Canada: Federal act would make hacking to interfere with elections a crime | IT World Canada News

Ottawa will make it clear that hacking into a computer during a federal election period is a criminal offence, foreign states will be forbidden from buying advertising during a federal election period and federal political parties will have to create a policy for protecting personal information in their databases if proposed changes to the Elections Act are approved. These are part of a broad piece of legislation updating the laws overseeing federal elections introduced Monday by the Liberals. They hope to have it passed in time for the scheduled October 2019 vote. The proposals in Bill C-76, called the Election Modernization Act, come amidst a U.S. indictment alleging Russia attempted to interfere in the 2016 U.S. election, and a NATO researcher who says Canada should assume Russia will attempt to interfere in the 2019 federal election. In 2017 the Communications Security Establishment (CSE), Canada’s electronic spy agency which is also responsible for securing government networks, warned in a report that it is “highly probable” cyber activity against democratic processes in other countries will be seen here. 

India: Cyber experts say ‘playground open’ for influencing elections | ET CIO

With the Karnataka Assembly elections round the corner, the cyber experts have said that it is quite possible to influence elections in India. Talking to ANI, cyber expert Sunil Abraham did not rule out the possibility of influencing the voters as India does not have data protection law in place. He said under the provisions provided by 43 (A) of Indian IT Act, two types of data collection are completely legal: first, the data shared by the user in the public domain and secondly, the data published by the social platforms, like Facebook and Twitter, which was shared by the user for his/her friends. “Both these types of data are not considered sensitive personal data. Under Indian law, if they are collecting your biometrics, passwords and health information only then they need your consent,” Abraham told in an exclusive interview.

Washington: National Guard to tighten election security in Washington | KING5

Cybersecurity experts with the Washington National Guard are teaming up with state election officials to tighten election security in Washington for the 2018 midterms. Other states across the country are forming similar partnerships with National Guard units. However, Washington’s National Guard has long been recognized as a leader in cybersecurity. “You have a number of guard members who are Microsoft employees and Google employees, so they have been on the forefront of cybersecurity planning,” said Secretary of State Kim Wyman. Wyman says she will meet with Washington National Guard leaders in coming weeks to discuss their exact role in the state’s larger effort to secure elections systems. The nation’s Intelligence Chiefs warned earlier this year that Russia is expected to try and meddle in the 2018 midterms after vulnerabilities were exposed in 2016.

Australia: Electoral Commission strengthens defences against foreign hacking | AFR

The Australian Electoral Commission wants a stress test of ageing IT infrastructure completed ahead of the next election, part of international efforts to protect against foreign hacking such as Russia’s interference in the 2016 US presidential vote. Electoral Commissioner Tom Rogers has conceded authorities in Australia and New Zealand remain “nervous” about the risk of domestic or overseas hacking and disruption to “front-facing services” including the online enrolment system, postal vote application system and virtual tally room. The Council of Australian Governments has ordered health checks of electoral systems, with intelligence organisations including the Australian Signals Directorate and the Australian Cyber Security Centre co-operating with the AEC ahead of a possible federal election in late 2018 or early 2019.

Canada: Elections Canada braces for cyberrisks as new voter-registration technology is prepared for 2019 election | The Globe and Mail

Elections Canada is working closely with Canadian security officials to address the “real risks” of potential hacking as the agency prepares to roll out new electronic voter-registration technology for the 2019 federal election. Elections Canada has secured commitments from its outside contractor that the Apple iPads deployed at some advance polls will have never been used − and will never be used in the future − in countries outside of Canada’s “Five Eyes” security partners. Internal documents reveal the sensitive discussions taking place inside Elections Canada as it prepares for an election campaign in an era when countries around the world are grappling with allegations of foreign interference and hacking in the democratic process.

National: DHS cyber official calls election security a priority; GAO report says agency’s risk mitigation efforts fall short | SC Magazine

The Department of Homeland Security’s chief cybersecurity official Jeanette Manfra testified in a Congressional committee hearing yesterday that her agency is “doing everything that we can” to protect the nation’s electoral infrastructure, including prioritizing any state’s request for a voting system risk assessment. But while DHS has made important strides in developing programs and measures for mitigating cybersecurity risks that threaten federal operations and critical infrastructure, the agency is still falling short of recommendations issued two years ago by the U.S. Government Accountability Office, according to a new report issued as written testimony from Gregory Wilshusen, GAO’s director of information security issues.

Editorials: America is still unprepared for a Russian attack on our elections | The Washington Post

As this year’s midterm elections approach, the country is still unprepared for another Russian attack on the vote, and President Trump continues to send mixed signals — at best — about what he would do if the Kremlin launched an even more aggressive interference campaign than the one that roiled the 2016 presidential race. In last month’s omnibus spending bill, Congress set aside more than $300 million for states to invest in hardening their election infrastructure. They have a lot to do. New York University’s Brennan Center for Justice, which tracks election technology and procedures nationwide, reports that most states are using electronic voting machines that are at least a decade old, many running antiquated software that may not be regularly updated for new security threats. Though most states recognize that they must replace obsolete machines, not much has changed since 2016.

Georgia: Group appointed to seek replacing Georgia’s electronic voting machines | Atlanta Journal-Constitution

Georgia Secretary of State Brian Kemp on Monday appointed an 18-member group of election officials, state legislators, political party representatives and voting experts to recommend the state’s next election system.
The group, called the Secure, Accessible & Fair Elections (SAFE) Commission, will hold public meetings across Georgia and review options for the state’s voting system, including hand-marked paper ballots and electronic machines with a voter-verified paper trail. Kemp announced earlier this month he was forming the study group to evaluate options to replace the state’s electronic voting machines, which don’t leave an independent paper backup that could be checked for accuracy of election results. He created the group after the Georgia General Assembly failed to pass legislation to move the state to a new voting system.

National: Senator presses DHS on scope of Russian voting hacks | FCW

A Department of Homeland Security official acknowledged that more than 21 states could have been targeted by Russian hackers prior to the 2016 election and told lawmakers the department hasn’t seen any similar activity in the lead-up to the 2018 mid-terms. In an April 24 Senate Homeland Security and Governmental Affairs Committee hearing, Jeanette Manfra, assistant secretary for the office of cybersecurity and communications, fended off questions about whether the department had “misled” Congress and the American public about how many states had been targeted by Russian hackers in the lead-up to the 2016 presidential elections. The department has consistently pegged the number of states affected at 21, but Sen. Claire McCaskill (D-Mo.) pointed out that number reflects only the number of states that had sensors or tools in place to capture the scanning activity. Manfra largely agreed with that interpretation.

National: America vs the hackers: inside a cyber-security bootcamp | Financial Times

It is a war game with a twist. Instead of army officers, election officials are in charge. Instead of battling against an enemy armed with missiles, defences are choreographed against hackers hidden behind foreign computers. With the US midterm elections fast approaching, more than 160 election officials from across the country have just months to learn how to defend democracy. These public servants have centuries of experience between them, managing polling stations and vote counts across 38 states. They are experts in dealing with foul weather, irate voters and fights between rival candidates. But none ever expected to be on the front line in a battle against Russian hackers. Today’s responsibilities include patching up vulnerabilities in voting machines, preventing tampering with electronic records and stalling the spread of disinformation through social media.

National: Open letter urges states to spend election security funds wisely | Cyberscoop

Download the letter )pdf)

As states start receiving their slice of a new federal fund to enhance the administration of elections, an ensemble of election security advocates is calling on the officials to spend that money on things like replacing paperless machines and improving network security. Signatories of an open letter to election officials in all 50 states include subject matter experts from think tanks and universities, former state election officials and former federal government officials. State and local election officials have been deliberating over how to make the best use of a $380 million election improvement fund that Congress included in an omnibus spending bill last month.

National: Experts: Switch Off Wi-Fi and Ditch Paperless Voting Machines | Infosecurity Magazine

A bipartisan group of former state election specialists, intelligence officials and voting experts have urged local state officials to ditch paperless voting machines as part of a $380m security overhaul. The funds were released by Congress to help states upgrade their election systems in the wake of Russian cyber-attacks ahead of the 2016 presidential election. The Department of Homeland Security (DHS) claimed last year that a total of 21 state systems were targeted by Kremlin hackers ahead of the election. Although actual compromises were confined to a small number of states, there are fears that the hackers will use the intelligence they gained to potentially cause greater disruption next time around.

National: Senate panel to examine Trump officials’ election security efforts | The Hill

The Senate Homeland Security Committee will meet Tuesday to examine the federal government’s cyber mission, focusing in part on work to secure election systems from cyberattacks, according to opening remarks from Chairman Ron Johnson (R-Wis.). Lawmakers will have the opportunity to question a top cyber official at the Department of Homeland Security who is leading efforts to provide cyber vulnerability scans of election systems and other services to states that request them. “The midterm elections are fast approaching, and I am glad to see the Administration and DHS working diligently to engage with the states, election agencies, and election service providers,” Johnson will say, according to a copy of his planned remarks obtained by The Hill.

Editorials: Cybersecurity woes in U.S. midterm elections | Mary Scott Nabers/Born2Invest

The voting environment in America has been forever changed. That’s because the significant vulnerability of the country’s election systems and the fear of election “interference” by foreign or domestic operatives are genuine. With midterm elections only seven months away, this situation weighs heavily on the minds of both candidates and public officials responsible for ensuring secure and accurate election results. While hacking of American voting systems is a relatively new challenge, technical problems caused by the advanced age of most voting machines are not new. Technology in recent years set the bar for improved voting efficiency by replacing paper ballot systems with electronic voting machines. But the new technology, which does not leave a paper trail, tends to fall short when it comes to security, accuracy and attacks by hackers. Too many voting machines currently in use have not been replaced or updated in more than a decade, and a high percentage have exceeded their life expectancy.

Louisiana: State officials deny assessment, say they are working to prevent voting interference | The Louisiana Weekly

The Institute for Southern Studies compiled research on states’ election security and concluded that many states, including Louisiana, urgently need to improve. The recommendation follows months of research on the part of federal and state lawmakers as well as voting security experts, who began assessing the vulnerability of election procedures after Department of Homeland Security officials notified 21 states that Russian hackers had attempted to infiltrate their election systems during the 2016 presidential election. In Illinois, hackers successfully accessed voter registration information for tens of thousands of voters. … The Institute’s index includes extensive research from the Center for American Progress, which gave Louisiana a “D” grade for its voting security in an election security report released in February 2018, based in part on the state’s continued use of paperless electronic voting machines. Election security experts recommend that states use machines that create ballots as votes are cast, which can be counted in a post-election audit to detect potential manipulation of votes.

Pennsylvania: Expert: Pennsylvania ‘would get an F’ on voting machine security | The Intelligencer

Computer security expert J. Alex Halderman has seen just how vulnerable many of the nation’s voting machines are to sabotage. Pennsylvania is among the most susceptible. A decade ago, he was part of the first academic team to conduct a comprehensive security analysis of direct-recording electronic (DRE) voting machines, which are widely used throughout the state, including Bucks County. “What we found was disturbing,” Halderman said in a June 2017 Senate Intelligence Committee hearing. “We could reprogram the machine to invisibly cause any candidate to win. We also created malicious software — vote-stealing code — that could spread from machine-to-machine like a computer virus, and silently change the election outcome.” A Bucks County native and professor and director of the Center for Computer Security and Society at the University of Michigan, Halderman said cybersecurity is critical in the fight to protect American elections, “the bedrock of our democracy.”

National: Senators chart path forward on election security bill | The Hill

Senators are working to again revise legislation designed to help guard digital voting infrastructure from cyberattacks after meeting with state officials. Sen. James Lankford (R-Okla.) told The Hill that he expects to work out the final details of the bill within “weeks,” after state election officials expressed some remaining concerns with the current version. Lankford and a slate of bipartisan co-sponsors originally introduced the legislation, called the Secure Elections Act, last December, months after the Department of Homeland Security acknowledged that Russian hackers tried to break into voting systems in 21 states as part of a broader effort to interfere in the 2016 presidential election.

Pennsylvania: Robert Torres: Its time to bring Pennsylvania’s voting machines up to modern, secure standards | The Morning Call

Imagine depending on a 12-year-old cellphone or a 15-year-old computer. No one would fault you for seeking to replace that outdated equipment with newer, technologically superior models. Many counties in the commonwealth own voting systems that old or even older. Fortunately, voting machines remain reliable longer than cellphones and laptops. Also, Pennsylvania employs a host of measures — such as comprehensive monitoring and network isolation — to maintain their security. With the cooperation of law enforcement and cybersecurity partners, we know our elections will be run in a safe, secure way this year. But as our voting machines approach the end of their usable life, we must think and plan ahead now. We are constantly reminded that worldwide cybersecurity threats are growing and hackers have become increasingly sophisticated. Modernizing Pennsylvania’s election infrastructure is the responsible thing to do so our citizens can feel confident that their votes are accurately and securely recorded.

National: America Continues to Ignore the Risks of Election Hacking | The New Yorker

Last month, when Congress authorized three hundred and eighty million dollars to help states protect their voting systems from hacking, it was a public acknowledgement that, seven months out from the midterm elections, those systems remain vulnerable to attack. America’s voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress’s three hundred and eighty million dollars, was itself hacked. The stolen data—log-in credentials of E.A.C. staff members—were discovered, by chance, by employees of the cybersecurity firm Recorded Future, whose computers one night happened upon an informal auction of the stolen passwords. “This guy—we randomly called him Rasputin—was in a high-profile forum in the darkest of the darkest of the darkest corner of the dark Web, where hackers and reverse engineers, ninety-nine per cent of them Russian, hang out,” Christopher Ahlberg, the C.E.O. of Recorded Future, told me. “There was someone from another country in the forum who implied he had a government background, and he wanted to get his hands on this stuff. That’s when we decided we would just buy it. So we did, and took it to the government”—the U.S. government—“and the sale ended up being thwarted.” (Ahlberg wouldn’t identify which government agency his company had turned the data over to. The E.A.C., in a statement, referred questions about “the investigation or information shared with the government by Recorded Future” to the F.B.I. The F.B.I., through a Justice Department spokesperson, declined to comment.)

National: Elections officials explore security options | GCN

Since elections were declared critical infrastructure nearly 17 months ago, state and local officials have been working to protect the integrity of the 2018 elections, but security holes in elections systems and voting equipment still exist. As part of the omnibus spending bill passed in March, Congress authorized $380 million in new Help America Vote Act funds to the states to help them secure elections systems in their counties and local jurisdictions. On April 17, the Elections Assistance Commission distributed the award packets to states along with instructions on how to apply for funding. States have 90 days to respond, and the funds must be used within five years. However, the new funding did not stop elections officials from asking for more support ahead of the 2018 elections at an April 18 EAC public forum.

Georgia: Demonstration shows Georgia voting machines could be hacked | Atlanta Journal-Constitution


A rapt audience watched as professor Alex Halderman, an expert on electronic voting machines, changed votes in a hypothetical election before their eyes. At a Georgia Tech demonstration this week, Halderman showed how to rig an election by infecting voting machines with malware that guaranteed a chosen candidate would always win. Four people from the audience voted on the same kind of touch-screen machines used in real Georgia elections, casting ballots for either President George Washington or Benedict Arnold, the Revolutionary War general who defected to the British. Despite a 2-2 split in this election test run, the voting machine’s results showed Arnold won 3-1.

National: First-of-its-kind forum on election security gathers state and local officials with Election Assistance Commission | CyberScoop

A top U.S. election official says that the allegations of Russian meddling in the 2016 presidential election came with a silver lining: At least we’re now focusing on election security. Christy McCormick, a member of the Election Assistance Commission, told a crowd of state and local election officials from across the country on Wednesday that the events of 2016 jump-started a focus on election security that was not as prominent before. “I know that election officials have always focused on these problems to some degree. Not so laserly focused on election security but I think this has brought this to the forefront for us in the last couple of years. So if there’s a good consequence to what happened, that is one of them,” McCormick said Wednesday at a public forum the EAC hosted in Miami to allow the state and local officials to discuss their election security plans ahead of upcoming elections.

Kentucky: Grimes Says Election Threats Warrant New Security | WUKY

Kentucky Secretary of State Alison Lundergan Grimes says state election systems remain secure, but the top election official warns it’s a never-ending battle against new and emerging threats. “No evidence exists to suggest that these bad actors altered any votes in any way,” Grimes reassured Kentucky voters Thursday, before holding up a copy of indictments in special counsel Robert Mueller’s investigation into Russian interference in the 2016 presidential election. The secretary spoke with reporters following a meeting with Kentucky’s Election Integrity Task Force – made up of representatives from the Department of Homeland Security, the FBI, the state attorney general’s office, and other law enforcement officials – a month ahead of the May primary.

New Jersey: State Working To Bolster Cybersecurity Of New Jersey Election Systems | Jersey Shore Online

The New Jersey Department of State Division of Elections, and the New Jersey Office of Homeland Security and Preparedness, through its New Jersey Cybersecurity and Communications Integration Cell, are working to reaffirm the state’s commitment to election security. New Jersey Secretary of State Tahesha Way said that they are participating in training sessions, constructing interagency communication channels, and integrating practices to strengthen the security of elections in NJ. “The Division of Elections has been and continues to work with federal partners at the Department of Homeland Security, the New Jersey Office of Homeland Security and Preparedness, and other third-party security experts to continuously improve our security posture as the threat landscape evolves. The Department of State is working to ensure that every individual able to cast a ballot in November can do so knowing the state affords a safe and secure system,” said Way.

Kentucky: Election Officials Given Cybersecurity Training | Associated Press

Kentucky’s front-line elections officials received cybersecurity training Thursday in another preventive step against hacking, Secretary of State Alison Lundergan Grimes said. County clerks statewide attended training by the federal Department of Homeland Security on preventing and detecting cyberattacks, Grimes said. The session comes a few weeks before the state’s May 22 primary election. Kentuckians will have a long ballot this year with races for county positions, the legislature and Congress.

National: Election security bill still needs work in some areas, state officials tell Senate sponsors | CyberScoop

Several secretaries of state are telling the main backers of a Senate election security bill that the legislation might need tweaks to how it addresses information sharing, state-federal communication channels, funding mechanisms and post-election audits, among other things. The secretaries, who are the top election officials in their states, met with bill sponsors James Lankford, R-Okla., and Amy Klobuchar, D-Minn., in person and via phone Monday to discuss the Secure Elections Act. The legislation is intended to bolster election security by smoothing out coordination between the state and federal levels and providing states financial support for operations and equipment upgrades. State secretaries from Indiana, Louisiana, Minnesota, Missouri, Colorado and New Mexico participated in the meeting.

National: Timing remains unclear for election-security legislative effort in Senate | InsideCyberSecurity.com

The Senate Rules Committee has yet to set timing for a hearing on election security legislation based on recommendations emanating from the Senate Intelligence Committee’s Russia probe, but plans to do so, according to new Rules Chairman Roy Blunt (R-MO). Blunt, who was elected as chairman last week, told Inside Cybersecurity Tuesday that “there will be a hearing at some point” on election security, although Blunt said “it is not scheduled yet.” Rule Committee ranking member Amy Klobuchar (D-MN), who is a co-sponsor on the Secure Elections Act, told Inside Cybersecurity that she “hopes” the election security hearing will take place “soon.” Klobuchar also said that she’s “really glad” that $380 million for the Election Assistance Commission to help states improve election systems was included in the recently passed $1.3 trillion fiscal 2018 omnibus spending bill. “It does take that immediate pressure off, but now we want to kind of use this momentum to get this done,” Klobuchar said.

Wisconsin: Elections Commission mulls using $7 million to stop hackers | Milwaukee Journal Sentinel

The state Elections Commission outlined initial plans Wednesday to use $7 million in federal funds to thwart hackers and boost election security by hiring workers, training clerks and upgrading software. The commissioners unanimously signed off on the framework of the plan and asked Gov. Scott Walker’s administration to approve it. Department of Administration spokesman Steven Michels said the administration is inclined to grant permission to accept the federal cash. The move to tighten election security comes almost two years after Russian agents targeted election systems around the country, according to federal officials. In the summer of 2016, Russian government actors tried unsuccessfully to gain access to a Wisconsin Department of Workforce Development system as they scanned for vulnerabilities they could exploit at the Elections Commission, according to those officials.