National: Expert: Putin can hack our midterms | Yahoo News

Russian President Vladimir Putin is poised once again to meddle in an American election, and there’s little the U.S can do to stop him, an expert says. “The midterm is vulnerable to attack. There’s nothing we can do about it. It’s too late — if Putin wants to attack our midterm, he will.” Barbara Simons, a former IBM researcher and the co-author of “Broken Ballots: Will Your Vote Count?” told Grant Burningham, host of the Yahoo News podcast “Bots & Ballots.” Having spent the last decade trying to warn politicians of the vulnerabilities of computerized voting systems, Simons, who received a PhD in computer science from the University of California, Berkeley, says that states like Georgia, New Jersey, Delaware, Louisiana and South Carolina that have switched to paperless elections are especially ripe targets.

Florida: Local Election Supervisors Feeling The Squeeze Of Deadlines For Federal Cybersecurity Funding | WJCT

Florida’s election supervisors are feeling the squeeze of a short deadline to submit an application for $19 million in federal cybersecurity funding. The applications are due to the Department of State by next Wednesday. Leon County’s supervisor Mark Earley remembers the 2004 rush to buy electronic voting machines – which have mostly been phased out. He says this time around the scenario is different. Earley believes threats to cybersecurity are “very real.” But, he sees some similarities in the way spending is being rushed along. “The rush to spend the money back then caused some poor decisions,” Earley said. “We are somewhat faced with a rush to spend the money currently.” And, Earley says, if the money isn’t fully spent by the general election, it’s not clear if it will be available going forward.

Georgia: State seeks federal grant to upgrade election system | Atlanta Journal Constitution

Georgia election officials are taking steps to secure a $10.3 million federal grant to upgrade the state’s voting system. Georgia Elections Director Chris Harvey sent a letter to the U.S. Election Assistance Commission on Tuesday requesting the grant to “improve the administration of elections for federal office, including to enhance election technology and make election security improvements.” The request comes after an announcement this spring from the independent federal agency that it planned to award Georgia the grant. The grant calls for $515,000 in matching funds from the state. Georgia’s total budget for administering elections in fiscal 2019 is about $5.8 million.

Australia: Political parties to get cyber subsidy for electoral databases | iTnews

Australia’s four major political parties have been granted $300,000 to shore-up their systems following Russia’s alleged cyber interference in the 2016 US election. The funding will be made available to the parties in the form of voter information protection grants that will be administered by the Department of Finance over the second half of 2018. The Liberal, Nationals, Labor and Greens parties will use the grants to “improve security of their constituent management systems and associated data, including information pertaining to the electoral rolls and voter information”. The funding follows a series of briefings on the security threat to Australia’s elections between Australian Signals Directorate (ASD) and party leaders in early 2017.

Cambodia: China Accused of Hacking Cambodian Government Institutions | VoA News

Cyberattackers have been caught hacking key Cambodian government institutions in what is strongly believed to be a coordinated Chinese government attack ahead of elections set for this month, a U.S. cybersecurity firm has alleged. Cambodia’s National Election Committee, Senate, Ministry of Foreign Affairs, Ministry of Interior, and Ministry of Economy and Finance have all been breached, along with computer systems of foreign diplomats, media institutions and opposition figures, an investigation by FireEye Inc. concluded. “We expect this activity to provide the Chinese government with widespread visibility into Cambodian elections and government operations,” the firm said in a report issued Tuesday. “Additionally, this group is clearly able to run several large-scale intrusions concurrently across a wide range of victim types.”

California: With Russian meddling in mind, California invests $134 million to safeguard election systems | The Sacramento Bee

Alex Padilla says California’s voting system wasn’t compromised by Russia’s attempt to interfere with the 2016 U.S. election. But the issue is in the back of his mind as he looks to safeguard the integrity of the vote. With increased attention to cybersecurity lately, California is making a sizable investment in its election infrastructure. This year’s state budget provides $134 million for counties to modernize voting systems. It also provides $3 million for the creation of the Office of Elections Cybersecurity and the Office of Enterprise Risk Management. Because the budget was signed so recently, there hasn’t been enough time for counties to request funding and have contracts generated. Even so, the budget allows counties that recently bought new systems to request reimbursement.

Media Release: Congressional Briefing on Election Cybersecurity

Washington, D.C. — On Tuesday, July 10, a bipartisan group of leading authorities on election administration and cybersecurity will be on Capitol Hill to present an overview of current election security challenges facing federal and state policymakers. Introduced by Senator James Lankford (R-OK), the panel conversation comes one day ahead of a Senate Rules Committee…

Washington: With Russian hacking fresh in mind, Washington state beefs up elections cybersecurity | The Seattle Times

Exercises that simulate a hacking attempt. Assistance from the U.S. Department of Homeland Security, with higher-level security clearances for top state officials. A Washington National Guard contingent ramping up to go on alert. In years past, you might have mistaken these preparations as defense against a foreign invasion. But in Washington, in 2018, this is what officials are doing to safeguard the state’s elections systems. Roughly a year after Russia’s interference in the 2016 presidential elections, federal officials announced that Russian hackers had targeted the election systems of at least 21 states, including Washington.

Taiwan: Taiwan prepares for spike in Chinese cyber-attacks in lead-up to elections | Taiwan News

Taiwan is preparing for a drastic increase in Chinese cyber-attacks in a bid to influence the result of Taiwan’s municipal and local elections on November 24, 2018 and 2020 presidential election. “We anticipate in the run-up to elections at the end of this year and continuing until the 2020 presidential elections Taiwan will become a global hotspot for cyber attacks and fake news,” said a spokesperson for President Tsai-ing wen (蔡英文), reported the Financial Times of London. Recent months have seen an increase in Chinese-led cyber-attacks against Taiwan, with the most public example being the hacking of the Democratic Progressive Party (DPP) website on July 3. According to a Taiwanese cyber security official, the majority of cyber attacks against Taiwan originate in China, and that China instigates up to 40 million cyber attacks against Taiwan per month.

National: Ahead of midterms, states scrambling to fend off cyberattacks | CSMonitor

With the 2018 midterm elections fast approaching, security experts are warning that the nation’s election infrastructure will once again come under assault by hackers seeking to undermine American democracy. But here’s an underappreciated fact: We’re already under attack. “We average 100,000 scans on our [computer] systems a day,” Missouri’s secretary of state, Jay Ashcroft, told a recent Senate panel examining election security. He was referring to unauthorized probing of the networks. Mr. Ashcroft and other state election officials were asked how often they detect attempts specifically to break into voter-registration and other election-related systems. “Every day,” responded Vermont’s secretary of state, Jim Condos. “We probably receive several thousand scans per day.”

National: DOJ Cyber Task Force expected to release first-ever report in late July | CyberScoop

The Department of Justice’s internal “Cyber-Digital Task Force,” created by Attorney General Jeff Sessions in February, will release its first-ever public report later this month at the Aspen Institute’s annual Security Forum, a department spokesperson told CyberScoop. The report is expected to detail a series of security recommendations that the government should consider to protect future U.S. elections from a myriad of different threats, including foreign hacking attempts. A statement by the DOJ previously explained that the Task Force will “prioritize its study of efforts to interfere with our elections; efforts to interfere with our critical infrastructure; the use of the Internet to spread violent ideologies and to recruit followers; the mass theft of corporate, governmental, and private information; the use of technology to avoid or frustrate law enforcement; and the mass exploitation of computers and other digital devices to attack American citizens and businesses.”

Maryland: IT official out after voter-records snafu | WTOP

Maryland Gov. Larry Hogan said the head of IT for the state’s Motor Vehicle Administration is no longer at the agency following a technical error affecting voter registration records ahead of the June 26 primary. At one point last week, officials said the error — which came to light just days before the primary — may have affected some 80,000 voters who tried to change their addresses or party affiliations online or through an MVA kiosk. Affected voters were informed they would have to cast provisional ballots. When asked during a WTOP interview Tuesday whether anyone should lose his or her job over the error, Hogan replied: “Somebody already has lost their job over it. The person in charge of all IT for the MVA is no longer working there.”

Pennsylvania: Independent commission will probe Pennsylvania voting system | WHYY

Cybersecurity specialists at the University of Pittsburgh have formed an independent panel to study ways to protect Pennsylvania’s voting system from hackers. The Blue Ribbon Commission on Pennsylvania’s Election Security includes experts, reform advocates, and present and former government officials. It met for the first time June 26. David Hickton, a former U.S. attorney and founding director of the Institute for Cyber Law, Policy and Security, co-chairs the panel. In an interview, he said the commission plans to examine the state’s election machinery, its voter rolls, and the system’s resiliency in the event of an attack. Hickton said the Department of Homeland Security has confirmed the state’s voter rolls were compromised by hackers in 2016.

Australia: Typeform Breach Update: TEC, ARM, And UK’s LibDems Also Affected | Hacking News

The Typeform data breach that shook the internet world last week now appears much more shocking and far-reaching then initially speculated. At that time, Typeform did not clearly mention the affected customers. Rather it summed up by saying that it is notifying the affected customers directly. However, the recent reports and repeated confessions about data breach from a number of organizations give us a hint of the Typeform’s victimized clientele. In this Typeform breach update, we report the data breaches faced by various political parties. One of the initial entities that confirmed data breach right after the news about Typeform breach surfaced online, is the Tasmanian Electoral Commission (TEC). After receiving the notification from Typeform, they quickly published a media release about the incident. 

Taiwan: DPP website hacked by Chinese hackers | Taiwan News

The Democratic Progressive Party’s (DPP) official website was attacked by Chinese hackers early Tuesday morning, and the website was replaced with pictures and words reading “Chinese netizens are supporting Tsai Ing-wen to run for re-election” in simplified Chinese characters.  DPP spokesperson Kolas Yotaka said on Tuesday noon that the cyber attack took place between 1:30 a.m. and 2 a.m. July 3, and the party will heighten its cybersecurity after the hack.  A screenshot image showed that the title of the website was changed into a long sentence, which read “We don’t touch your confidential information, it’s not worth it; our next target will be the Kuomintang.”

International: Coalition of former Transatlantic leaders offer chilling election security warning | Washington Times

With more than 20 major elections scheduled in the next two years, governments on both sides of the Atlantic are still not prepared to fend off outside attacks to meddle in campaigns and election counts, an international bipartisan group of political, technology, business and media leaders warned Monday. “Governments are scrambling to prepare for the last disinformation campaign, rather than the next,” the Transatlantic Commission on Election Integrity said in a statement after a meeting in Copenhagen, Denmark. “In the coming years, the proliferation of technology will make it easy for everyone to sow the seeds of confusion and distrust,” the group said. The commission formed in May in the wake of reports that Russia had meddled in the 2016 U.S. presidential election and worked with favored parties in votes across Europe in recent years. U.S. election officials have said they expect Russia to try to interfere in the November midterm and 2020 presidential elections as well.

Florida: Elections supervisors urged to take federal help on security | Tampa Bay Times

Florida election supervisors should take advantage of help from the Department of Homeland Security to make systems more secure, Sens. Marco Rubio and Bill Nelson wrote in a letter Monday. “County election boards should not be expected to stand alone against a hostile foreign government,” the lawmakers said in recommending “a wide range of services” from DHS to strengthen security. “We encourage you in the strongest terms to take advantage of those resources, and to let us know about your experience with DHS and FBI.”

Australia: Tasmanian electoral body caught up in Typeform data breach | ZDNet

The Tasmanian Electoral Commission says an “unknown attacker” has breached a server’s security and downloaded a back-up file containing the names, addresses, emails, and date-of-birth information of electors. The breach occurred through a server of the Barcelona-based company Typeform, whose online forms have been used on the TEC website since 2015 for election services, the commission said in a statement on Saturday. Typeform said the breach was identified on June 27, with the vulnerability closed down within half an hour of detection.

National: You Should Be ‘Significantly Concerned’ There’s No White House Cyber Coordinator, Policy Experts Say | Defense One

How concerned should Americans be about a White House shuffle that removed the cybersecurity coordinator position? Significantly concerned, according to a collection of top cybersecurity policy experts gathered by the Atlantic Council think tank. White House National Security Adviser John Bolton eliminated the cybersecurity coordinator position soon after taking office in May. The elimination was greeted with consternation by many cyber analysts who believed the job, which encompasses government cyber protections, international cyber negotiations and broad U.S. cyber policy, was too complex to be subsumed into broader White House operations.

Maryland: Ballot snafu offers lessons in how to respond to an election hack | The Washington Post

Maryland may be getting a dry run in how to respond to an election cyberattack. State officials say a computer glitch prevented the Board of Elections from updating voter registration data for as many as 80,000 voters. As a result, droves of people will have to cast provisional ballots if they want to vote in Maryland’s primary today. No, it wasn’t the work of hackers. But the technical error simulated what a hack on a state’s voter registration database might look like — and how election administrators might handle it. “Almost everything that a malicious actor might try to do can also happen by accident,” said Lawrence Norden, deputy director of the Brennan Center for Justice’s Democracy Program, which promotes voting rights. The discovery of the flaw offers a valuable lesson for election officials as they work to improve the security of their election systems ahead of the November midterms, which U.S. intelligence chiefs warn are already being targeted by Russian hackers. And the response shows that election administrators are ready to move quickly if something goes awry.

National: States using election security grants for new voting machines that won’t be ready for 2018 | McClatchy

In three Southern states with some of the nation’s most vulnerable election systems, federal grants designed to help thwart cyberattacks may not provide much protection in time for the mid-term elections as Congress intended. The $380 million in grant funding was supposed to help all states bolster their elections security infrastructure ahead of the 2018 elections after the intelligence community had warned that state voting systems could again be targeted by foreign hackers as they were in 2016. States have until 2023 to spend the grant money, said Thomas Hicks, chairman of the Election Assistance Commission, which distributes the grants. But the long procurement process for voting machines makes it hard for states to buy new machines with their grants and get them into service by the 2018 mid-terms, even though “Congress looked at getting this money out quickly to have an effect on the 2018 election,” Hicks said. …  With just over four months remaining until the mid-term elections, at least 40 states and the District of Columbia have requested more than $266 million of the $380 million pot, according to the EAC.

National: We Shouldn’t Be Surprised About Election Hacking in 2018. But Are We Prepared? | InsideSources

On the agenda this summer at one of the largest annual conventions for hackers: a session for kids in attendance on how to break into America’s voting machines. If a preteen computer whiz can crack a voting machine from a hotel in Las Vegas, what might someone more experienced — and less scrupulous — be able to do if they set their sights on the November general election? As we all know, American elections have been targeted before. In 2016, Russia attacked election-related systems in at least 21 states. And reports indicate Moscow has tried to breach other election systems around the world. But while past attacks are certainly reasons for concern, cybersecurity risks exist in every field — they’re part of the world we live in. And the United States has knowledge and resources to mount a defense.

National: Top Tech Companies Met With Intelligence Officials to Discuss Midterms | The New York Times

Eight of the tech industry’s most influential companies, in anticipation of a repeat of the Russian meddling that occurred during the 2016 presidential campaign, met with United States intelligence officials last month to discuss preparations for this year’s midterm elections. The meeting, which took place May 23 at Facebook’s headquarters in Menlo Park, Calif., was also attended by representatives from Amazon, Apple, Google, Microsoft, Oath, Snap and Twitter, according to three attendees of the meeting who spoke on condition of anonymity because of its sensitive nature. The company officials met with Christopher Krebs, an under secretary for the Department of Homeland Security, as well as a representative of the Federal Bureau of Investigation’s newly formed “foreign influence” task force.

Mexico: Cyberattacks in Mexico Raise Alarm Bells Ahead of Sunday’s Election | Bloomberg

Cyber attacks against Mexican financial institutions and reports of alleged election interference around the world are fueling concerns among analysts that the nation’s presidential vote on Sunday may become a target for hackers. While Mexicans will cast their vote July 1 by paper ballot, electronic systems will be used to tally and transmit the results, which the electoral authorities will then release to trusted media outlets. The slightest disruption to the voting process can sow doubt and distrust, said Ron Bushar, vice president of government solutions for cybersecurity services company Mandiant. Tensions are already high in the country given that polls show Mexicans are likely to elect a leftist for the first time in almost five decades. That candidate, Andres Manuel Lopez Obrador, has accused his rivals of fraud and collusion to keep him from winning in the past two presidential elections, while his opponents say that his presidency would be a disaster for Mexico’s economy. Such polarization is fertile ground for cyber criminals.

National: Silence on Russian election meddling frustrates lawmakers | Politico

Robert Mueller and the nation’s top intelligence official say Russia is trying to interfere in the midterm elections — but Republican and Democratic lawmakers say the Trump administration is keeping them in the dark about whether the U.S. is ready. A half-dozen senior House and Senate lawmakers who spoke to POLITICO say they’re hearing only an alarming silence from the administration about what Moscow’s trolls and hackers are up to, less than five months before an election that could undo the Republican lock on Congress and derail President Donald Trump’s agenda.

National: Senate election security bill picks up momentum after stalling | Politico

Things are looking up again for the Secure Elections Act (S. 2261), the legislation on its namesake subject that has the broadest support in the Senate. Lawmakers left it on the cutting room floor as a potential amendment to a defense policy bill earlier this week. But Senate Rules Chairman Roy Blunt said Wednesday at a hearing on election security that it’s “a bill we will take up at some point.” Sen. Amy Klobuchar, one of the chief sponsors of the bill and the top Democrat on the Rules panel, told MC that Blunt informed her it would come up sometime after another election security hearing tentatively scheduled for this month or next.

National: State elections officials stress the importance of paper trails | StateScoop

Having verifiable paper trails for votes has proven to be a useful tactic, officials from three states told senators Wednesday, but they said states still have a long way to go in securing elections. Secretaries of State Steve Simon of Minnesota, Jay Ashcroft of Missouri and Jim Condos of Vermont testified before the Senate Rules and Administration Committee about their security precautions going into this November’s midterm elections, and to lobby for more federal support for upgrading voting equipment and cybersecurity practices. States across the country have been scrambling to batten down how they conduct elections in the wake of intelligence officials’ reports that hackers linked to the Russian government attempted to penetrate the voting systems in 21 states during the 2016 presidential election. But states that are moving toward more paper trails of ballots and stronger security around voter files are going in the right direction, the secretaries of state said. “It’s very hard to hack paper,” Simon said.

National: Officials at Odds Over Real, Perceived Threats to State Voting Systems | Government Technology

Sen. Roy Blunt, R-Mo., said Wednesday that the United States is in “a much better place” than it was in 2016 in defending against cyberattacks on election systems, but a hearing he convened on that threat devolved into fiery exchanges over voter fraud between Democratic senators and Missouri Secretary of State Jay Ashcroft. The Republican Ashcroft set off Sens. Dick Durbin, D-Ill., Tom Udall, D-N.M., and Catherine Cortez Masto, D-Nev., when he declared that election fraud was “exponentially” a bigger threat than attempts to hack U.S. election infrastructures by Russians or any other bad actors.

National: States Seek More Money to Secure Elections After Russian Meddling | Bloomberg

State election officials said they haven’t received as much federal funding as they need to secure their election systems even after U.S. intelligence officials concluded that Russia meddled in the 2016 election and the federal government called on states to step up efforts to prevent hacking. Officials from Minnesota and Vermont asked lawmakers for more money at a hearing Wednesday by the Senate Rules and Administration Committee in Washington. “Our upgrades to equipment and cybersecurity will be an ongoing challenge for many states; the federal funding received will, regrettably, be insufficient to do all we want, or need,” said Vermont Secretary of State Jim Condos, who is president-elect of the National Association of Secretaries of State.

National: $150M in federal funds for election security is already out the door | FCW

The initially turbulent relationship between federal agencies and state and local election officials in the wake of the 2016 election season has cleared to some extent as the groups work together ahead of upcoming elections, federal and state government officials told a Senate panel on election security. States are using up a pool of federal money to bolster their election systems, and the Department of Homeland Security is honing its threat sharing data to better fit the needs of states, the officials said at a June 20 Senate Rules and Administration Committee hearing on election cybersecurity. “As of this week, 38 states have requested $250 million” of the $380 million appropriation in the 2018 omnibus spending bill, panel Chairman Sen. Roy Blunt (R-Mo.) said. He added that $150 million has already been distributed.