Editorials: Protect our elections from Russian (and other) threats | Los Angeles Times

In addition to peddling fake news and hacking into email systems, Russia apparently tried but failed to interfere with the machinery of 2016 U.S. elections. No votes were changed, as far as we know, but Russian hackers attempted to invade election systems in 21 states and succeeded in penetrating Illinois’ voter registration database. The U.S. intelligence community believes that the Russians — and others — will keep trying to interfere with U.S. elections, not only through the dissemination of disinformation but also with continued attacks on computer systems. Testifying before Congress earlier this year about election security, Director of National Intelligence Dan Coats warned that “the United States is under attack.”

Maryland: Here’s why cybersecurity experts say Maryland’s ballot delivery system is a target for hackers | The Washington Post

Cybersecurity experts are asking lawmakers to bring Maryland’s ballot access laws — which they say prioritize accessibility to an extent that makes the voting system vulnerable to hacking — in line with other states ahead of November’s elections. Information revealed last month by special counsel Robert S. Mueller III about Russian interference in the political process highlights the need for states to examine the security of voting systems, advocates and computer scientists warn. But legislators say they must balance those concerns with ensuring ballots can be easily obtained by all eligible Marylanders who want to vote. “There is a tension there,” said state Sen. Cheryl C. Kagan (D-Montgomery). “With all the news of election tampering in 2016, it’s critically important that voters have confidence in the security and accuracy of our elections . . . . We are also a fairly progressive state that wants to make it reasonably easy for people to vote.”

National: Everyone Knows How to Secure Elections. So Do It | WIRED

After months of stalled progress in Congress, efforts to promote and fund nationwide election security improvements have finally gained some momentum this week. The Senate Intelligence Committee released its long-awaited election infrastructure defense recommendations. Senate leaders got behind a revised version of the Secure Elections Act. And late Thursday night, the Senate passed the omnibus spending bill, which includes $380 million for securing digital election systems. All the pieces are in place. The solutions are clear. All that’s left is the doing. But, of course, that turns out to be the hardest part. Experts say that while Congress did take meaningful action this week, it likely comes too late to play an extensive role in securing this year’s midterm elections. “This is a great first step, but it’s not going to solve the problem,” says Marian Schneider, president of Verified Voting, a group that promotes election system best practices. “Just the heightened awareness of what is the threat model and what are best practices for dealing with that threat model makes me hopeful and optimistic that those steps will be taken. But I would like to see the vulnerable systems replaced, and the clock is ticking. The farther we get into the year, the less likely it is. That’s just a reality.”

National: Protecting election registration sites from cyber intrusions | GCN

The Center for Internet Security’s newly established Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) plans to deploy intrusion detection sensors to voter registration websites for all 50 states by the 2018 midterm elections, an official told GCN. The intrusion detection sensors are called Albert sensors, and CIS has been using them on the state and local level since 2010, according to CIS Vice President of Operations Brian Calkin. The open-source Albert sensors provide automated alerts on both traditional and advanced network threats. Albert grew out of a Department of Homeland Security’s Einstein project, which focuses on detecting and blocking cyberattacks within federal agencies. DHS approached CIS about creating similar capability for states and localities, but since the Einstein name was taken, CIS called it Albert instead.

Editorials: Stop Russia from stealing our votes | Houston Chronicle

The Russians are coming, and that’s no joke. The invasion is happening in cyberspace. We’re not talking about trolls posting fake news stories on social media sites. Russian hackers are trying to figure out how to steal our elections. The Senate Select Committee on Intelligence has been conducting a serious, bipartisan investigation into Russia’s ongoing attacks on our nation’s voting systems. What federal authorities have discovered is deeply disturbing. Now this committee has drafted a series of recommendations for securing our country’s election infrastructure, and it’s crucial that authorities on all levels of government act together to implement those ideas and ensure the sanctity of our votes.

Editorials: We need to protect against vote tampering | Dan Wallach/Fort Worth Star-Telegram

Election winners are always happy to take the win, but the losers — and often the voters — require evidence, and that evidence needs strong backing. Modern voting systems must engender confidence that the final tally represents the true preferences of voters, without manipulation or tampering. After apparent Russian interference in the 2016 national elections, politicians nationwide are investigating our security posture. It seems that no Russian probes into Texas election systems went anywhere, but we might not be so lucky next time. Texas’s current voting systems were not designed to defend against the cyberattack skills that the Russians and other sophisticated adversaries can bring to bear. It’s time for our state to plan an orderly retirement of its old and insecure voting equipment and adopt better practices. Texas has a unique chance to be a national leader here, and there are three Texans poised to lead the charge. Director of Elections Keith Ingram heads the Secretary of State’s investigation into election security. Under the Texas Cybersecurity Act, he must issue a report — due December 1, 2018 — that contains legislative recommendations aimed at bolstering our election systems.

National: Homeland Security Chief Warns Adversaries Against Election Meddling | The New York Times

Kirstjen Nielsen, the homeland security secretary, recently warned dozens of foreign diplomats — including the Russian ambassador — that the United States would retaliate if adversaries abroad meddled in its coming elections. “To those who would try to attack our democracy, to affect our elections, to affect the elections of other countries, to undermine national sovereignty, I have a word of warning: Don’t,” Ms. Nielsen told an estimated 80 foreign envoys and other officials during a speech last week, according to a person in attendance. Two other people with knowledge of the event confirmed the comments. All three spoke on the condition of anonymity because the remarks were given at a closed-door meeting.

Editorials: The government is finally investing in election security | Wilfred Codrington III & Lawrence Norden/Slate

The 2,232-page budget bill President Trump signed Friday included a provision that election security and technology experts have been pushing for years: money to update the nation’s outdated voting infrastructure. It came on the heels of similar calls from the current and former chiefs of homeland security and a bipartisan group of lawmakers. According to a recent analysis, the $380 million from lawmakers is not enough to fully replace the most vulnerable parts of our electoral machinery (we probably need at least another $380 million directed to jurisdictions with the most vulnerable equipment to do that), but it will allow states to make real progress toward long-overdue upgrades and cybersecurity improvements.

National: Congress included $380 million for election security in spending bill | Business Insider

Congress provided $380 million in election security funding as part of its massive spending bill, a move that reflects the growing consensus in Washington that more needs to be done to ensure the integrity of America’s elections. The funding would go to the Election Assistance Commission, which then must distribute the funds to states within 45 days to replace aging voting machines, implement post-election audits, and provide cybersecurity training for state and local officials, among other election security related improvements. “In this challenging political time, this has to be seen as a win and a recognition that [election security] is an important responsibility,” Adam Ambrogi, the director of the Elections Program at the Democracy Fund, told Business Insider. “The federal government needs to aid the states. The states don’t have this money laying around.”

National: ‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer | The Daily Beast

Guccifer 2.0, the “lone hacker” who took credit for providing WikiLeaks with stolen emails from the Democratic National Committee, was in fact an officer of Russia’s military intelligence directorate (GRU), The Daily Beast has learned. It’s an attribution that resulted from a fleeting but critical slip-up in GRU tradecraft. That forensic determination has substantial implications for the criminal probe into potential collusion between President Donald Trump and Russia. The Daily Beast has learned that the special counsel in that investigation, Robert Mueller, has taken over the probe into Guccifer and brought the FBI agents who worked to track the persona onto his team.

Editorials: The Senate has released election-security recommendations. Now it’s time to act. | The Washington Post

The House Intelligence Committee voted on party linesThursday to release a one-sided report on the panel’s hastily closed Russia investigation, deepening the partisan morass and enabling President Trump to undermine law enforcement and the intelligence community. The Senate Intelligence Committee, meanwhile, has taken Russia’s continuing attacks on the nation’s democracy more seriously than its House counterpart. The Senate probe continues in a bipartisan — and, as of now, constructive — manner. The panel on Tuesday released preliminary recommendations on election security, the first of several documents the committee will release on Russia’s meddling in the country’s elections. It will take some time to get the committee’s full analysis, which must undergo declassification review. But with primary elections already starting, acting on the recommendations is urgent.

National: Senators introduced revised version of election cyber bill | The Hill

A bipartisan group of senators on Thursday unveiled revised legislation to secure U.S. voting systems from cyberattack. The bill, originally introduced in December, retains its original tenets, including authorizing grants for states to replace outdated voting systems with more secure technology. However, it contains several revisions that appear designed to address individual states’ concerns with the bill. The new bill, like its predecessor, aims to address future threats to voter registration databases and other systems following Russian interference in the 2016 presidential vote. The Department of Homeland Security has said that Russian hackers tried to break into election systems in 21 states before the election, as part of a broader interference plot. In one case, hackers successfully breached a voter registration database in Illinois.

National: Efforts to Secure Elections Moving Too Slowly, Senators Tell Homeland Security Chief | The New York Times

Members of the Senate Intelligence Committee pressured Kirstjen Nielsen, the secretary of homeland security, on Wednesday to speed up key election security measures, even as she trumpeted the adoption of important improvements ahead of November’s midterm elections. Ms. Nielsen told the senators, who are investigating Russia’s interference in the 2016 election, that the department made significant strides in recent months working with state and local election officials to improve communication about threats and share cybersecurity resources. Those efforts include comprehensive risk assessments and cyberscans meant to identify vulnerabilities in election systems. But under questioning, Ms. Nielsen signaled that one of those undertakings, to grant full security clearances to state election officials so they could receive classified information on cybersecurity threats in a timely way, had been slow going. Of the up to 150 state election officials designated to receive clearances, only about 20 have them, she said.

National: Old voting machines in the US can be hacked without people knowing it | Business Insider

For all the hubbub about election security in the US ahead of the 2018 midterms, there is one issue that almost no one seems to be talking about: old voting machines. A total of 41 states currently have voting machines that are at least a decade old, according to the Brennan Center for Justice, leaving thousands of systems vulnerable to hackers and other security risks that could compromise election results. With old voting machines come a whole host of issues: outdated software, machine breakdown, spare replacement parts that are near impossible to find. On Tuesday, the Senate Intelligence Committee, which is investigating Russia’s meddling in the 2016 US election, called on states to “rapidly replace outdated and vulnerable voting systems.”

National: Key Senate committee concludes Russian interference; calls for voting reforms | San Francisco Chronicle

With unanimity, both Republicans and Democrats on the Senate Intelligence Committee said Tuesday that Russia attempted to interfere in the 2016 presidential election and urged their congressional colleagues to help states upgrade their balloting systems to ensure the integrity of November’s midterm elections. California was among the 21 states whose election systems Russia attempted to infiltrate, committee members said during a news conference outlining their recommendations to improve election security. Russia succeeded in penetrating the voter database of one state, Illinois, but the committee said it found no evidence that any votes were altered. The committee plans to issue a full report and has scheduled a hearing Wednesday with testimony from Trump administration officials and the heads of national associations of state election officials.

National: Senators release election security recommendations to deter meddling | The Guardian

A bipartisan group of senators leading an inquiry into Russian meddling in the 2016 US election called on Tuesday for urgent action by Congress to help states protect their voting systems from future threats of foreign interference. With the 2018 congressional primaries already under way, members of the senate intelligence committee outlined a series of recommendations – the first public release from the panel’s yearlong investigation – that they say will help improve the cybersecurity of the nation’s election infrastructure. “We’re now at a point where we’ve wrapped up one piece of our investigation, which deals with election security,” said Republican senator Richard Burr, the chairman of the committee, who spoke alongside the Democratic vice-chair, Senator Mark Warner, and members of the committee. By and large, he said, “we need to be more effective at deterring our adversaries.”

National: Facebook’s Cambridge Analytica scandal, explained | Ars Technica

Facebook is reeling from a series of revelations about private user data being leaked to Cambridge Analytica, a shadowy political consulting firm that did work for the Donald Trump campaign. Last Friday, reporters from The New York Times and The Observer of London told Facebook that Cambridge had retained copies of private data for about 50 million Facebook users. Facebook says Cambridge promised in 2015 that the data would be deleted. Facebook responded to the new revelations by banning Cambridge and several of its associates from Facebook. But this week the controversy surrounding Facebook’s ties to Cambridge—and its handling of private user data more generally—has mushroomed. British members of Parliament accused Facebook of misleading them about the breach and asked CEO Mark Zuckerberg to come to the UK to clear up the issue personally. Facebook has scheduled a surprise all-hands meeting to answer employee questions about the controversy.

Illinois: State Beefs Up Cybersecurity Ahead of Primary | WNIJ

With the Illinois primary just hours away, state election officials are beefing up cyber defenses and scanning for possible intrusions into voting systems and voter registration rolls. They have good reason to be on guard: Two years ago, Illinois was the lone state known to have its state election system breached in a hacking effort that ultimately targeted 21 states. Hackers believe to be connected to Russia penetrated the state’s voter rolls, viewing data on some 76,000 Illinois voters, although there is no indication any information was changed. Since then, Illinois election officials have added firewalls, installed software designed to prevent intrusions and shifted staffing to focus on the threats. The state has been receiving regular cyber scans from the federal government to identify potential weak spots and has asked the U.S. Department of Homeland Security to conduct a comprehensive risk assessment. That assessment is scheduled but did not happen before Illinois’s second-in the-nation primary.

United Kingdom: Electronic voting could pose security risk in Scotland | The Ferret

Scottish Government proposals that could see electronic voting introduced may leave Scotland vulnerable to election interference by foreign agents, campaigners have claimed. With a consultation on electoral reform due to close on 29 March, the Scottish Government said it wants to “explore and trial the potential of electronic voting solutions”. This could help increase voter participation, provide “choice and flexibility” over how Scots vote and assist people who “find voting in elections challenging”. The proposals under consideration include electronic voting, as well as introducing technology to allow voting remotely over the internet or from mobile phones. However, critics of the plans have expressed concern and warned that future elections could be targeted by outside parties.

National: House approves legislation to authorize Homeland Security cyber teams | The Hill

House lawmakers on Monday passed legislation that would codify into law the Department of Homeland Security’s cyber incident response teams that help protect federal networks and critical infrastructure from cyberattacks. Lawmakers passed the bill, sponsored by House Homeland Security Committee Chairman Michael McCaul (R-Texas), in a voice vote Monday afternoon. The legislation would authorize the “cyber hunt and incident response teams” at Homeland Security to help owners and operators of critical infrastructure respond to cyberattacks as well as provide strategies for mitigating cybersecurity risks.

Nevada: State taking steps to prevent election hacking | Las Vegas Sun

Election officials across the country are looking to shore up election systems against hacking, a facet of the 2016 election that led to a yearlong congressional investigation. Nevada is organizing cybersecurity under a new central hub, according to the Secretary of State’s Office, and is among more than 35 states sending officials to a cyber security incident response training at the Harvard Kennedy School’s Belfer Center in Massachusetts later this month. Hackers linked to Russia targeted election systems in 21 states during the 2016 election. The Nevada Secretary of State announced in September that the U.S. Department of Homeland Security confirmed Nevada was not one of those states.

Montenegro: Montenegro Seeks To Stare Down Fancy Bear As Election Looms | RFE/RL

Over the last two years, authorities in Montenegro have recorded a sharp rise in cyberattacks, mostly targeting state institutions and media outlets in that aspiring EU state on the Adriatic. With a presidential election looming on April 15, the recent NATO entrant and its 650,000 residents are girding for another possible wave of hacks. Montenegro and other countries in the Balkans fear meddling from Moscow to further what they believe is an expansion of Russian foreign policy. Officials in Podgorica feel their country is especially vulnerable, as the winner of the presidential vote is likely to steer Montenegro through early negotiations on EU accession, a move the Kremlin staunchly opposes.

Illinois: Security of state voter rolls a concern as primaries begin | Associated Press

With the Illinois primary just days away, state election officials are beefing up cyber defenses and scanning for possible intrusions into voting systems and voter registration rolls. They have good reason to be on guard: Two years ago, Illinois was the lone state known to have its state election system breached in a hacking effort that ultimately targeted 21 states. Hackers believe to be connected to Russia penetrated the state’s voter rolls, viewing data on some 76,000 Illinois voters, although there is no indication any information was changed. Since then, Illinois election officials have added firewalls, installed software designed to prevent intrusions and shifted staffing to focus on the threats. The state has been receiving regular cyber scans from the federal government to identify potential weak spots and has asked the U.S. Department of Homeland Security to conduct a comprehensive risk assessment. That assessment is scheduled but will not happen before Tuesday’s second-in the-nation primary.

Minnesota: Citing Russian threat, Secretary of State asking for $1.4 million to update voter registration system | Twin Cities Pioneer Press

Citing national security officials’ warnings that Minnesota’s voter database had already been targeted by elements “at the behest of the Russian government,” the secretary of state is asking for funding to update its statewide registration system. Minnesota Secretary of State Steve Simon said he’s been in multiple meetings with Department of Homeland Security officials — including a meeting as late as February — relating to foreign attempts to affect the integrity of Minnesota’s voting system. “They are sobering,” Simon said of the meetings, for which he was recently given “secret” security clearance — meaning, he said, he couldn’t give too many details. In 2016, entities associated with the Russian government targeted 21 states, including Minnesota, national security officials have said. Two of those states — Illinois and Arizona — had their state databases penetrated.

National: How the U.S. can prepare for a major election hack | The Washington Post

Before the 2016 election, at least 21 U.S. states’ registration databases or websites were targeted by hackers and seven states were successfully “compromised,” although there’s no evidence that votes were altered. As U.S. intelligence agencies recently made clear, the risk to voting systems continues in 2018. Foreign actors could target registration records, electronic voting machines or vote tabulations. Because American elections are controlled by individual states that employ a wide array of voting systems, a localized breach is especially feasible. Amplifying the danger is that many Americans will react to vote manipulation somewhere in the United States with doubts about election results everywhere. Even if this interference does not actually change an election outcome, people may use any breach to cast doubt on outcomes they don’t want to believe. This havoc is precisely what Russia wants.

National: Trump Administration Penalizes Russians Over Election Meddling and Cyberattacks | The New York Times

The Trump administration imposed sanctions on a series of Russian organizations and individuals on Thursday in retaliation for interference in the 2016 presidential election and other “malicious cyberattacks,” its most significant action against Moscow since President Trump took office. The sanctions came as the United States joined with Britain, France and Germany in denouncing Russia for its apparent role in a nerve-gas attack on a former Russian spy and his daughter on British soil, calling it a “clear violation” of international law. But the joint statement said nothing about any collective action in response. In his first comment on the poison attack, Mr. Trump agreed that, despite its denials, Russia was likely behind it. “It looks like it,” he told reporters in the Oval Office, adding that he had spoken with Prime Minister Theresa May of Britain.

Colombia: Officials Probe Voter Registration Cyberattacks Traced to Russia’s Allies | VoA News

Colombian government and military officials say the government is investigating tens of thousands of cyberattacks on the country’s voter registration systems, and traced the incidents to Russia’s key allies in the region. More than 50,000 attacks on the web platform of Colombia’s national voter registry were detected during the run-up to March 11 parliamentary elections, according to Defense Minister Luis Villegas, who said some of the hacks were staged from Venezuela, which has become a proxy for Russia. While Villegas did not specifically mention Russia at a March 8 press conference in which he denounced the ongoing incidents, he said three of the hacks — which each triggered repeated robotic attacks — were linked to internet addresses in Colombia, while one was identified as coming from Venezuela. Colonel Jose Marulanda, a Colombian intelligence analyst, said Russia was seeking a foothold in the region.

National: Is Your County Elections Clerk Ready for Russian Hackers? | Stateline

The weakest link in any local voting system is that one county clerk who’s been on the job for three days and opens up an email file that could take down the whole system. The head of every U.S. intelligence agency says Russia attempted to penetrate elections systems nationwide during the 2016 presidential election, and will try again during this year’s midterm elections. In a decentralized election system with more than 10,000 separate jurisdictions, the onus for security is on local officials. “That keeps me awake at night,” said Nancy Blankenship, the clerk for Deschutes County, Oregon. Blankenship, like thousands of other county clerks, is the chief elections official for her area. It’s not so much the threat of foreign hackers changing votes that concerns Blankenship — Oregon is not only a vote-by-mail state, but also does its ballot counting without an internet connection — it’s the possibility that hacking could undermine public confidence in the system.

Editorials: Tennessee needs to update its election system and both parties agree | Shanna Singh Hughey/The Tennesseean

Should Tennessee be doing more to safeguard our elections? According to a ThinkTennessee poll, 68 percent of Tennessee voters think so. And with good reason. The Department of Homeland Security this fall informed 21 states that their 2016 elections were targeted by Russian hackers. Thankfully, Tennessee was not one of those states. But as the CIA director recently said, he has “every expectation” that Russia will continue to try to interfere with the upcoming midterm elections.

Netherlands: Concerns raised over election software safety | NL Times

The software that will be used to count votes in the upcoming municipal elections is still not safe. Hackers can use the vulnerable software to influence the election results, experts that examined the software told RTL Nieuws. Ethical hacker Sijmen Ruwhof discovered more than 50 vulnerabilities in the software. He calls ten of them ‘high risk’. Last year Ruwhof also concluded that the software – called OSV – is vulnerable to attacks. “The average iPad is more secure than the Dutch voting system”, Ruwhof said at the time.This prompted former Home Affairs Minister Ronald Plasterk to order the votes in the parliamentary election counted by hand.