had felt good about being prepared for the fall’s approaching voting. Localities looked ready and the state legislature had just passed mandatory post-election audits. “And then,” she recalled. “DEFCON happened.” At an annual worldwide hacking convention in Las Vegas – scheduled this year during the second week in August – intruders in a simulation made their way into the commonwealth’s electronic touch-screen voting machines used in roughly two dozen jurisdictions.  … Some swing states, like Pennsylvania, are racing to upgrade all of their equipment in time for 2020. But that leaves the commonwealth – host of a U.S. Senate and gubernatorial contest – vulnerable in 2018. In Georgia, a commission is still studying a replacement for its touch-screen voting machines and hasn’t yet decided how to precisely spend its $10 million federal grant, according to McClatchy.

South Carolina: Federal push to update voting machines like South Carolina’s is heating up | McClatchy

Federal efforts to fund new voting machines in states including South Carolina are gathering steam, but some advocates say state officials should be doing more. Several U.S. senators voiced support for the Secure Elections Act, which would allocate more money to states looking to increase the security of their elections systems, which help South Carolina. The Secure Elections Act has five co-sponsors, including U.S. Sen. Lindsey Graham, R-Seneca. A spokesman for U.S. Sen. Tim Scott, R-Charleston, said Wednesday he supports the push as well, calling it a “positive step forward.” “As we continue to learn lessons from the 2016 election, Senator Scott believes it is critical we move forward with efforts to secure voting systems across the country and fight intrusion attempts by bad actors from around the globe,” Ken Farnaso, Scott’s press secretary, said in an email.

Cambodia: Chinese hackers breach Cambodian government ahead of country’s general election | CyberScoop

In the run-up to Cambodia’s general election on July 29, a hacking group tied to China has been breaking into multiple organizations that share a connection to either the country’s main opposition party, voting process or human rights movement, according to new research and additional analysis provided by U.S. cybersecurity firm FireEye. The findings — made possible through a glaring operational security mistake where hackers left their attack servers exposed on the open internet — help illustrate how governments are leaning on cyber-espionage capabilities to learn about foreign elections. FireEye collected this intelligence by directly accessing the attack servers, which weren’t protected with a password. The firm was able to identify breaches through established lines of communication that existed between the servers and victims.

National: Here’s an early look at how states are spending federal election security cash | The Washington Post

Nearly four months have passed since Congress set aside $380 million for states to upgrade their election systems, and we’re just now seeing concrete details about how states plan to spend that money. California will immediately make more than $3 million available to county officials to help them protect voter rolls from cyberthreats and improve accessibility at polling places, according to figures provided to The Cybersecurity 202. And Hawaii will spend more than $400,000 ahead of the November midterms to upgrade computers, hire staff and conduct cybersecurity training, the secretary of state’s office says.  California and Hawaii are among 13 states that, as of Monday, have submitted their detailed plans to the Election Assistance Commission about how they intend to spend their share of the federal cash ahead of the July 16 deadline. Their plans offer an early indication that states are taking recommendations from federal officials and election security experts seriously as the midterms approach and intelligence officials warn of a new wave of election interference from the Russian government.