Iowa: Campaign texts voters with wrong polling places | The Des Moines Register

Iowa’s top election official said a campaign appeared to be responsible for texting voters incorrect information about polling places. But Secretary of State Paul Pate wouldn’t identify the campaign, telling reporters Tuesday afternoon there seemed to be “nothing malicious” about the text messages. Voters reported the texts to auditors in Black Hawk, Johnson, Linn, Polk and Winneshiek counties, Pate said. He was unsure how many voters received them. The text messages were sent from a toll-free number, which could not be independently tracked to its source. “I think it’s under control,” Pate said, adding that he wouldn’t comment further until the details were verified.

New York: Protecting against a hack attack this election | WBFO

With the elections season heating up, there is increasing attention to making sure someone with bad intent cannot interfere with the vast computer systems behind the vote. The country is filled with different election systems. Some are completely computerized, others not and a lot in between. Erie County has voting machines that scan paper ballots and deliver a count when the polls close. However, those paper ballots are still available if there is a recount. New York is conducting a series of cybersecurity drills through mid-June to test how vulnerable the state’s election system is to hacking. The exercises will simulate scenarios in which a hostile group seeks to tamper with voting systems, change election tallies or otherwise undermine voter confidence. The events are meant to help officials identify problems with election security before they can be exploited.

Canada: 2019 federal election a likely target for Russian meddlers, Comey warns | The Canadian Press

Canada — like any number of democracies around the world — needs to be concerned about the threat of Russian interference in its elections, says former FBI director James Comey. Any country that shares liberal, democratic and western values should be worried, considering how much of a threat those values are considered by Russian President Vladimir Putin, one of the world’s most famous former investigators told an Ottawa audience Tuesday. Comey headed up the controversial investigation into Russian meddling in the 2016 U.S. election before he was unceremoniously fired last May by U.S. President Donald Trump.

National: Are Tuesday’s primaries safe from hackers? A state-by-state election security breakdown | The Washington Post

Tomorrow is a big test for election security coast to coast, as eight states including California hold primaries in one of the most consequential voting days since the presidential election. It’s the largest block of states to do so before the November midterms, and election officials hope they have the right safeguards in place to stave off the kinds of cyberattacks that occurred in 2016. That year, Russian hackers targeted election systems in 21 states. “We’ve done everything that we could think of doing — not to just assess what happened in 2016 but to fortify our defenses,” California Secretary of State Alex Padilla told me.  “Cybersecurity concerns are equally top-of-mind in the primary as they are in November,” he said. “We’re not considered a swing state, but we’re still California and from a security standpoint a high-value target, so we’re taking it very seriously, to protect our election process and the integrity of elections.”

National: Intel officials warn of Russian cyberattacks as 7 states set to hold primaries | Washington Times

Candidates won’t be the only ones sweating the vote as California and six other states hold primaries Tuesday, as election security officials say they are bracing to see how their systems hold up against an expected wave of cyberattacks. U.S. intelligence agencies say Russian hackers tried to disrupt both the campaign and vote-counting in 2016 and that they fully expect another wave of online attacks this year. Hackers last month sabotaged an online debate among congressional candidates by streaming gay pornography. Federal officials say Russian hackers targeted election systems in 21 states two years ago, although no evidence surfaced that any result was corrupted by the incursions. Tuesday’s primaries will be the largest single block of states voting on one day ahead of November’s fiercely contested midterm elections and the largest election day since November 2016.

National: Bill Clinton: US should return to paper voting to stop election hacks | Business Insider

All US states should return to a paper ballot system because they were at too much risk from cyberterrorism, former President Bill Clinton has said. While it isn’t yet clear how much of the 2016 presidential election was compromised by cyberattacks, all US citizens should return to pen and paper to vote for now, the 42nd president told the BBC on Monday. “Until we get this straightened out, every state should go to some sort of paper ballot system,” Clinton said. He specifically cited Virginia’s decision last year to return to a paper ballot system, in which manual votes are counted and processed by electronic scanners.

National: New cybersecurity funding won’t make U.S. election technology less vulnerable | Axios

The recent $380 million of federal funding to replace paperless voting machinery and improve cybersecurity is desperately needed, but it is unlikely to ensure the long-term cybersecurity of U.S. election technology. The big picture: At best, the one-time spending will provide a catalyst for election organizations to gain basic cybersecurity competence. At worst, though, the money will be spent on discretionary purchases (e.g., digital pollbooks or new PC hardware) that only appear helpful and that, without proper security-centric integration, may increase the systems’ exposure to attacks.

National: Trump’s lack of cyber leader may make U.S. vulnerable | Politico

The absence of senior cybersecurity leaders in President Donald Trump’s administration may be leaving the United States more vulnerable to digital warfare and less prepared for attacks on election systems, according to lawmakers and experts worried about White House brain drain under national security adviser John Bolton. Both Republicans and Democrats are expressing concern that the White House is rudderless on cybersecurity at a time when hostile nations’ hackers are moving aggressively, inspiring fears about disruptive attacks on local governments, power plants, hospitals and other critical systems. POLITICO spoke with nearly two dozen cyber experts, lawmakers and former officials from the White House, the intelligence community and the departments of Justice, Homeland Security, Defense and State about Bolton’s decisions to oust the White House’s homeland security adviser and eliminate its cyber coordinator position. The overwhelming consensus is that Bolton’s moves are a major step backward for the increasingly critical and still-evolving world of cyber policy.

California: Election Officials Enlist Data Scientists in Election Monitoring Bid | Bloomberg

Southern California officials are turning to data scientists for help spotting suspicious trends as voters head to the polls in primaries on Tuesday and cyber experts warn that Russia will seek to meddle in this year’s midterm elections. As part of a pilot project, the Orange County Registrar of Voters is shipping some of its data to researchers at the California Institute of Technology through a secure pipeline. They’re developing analytic tools that could help election officials review voting data for irregularities. California is one of eight states holding primaries Tuesday and Orange County alone has nearly 1.5 million registered voters. The aim of the California project is to help local officials pinpoint any “anomalies” in their data, providing “metric-based evaluations” on the integrity of elections, according to Michael Alvarez, a Caltech political science professor. The Caltech team will post its data analysis on an online dashboard.

Florida: After two months, Florida’s election security money is approved in one day | Tampa Bay Times

Well, that was fast. It took Gov. Rick Scott’s administration two months to formally apply for $19.2 million in election security money. It took the feds one day to approve the request. The U.S. Election Assistance Commission on Monday released a letter it sent to Sen. Marco Rubio that said the EAC “has reviewed Florida’s disbursement request and approved the request in one working day. We expect funds will be in Florida’s account this week.” … The money will be divided among the state and all 67 counties to improve security procedures to help detect threats to voting systems, such as the attempted phishing emails in at least five counties in 2016 that a federal agency said was the work of Russian hackers.

Media Release: Toolkit Advises Advocates and Election Officials on How to Secure the Nation’s Voting Machines

A joint project from Verified Voting, the Brennan Center, Common Cause and the National Election Defense Coalition suggests ways states can use Congressional election security funds. Download the toolkit as a PDF. For additional media inquires, please contact aurora@newheightscommunications.com. A new toolkit designed for advocates and election officials offers suggestions for best practices for conducting…

National: Here’s the Email Russian Hackers Used to Try to Break Into State Voting Systems | The Intercept

Just days the 2016 presidential election, hackers identified by the National Security Agency as working for Russia attempted to breach American voting systems. Among their specific targets were the computers of state voting officials, which they had hoped to compromise with malware-laden emails, according to an intelligence report published previously by The Intercept. Now we know what those emails looked like. An image of the malicious email, provided to The Intercept in response to a public records request in North Carolina, reveals precisely how hackers, who the NSA believed were working for Russian military intelligence, impersonated a Florida-based e-voting vendor and attempted to trick its customers into opening malware-packed Microsoft Word files.

National: New website is Russian op designed to sway U.S. voters, experts say | McClatchy

A new Russian influence operation has surfaced that mirrors some of the activity of an internet firm that the FBI says was deeply involved in efforts to sway the 2016 U.S. elections, a cybersecurity firm says. A website called usareally.com appeared on the internet May 17 and called on Americans to rally in front of the White House June 14 to celebrate President Donald Trump’s birthday, which is also Flag Day. FireEye, a Milpitas, Calif., cybersecurity company, said Thursday that USA Really is a Russian-operated website that carries content designed to foment racial division, harden feelings over immigration, gun control and police brutality, and undermine social cohesion. The website’s operators once worked out of the same office building in St. Petersburg, Russia, where the Kremlin-linked Internet Research Agency had its headquarters, said Lee Foster, manager of information operations analysis for FireEye iSIGHT Intelligence.

National: FBI’s Aristedes Mahairas: These nations pose biggest cyber risk to US | Business Insider

An FBI agent has mapped out the nation states that pose the biggest cyber threat to the US. Business Insider spoke to Aristedes Mahairas, a special agent in charge of the New York FBI’s Special Operations/Cyber Division, about the cybersecurity landscape in America. He said the US is always alive to threats from cyber criminals, cyber terrorists, and renegade hacktivists, but nation states are at the “very top” of the threat list. Mahairas said there has been a “significant increase in state-sponsored computer intrusions” over the past 12 years as it has become a potent way of unsettling an adversary alongside traditional espionage.

Editorials: The Russians are coming for our elections, and Florida is still not ready to fight back | Miami Herald

The Russians are ready for the midterm elections. Are we? The August primaries loom, with the general election in November soon after. But the state is getting a late start in protecting its voting system from tampering. Though county elections supervisors across the state have been persistent in their pleas for state help, too many state leaders, from lawmakers to the secretary of state, either dragged their feet in, or rejected outright, taking steps to assure Floridians that they can vote with confidence and that the integrity of the election process is paramount. To his credit, Gov. Rick Scott has stepped up, demanding that the state request the $19.2 million in federal funds available to harden the state’s voting system. Congress included $380 million in its 2018 budget bill for the U.S. Election Assistance Commission to distribute to the states. President Trump signed the budget bill in March. Scott rightly overruled Secretary of State Ken Detzner and his oblivious announcement last month that Florida would not seek those much-needed funds.

New Jersey: State should adopt paper-based voting machines, experts say | NorthJersey.com

It was a discomforting moment last week when a Princeton University computer science professor, in a series of PowerPoint slides, showed lawmakers how he had hacked the type of electronic voting machine most New Jersey counties use to conduct their elections. More jarring still, the professor, Andrew W. Appel, explained that if he manipulated a machine actually in use, election officials would be hard-pressed to detect it because the devices don’t leave a paper trail that can be checked against the electronic tally. “They’re a fatally flawed technology,” said Appel, who was previously involved in a lawsuit that sought to end the use of the machines. “Pretty much everyone knows this now.”

National: Ahead of November election, old voting machines stir concerns among U.S. officials | Reuters

U.S. election officials responsible for managing more than a dozen close races this November share a fear: Outdated voting machines in their districts could undermine confidence in election results that will determine which party controls the U.S. Congress. In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned, according to a Reuters analysis of data from six states and the Verified Voting Foundation, a non-political group concerned about verifiable elections. These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows. While something could go wrong in any of those districts, it is in the close elections where a miscount or a perception of a miscount matters most.

National: State Websites Are Hackable — And That Could Compromise Election Security | FiveThirtyEight

Not every election hack is a blockbuster — but even small-scale attacks on states’ cyber infrastructure have the potential for catastrophic effects. After receiving a tip from a small cyber firm called Appsecuri, FiveThirtyEight has confirmed that two states, Alabama and Nevada, had vulnerabilities that left them open to potential compromises of their state web presences. Earlier this month, Appsecuri approached FiveThirtyEight and said it found potential flaws on several states’ websites that would allow for information to be tampered with. It provided a number of vulnerabilities to FiveThirtyEight; FiveThirtyEight is only reporting those it could verify with the states affected.

National: State Election Systems Increasingly at Risk for Cyberattacks, FireEye Says | Bloomberg

U.S. election systems are increasingly at risk for cyberattacks ahead of the November midterms as Russia continues information operations to sow political division, according to cyber firm FireEye Inc. State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyber espionage actors, the Milpitas, California-based company said in a report Thursday, outlining risks to voter registration, polling places and ballot submission systems. Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,’’ the report said.

Florida: Elections supervisors speak out on security | WJHG

Following a meeting with U.S. Senator Marco Rubio, who has called elections supervisors “overconfident”, Florida election officials say they have security in place to prevent foreign actors from tampering with this year’s election. In 2016, suspected Russian hackers got into a Tallahassee company. It provides support to the majority of the state’s elections supervisors. At least five suspicious emails were intercepted before they were opened in county supervisor’s offices. Mark Early was one of the supervisors meeting with U.S. Senator Marco Rubio, “We don’t think we want a repeat of 2016 where there was information out there that could have been helpful to us, but we can’t get our hands on that data to make good decisions on how to handle any threats we may not know about, so we are doing our best,” said the 32-year veteran elections official. Supervisor told Rubio they were prepared.

Michigan: New election equipment and systems more secure in 2018 | Daily Tribune

Secretary of State Ruth Johnson said new election equipment and millions of dollars worth of federal election security grants will help to further protect the state’s elections systems this fall. With the statewide primary election being held in August, residents should be aware that for the first time in 12 years, every voter will be using new election equipment designed with added security measures including optical-scan ballot tabulators, accessible features for voters with disabilities as well as upgraded election-management and reporting software. In Oakland County, voters will be using election equipment supplied by Hart Intercivic, a Texas-based company that signed a 10-year contract with the county and 10 other counties around the state in 2017.

International: State-sponsored cyber attacks deserve tougher responses: ASPI report | ZDNet

“If cyberattacks really pose a significant threat, governments need to start thinking of them like they think of other incidents in the physical world,” says a new policy paper from the Australian Strategic Policy Institute (ASPI). “It is telling that Prime Minister Theresa May made public attribution of the Salisbury poisonings in a matter of days and followed up with consequences shortly thereafter. Her decisive action also helped galvanise an international coalition in a very short time frame,” it says. “Obviously that was a serious matter that required a speedy response, but the speed was also possible because government leaders are more used to dealing with physical world incidents. They still don’t understand the impact or importance of cyber events or have established processes to deal with them.” The paper, titled Deterrence in cyberspace, was released on Friday. The author is Chris Painter, formerly the world’s first top cyber diplomat at the US State Department, now a Commissioner on the Global Commission for the Stability of Cyberspace (GCSC), and distinguished non-resident fellow at ASPI’s International Cyber Policy Centre (ICPC).

Florida: Florida asks EAC for $19M in new election security money | Tampa Bay Times

Florida formally asked the federal government Wednesday for $19 million in election security money, one week after Gov. Rick Scott directed the state’s top election official to request it and two months after the feds announced the money was available. Secretary of State Ken Detzner signed the letter that went to Washington. The Department of State released a three-page letter that made Florida the 17th state to apply for its share of a $380 million pot of money included in a spending bill that President Donald J. Trump signed two months ago.

New York: Officials launches drills to thwart election hacking | Reuters

Federal and New York state officials say they will hold drills in the weeks leading up to primary elections for the U.S. House and Senate to prevent hacking and other cyber threats to voting systems, officials said on Wednesday. The exercises, which will begin in Albany on Thursday, come amid heightened scrutiny of the nation’s voting systems following Russian hacking in the 2016 U.S. presidential election. “The people of New York deserve an open, transparent election process they can trust, and these exercises are an integral part of restoring voter confidence and the integrity of our election infrastructure,” Governor Andrew Cuomo said in a statement.

Editorials: Florida should fight harder against cyber attacks on voting system | Tampa Bay Times

Less than three months from the primary election, it is entirely unclear whether Florida is adequately prepared to fend off any cyber attacks that could compromise the results. Sen. Marco Rubio has his doubts, the state has yet to receive millions in federal dollars to improve security and county elections supervisors acknowledge they are scared. With the federal investigation continuing into Russia’s meddling in the 2016 presidential election, Gov. Rick Scott and state officials should accelerate efforts this summer to ensure voters can have confidence in the integrity of this year’s election. The state’s track record so far is not encouraging. The Legislature failed to approve money for the five cyber security experts Scott wanted to hire even though the Times/Herald Tallahassee Bureau reported last year that five Florida counties were targeted in unsuccessful Russian attacks in 2016. Counties are still buying and installing sensors that can monitor and detect — but not stop — electronic attacks with $1.9 million in federal money sent by the state. And just last week, Scott overruled the state’s top elections official and declared the state will belatedly seek another $19 million in federal money to help counties further secure election systems.

National: First Line of Defense in U.S. Elections Has Critical Weaknesses | Bloomberg

A software sensor with a knack for detecting intrusions like those from Russian hackers is being embraced by U.S. states determined to protect their election systems, though cybersecurity experts warn of the tool’s limits. The Department of Homeland Security is working with a growing number of state election officials to install “Albert sensors,” which detect traffic coming into and out of a computer network. The system can’t block a suspected attack, but it funnels suspicious information to a federal-state information-sharing center near Albany, New York, that’s intended to help identify malign behavior and alert states quickly. “Every sensor we’re able to add is another in what was previously a dark spot” that federal authorities “couldn’t see into,” said Brian Calkin, vice president of operations for the Multi-State Information Sharing and Analysis Center, the Homeland Security-funded group that created the sensor in 2010 and upgraded it in 2014.

International: Cyber-stability wonks add election-ware to ‘civilised nations won’t hack this’ standard | The Register

The Global Commission on the Stability of Cyberspace (GCSC) has called for an end to cyber-attacks on electoral infrastructure. The GCSC works to develop “norms” of behaviour it hopes governments and others will adopt in order to leave internet infrastructure untouched during conflict. The body believes that as the internet is now critical to civil society, international agreements should protect its operation so that bystanders to conflicts aren’t harmed by disruptions to online services. Microsoft, the Internet Society and the governments of The Netherlands, France and Singapore have all funded the group. The Commission met last week and resolved that “State and non-state actors should not pursue, support or allow cyber operations intended to disrupt the technical infrastructure essential to elections, referenda or plebiscites.”

National: F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware | The New York Times

Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies. The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.

National: Election officials need more than just paper-based ballots to secure votes | StateScoop

Many experts on election security say the key to more secure ballots is to move away from electronic voting machines toward models that produce paper records of votes. But it takes more than just that, a former federal cybersecurity strategist said Wednesday at a conference for city and county officials. Mike Garcia, now a consultant with the Center for Internet Security, told the group of about 40 that attempts to undermine the U.S. electoral process are going to target more than just ballot boxes. “Voting machines aren’t the only place you can undermine the election process,” Garcia said at the Public Technology Institute event in Washington. “Adversaries are going to find weaknesses anywhere.”

National: The FBI is trying to thwart a massive Russia-linked hacking campaign | The Washington Post

U.S. law enforcement is trying to seize control of a network of hundreds of thousands of wireless routers and other devices infected by malicious software and under the control of a Russian hacking group that typically targets government, military and security organizations. In a statement issued late Wednesday, the Justice Department said the FBI had received a court order to seize a domain at the core of the massive botnet, which would allow the government to protect victims by redirecting the malware to an FBI-controlled server. The DOJ attributed the hacking campaign to the group known as Sofacy, also known as Fancy Bear. While the statement did not explicitly name Russia, Fancy Bear is the Russian military-linked group that breached the Democratic National Committee in the presidential election.