Philippines: Elections vulnerable to hacking – US expert | The Manila Times

The Philippine electoral system is vulnerable to cyberattack and the government may not be prepared for it, an American cybersecurity expert has warned. Marc Goodman, founder of the Future Crimes Institute and chairman of policy, law and ethics at Silicon Valley’s Singularity University, said governments around the world, particularly the Philippines, were woefully unprepared for threats brought by the automation. The capability of the government to protect its cyber assets was placed in doubt after the “biggest data breach in history” in March 2016, when the database of voters was hacked by the Anonymous group more than a month before the May 2016 national elections.

National: Intensified Cyber Security Will Inevitably Lead to Greater Federal Involvement in US Electoral Process | Intelligencer Post

The last US presidential election brought the vulnerabilities of election grids to the fore. During the elections and after the race had ended, reports began to flood Western media revealing the attempts by Russian government-connected actors to influence the US electoral system. This included hacking suppliers of software used in digital voting machines, along with organizing the infamous troll armies that conducted social engineering operations in the hopes of swaying voters. Signs of threat actors targeting election-related assets has persisted. In mid-December, local US media reported that personal details of over 19 million California voters ended up in the hands of hackers after being stolen from an insecure cloud server. Hackers who had penetrated the cloud had deleted all of the content and left a message on the account demanding ransom money in Bitcoin for its return. The database contained personal details of these individuals, including contact and voting precinct information. The technology used in elections has also been shown to contain serious vulnerabilities. At a recent DEF CON hackers conference in Las Vegas, participants were able to pull off a number of hacks on several commonly used voting machines, including gaining remote access.

National: States get policy help in securing the 2018 vote | GCN

Time is running out for state and local officials to secure their voting systems before the mid-term elections, but they may be getting some help from Capitol Hill, the Federal Election Commission and the Department of Homeland Security. FEC Vice Chairwoman Ellen Weintraub said her agency unanimously voted to update the 2006 rules governing political ad disclosure in time for the 2018 elections. “I believe we are going to be able to move this rulemaking forward in this election cycle,” she said at the 2018 State of the Net conference on Jan. 29. “We should be able to move quickly enough to get the new rules in place to at least require the information available about where the …  ads are coming from.”

National: Wanted: a firewall to protect U.S. elections | Harvard Gazette

As the FBI and Congress work to unravel Russia’s hacking of the 2016 presidential election and learn whether anyone in Donald Trump’s campaign supported the effort, one thing has become clear: U.S. elections are far more vulnerable to manipulation than was thought. A U.S. Department of Homeland Security warning and offer last year to help state election officials protect voter registration rolls, voting machines, and software from tampering was coolly received, perhaps out of skepticism or innate distrust of federal interference in a domain historically controlled by the states. Now, as federal and state officials are partnering to examine voting and election security, a new initiative at Harvard Kennedy School (HKS) is working to shore up another at-risk component of the U.S. election system: political campaigns.

National: Democrats press Gowdy to subpoena Homeland Security for election hacking documents | The Hill

Democratic lawmakers are pressing House Oversight and Government Reform Committee Chairman Trey Gowdy (R-S.C.) to subpoena the Department of Homeland Security (DHS) for documents related to Russia’s efforts to target state systems ahead of the 2016 presidential election. In a letter sent to Gowdy on Monday, the Democrats on the committee accused the Trump administration of withholding “critical information” from Congress on the targeting.  Homeland Security said last year that Russian hackers tried to probe election-related systems in 21 states. Most of the activity amounted to only preparations for hacking, such as scanning for vulnerabilities, though both Illinois and Arizona witnessed breaches of state voter registration databases. None of the systems targeted were involved in vote tallying, officials say.

National: States, Counties Seek Voting Tech Upgrades Amid Security Concerns | StateTech

With the 2016 presidential election bringing voting cybersecurity to the fore, many states and localities have been looking at innovative, technology-driven approaches to shore up voting machine security. There are growing concerns about the integrity of ballots nationwide following reports that hackers attempted to infiltrate voting machines in 21 states ahead of the 2016 presidential election. Those concerns are not unfounded, according to a 2017 report published by DEF CON, which unveiled the vulnerabilities of commonly used voting machines in the U.S. To address these weaknesses, several states are taking action to upgrade systems and ensure voting integrity for citizens everywhere. Rhode Island, for example, upgraded its systems to use a cellular connection with a double-encrypted signal that better protects against remote hacking. With worries of election hacking growing, more states are expected to follow suit to make cybersafety a priority at the polls.

National: Key House Democrat: U.S. ‘dramatically unprepared’ for potential 2018 election hacking | Philadelphia Inquirer

One of the leading voices in Democrats’ efforts to investigate Russian meddling in the 2016 election is coming to the University of Pennsylvania Monday with a warning. U.S. Rep. Adam Schiff, a Californian who serves as the top Democrat on the House intelligence committee, says the threat of foreign interference is being dangerously downplayed by President Trump, and fears that many states are not ready to combat potential hacking during the 2018 elections. Much of Pennsylvania, he said, could be vulnerable because of a lack of a paper trail for its voting machines, leaving no physical record of votes cast. The state was among 21 that Russian hackers targeted during the 2016 campaign.

Australia: Electoral Commission failed basic cyber-security requirements, misled public during 2016 federal election, audit finds | ABC

The Australian Electoral Commission (AEC) misled the public about the security of its data during the 2016 federal election and failed to ensure it had not been compromised, a damning audit has found. The National Audit Office has revealed the AEC did not comply with the Federal Government’s basic cyber-security requirements due to time restraints, and accepted the extra security risk. The audit also revealed the Government’s cyber-spy agency, the Australian Signals Directorate (ASD), warned the AEC it was unlikely to resolve its security weaknesses before the July 2 poll. For the first time, the AEC contracted a company to digitally scan and count all Senate votes and preferences. But just days before the election, a decision was made to manually cross-check all ballots to ensure accuracy.

Netherlands: Dutch Spied on Russian Group Tied to 2016 U.S. Election Hack | Bloomberg

The Dutch intelligence service passed on “crucial evidence” to the FBI about Russian interference in the 2016 U.S. presidential election, Dutch newspaper de Volkskrant reported Friday, citing the results of an investigation. Hackers from the Dutch intelligence service known as the AIVD gained access to the network of Russian hacking group “Cozy Bear” in the summer of 2014. While monitoring the group’s activities, the AIVD learned of attacks launched on the Democratic Party, according to six unidentified American and Dutch sources cited by the investigation. The information provided by the Dutch gave grounds for the FBI to start an investigation into the influence of Russian interference on the election race between Hillary Clinton and Donald Trump, according to the newspaper report based on a collaborative investigation with Eelco Bosch van Rosenthal, a journalist at Dutch news program Nieuwsuur. A spokeswoman for the AIVD declined to comment on the report when contacted by phone on Friday.

Kansas: Kris Kobach’s Office Leaks Last 4 Social Security Digits of Nearly Every Kansas Lawmaker and Thousands of State Employees, Including Kris Kobach | Gizmodo

This is starting to just get sad. Prior to receiving notice from Gizmodo this morning, Kris Kobach’s office was leaking sensitive information belonging to thousands of state employees, including himself and nearly every member of the Kansas state legislature. Along with a bevy of personal information contained in documents that, according to a statement on the website, was intended to be public, the Kansas Secretary of State’s website left exposed the last four digits of Social Security numbers (SSN4) belonging to numerous current and former candidates for office, as well as thousands—potentially tens of thousands—of high-ranking state employees at virtually ever Kansas government agency.

Indiana: Election security bill passes Senate committee | The Statehouse File

County election boards that beef up security around voting equipment and elections will be able to seek reimbursement for their expenses under a bill approved by a state Senate committee Monday. Senate Bill 327 requires counties to make sure their voting systems follow new security procedures and allows county election boards to apply to the Indiana Secretary of State for full or partial compensation of any resources or staff implemented to meet the new standards. However, it does not say where the money is coming from. The bill passed with a unanimous 8-0 vote and was referred to the Appropriations Committee for review of possible funding sources as the result of an approved amendment.

Kansas: Election chief tries to reassure lawmakers on security of Crosscheck voter database | Lawrence Journal-World

The director of the state’s elections division tried to reassure Kansas lawmakers Wednesday that steps are being taken to ensure the security of a multistate database of voting rolls known as Interstate Crosscheck that is administered by the secretary of state’s office. Bryan Caskey, who runs the elections office under Kansas Secretary of State Kris Kobach, told the House Committee on Government, Technology and Security that the system currently is not accepting any new data, either from Kansas or any of the other 27 states that participate in the program, and it won’t be reactivated until new security procedures have been tested and verified.

National: Mueller adds veteran cyber prosecutor to special-counsel team | The Washington Post

Special counsel Robert S. Mueller III has added a veteran cyber prosecutor to his team, filling what has long been a gap in expertise and potentially signaling a recent focus on computer crimes. Ryan K. Dickey was assigned to Mueller’s team in early November from the Justice Department’s computer crime and intellectual-property section, said a spokesman for the special counsel’s office. He joined 16 other lawyers who are highly respected by their peers but who have come under fire from Republicans wary of some of their political contributions to Democrats.

National: Election security hearing sought by Democrats | Washington Times

Democratic members of the House Science Committee have called on the panel’s Republican leadership to hold another hearing on security issues related to the nation’s election infrastructure. Texas Rep. Eddie Bernice Johnson and Virginia Rep. Donald Beyer requested the hearing in a letter sent Wednesday to Texas Rep. Lamar Smith and Illinois Rep. Darin LaHood —the Republican chairs of the House panel and its oversight subcommittee, respectively — citing lingering concerns raised in the wake of Russia’s alleged interference in the 2016 U.S. presidential race. “We believe it is our obligation as Members of the Science Committee to examine concerns regarding the cybersecurity of our election infrastructure as well as efforts to identify foreign covert influence operations against U.S. citizens and our democratic institutions that are likely to reemerge as a major issue in the 2018 and 2020 elections,” the Democrats wrote.

National: Russian hackers who compromised DNC are targeting the Senate, company says | The Washington Post

The Russian hackers who stole emails from the Democratic National Committee as part of a campaign to interfere in the 2016 election have been trying to steal information from the U.S. Senate, according to a report published Friday by a computer security firm. Beginning in June, the hackers set up websites meant to look like an email system available only to people using the Senate’s internal computer network, said the report by Trend Micro. The sites were designed to trick people into divulging their personal credentials, such as usernames and passwords. The Associated Press was first to write about the report. These “spear phishing” techniques are frequently used by the Russian group, which the company dubs Pawn Storm, to read or copy emails or other private documents.

National: Russia-linked hackers targeting US Senate | The Hill

Russian hackers from the group known as “Fancy Bear” are targeting the U.S. Senate with a new espionage campaign, according to cybersecurity firm Trend Micro. The Tokyo-based cybersecurity group tells The Hill that it has discovered a chain of suspicious-looking websites set up to look like the U.S. Senate’s internal email system, and learned that the sites were being operated as part of an email-harvesting operation. The websites were reportedly set up by Fancy Bear, a group linked to Russia’s military intelligence agency, the GRU. The group has been implicated in the hack of the Democratic National Committee ahead of the 2016 presidential election. The Associated Press first reported Trend Micro’s findings.

Canada: Could Canada fall prey to an election cyberattack? | Macleans

As the potential for cyberattacks to undermine the democratic process becomes alarmingly clear, Canadians can take some comfort in the fact that national elections in this country are still conducted the old-fashioned way. Canada is not immune to cybermischief aimed at suppressing the number of people who vote or manipulating how they vote. But once ballots are cast, not even the most sophisticated cyberattack could tamper with the results. That’s because Canada still relies on paper ballots, hand-marked by voters and hand-counted by officials in some 25,000 different polling stations across the country, under the watchful eye of scrutineers from each of the major political parties.

Sweden: Prime Minister raises alarm on election meddling | EUObserver

Sweden aims to create a new public body to protect its upcoming election from Russian and other propaganda. “It is now less than eight months left to the finest day in Sweden’s democratic life, our election day … [and] only Swedish voters will determine the outcome,” Swedish prime minister Stefan Loefven said at a security conference in Stockholm on Sunday (14 January). “To the one or those who are considering trying to influence … our country: stay away!”, he said. Loefven said the main threat came from Russia, but he added that “we can not rule out that there may be others” who would try to influence the Swedish vote on 9 September.

National: Cybersecurity firm: US Senate in Russian hackers’ crosshairs | Associated Press

The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday. The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America’s political elite. “They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . “They are looking for information they might leak later.” The Senate Sergeant at Arms office, which is responsible for the upper house’s security, declined to comment.

National: Elections: Another unsecured enterprise application? | GCN

As hackers become more sophisticated, state and local election officials must ramp up their IT expertise to protect registration data and elections results. “Elections offices have become IT offices that happen to run elections,” Jeremy Epstein, deputy division director of the National Science Foundation’s Division of Computer and Network Systems said at the Jan. 10 Election Assistance Summit. “We need to be focused on detection and recovery.” When Rhode Island Secretary of State Nellie Gorbea was appointed in January 2015, she made election security a priority by growing her IT department by 40 percent to deal with increasing threats. She also worked with legislative leadership to get more funding to replace old election equipment.

National: DHS Official On Russian Hacking: ‘A National Security Issue’ | NPR

President Trump has shown little interest in fighting the threat of Russians hacking U.S. elections. He’s shown a lot of interest in fighting voter fraud, something he insists — without evidence — is widespread. Parts of his administration are doing just the opposite. Bob Kolasky, an acting deputy undersecretary at the Department of Homeland Security (DHS), told a group of election officials gathered in Washington, D.C., this week that the threat of Russian hacking in future elections is “a national security issue.” “We have seen no evidence that the Russian government has changed its intent or changed its capability to cause duress to our election system. That may not be the only concern we have in the future,” Kolasky said, adding that another nation-state or bad actor could also attempt to interfere in U.S. voting.

National: 3 ways DHS is helping states with election security | FCW

A Department of Homeland Security official said the federal government is substantially more prepared to deal with a nation-state attack on election systems today than it was in the lead-up to the 2016 election. In a Jan. 10 speech to the Election Assistance Commission in Washington D.C., Bob Kolasky, acting deputy under secretary for the National Protection and Programs Directorate, said the department has worked to expand its communication and outreach to state and local governments, which are primarily responsible for administering elections. “The Department of Homeland Security is in a much better position to work with our interagency partners and the election community to respond to any lingering threats that emerge going forward,” he said.

Ohio: Lawmaker Prepares to Introduce Elections Cybersecurity Bills | Government Technology

State Rep. Kathleen Clyde, a Democratic candidate for Ohio secretary of state, said Wednesday she’s preparing to introduce a pair of bills designed to safeguard the state’s elections against cyberattacks. Clyde spoke about the bills at the Ohio Association of Elections Officials annual conference in Columbus. She was motivated to draft the legislation after it was reported that Russia attempted to interfere in the presidential election in 2016. “Many believe that this problem will only continue and we need to make sure that we are preparing for any attempts to hack our voting systems,” Clyde said in a phone interview prior to the conference. Unless Clyde is able to get Republican sponsors, her bill is unlikely to get through the GOP-dominated Ohio state legislature.

Canada: Paper ballots protect against hacks, but other election cyberthreats loom | CP24

As the potential for cyberattacks to undermine the democratic process becomes alarmingly clear, Canadians can take some comfort in the fact that national elections in this country are still conducted the old-fashioned way. Canada is not immune to cybermischief aimed at suppressing the number of people who vote or manipulating how they vote. But once ballots are cast, not even the most sophisticated cyberattack could tamper with the results. That’s because Canada still relies on paper ballots, hand-marked by voters and hand-counted by officials in some 25,000 different polling stations across the country, under the watchful eye of scrutineers from each of the major political parties. “It’s highly decentralized and it’s paper-based so documents can be verified easily afterwards,” says Marc Mayrand, Canada’s chief electoral officer until his retirement just over a year ago.

National: Intelligence Committee preps election security plan | USA Today

The top Democrat on the Senate Intelligence Committee said the panel will soon issue recommendations to help states thwart Russian efforts to hack election systems in advance of congressional primaries that begin in March. Sen. Mark Warner of Virginia, who serves as vice chairman, said the committee could release its plan this month or next. The first congressional primary is less than two months away — March 6 in Texas.  “I do think there’s a real sense of urgency,” Warner said in an interview with USA TODAY. “The one thing we do know with certainty is that Russian interference in our elections did not end on Election Day 2016.” Chairman Richard Burr, R-N.C., also has indicated that he expects the committee to provide security advice to states early this year.

National: World grapples with critical computer flaws | The Hill

The technology industry and organizations worldwide are reeling from the disclosure of two critical computer hardware vulnerabilities that affect scores of modern devices from PCs to smartphones. Details about the computer processor flaws nicknamed “Meltdown” and “Spectre” came into full focus over the past week and sent programmers at major software companies racing to quickly issue patches to protect affected systems. The issue was initially believed to only affect Intel processors but actually affects a variety of chip vendors. Intel’s stock dropped Thursday as a result of the revelations.

National: New bill could finally get rid of paperless voting machines | Ars Technica

A bipartisan group of six senators has introduced legislation that would take a huge step toward securing elections in the United States. Called the Secure Elections Act, the bill aims to eliminate insecure paperless voting machines from American elections while promoting routine audits that would dramatically reduce the danger of interference from foreign governments. The legislation comes on the heels of the contentious 2016 election. Post-election investigation hasn’t turned up any evidence that foreign governments actually altered any votes. However, we do know that Russians were probing American voting systems ahead of the 2016 election, laying groundwork for what could have become a direct attack on American democracy. “With the 2018 elections just around the corner, Russia will be back to interfere again,” said co-sponsor Sen. Kamala Harris (D-Calif.). So a group of senators led by James Lankford (R-Okla.) wants to shore up the security of American voting systems ahead of the 2018 and 2020 elections. And the senators have focused on two major changes that have broad support from voting security experts.

Editorials: Long wait for federal help to secure the 2018 election | San Francisco Chronicle

One of the most pressing questions ahead of the 2018 elections is whether the states will be able to guard their voting infrastructure from computer hackers, foreign espionage and other security breaches. Unfortunately, many states may not have enough time to get the assistance they need. State officials and some congressional lawmakers are deeply concerned about long wait times for the Department of Homeland Security’s most thorough security screening. Some states are reporting estimated wait times of up to nine months. The service is an intensive, multiweek probe of the entire system required to run an election. If some of the states that have requested it won’t be able to get it until just weeks before this November’s elections, they won’t be able to fix flaws that could allow cybervandals to hijack everything from election offices’ computer systems to voter registration databases.

Czech Republic: Cyber security office to assist in presidential election | Prague Monitor

The Czech cyber and information security office (NUKIB) seated in Brno will operate in an emergency mode during the January 12-13 presidential election, with up to 25 experts ready to ward off any cyber attack, which may happen, NUKIB spokesman Radek Holy told CTK on Thursday. A hacker attack in the wake of the October general election caused drop-outs of the election websites of the Czech Statistical Office (CSU). It is being investigated by the police. NUKIB has been operating since the summer of 2017 with the aim of providing support in case of cyber attacks.