National: Senate Intelligence Committee offers election security guidelines | FCW

A May 8 report on election security by the Senate Select Committee on Intelligence calls for paper backups for state voter registration databases, risk assessments for voting machine manufacturers and better sensor technology for state and local election systems. The committee recommended two-factor authentication for state voter registration databases, better sensors around election systems to detect malicious activity, paper backups for state voter registration data and assessments for third-party vendors like voting machine manufacturers to ensure they’re meeting baseline security standards. Cybersecurity experts have long called for states to institute paper records for their voting machines, and the Senate Intel report reiterated that advice, but the recommendation to do the same for state voter registration databases takes on new importance after the committee found activity around as many as six states’ election infrastructure that went beyond mere scanning and targeting of public websites.

National: Lawmakers call for action following revelations that APT28 posed as ISIS online | CyberScoop

The world got a fresh reminder Tuesday of the difficulties associated with assigning blame for hacking – and of the consequences when a case of mistaken identity takes hold. New evidence reinforces the notion that a group dubbed the CyberCaliphate, which sent death threats to the wives of U.S. military personnel in 2015 under the banner of the Islamic State, is actually an infamous Russian-government-linked hacking group accused of meddling in the 2016 U.S. presidential election, the Associated Press reported. Activity from the CyberCaliphate coincided with attempts by the Russian group, known as APT28 or Fancy Bear, to breach the womens’ email accounts, according to the Associated Press. The episode brings to life established links between the CyberCaliphate and APT28 in a way that no cybersecurity research did. The hacking victims were led to believe that jihadists, and not state-backed Russians, were breaching their accounts and leaving threatening messages.

Alaska: Elections Division kept hacking attack secret | Must Read Alaska

It wasn’t until Anchorage Daily News reporter Nat Herz caught wind of irregularities in the 2016 General Election that the Division of Elections admitted its computers had been hacked not once, but twice. The second attack was at 5:37 am on Election Day, 2016. In what could be viewed as a cover-up by the Division of Elections, Election Division Director Josie Bahnke said she didn’t disclose it because the attack had no effect on the outcome of the elections. Emails uncovered by Herz support that assertion but do not explain why no report was made to the public in the year and a half that followed, especially after the September, 2017 notification of Russian intrusion into Alaska’s Election Division data, which had also occurred in 2016.

California: Counties Hardening Defenses Against Vote Hacking | Techwire

In Southern California, home to some of the nation’s most competitive congressional contests, that threat of Russians cyberhacking this year’s midterm elections is being taken seriously. Consider just a few of the many new security protocols being adopted by election officials in the four-county region encompassing Los Angeles, Orange, Riverside and San Bernardino counties. Office emails are being encrypted and networks buttressed. Election employees are randomly being mock phished to see if they’ll fall for simulated online invaders. Federal officials are being invited to inspect and test the region’s many voting systems.

Georgia: Governor vetoes cyber bill that would criminalize “unauthorized access” | Ars Technica

A bill passed by Georgia’s legislature that would have criminalized unauthorized access of computer systems and allowed companies to “hack back” in defense against breaches was vetoed on May 8 by Georgia Governor Nathan Deal. The veto came after many weeks of opposition from information security firms and professionals, as well as major technology companies—including Google and Microsoft executives, who expressed concern that the bill would actually make it more difficult to secure computer systems. Given that Georgia is the home of Fort Gordon, an Army base that serves as home to units of the Army’s Cyber Command and to parts of the National Security Agency, and that Georgia has become home to an increasing number of cybersecurity firms as a result both of the Army/NSA presence and research at Georgia’s universities, Deal realized after feedback from the industry that the bill could have resulted in inadvertent damage.

National: Russia tried to undermine voting process in US, Senate panel reports | CNET

Russia was preparing to wage a campaign to undermine confidence in the US voting process when hackers associated with Russia’s government targeted about 18 state election systems in the months leading up to the 2016 election, the Senate Intelligence Committee has concluded. The hackers attempted to access several state election systems, but the committee said it found no evidence of vote tallies being changed. Some voter registration databases were accessed, though, and the hackers were “in a position to, at a minimum, alter or delete voter registration data,” the committee said in a report released on Tuesday.

National: Russia Tried to Undermine Confidence in Voting Systems, Senators Say | The New York Times

Russia was preparing to undermine confidence in the United States’ voting process when its hackers surveilled around 20 state election systems in the run-up to the 2016 elections, the Senate Intelligence Committee concluded in a brief report released on Tuesday. But the committee said it saw no evidence that the Russians had ultimately changed vote tallies or voter registration information. In a few states, however, Russian hackers were “in a position to, at a minimum, alter or delete voter registration data,” the committee said. “These activities began at least as early as 2014, continued through Election Day 2016, and included traditional information-gathering efforts as well as operations likely aimed at preparing to discredit the integrity of the U.S. voting process and election results,” the senators wrote.

Alaska: Election website was hacked on Election Day in 2016: report | CyberScoop

Hackers reportedly breached election systems in a third state, in addition to the already disclosed incidents involving Arizona and Illinois, during the 2016 campaign cycle. On Election Day 2016, a hacker successfully penetrated a server hosting Alaska’s main election website, the Anchorage Daily News reported on Monday night, citing documents obtained through a public records request. The breach is not connected to the previously reported hacking attempt made by Russia-linked hackers to access Alaska’s primary voter registration database. Alaska was one of 21 states that were previously informed by the Department of Homeland Security of similar Russian probing activity on their election systems. Security experts told ADN that, although the newly reported incident was a successful intrusion, the Alaska Division of Elections’ security measures appear to have prevented the attackers from changing content on the server.

Malaysia: Politicians claim phones hacked; probe shows spam calls from unknown bot attack | The Straits Times

Malaysian politicians on Wednesday (May 9) say their mobile phones have been hacked and are being spammed by calls allegedly originating from the United States. “BN leaders’ handphones have been under technical attack since morning,” said Barisan Nasional (BN) Strategic Communications director Datuk Seri Rahman Dahlan. “Calls from overseas keep coming in every few seconds! To…

Alaska: Hackers broke partway into Alaska’s election system in 2016 | Anchorage Daily News

A hacker gained unauthorized access in 2016 to the server that hosts Alaska’s public elections website, according to documents released by Gov. Bill Walker’s administration. The documents, obtained by the Anchorage Daily News through a public records request, outline an incident that drew the attention of federal law enforcement but had not been publicly revealed by Alaska election officials. The documents show that Alaska’s elections, like other states’ around the country, face threats from hackers seeking to undermine American democratic institutions. But technology experts both inside and outside state government said that no damage was done — and that the attack actually highlights the resilience of Alaska’s multi-layered cyber-defenses.

Georgia: National, Local Legal Eagles Face Off in Electronic Voting Lawsuit | Daily Report

Some big legal guns are squaring off in a federal lawsuit challenging Georgia’s use of all-electronic voting systems. A major national law firm has deployed attorneys to represent plaintiffs in the suit on a pro bono basis, going up against a more locally based defense team that includes Georgia’s former governor. John Carlin, former assistant U.S. attorney general in charge of the National Security Division, and his partner in the Washington, D.C., office of AmLaw 35 national law firm Morrison & Foerster, David Cross, are representing three Georgia voters who claim their fundamental constitutional right to vote is endangered by the systems. On the other side, representing the State Election Board, its members and Secretary of State Brian Kemp are John Frank Salter Jr. and former Gov. Roy Barnes of the Barnes Law Group. Prior to serving as DOJ’s highest-ranking national security lawyer, MoFo’s Carlin served as chief of staff and senior counsel to former FBI director Robert Mueller III. In that role, he helped lead the agency’s evolution to meet growing and changing national security threats, including cyber threats, according to his firm bio.

Iowa: Secretary of State Launches Voting Cybersecurity Working Group | The Gazette

Iowa’s top elections official will form a new working group with the goal of bolstering the cybersecurity around Iowa voting. “With the past presidential election, with the dialogue that came out of that, we’ve had to be much more aggressive (on cybersecurity), but also to share more with you of what we’re doing so the voters have the full confidence in our elections system,” Iowa Secretary of State Paul Pate said during a Friday news conference during a training session for county auditors at the National Czech & Slovak Museum & Library in Cedar Rapids. Concern about the security of the nation’s elections has hit a peak since 2016 due to investigations into Russian attempts to affect the 2016 presidential election.

West Virginia: How West Virginia Is Trying to Build Hacker-Proof Voting | The New York Times

The next election in the Mountaineer State was still weeks away. But 5,000 miles from West Virginia’s capital city, in a suburb northwest of Moscow, someone was already scouting for ways to get into the state’s election computer network this spring. That someone’s IP address, a designation as a “malicious host,” even a tiny Russian flag — it was all there on a computer display in an office just across the Kanawha River from the state’s gold-domed capitol. And he had company. “See, right here, a Canadian IP address is trying to go into online voter registration,” said the West Virginia Air National Guard sergeant who was tracking the would-be intruders, pointing at the screen. “Here’s someone from Great Britain trying to do the same. China is trying to get into the home page — trying to, but they’re getting blocked.”

Tennessee: A cyberattack knocked a Tennessee county’s election website offline during voting | TechCrunch

After a distributed denial-of-service attack knocked some servers offline during a local election in Tennessee this week, Knox County is working with an outside security contractor to investigate the cause. The attack took the Knox County Election Commission site displaying results of the county mayoral primary offline during Tuesday night voting. The county resorted to distributing printed results during the outage. “Tonight, Our web servers suffered a successful denial of service attack,” Knox County wrote on Twitter on Tuesday night. “Election results were not affected, as our election machines are never connected to the Internet.” The day after the incident, Knox County Mayor Tim Burchett reassured voters that the attack did not compromise the vote. Election systems that can go online are far less secure than systems that are not able to connect to the internet.

National: How U.S. Election Officials Are Trying To Head Off The Hackers | Fast Company

U.S. Department of Homeland Security (DHS) officials now say it’s likely that in 2016, Russian hackers at least attempted to break into election systems in all 50 states. So far this year, there’s been no evidence of attempts of hacking election systems before the midterm congressional races, but federal, state, and local officials are still taking steps to keep any intruders at bay. Congress in March appropriated $380 million to help states beef up election security, and the DHS has been working with states to help them test and improve the security of their election systems. “The president has been clear, and the DHS and our interagency partners have been clear: We will not allow any foreign adversary to change the outcome of our elections,” Homeland Security Secretary Kirstjen M. Nielsen said at April’s RSA security conference in San Francisco. Hackers digitally flipping votes is the worst-case scenario, and it’s one that experts take seriously. Thirteen states use at least some voting machines that only record votes electronically with no paper backups, meaning a hack or even a malfunction could mean votes permanently altered or lost.

National: Trump meets with Cabinet officials on election security | The Hill

President Trump met with members of his administration, including leaders of the FBI and Department of Homeland Security, on Thursday to discuss election security, the White House said Friday. The meeting comes amid widespread concerns over the possibility of foreign interference in future elections, including this year’s midterms, following Russia’s hacking and disinformation effort against the 2016 vote. The Russian effort included the targeting of digital state election systems. Trump met Thursday with Attorney General Jeff Sessions, Homeland Security Secretary Kirstjen Nielsen, Director of National Intelligence Dan Coats and FBI Director Christopher Wray to discuss election security, “including enhanced protections against malign foreign influence,” the White House said in a statement early Friday.

Iowa: Secretary of State Launches Cybersecurity Partnership | Iowa Public Radio

The state’s top elections official says the state’s voting systems are buffeted by cyber attacks. Now Iowa’s secretary of state is launching a new partnership to try and insulate the department. According to Secretary of State Paul Pate, Iowa’s elections website and voter databases are hit by hundreds of thousands of threats on a daily basis. He said the majority of attacks are U.S.-based bots trying to steal personal information for financial gain. But so far Iowa’s voting systems have not been compromised, Pate said. “I’ve assured Iowans and I’ll assure them again today that our system is intact, that it has not been hacked. There are no foreign countries manipulating your votes or accessing your voting information,” he said.

Nevada: State takes measures to ensure election security | Las Vegas Review-Journal

Allegations that Russian hacking, fake news and voter fraud influenced the 2016 election have made election security and integrity a paramount national issue. And with early voting for Nevada’s midterm primary kicking off in less than three weeks, that issue hasn’t been lost on election officials. “Voters should absolutely have confidence in the system in place,” said Wayne Thorley, deputy secretary of state for elections in Nevada. “They should have confidence that when they go and cast a ballot that it will be recorded correctly and that their vote counts.”

North Carolina: As a guard against hackers, Wake County will stop using modems to transmit election results | News & Observer

Waiting is agony on election nights for voters eager to see who won, and now people in Wake and a few other counties who are used to speedy reporting of local results are going to have to sit longer in suspense. The State Board of Elections told Wake, Harnett and three small elections offices in western North Carolina to stop using modems to transmit vote totals from their tabulators into the state system after the polls close. In an a atmosphere of heightened election security, modems have been identified as potential hacker targets.

Pennsylvania: Election Cybersecurity Commission Takes Shape | GovTech

A newly formed commission convened to study Pennsylvania’s election cyber­security aims to reduce vulnerability of the state’s polls in time for the next presidential contest. David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty will lead the Blue Ribbon Commission on Pennsylvania’s Election Security. “Every part of our government and every part of what we stand for is premised upon free and fair elections and the public’s belief and confidence in our electoral system,” Hickton said. “Our systems are vulnerable.” … McNulty said the commission will focus attention on the security of the state’s vote and the recommendations could serve as models for other states.

National: From Russia with fear: New Tech is going to make fake news look quaint | Ad Age

If you’re a politically inclined technologist, this is your moment. There have never been more rewarding career opportunities for your wonky, nerdy kind. Unless someone wants to hire you to figure out what to do about Russia. That job would suck, because it seems like nobody has any idea how to do it. The consensus last week at CampaignTech East, a two-day conference in Washington, D.C., put on by the trade publication Campaigns & Elections, was that tech-enabled shenanigans—whether masterminded by Vladimir Putin and friends or other bad hombres—are only going to further infect the U.S. political system. Everybody at CampaignTech seemed wracked by the worst-case scenarios that have happened already and are yet to happen. Half a dozen panels and presentations dealt with the specter explicitly—e.g., “Social Disinformation and Cyber Interference in the 2018 Midterms.” And sessions not directly focused on the threat still had a tendency, at one point or another, to circle back to the topic.

Georgia: Nonprofit Sues Georgia, Seeking to Prevent Voting on All-Electric Systems in November | GovTech

Georgia’s Secretary of State office is facing a lawsuit over its use of an all-electronic voting system with no paper ballot verification backups, one of five states that currently use such a system. The U.S. District Court for the Northern District of Georgia is holding proceedings for Donna Curling v. Brian Kemp. Plaintiff attorney David Cross said his clients are asking the judge for a preliminary injunction to stop Secretary of State Brian Kemp from using Georgia’s current all-electronic voting system in the November elections. The lawsuit stems from the alleged 2016 discovery of cybersecurity vulnerabilities in Georgia’s Direct Recording Equipment (DRE) voting system. The plaintiffs claim that the Secretary of State’s ignored repeated warnings from cybersecurity experts and told them, in essence, to go away, according to a copy of the amended complaint. The complaint asserted that there is an “incompatibility between the functioning of the current electronic voting system and the voters’ right to cast a secret ballot and have that vote accurately counted.”

Editorials: Ahead of the 2020 election, let’s address Pennsylvania’s election security so your vote can count | David Hickton & Paul McNulty/Philadelphia Inquirer

Exercising our right to vote is the purest expression of our faith in democracy. Without a shared sense of trust in the integrity of that vote, we risk becoming a nation dangerously divided against itself. Great vigilance would be in order, then, even if Pennsylvanians could rely on secure, resilient election systems and architecture. The reality, however, is otherwise. Today our state is among the most vulnerable in the country to hacking and cyber attack – a democratic four-alarm blaze just waiting to happen. Pennsylvania’s role as a perennial swing-state brings with it high stakes, close presidential elections, and even closer scrutiny. In 2016, Donald Trump’s margin of victory here – fewer than 70,000 votes – was barely one percent of the nearly six million votes cast statewide. We know that faith in the validity of our elections is a quality much harder to earn than to lose. That’s why, as proud Pennsylvanians who have dedicated our careers to justice, law, and education, we feel strongly that the time is now to address this vulnerability. We must come together as a commonwealth, as communities, and as citizens to make an honest assessment of Pennsylvania’s election security architecture, to diagnose and discuss its strengths and weaknesses, and to plan for a better, more secure future.

Tennessee: Hackers May Be Behind Election Night Website Crash in Tennessee | Bloomberg

The shutdown of a county website in Tennessee — which briefly disrupted the display of election-night results in primary races — is under investigation, and occurred as officials around the country fear cyber attacks in this fall’s midterm elections. A server crashed, shutting down the Knox County website just as polls closed Monday night for local government offices, according to a statement from Knox County Mayor Tim Burchett. The website was down for about an hour before officials restored it. “Although the crash didn’t affect the vote tallies or the integrity of the election, this is not something that should happen,” Burchett said. “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”

Florida: Governor orders hiring of election security consultants | Associated Press

Florida Gov. Rick Scott said Thursday that the state would hire special election security consultants in advance of this year’s critical elections despite state legislators rejecting a similar request earlier this year. Scott and state officials had asked the Florida Legislature to create a cybersecurity unit in the state’s elections office to combat a “growing threat.” The move came after an effort to infiltrate the state’s election systems during the 2016 elections. Legislators did not agree to the request so the Republican governor said the state would hire five employees under contract to assist Florida election officials. State officials said they would use a federal grant to pay for the security consultants.

Tennessee: Officials Are Trying To Get To The Bottom Of An Election Night Cyberattack | HuffPost

Officials in Knox County, Tennessee, are trying to gather more information about a cyberattack that crashed a government website that displayed election results to the public during its primary election for local offices on Tuesday. Dick Moran, the county’s top IT official, believes Knox County was the target of a denial-of-service attack in which actors with both domestic and foreign IP addresses deliberately flooded the county’s servers with traffic to try and crash them. The county website displaying election results went down for about an hour as polls closed on Tuesday. The crash meant that people who went to check election results between 8 and 9 p.m. on election night received an error message, according to the Knoxville News Sentinel. While the website was down, election officials printed out hard copies of the election results and gave them to reporters, WBIR, a local NBC affiliate, reportedKnox County Mayor Tim Burchett (R) said on Wednesday that the crash didn’t impact “vote tallies or the integrity of the election,” but that the county had hired a security firm to investigate the cause of the crash.

Tennessee: Cyberattack crashes Tennessee county’s website on election night | CNET

A local election in Tennessee is dealing with the aftermath of a cyberattack, and the county’s mayor is calling for an investigation. On Tuesday night, as polls were closing for Knox County’s primary races for the mayoral election, the county’s website displaying the results crashed. The page was down for about an hour starting around 8 p.m. before officials were able to restore it, according to the county’s Election Commission. … The primary election continued, with the county announcing that Glenn Jacobs, also known as WWE wrestler Kane, had won the GOP nomination by 17 votes. The attack did not affect votes because the county’s voting machines are not connected online, an election official told WBIR.

Pennsylvania: New University of Pittsburgh commission to focus on 2020 election security | Pittsburgh Tribune

A newly formed commission convened to study Pennsylvania’s election cyber­security aims to reduce vulnerability of the state’s polls in time for the next presidential contest. David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty will lead the Blue Ribbon Commission on Pennsylvania’s Election Security. “Every part of our government and every part of what we stand for is premised upon free and fair elections and the public’s belief and confidence in our electoral system,” Hickton said. “Our systems are vulnerable.” Hickton said there is a sense of urgency in the commission’s work. He said he hopes the commission will wrap up later this year and present its recommendations to policymakers in time to have changes in place for 2020.

Tennessee: Knox County officials investigating election night cyberattack | USA Today

Officials are investigating a cyberattack that crashed the website displaying Knox County election results Tuesday night. Additionally, Knox County Mayor Tim Burchett on Wednesday said he has called for a cyber-security contractor to look into the server crash that shut down the county’s website just as polls closed on election night, according to a news release. … Sword & Shield Enterprise Security, a Knox County-based IT security firm, will conduct a root-cause analysis to determine the exact nature of the County server’s shut down, beginning today, the release said. IT Director Richard “Dick” Moran wrote that a preliminary review “noted that extremely heavy and abnormal network traffic was originating from numerous IP addresses associated with numerous geographic locations, both internal and external to this country. Based on my experience, this was highly suggestive of a (denial of service) attack.

Tennessee: Cyberattack crashes Knox County election website | Knox News

The Knox County website that displays election results crashed on election night due to “deliberate” and “widespread” cyberattack, officials said. Officials described the cyberattack as a distributed denial-of-service attack, which is an attempt to disable an online service by overloading it with computer traffic that comes — or appears to come — from many sources. The cyberattack had no effect on vote tallies. It only prevented officials from displaying election results to the public through the Knox County Election Commission’s website, according to Richard Moran, the IT director for the county.