National: There’s more to Russia’s cyber interference than the Mueller probe suggests | The Washington Post

An underlying theme running through special counsel Robert S. Mueller III’s investigation is that Russia’s ultimate goal was to make sure Donald Trump was elected president. That’s just part of the picture. Last month, Mueller’s team released the details of the grand jury indictments of 13 Russian nationals, as well as a shadowy Russian firm known as the Internet Research Agency, for conducting information warfare against the United States and breaking three U.S. federal laws. Our research looks at Russian cyber and information warfare activity — and distinct patterns begin to emerge. But this is a nonlinear strategy and a long-term assault on Russia’s adversaries. Although boosting the Trump campaign may have been one of Russia’s primary goals in 2016, the 2020 goal could just as easily be helping the president’s Democratic challenger.

Editorials: Weakening encryption is no solution to election hacking | Joel Wallenstrom/The Hill

FBI Director Christopher Wray is right: The cyber threat has evolved into a full blown information security crisis with the ongoing midterm elections becoming the primary concern. Meanwhile, the Senate’s email system is being probed by an adversary and the FBI is looking into the hacking of former Tennessee Gov. Phil Bredesen’s Senate campaign communications. Despite all this, Wray has renewed the call for weakening of encryption, the one measure proven to safeguard our critical information. While unobstructed access to everyone’s information through a ‘magical digital backdoor’ would make investigations easier, it would also make law enforcement’s task of protecting our economy, national security, and personal information practically impossible.

Indiana: Lawson recommends technology, staffing upgrades to improve election security | NWI Times

A national council of election experts, led by Indiana Secretary of State Connie Lawson, is recommending steps to ensure American elections are secure from hacking or tampering. On Thursday, Lawson and other members of the Election Infrastructure Subsector Government Coordinating Council will urge states and localities to upgrade their election technology and invest in staff with cyber experience at the state and local levels. “This is a race with no finish line,” said Lawson, a Republican who also is president of the National Association of Secretaries of State.

Wisconsin: Election Security Focus of Testing, Planning | Associated Press

Wisconsin’s plan to bolster election security after its voter database was apparently targeted by Russia in 2016 includes training nearly 2,000 municipal clerks to fend off hackers and a two-week U.S. Department of Homeland Security test to identify vulnerabilities in the state system. The Wisconsin Elections Commission on Tuesday discussed ways to protect ballots that are cast and counted across 1,853 municipalities in 72 counties before the August primary and the November midterm election. Security has been stepped up since Homeland Security confirmed “Russian government cyber actors” had been looking at but had not compromised Wisconsin’s elections systems two years ago. In May or June, Homeland Security will run a two-week risk vulnerability assessment to simulate hacking attempts on the state election system from inside and outside the network. That will include sending simulated malicious emails, known as phishing, to track email activity.

National: Senator: On Cyberwarfare, Russia Has The U.S. “Behind The Eight Ball” | Fast Company

The Russians have punched far beyond their weight when it comes to cyberwarfare, a prominent U.S. Senator said Saturday, and America isn’t keeping up. Speaking at the SXSW conference in Austin, Mark Warner, Democrat of Virginia, noted that Vladimir Putin’s government got “great bang for their dollars, or bang for their rubles” by exploiting vulnerabilities on social media during the 2016 presidential elections, and that it may be time for the U.S. to rethink its military budget. “I come from one of the most pro-defense states,” Warner said, “but if you look at what we’re spending [on the military], $700 billion, the Russians are spending $68 billion.” Warner said that Putin’s government has acknowledged that it can’t keep up with us militarily. But he added that it has managed to use cyberwarfare to sow divisiveness in the U.S. by using sophisticated techniques to spread disinformation. It uses small, targeted election advertising buys, and leaves the kind of obvious fingerprints on state election systems that could have been used to defend President Trump’s original claims that the 2016 election was “rigged.”

National: 137 House Democrats sign letter urging action against Russia | Reuters

Over two-thirds of U.S. House of Representatives Democrats urged President Donald Trump to enact sanctions on Russia, the latest push by lawmakers for a response to investigators’ findings that Russia interfered in the 2016 U.S. election. At least 137 of the Democrats in the House signed a letter, seen by Reuters on Monday,“strongly urging” Trump to adhere to a law he signed last summer imposing sanctions on those who do business with Russia’s military and intelligence sectors. “We strongly urge you to reverse course, follow the letter and spirit of the law, and demonstrate that the security of our country and integrity of elections are sacrosanct,” the letter said.

Georgia: Cybersecurity bill could also hinder legitimate work | Atlanta Journal-Constitution

Until an internet researcher found the personal information of 6.7 million Georgia voters online, it was available for the taking by potential criminals. Because the researcher reported his discovery last March, that election information was locked down within an hour. The FBI looked into the case and concluded he hadn’t broken the law. Now Georgia lawmakers might make that kind of research a crime. A bill advancing through the Georgia General Assembly would crack down on investigations into whether the government or businesses aren’t protecting their data, unless permission is given in advance. The legislation is meant to prevent computer snooping, but it could also stop legitimate internet security efforts. The bill was introduced, in part, as a result of the state’s failure to protect voter records — including voter lists with full Social Security numbers and birth dates — at Kennesaw State University’s Center for Election Systems.

National: Push to bolster election security stalls in Senate | The Hill

Senators are running into roadblocks from state officials as they try to craft legislation to secure election systems before the midterms in November. Sens. James Lankford (R-Okla.) and Kamala Harris (D-Calif.) are pushing for legislation that would bolster the security of U.S. voting infrastructure, with an eye toward countering threats from adversaries like Russia. But Lankford on Wednesday was forced to table an amendment to a bill moving through the Senate that was aimed at improving information-sharing between federal and state election officials on election cyber threats. State officials objected to the amendment. The development sparked frustration on the Senate Homeland Security and Governmental Affairs Committee, where lawmakers have been agitating for action. … The amendment would also mandate that election service providers, including vendors and contractors, notify state officials promptly if election systems — including voting machines, voter registration databases and election agency email systems — are breached, and that state officials provide the information to their federal counterparts in a timely fashion. The secretaries of state questioned whether states would be penalized if a vendor or contractor failed to notify state election agencies of cybersecurity incidents.

National: US senator grills CEO over the myth of the hacker-proof voting machine | Ars Technica

A US senator is holding the nation’s biggest voting machine maker to account following a recent article that reported it has sold equipment that was pre-installed with remote-access software and has advised government customers to install the software on machines that didn’t already have it pre-installed. Use of remote-access software in e-voting systems was reported last month by The New York Times Magazine in an article headlined “The Myth of the Hacker-Proof Voting Machine.” The article challenged the oft-repeated assurance that voting machines are generally secured against malicious tampering because they’re not connected to the Internet. Exhibit A in the case built by freelance reporter Kim Zetter was an election-management computer used in 2016 by Pennsylvania’s Venango County. After voting machines the county bought from Election Systems & Software were suspected of “flipping” votes―meaning screens showed a different vote than the one selected by the voter―officials asked a computer scientist to examine the systems. The scientist ultimately concluded the flipping was the result of a simple calibration error, but during the analysis he found something much more alarming―remote-access software that allowed anyone with the correct password to remotely control the system.

Voting Blogs: Clear and Present Danger to U.S. Vote | Brennan Center for Justice

The head of the National Security Agency and U.S. cyber command has told Congress that the White House hasn’t instructed him to block a Russian attack against U.S. election systems this fall. “If we don’t change the dynamic here, this is going to continue,” Adm. Michael Rogers said, adding to warnings from the secretary of state and chiefs of U.S. intelligence agencies that voting systems are vulnerable to attacks by foreign actors. Russian meddling in the 2016 election is now almost universally acknowledged. And while there’s no evidence that Moscow’s cyberactivity changed vote totals, we know Russian agents targeted voting systems in at least 21 states — and that whatever methods the Russians honed this past cycle they will likely use against us in the 2018 and 2020 elections.

National: U.S. Hasn’t Shared Enough About Cyber Risks, Official Says | Bloomberg

The U.S. government has failed to share enough information about cyber threats, including risks to election systems, with federal agencies and states, according to a top Trump administration intelligence official. Intelligence agencies are “kicking butt offensively,” but the U.S. needs to be better prepared to defend against future attacks as adversaries constantly learn about “our gaps and weaknesses,’’ William Evanina, director of the National Counterintelligence and Security Center, said Thursday at a conference in Washington.

National: Senators demand cyber deterrence strategy from Trump | The Hill

A bipartisan group of senators is pressing President Trump to issue a national strategy for deterring malicious activity in cyberspace “as soon as possible,” accusing successive administrations of not giving enough urgency to the issue. “The lack of decisive and clearly articulated consequences to cyberattacks against our country has served as an open invitation to foreign adversaries and malicious cyber actors to continue attacking the United States,” the senators wrote in the letter, obtained by The Hill. “The United States has failed to formulate, implement, and declare a comprehensive cyber doctrine with an appropriate sense of urgency,” they wrote. “We urge you to end this state of inaction immediately.”

California: Trump administration is no help on Russian election meddling, California officials say | The Sacramento Bee

As the 2018 elections approach, California officials are taking steps to combat foreign interference, with or without the help of the federal government. California Secretary of State Alex Padilla has been critical in recent months of the federal government’s lackluster response to Russian efforts to influence U.S. elections, and Padilla renewed his criticism this week after a new report said the U.S. State Department has failed to spend money to combat foreign interference in our elections. The department has spent none of the $120 million allocated since late 2016 for combating foreign attempts to interfere in U.S. elections and sow distrust through social media, The New York Times reported Sunday. Padilla said the delay is another example of the passive approach President Donald Trump has taken in fighting suspected Russian efforts to attack state election systems.

Michigan: As hacking fears mount, Michigan election security gets middling marks | Bridge Magazine

Genesee County Clerk John Gleason powered up his work computer last summer and began sifting through his emails. To his shock, he said he found a “nasty, vulgar-laden” email in his sent folder, supposedly authored by him. “At first, I thought it was someone in the office playing a joke on me,” said Gleason, who has presided over every election in the mid-Michigan county of 410,000 residents since he was elected clerk in 2013. County workers tracked the source of the email to a Russian phishing link intended to hook users with the promise of dating or weight loss, Gleason said. A few months ago, a similar incident happened to his computer, which Gleason uses to help direct elections in Michigan’s fifth-largest county. … Computer scientists and elections experts consider the optical scan systems the best because they start with a paper ballot, which make it possible for election officials to double-check results if questions arise. But that doesn’t mean the machines can’t be hacked. Since Americans began using electronic voting machines 15 years ago, computer scientists have repeatedly warned that nearly every type of system is susceptible to manipulation.

Tennessee: Ex-governor’s Senate campaign fears it was hacked | Associated Press

Former Tennessee Gov. Phil Bredesen’s campaign for U.S. Senate told the FBI on Thursday that it fears it has been hacked, amid growing concern that candidates in the 2018 election could be targets of cyberattacks. In a letter obtained by The Associated Press, campaign lawyer Robert E. Cooper Jr. wrote that Bredesen’s aides became suspicious when someone pretending to be the campaign’s media buyer asked for money to be wired to an international account. The letter says the person used an email address nearly identical to the actual media buyer’s and knew about an upcoming TV campaign and its proposed dates. Cooper says the campaign hired a cyber-security firm that found the impostor emails were registered through an Arizona-based registrar.

National: Senators ask voting machine vendors if they shared code with Russian entities | The Hill

Sens. Amy Klobuchar (D-Minn.) and Jeanne Shaheen (D-N.H.) sent a letter Wednesday to three election equipment vendors to ask whether they have shared information about their machines with Russian entities. The senators wrote to Election Systems & Software, Dominion Voting Systems Inc. and Hart InterCivic Inc. to ask if the companies had shared the source code, software or other sensitive details about their machines with Russians. “Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack,” the senators wrote.

Kansas: Lawmakers: Could Kansas Be Liable If Voter Fraud Database Leaks? | KCUR

Some lawmakers said Monday that putting Kansas at the center of a database intended to root out voter fraud might eventually put it in the middle of a lawsuit if things go wrong. More than two dozen states compare voter rolls using the Crosscheck database of some 90 million-plus records that Kansas hosts. Secretary of State Kris Kobach has touted Crosscheck as a way to identify voters registered in more than one state and crackdown on double-voting. He’s secured nine convictions for that crime.

National: Top U.S. intel official insists White House engaged on election security | Reuters

The top U.S. intelligence official insisted on Tuesday that President Donald Trump’s administration is “actively engaged” in countering Russian efforts to influence the November elections, even as he warned of Moscow’s continuing “malign activities.”  “The White House is actively engaged,” Director of National Intelligence Dan Coats told a Senate hearing, where lawmakers pressed for answers on election security. “This is a high priority for them,” he said. Coats and other intelligence officials have warned repeatedly that Russia is already trying to interfere in the 2018 mid-term elections by using social media to spread propaganda and misleading reports, much as it did during the 2016 presidential race.

Editorials: Congress, don’t miss the mark on election security | Heather Engel/The Hill

Voter registration data in most states are public by law. What happens when voter registration data are compiled and parsed with data from internet browsing, shopping and social media? It’s a well-known fact that our foreign adversaries have attempted to influence and breach our election systems. We believe that they are trying to do so again and we need to stay two steps ahead of them in order to solve problems that may arise in securing voter data and the integrity of our election system. While we can all agree that elections systems are vulnerable, there is much more to the story. Ideas such as the Securing America’s Voting Equipment (SAVE) Act, proposed by Sens. Susan Collins (R-Maine) and Martin Heinrich (D-N.M.), would allow election officials access to classified information and would designate election systems as critical infrastructure. Designating these systems as critical infrastructure will trigger additional cybersecurity controls and require oversight at many levels, state and federal.

National: Senators make new push to improve election cybersecurity | The Hill

The coming week could bring movement on legislation aimed at securing U.S. voting infrastructure from cyber threats. Sen. Kamala Harris (D-Calif.) said Wednesday that she and Sen. James Lankford (R-Okla.) are planning to introduce an amendment to a bill reauthorizing the Department of Homeland Security (DHS) that would help states modernize their election systems. Harris and Lankford are both sponsors of the Secure Elections Act, a bill they introduced in December that would set up a grant program for states to replace outdated paperless voting machines and take other steps to bolster cybersecurity. Harris said at a Senate Homeland Security and Governmental Affairs Committee meeting that the amendment will implement “bipartisan election security measures to modernize election cybersecurity across America and protect against foreign interference on future elections.”

National: Jailed Russian: Here’s How I Hacked The U.S. Election | Fast Company

Konstantin Kozlovsky is ready to talk. The 29-year-old blonde-haired Russian hacker at the center of the intrigue surrounding the Kremlin’s cyberattacks on the 2016 U.S. presidential election currently sits in a high-security prison with the forbidding name of Matrosskaya Tishina (Sailor’s Silence) in northeastern Moscow. Kozlovsky is officially charged with stealing millions from Russian banks, but he’d prefer to brag about how he built the software used to hack the Democratic National Committee (DNC) and other U.S. targets. At a small hearing in a Moscow court earlier this month, with only a handful of media outlets present, Kozlovsky said he was ready to present detailed evidence that the Kremlin was directly involved in a series of high-profile attacks, including compromising the DNC’s computer systems in 2016, as well as those of the U.S. government, military, social media companies, and leading U.S. publishers. In an interview with Fast Company conducted over the last two weeks via a verified representative, Kozlovsky was able to provide more details for his claims about the role of the Russian government, and how the program he developed was designed to wreak havoc.

Editorials: Five things Trump could do to stop Russia’s meddling | Doyle McManus/Los Angeles Times

Last week, the Pentagon’s cyberdefense commander was asked whether the government has done enough to protect the 2018 congressional election against Russian hacking. “We’re not where we need to be,” Adm. Mike Rogers told a Senate committee. Rogers echoed warnings from other intelligence officials that Russian President Vladimir Putin intends to keep meddling in U.S. and foreign elections until someone makes him stop. “President Putin has clearly come to the conclusion that there’s little price to pay here,” Rogers said. “If we don’t change the dynamic, this is going to continue.” Time is short: This year’s primary elections begin March 6, in Texas.

Canada: Ex-CIA director says Canada should be concerned about election interference | CTV

The former director of the CIA says Canada should be concerned about potential interference, Russian or otherwise, in the fast-approaching 2019 federal election. “I think any democracy these days needs to be concerned about foreign interference in their elections,” said John Brennan in an exclusive interview with Evan Solomon on CTV’s Question Period. “Canada, like other countries in Europe and throughout the world, need to be mindful that there are individuals in countries out there that are going to try to do them harm, including in their electoral systems,” he said.

National: 1 State? 7 States? Uncertainty Persists About Russian Cyberattacks On U.S. Election | NPR

Even as Americans begin voting in the earliest 2018 midterm primaries, the public still doesn’t have solid answers about what happened to its election systems in 2016. Instead it has conflicting accounts and official denials. The latest example this week came from the Department of Homeland Security, which slammed a report by NBC News that said the intelligence community had evidence in early 2017 to believe Russian operatives compromised more state voter systems in 2016 than previously known. DHS said NBC’s story was “factually inaccurate and misleading” and stood by its previous assessment, that just one state, Illinois, had its system breached. NBC then slammed that response in a subsequent defense of its story, which quoted a former cyber-expert from the Obama administration, Michael Daniel, who said that when he was in the White House, it believed seven states had been compromised. What’s the real story? How serious were the Russian cyberattacks across the United States?

National: White House Has Given No Orders to Counter Russian Meddling, N.S.A. Chief Says | The New York Times

Faced with unrelenting interference in its election systems, the United States has not forced Russia to pay enough of a price to persuade President Vladimir V. Putin to stop meddling, a senior American intelligence official said on Tuesday. Adm. Michael S. Rogers, the departing head of the National Security Agency and the military’s Cyber Command, said that he was using the authorities he had to combat the Russian attacks. But under questioning during testimony before the Senate Armed Services Committee, he acknowledged that the White House had not asked his agencies — the main American spy and defense arms charged with conducting cyberoperations — to find ways to counter Moscow, or granted them new authorities to do so. “President Putin has clearly come to the conclusion that there’s little price to pay and that therefore ‘I can continue this activity,’” said Admiral Rogers, who is set to retire in April. “Clearly what we have done hasn’t been enough.”

National: Trump NSA pick says response to Russian election interference has fallen short | The Hill

President Trump’s choice to lead the National Security Agency (NSA) said Thursday that the United States’ response to Russian election interference has not been sufficient enough to change Moscow’s behavior. Lt. Gen. Paul Nakasone, nominated to lead both NSA and U.S. Cyber Command, was asked at his confirmation hearing whether he agreed with outgoing NSA Director Adm. Michael Rogers’s statement that the response to Russian meddling in the 2016 election has not been strong enough. “It has not changed their behavior,” Nakasone told Sen. Ben Sasse (R-Neb.), who asked the question.  Nakasone appeared before the Senate Armed Services Committee two days after Rogers, who faced tough questions over the Trump administration’s response to Russia’s interference in the 2016 presidential election during a hearing on the 2019 budget request for U.S. Cyber Command. Rogers heads that command in addition to the NSA.

National: Mueller preparing charges against Russians who hacked Dem emails: report | The Hill

Special counsel Robert Mueller is preparing charges against Russians who hacked and leaked information designed to hurt Democrats in the 2016 presidential election, NBC News reported Thursday. The charges would center around Russian hackers who leaked emails from the Democratic National Committee (DNC) and Clinton campaign chairman John Podesta, according to NBC. Sources told NBC that the charges could be filed in the coming weeks or months, and could involve conspiracy statute and election law violations.

Georgia: “Misguided” hacking bill threatens to ice security researchers, say critics | Naked Security

The US state of Georgia is considering anti-hacking legislation that critics fear could criminalize security researchers. The bill, SB 315, was drawn up by state senator Bruce Thompson in January, has been approved by the state’s senate, and is now being considered by its house of representatives. The bill would expand the state’s current computer law to create what it calls the “new” crime of unauthorized computer access. It would include penalties for accessing a system without permission even if no information was taken or damaged. One of the bill’s backers, state Attorney General Chris Carr, said the bill is necessary to close a loophole: namely, the state now can’t prosecute somebody who harmlessly accesses computers without authorization.

National: Governors Fear for Election Security Amid Russian Cyberattacks | Assocated Press

Will your vote be safe this year from foreign adversaries working to undermine U.S. democracy? Some of the nation’s governors aren’t so sure. State leaders of both parties worried aloud Sunday about the security of America’s election systems against possible cyberattacks ahead of this fall’s midterm elections, aware that Russian agents targeted more than 20 states little more a year ago, and the Trump administration has taken a mostly hands-off approach to the continued interference. U.S. intelligence leaders report Russian hackers are already working to undermine this November’s elections, which will decide the balance of power in Congress and in statehouses across the nation.

National: Russian Election Assault Poses Quandary for 2018 Campaigns | Associated Press

Encrypted messages. Two-factor authentication. Real-time monitoring of social media for malicious internet bot activity. This is the new reality for candidates running in 2018, scared of email hacks and elaborate misinformation schemes like the ones Russia used to disrupt the 2016 campaign. And many candidates say they’re concerned they can’t rely on Congress or the White House for advice, or protection. “Since many in Washington continue to bury their head in the sand over the dangers our Democracy faces, our campaign has taken deliberate steps to guard against cyberattacks by mandating extensive security measures,” said Gareth Rhodes, a Democrat running for an upstate New York House seat. He said he’s put his campaign staff through training on how to identify phishing and hacking attempts.