National: As foreign hackers plot next attack, Washington struggles to shore up vulnerable voting systems | Los Angeles Times

Even as it is consumed by political fallout from Russia’s meddling in the 2016 election, Washington is still struggling to respond to what many officials see as an imminent national security threat: a network of voting systems alarmingly vulnerable to foreign attack. As hackers abroad plot increasingly brazen and sophisticated assaults, the United States’ creaky polling stations and outdated voter registration technology are not up to the task of fighting them off, according to elections officials and independent experts. Senior national security officials have repeatedly said that the United States should prepare for more foreign efforts to interfere with elections. On Tuesday, President Trump’s top intelligence advisor warned a Senate committee that Russia is moving to build on its earlier efforts to interfere with U.S. elections, which included a sustained campaign of propaganda and the unleashing of cyberoperatives.

Editorials: We need to hack-proof our elections. An old technology can help. | Michael Chertoff and Grover Norquist/The Washington Post

The nation’s top intelligence officers warned Congress this week that Russia is continuing its efforts to target the 2018 elections. This should come as no surprise: A few months ago, the Department of Homeland Security notified 21 states that hackers had targeted their election systems in 2016. Yet Congress still has not passed legislation to meaningfully address election cybersecurity. Time is running out. Lawmakers need to act immediately if we are to protect the 2018 and 2020 elections. … We believe there is a framework to secure our elections that can win bipartisan support, minimize costs to taxpayers and respect the constitutional balance between state and federal authorities in managing elections. In September, Mark Meadows (R-N.C.), who chairs the conservative House Freedom Caucus, introduced legislation that would help solve the problem with an elegantly simple fix: paper ballots.

National: Ill-Prepared and Underfunded, Election Officials Brace for More Cyberattacks | Governing

There’s a Catch-22 when it comes to whether Congress will address the issue of voting security in time for this year’s elections. On the one hand, the threat posed by Russian hackers has brought significant attention to the issue, leading to the introduction of several pieces of bipartisan legislation to boost the nation’s cybersecurity. But some congressional Republicans worry that raising the Russian threat could call into question the legitimacy of President Trump’s election, so they don’t want to touch it. … Academic researchers and hackers at last year’s DefCon hacking conference showed that voting machines can be penetrated easily, often within minutes. The exercise drew considerable attention, but Lawson emphasizes that the experiment’s results wouldn’t be replicated in real-world conditions. Most of the machines at the conference weren’t certified for use in the U.S., she says, while poll workers would have to be napping for hackers to open them up.

National: States to Get Classified Briefings on 2018 Election Threats | Bloomberg

With the threat of Russian interference continuing to loom over American elections, U.S. intelligence authorities are arming state officials with classified updates on risks to their electoral systems ahead of this year’s midterm races. Election officials from all 50 states will receive classified briefings on Friday and Sunday, the Office of the Director of National Intelligence said in a statement on Thursday. The Department of Homeland Security and the Federal Bureau of Investigation will join in the sessions. The meetings follow a Senate Intelligence Committee hearing on Tuesday, where Director of National Intelligence Dan Coats told lawmakers that this year’s elections were a “potential target” for Russian interference. But he acknowledged under questioning that “there’s no single agency in charge” of blocking such meddling even after Russia’s interference in the 2016 presidential campaign.

Minnesota: State pushes for tighter cyber security in wake of 2016 election | Brainerd Dispatch

State officials are making a concerted effort to revamp Minnesota’s defenses against cyber attacks—a preemptive initiative for the 2018 election season and beyond. Secretary of State Steve Simon made his annual 87-county tour of the state, stopping in Brainerd last week to tout new developments to the state’s cyber security systems. Under his guidance, the state has mobilized a cyber security team, hired consultants to analyze cyber security improvements and partnered with agencies, including the U.S. Department of Homeland Security, to address areas of weakness.

National: Democratic Task Force Outlines Voting Security Plan, With First Primary Just Weeks Away | WIRED

In recent weeks, intelligence officials have said clearly that Russia will likely meddle again in the 2018 midterm election season—which begins in Texas in less than three weeks. United States election systems, though, have not yet adequately improved defenses since the 2016 presidential election. On Wednesday, House Democrats outlined a last-ditch effort to step up security while there’s still some time. The Congressional Task Force on Election Security—which counts not a single Republican among its members—announced a findings report and new bill outlining a comprehensive plan for funding and enforcing minimum security standards for all US election systems. Three other election security bills have already been introduced, but neither the Senate nor the House has held an election security hearing so far. President Donald Trump’s continuing skepticism that Russia interfered in the 2016 election process has also slowed momentum.

National: Democrats propose $1.7 billion in grants for election security | The Hill

A Democratic congressional task force convened to study U.S. election security on Wednesday unveiled new legislation to help protect voting infrastructure from foreign interference. The legislation would authorize more than $1 billion in federal grants to help states replace outdated voting technology, train employees in cybersecurity and conduct audits of elections to ensure the accuracy of their result. It represents the latest push in Congress to address Russian interference in the 2016 presidential election through legislation and follows bipartisan efforts in the House and Senate to address election vulnerabilities and deter future foreign meddling.

National: State and local election infrastructure vulnerable to attacks ahead of midterm elections, Democrats warn in new report | ABC

State and local election systems remain vulnerable to outside attacks ahead of the upcoming midterm elections, House Democrats warned in a new report obtained by ABC News. The final report issued by the Congressional Task Force on Election Security, a Democratic working group formed last summer by House Minority Leader Nancy Pelosi, D-Calif., calls for increased federal resources to protect local and state election systems and replace aging infrastructure and new regulations to help election technology vendors to improve security. The House Democratic effort is being released after the nation’s top intelligence officials Tuesday warned in a Senate Intelligence Committee hearing that Russia is actively working to interfere in the 2018 elections.

Editorials: With Russia set to attack our elections again, Pennsylvania needs to replace aging voting machines so people can have faith in the vote | LNP

Last week, Pennsylvania Gov. Tom Wolf ordered counties planning to replace their electronic voting systems to purchase machines that provide a paper trail. Paper trails serve as a safeguard against hacking and make audits of the vote easier. But as The Associated Press noted, the governor’s “budget doesn’t include any money to fund the replacement of the state’s aging, increasingly vulnerable fleet” of voting machines. The AP reported that the Wolf administration “said in a statement later Friday that it’s working on a comprehensive overhaul of Pennsylvania’s election apparatus, including its voter registration database.” Russia meddled in the 2016 presidential elections, and it will try to do so again in this year’s congressional elections. That was the unanimous assessment delivered by our nation’s intelligence chiefs to a U.S. Senate Intelligence Committee hearing Tuesday. So Gov. Wolf is absolutely correct in seeking to protect our voting systems. Pennsylvania — the birthplace of American democracy — should lead the way in protecting the vote.

National: Federal vote-protection efforts lag ahead of first primaries | Associated Press

With the first primaries of the 2018 elections less than a month away, you might expect federal officials to be wrapping up efforts to safeguard the vote against expected Russian interference. You’d be wrong. Federal efforts to help states button down elections systems have crawled, hamstrung in part by wariness of federal meddling. Just 14 states and three local election agencies have so far asked for detailed vulnerability assessments offered by the Department of Homeland Security — and only five of the two-week examinations are complete. Illinois, for instance —one of two states where voter registration databases were breached in 2016 — requested an assessment in January and is still waiting. Primary voters go to the polls there March 20; state officials can’t say whether the assessment will happen beforehand. DHS says the assessments should be finished by mid-April.

National: As foreign hackers plot next attack, Washington struggles to shore up voting systems | Tribune News Service

Even as it is consumed by political fallout from Russia’s meddling in the 2016 election, Washington is still struggling to respond to what many officials see as an imminent national security threat: a network of voting systems alarmingly vulnerable to foreign attack. As hackers abroad plot increasingly brazen and sophisticated assaults, the United States’ creaky polling stations and outdated voter registration technology are not up to the task of fighting them off, according to elections officials and independent experts. Senior national security officials have repeatedly said that the U.S. should prepare for more foreign efforts to interfere with elections. On Tuesday, President Donald Trump’s top intelligence adviser warned a Senate committee that Russia is moving to build on its earlier efforts to interfere with U.S. elections, which included a sustained campaign of propaganda and the unleashing of cyberoperatives.

Editorials: Russians hacked the 2016 election. Looks like Republicans will let them do it again | Robin Kelly/Miami Herald

For more than a year, Americans, Congress and the world have discussed Russia’s attempts to influence our elections. However, some of their most dangerous and well-documented attacks against state-level voting systems have been a mere footnote. That needs to change, and change fast. Let’s start with the facts and when we learned them. In the summer of 2016, the FBI disclosed that Arizona’s and Illinois’ online voter registration databases had been successfully breached. Come September 2016, we learned that at least 20 states had been attacked. We now know that 21 states were attacked and/or breached: Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Illinois, Iowa, Maryland, Minnesota, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Texas, Virginia, Washington and Wisconsin.

Editorials: Ireland was ahead of the curve on hacking | Kathy Sheridan/The Irish Times

Opinion writers stand accused of undue negativity, so make way for a few heart-lifting positives. Well-thumbed physical election registers. Paper ballots. Stubby pencils. Interminable counts surveyed by gimlet-eyed tallymen and women. That’s our fabulously antiquated voting system and it stands up well. Last week, by contrast, Americans learned that the electronic voting systems of 21 states were targeted by Russian hackers in 2016 and some had been “actually successfully penetrated”, in the words of the US head of cybersecurity. The targeting may have been exploratory probes for system vulnerabilities to be exploited later, say experts, pointing to the crumbling US digital voting apparatus. In other words, the 2016 hackers could look like plankton compared with the shark attacks expected around the forthcoming mid-term elections, with their potential to rebalance power in America.

National: State Voting Systems Remain Vulnerable to Hackers Ahead of Midterm Elections, Report Reveals | Associated Press

With less than nine months until midterm elections, states still have a long way to go to protect their voting systems from security threats, according to a new report released Monday by the Center for American Progress. Following the nation’s 2016 elections, in which hackers targeted 21 states and breached Illinois’ voter registration system, states are racing against the clock to improve their election infrastructure. In 2017, Colorado became the first state to require risk-limiting post-election audits. Weeks ahead of its November elections, Virginia quickly switched from electronic voting machines to a paper ballot voting system. And many states are working hand in hand on the issue with the Department of Homeland Security or the National Guard. Still, no state received an A in Monday’s report, which evaluates how efficiently states (and D.C.) are protecting their elections from hacking and machine malfunction. Eleven states – including Alaska, Colorado, Connecticut, Maryland and New York– received a B, 23 states received a C and 17 states received a D or an F.

National: Homeland Security calls NBC report on election hacking ‘false’ | The Hill

The Department of Homeland Security on Monday pushed back against a recent NBC News report claiming that Russian hackers “successfully penetrated” U.S. voter roles before the 2016 elections, calling it misleading. “Recent NBC reporting has misrepresented facts and confused the public with regard to Department of Homeland Security and state and local government efforts to combat election hacking,” Jeanette Manfra, the department’s chief cybersecurity official, said in a statement. The article published by NBC last week drew on an exclusive interview with Manfra, during which she told the publication that U.S. officials observed “a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated.” 

National: Time’s Just About Up to Secure the 2018 Midterm Elections | WIRED

It’s been roughly two years since the first signs that Russia had launched an interference campaign aimed at the 2016 presidential race, and now the United States is hurtling toward a set of pivotal midterm elections in November. But while some states have made an earnest effort to secure the vote, the overall landscape looks troubling—and in some cases, it’s too late to fix it this year. While Russian meddling inspired many election officials to take cyberthreats seriously and double down on security, each state oversees its own elections process. In the limited window to make defense improvements before the midterms, regional officials can approach the risk in whatever way they see fit. As a result, some citizens will go to the polls in precincts and states that have audited their systems and plugged holes. Some will vote in places that have strong protections on digital election assets, like results-reporting websites and voter registration databases. Some will vote with paper ballots—that’s good—or on machines that automatically generate a paper backup. But election officials and security experts who have participated in or observed the scramble to improve defenses agree that most voters will encounter a mishmash, with some of these protections in place, and some still years away.

National: U.S. Spies, Seeking to Retrieve Cyberweapons, Paid Russian Peddling Trump Secrets | The New York Times

After months of secret negotiations, a shadowy Russian bilked American spies out of $100,000 last year, promising to deliver stolen National Security Agency cyberweapons in a deal that he insisted would also include compromising material on President Trump, according to American and European intelligence officials. The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing. Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.

Netherlands: How Dutch Spies Were Able To Outwit Russian Hackers | Fast Company

Since at least 2010, the Russian state-sponsored hacking group Cozy Bear has been implicated in cyber attacks around the world, penetrating networks belonging to the U.S. State Department, the Joint Chiefs of Staff, and the Democratic National Committee, and targeting other systems around the world from Norway to Brazil. Their targets have often seemingly struggled to keep up with the attacks–the Pentagon in 2015 reportedly took thousands of unclassified email accounts offline for at least 10 days to recover from a hack by the group, and Cozy Bear is said to have had access to DNC systems for about a year before being discovered. But recent reports reveal that the Russian group, believed to be tied to the Russian FSB–an intelligence bureau seen as today’s successor to the Soviet-era KGB–was itself the victim of a startlingly successful hack, carried out by a much smaller nation.

National: Russians penetrated U.S. voter systems, top U.S. official says | NBC

The U.S. official in charge of protecting American elections from hacking says the Russians successfully penetrated the voter registration rolls of several U.S. states prior to the 2016 presidential election. In an exclusive interview with NBC News, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, said she couldn’t talk about classified information publicly, but in 2016, “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated.” Jeh Johnson, who was DHS secretary during the Russian intrusions, said, “2016 was a wake-up call and now it’s incumbent upon states and the Feds to do something about it before our democracy is attacked again.” 

National: Cybertraining Election Officials For This Year’s Voting | NPR

If anyone knows how easily voting can be disrupted, it’s a county election supervisor in the state of Florida. That’s one reason several dozen of them gathered in Orlando recently to discuss ways to protect against the most recent threat — cyberattacks by Russia or others intent on disrupting U.S. elections. Marion County elections supervisor Wesley Wilcox said he realizes the threat has evolved far beyond the butterfly ballots and hanging chads that upended the 2000 presidential race. And even beyond the lone hacker. “It’s no longer the teenager in his basement eating Cheetos that’s trying to get into my system,” said Wilcox. “There are now nation states that are, in a coordinated effort, trying to do something.” CIA Director Mike Pompeo is the latest intelligence official to warn the Russians will likely try to interfere in this year’s elections, as they did in 2016. And Florida was among at least 21 states that intelligence agencies say had their election systems probed by Russian hackers during the last election cycle.

National: House Democrats demand election security hearings | Politico

House Democrats on Thursday urged the Judiciary Committee to hold “immediate hearings” on the cyber threats facing America’s electoral system. The gatherings are necessary because the Justice Department “appears to have taken little — if any — action to secure our election systems” in the wake of a 2016 digital meddling campaign that intelligence officials have pinned on Russia, said Democrats on the panel in a letter sent to Chairman Bob Goodlatte (R-Va.). The request is the latest in a string of Democratic actions meant to pressure Republicans on Moscow’s election meddling.

National: Senate Intelligence report on election vulnerabilities expected in March | The Hill

The Senate Intelligence Committee is preparing to issue a report on vulnerabilities in the U.S. election system — the first such product of the panel’s investigation into Russian meddling in the 2016 election. The Wall Street Journal reported Thursday that the intelligence committee is working on the report and hopes to complete it by March.  Even after it’s completed, however, the report will still need to be vetted to ensure that it does not put classified information at risk. Still, the committee hopes to release the document ahead of the 2018 midterm elections.  Sen. Richard Burr (R-N.C.), the chairman of the Senate Intelligence Committee, told the Journal that the report will “hopefully” be released before the primaries begin.

National: Tracking Shows Russian Meddling Efforts Evolving Ahead Of 2018 Midterms | NPR

Secretary of State Rex Tillerson sounded an alarm this week: The Russians are already meddling in the 2018 midterm elections. “The point is that if their intention is to interfere, they’re going to find ways to do that,” Tillerson told Fox News. “I think it’s important we just continue to say to Russia, look, you think we don’t see what you’re doing. We do see it, and you need to stop.”  A new poll shows that a clear majority of Americans believe Russia will try to meddle in the next U.S. election. But Tillerson also noted that Russia’s tactics for interfering in U.S. politics are constantly changing. A bipartisan effort is shedding new light on how Russian methods evolve.

National: DHS cyber chief: Russia ‘successfully penetrated’ some state voter rolls | The Hill

A U.S. cybersecurity official said Wednesday that Russia “successfully penetrated” the voter rolls in a small number of states in 2016. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security (DHS), told NBC News that Russia targeted 21 states and “an exceptionally small number of them were actually successfully penetrated.” DHS previously notified the 21 states that Russia had attempted to hack their elections systems before the 2016 election. It was Manfra who first revealed to the Senate Intelligence Committee last June that the states had their systems targeted by Russian hackers ahead of the election.

Editorials: Taking a strong stance to protect election integrity | Brad Schneider and Ileana Ros-Lehtinen/The Hill

By now, there is no disputing that Russia launched a targeted campaign on orders of Vladimir Putin to interfere in our most recent national elections. Our intelligence community agrees that Russia hacked political campaign committees and leaked stolen documents, used a sophisticated social media network of bots to spread misinformation and influence voters, and targeted dozens of state election systems for sensitive voter data, including in Illinois and Florida. This meddling is nothing short of a grievous attack aimed at the very foundation of our democratic system. As with any other attack by a hostile foreign government, Russia’s actions demand a serious response to hold our attackers accountable. The United States must take strong, corrective measures to protect the integrity of our elections and also deter any future attempts to interfere in our electoral process. This is a bipartisan concern, and indeed, a concern for all Americans. That is why we partnered together to introduce the House companion to a bill by Sens. Chris Van Hollen (D-Md.) and Marco Rubio (R-Fla.), the Defending Elections from Threats by Establishing Redlines (DETER) Act – H.R. 4884.

Editorials: Fighting hackers with vetted outsiders the best way to secure midterm elections | Mark Kuhr/The Hill

In the midterm elections set to take place later this year, all 435 seats in the house, 33 seats in the Senate and a number of local and state elections will be contested. Regardless of how the elections shake out, the most important factor in the election is the security of the process. If the past few years fraught with election hacking around the globe serve as an any indicator, we should be skeptical of what might happen. The voting process of the United States, and no doubt countries around the world, is inadequately equipped to defend against professional cyberattack attempts. Ethical hackers hacked a WINVote machine during the DEFCON conference last year in Las Vegas, and it took only a few minutes to hack into and tamper with votes and voter information. So, how do we go about protecting ourselves against these attacks and ensuring secure elections for the future? We should utilize hackers that have been vetted for trust and skill to test these critical assets in a controlled and managed environment.

Editorials: Secure elections protect our democracy | Martin Heinrich and Maggie Toulouse Oliver/Santa Fe New Mexican

Americans’ ability to fairly choose our own leaders is fundamental to our democracy. Given what we know about Russia’s interference in the 2016 presidential election, we must do everything we can at both the federal and state levels to protect the security and integrity of our election systems before voters go to the polls this year. While the Senate Intelligence Committee continues investigating the full extent of Russia’s interference in the 2016 election, American intelligence assessments have already established that Russia hacked presidential campaign accounts, launched cyberattacks against at least 21 state election systems and attacked a U.S. voting systems software company. Although there is no evidence that the Russian activity changed vote tallies on Election Day, these intrusions demonstrate a clear vulnerability that foreign hackers will try to exploit in upcoming elections.

Philippines: Hackers, a worldwide cybersecurity problem | Manila Bulletin

No government in the world today, not even the United States, is prepared to fight hackers, a cybersecurity expert declared at a forum on cybersecurity, PilipinasCon 2018, in Taguig City this week. Elections worldwide are being hacked. “Every single counting machine is hackable,” said cybersecurity expert Marc Goodman. At a recent underground hacking conference, he said, 25 different counting machines were broken into remotely and directly. Filipino hackers, he added, committed the biggest government data breach in history when they broke into the Comelec’s voter database and published it online in April, 2016, a month before the election that year.

National: 5 Ways Election Interference Could (And Probably Will) Worsen In 2018 And Beyond | NPR

If you thought 2016 was bad, just wait for the sequel. Russian election interference seeped into nearly every aspect of the political landscape two years ago, but many experts are wondering whether upcoming U.S. elections could be worse. “If we do nothing, if we let the mechanics of voting continue to deteriorate, then I am 100 percent sure that we are going to be attacked again in the fullness of time,” said J. Alex Halderman, a professor of computer science at the University of Michigan. “And it’s going to make 2016 look quaint by comparison.” … The actual nuts and bolts of how Americans vote are vulnerable for a number of reasons. Older computerized voting machines run older software, which makes them more exposed to potential vulnerabilities. In the case of many states that either use a completely digital or partially digital voting system, they’re ripe for hacking.

National: Can election security be fixed in time for the 2018 vote? | FCW

With cybersecurity, disinformation and foreign interference all having played a part in the 2016 elections, the clock is ticking for government to shore up security by Election Day 2018. But there are some efforts to better secure the digital aspects of elections underway from the Federal Election Commission, the Department of Homeland Security and on Capitol Hill, even as primary election dates draw near. … Katie Harbath, Facebook’s U.S. politics and government outreach manager, said that “regardless of legislation,” the social media site would be taking some “small steps” to make advertising more transparent, including making advertiser verify their identities, as well as labeling political ads and archiving them for four years. Meanwhile, Candice Hoke, who co-directs the Cleveland-Marshall College of Law’s Center for Cybersecurity and Privacy Protection, said that election systems themselves are at risk of digital interference.