National: How Elections Got So Vulnerable—and What We Can Do Now | Alejandro de la Garza/Time

America’s democracy is at risk from more than Russian Twitter trolls. Our voting systems, the information technology that undergirds our elections, are dangerously outdated and vulnerable to attack. And for Finnish data security expert Harri Hursti, the best defense we have might be counting paper ballots. We don’t have to count every vote by hand, he says — just enough to prove with a reasonable standard of certainty that the electronic results are valid. And for Hursti, who founded a string of companies before becoming involved in the area of election security, such a low-tech solution might be our best chance to protect the core mechanisms of our democracy. Hursti is the subject of the new HBO documentary Kill Chain: The Cyber War on America’s Elections, directed by Simon Ardizzone, Russell Michaels and Sarah Teale. The film, which premiered March 26, follows Hursti as he exposes the vulnerabilities of America’s election systems. Watching the doc and learning the extent of those weaknesses won’t necessarily help you sleep at night, but for activists and ethical hackers, the first step in fixing a system is showing that it was broken to begin with. Hursti spoke with TIME in advance of the film’s release, taking a deep look at the realities of American election security, psychological warfare and the information landscape in the age of coronavirus. The interview has been condensed and edited for clarity.

National: Unease at the Polls Over Election Integrity | George Leopold/EE Times

The polling place in the gym at Buzz Aldrin Elementary School in northern Virginia was humming like a well-oiled machine on Super Tuesday morning, March 3. Poll workers were efficiently checking in voters, briskly directing them to cardboard cubicles where citizens filled out paper ballots tallied by electronic vote scanners. I handed my drivers’ license to a poll worker who placed it in a holder while pulling up the county database on a tablet device to confirm my eligibility to vote in the 2020 Democratic presidential primary. “State your name and address,” she instructed. I was handed a ballot, directed to a tabletop voting “booth”, filled in the circle next to my choice, placed my ballot in the scanner that verified my vote had been duly recorded. Another poll worker handed me a be-flagged “I Voted” sticker and I was on my way. Exercising the franchise took all of ten minutes. Nothing to it. That is, if you live in the genteel suburbs of Washington, DC. Elsewhere, casting a vote can be an ordeal. Accurate votes counts are becoming more problematic. In many areas, touchscreen voting machines based on electronic pen technologies like “ballot marking devices” remain vulnerable. Recent legislation ostensibly designed to secure the 2020 presidential elections lack safeguards such as encryption, election security experts note.

National: It’s probably game over for more election security before November elections | Joseph Marks/The Washington Post

Lawmakers’ failure to impose any new security rules on state election officials in the $2.2 trillion coronavirus stimulus bill probably signals the end of any serious chance to pass significant election security changes before November. The bill includes $400 million to protect elections during the pandemic. But it doesn’t contain any requirements sought by Democrats that the money be used to expand voting by mail or early voting options. With the coronavirus spreading, several states delayed their primaries and there are worries that in-person voting may be compromised, too. But the coronavirus stimulus legislation is the third such no-strings attached cash infusion for election security since the 2016 contest was marred by a Russian hacking and disinformation operation. And with three strikes against them on efforts to mandate changes such as paper ballots, post-election audits and cybersecurity reviews, election security hawks are likely out — at least until after November. “This was the last chance for coordinated federal action to help secure the 2020 election and unfortunately Congress has once again blown its chance,” Alex Halderman, an election security expert and computer science professor at the University of Michigan, told me. “It’s not surprising, but it ought to be scandalous that we’ve gone four years without Congress passing election security legislation.”

National: New HBO documentary Kill Chain shows the cyberwar on America’s elections is very real | John Doyle/The Globe and Mail

As though we didn’t all have enough to make us anxious, a new documentary suggests that the interference in 2016 has been underestimated and that the 2020 election there is extremely vulnerable. It’s about the United States, not about us, but it isn’t necessary to explain why it all matters. Kill Chain: The Cyber War on America’s Elections (Thursday HBO/Crave 9 p.m.) is a chilling look at the security of election technology. “Everything is hackable” is the message from the main software expert in the program. He explains the how and why. Fifteen years ago he demonstrated how, to one local election authority, and did it for them. People were shocked. Not much changed. The documentary is dense with information but succeeds in making a tangled story about technology easily understood. At times it’s jam-packed with jargon and at other times it’s like an understated episode of Homeland. The main figure is one Harri Hursti, a Finnish-born computer programmer and one of the world’s leading experts on data security. (If you think the doc is riddled with paranoia, just look up Hursti and his qualifications.) He’s very even-tempered and calm but you could forgive him for being mad as hell. At issue is the U.S. voting system. It’s locally run, without national supervision of standards. In fact it’s haphazard and kind-of chaotic. That’s why certain parties were able to assert with strange confidence that not a single vote had been changed by outside forces in 2016. It’s so chaotic, it must be near-impossible to manipulate, right?

National: Hack the vote: terrifying film shows how vulnerable US elections are | Adrian Horton/The Guardian

Even as much of America grinds to a halt, coronavirus has yet to derail the date of the 2020 election. Which introduces a perhaps underestimated terror, as explained in one of the more deceptively scary documentaries to drop in recent weeks: the vulnerable voting machine. That seemingly benign piece of equipment – the hardware of American democracy – is, as several experts explain in HBO’s Kill Chain: The Cyber War on America’s Elections, nothing more than an obsolete computer. And these machines’ vulnerabilities to hacking are “terrifying”, Sarah Teale, co-director along with Simon Ardizzone and Russell Michaels, told the Guardian. America’s current election infrastructure is, as Kill Chain explains, a prescription for disaster – an outdated, willfully naive system no more prepared for attack than four years ago. Like After Truth: Disinformation and the Cost of Fake News, another HBO documentary which premiered last week and focused on the threat of disinformation on American democracy, Kill Chain re-examines foreign interference in the 2016 election with critical and scientific distance. The film follows the liabilities of the American democratic system even further than fake news, to its basic infrastructure: the machines in poll booths across the country, the very method through which votes are tallied, the databases in which voter data – name, address, eligibility – are stored.

Editorials: If coronavirus doesn’t end us, electronic voting just might | Robert Abele/Los Angeles Times

Though the November 2020 election has probably never felt farther away, it doesn’t mean we shouldn’t be thinking about how we’re going to protect its integrity and ensure that this vital aspect of democracy runs smoothly. Then again, considering what we’ve learned about Russian interference in 2016 and beyond, and how routinely voting issues crop up every cycle, what if America is already behind the eight ball on that front as well? That’s the scary scenario rolled out over 90 minutes in the HBO documentary “Kill Chain: The Cyber War on America’s Elections” from filmmakers Simon Ardizzone, Russell Michaels and Sarah Teale, which says that electronic voting is still woefully unsafe from bad actors, be they nations or loners. Distraction viewing, this admittedly isn’t. The trio behind “Kill Chain” have tackled this story before, in the 2006 documentary “Hacking Democracy,” which centered on vulnerabilities in the Diebold e-voting machines that had risen to prominence in the 2000 and 2004 elections. In that film, Finnish computer security expert Harri Hursti demonstrated how easy it was to get into a Diebold system to change votes. Diebold is no more — it was bought by another company, which was then subsumed by a bigger voting machine outfit — but Hursti is still around, his knowledge of election security problems even greater, so it’s not surprising that the filmmakers have made him their tour guide for the 2.0 version of their techno-cautious crusade. At the core of the movie’s warning is that an electronic voting machine is always penetrable — something most readily proved in a scene at the annual hacker convention Def Con, in which Hursti instructs assembled participants to try to sabotage the voting machines provided, which they then do. That the main companies behind these products are tight-lipped about their security, and breaches around the country are sometimes kept from the public, doesn’t inspire confidence.

National: Cybersecurity Experts Say Hacking Risk Is High for Mobile Voting | Kartikay Mehrotra/Bloomberg

While Senators Amy Klobuchar and Ron Wyden push to expand vote-by-mail programs, a small group of companies argue for an alternative, one they claim will boost voter participation nationwide: mobile voting. Jurisdictions in at least 15 states are planning to use mobile balloting in a limited capacity in 2020 to account for overseas voters and those with disabilities. Proponents of a digital electorate hope the coronavirus spurs adoption of their technology. The virus has provided an “opportunity,” says Bradley Tusk, chief executive officer of Tusk Holdings and a supporter of mobile voting: “People are being told by the government not to congregate, and that’s a pretty clear directive not to go vote.” Tusk, who says he hasn’t invested in any mobile voting companies, has spent “in the low seven figures” helping local governments cover the costs of adopting the systems. Massachusetts Institute of Technology doctoral student Michael Specter describes Tusk’s position as a “false dichotomy” that ignores postal ballots. He and his colleagues say mobile voting technology is unproven and opens the door to cyber risks. A mobile voting app called Voatz has already been used in federal, local, and partywide elections in Denver, Oregon, Utah, and West Virginia. In a paper published in March, cybersecurity research firm Trail of Bits discovered 79 flaws in the Voatz system, including one that allows someone armed with the proper credentials to alter votes. The paper, funded in part by Tusk and Voatz, expanded on findings published in February by Specter and his MIT colleague James Koppel.

National: U.S. Election Technology Remains Vulnerable | Ann R. Thryft/EE Times

The threat of interference with our election systems became a major issue following the 2016 election. Media coverage focused on social media influences by foreign nation-states and other bad actors, and on voting machine insecurities. Yet at least as far back as the 2000 election, cybersecurity experts were warning us that election system infrastructure is vulnerable to getting hacked. In 2018, the US federal government allocated $380 million in federal funding for states to begin improving cybersecurity. Most states have used some of this money to update their election systems and processes, according to a report by the U.S. Election Assistance Commission (EAC). But this is a huge job, because the attack surface in election systems is vast and complex, much more so than the those in both an IT network and an industrial control, or operational technology, network. In 2020, another $425 million was allocated to EAC to distribute for additional election security measures. That body is now telling states they can use those funds instead for disinfecting the polls due to the Covid-19 coronavirus. Meanwhile, there’s growing concern that Russia and other nation states will try to interfere in the 2020 presidential election. A new report by the Brennan Center for Justice found that Russia’s social media-driven election interference is both “more brazen” and more difficult to detect than it was in 2016.

National: ‘Election Software I Hacked In 2005 Is Still In Use’: Cyber Security Expert Harri Hursti On 2020 Presidential Election | CBS

The presidential election is less than eight months away and New York resident and cybersecurity expert Hari Hursti is already sounding the horn about potential issues with voting machines around the country. The computer hacker has been studying election interference and the problems with voting technology since the mid 2000s, and his new HBO documentary “Kill Chain: The Cyber Wars On America’s Election” demonstrates that not much has changed in the past decade. “If someone tried to explain to me everything I learned in the last 15 years, I wouldn’t believe them” said Hursti in an interview with CBS Local’s DJ Sixsmith. “The most frightening thing is that from 2006 to now, nothing changed. The actual software that I hacked in 2005 is still in use. Those machines are still in 20 states. They’re still around. Everything is so outdated and it is so hard to make people understand the reality that this needs to be fixed or things will be getting worse.”

Editorials: Preparing for November’s election must be a national priority | Dan Lips and Sean Roberts/The Hill

The coronavirus pandemic is testing our nation’s resolve and already disrupting our way of life. But we can’t afford to let it disrupt the November election. Six states have already postponed their primaries. More will likely follow in the weeks and months ahead. With a risk that the pandemic will continue through November, the hard work to plan for the election must begin now. The American people deserve a national bipartisan effort — including leadership from the policy and technology communities — to ensure the integrity and continuity of American democracy. The good news is that this important work was underway long before the pandemic. Since 2016, national and state leaders have prioritized strengthening the security and integrity of U.S. elections with bipartisan engagement from the Obama and Trump administrations. Congress has invested more than $800 million in new funding for state and local election systems over the past two years.

National: HBO’s ‘Kill Chain’ reveals scary reality: U.S. voting system under attack | Nadine Matthews/New York Amsterdam News

Is America’s voting process broken? Recent developments aren’t encouraging. For instance, in May of 2019 Sen. Kamala Harris along with twelve other senators, introduced the Protecting American Votes and Elections (PAVE) Act in the senate. It sought to mandate that states secure elections by use of a paper ballot and new cybersecurity standards for federal elections. Republicans, though, led by Senate Majority Leader Mitch McConnell, have proven to be better at blocking bills than Hakeem Olajuwon was at blocking shots; the PAVE Act was just one of five election security bills Republicans didn’t even allow to come to the floor. They also give no indication of allowing any such bill to the floor, even in the face of reports by U.S. Intelligence just last month that Russia is currently attempting to interfere with the 2020 elections. Harris and the other senators introduced the act after reports, from both Former FBI Head and Special Counsel Robert Mueller and members of the nation’s intelligence apparatus, found that Russia had, in fact, tried to influence the 2016 elections via electronic means, and continues to do so daily.

National: ‘We Need To Go To Paper Ballots’: Director Sarah Teale Talks 2020 Presidential Election Ahead Of HBO Doc ‘Kill Chain’ | CBS

The 2020 presidential election is less than eight months away and there are still major concerns about the country’s election technology. A new documentary from HBO called “Kill Chain: The Cyber War On America’s Elections” follows hacker and cyber security expert Harri Hursti as he travels around the world to expose the issues with America’s voting system. Director Sarah Teale has been following this issue since the mid 2000s and not much has changed since her first documentary “Hacking Democracy.” “We did the first film in 2005 and it came out in 2006. It got nominated for an Emmy and thought it would institute and awful lot of change and nothing changed,” said Teale in an interview with CBS Local’s DJ Sixsmith. “In 2016, here we were facing attacks from outside the US, which was very scary, and still wide open. Coronavirus presents its own particular challenge because potentially for the primaries, people are not going to be able to go to their local precinct. In a way, it’s quite good because it would lead to paper mail in ballots.”

National: Coronavirus pandemic makes U.S. more vulnerable to serious cyberattack, lawmakers warn | Joseph Marks/The Washington Post

The United States is increasingly vulnerable to a cyberattack targeting hospitals, food supplies or other vital functions during the coronavirus pandemic, lawmakers and experts say. They’re calling on the Trump administration to take bold action to keep adversaries at bay. Already during the outbreak, unidentified adversaries launched what appears to be an unsuccessful digital attack aimed at overwhelming computer networks at the Health and Human Services Department. A separate effort spread misleading claims that President Trump planned to impose a nationwide lockdown over text message, encrypted apps and social media platforms. “There are actors out there in cyberspace that think we’re vulnerable,” Rep. Mike Gallagher (R- Wis.), who co-chaired the recent Cyber Solarium Commission on the future of U.S. cybersecurity, told me. “At a minimum, we need to impose costs on whoever did this. We don’t want the signal to be that now is a good time to take advantage of the U.S.” The pandemic has heightened concerns among cyber hawks that the United States hasn’t done enough to deter digital attacks from adversaries such as Russia and China. And they worry a lack of serious consequences now could embolden adversaries to target vital services such as medical care or food supplies and cost people’s lives.

National: Elections amid coronavirus: How officials aim to keep voters safe | Alfred Ng/CNET

The coronavirus outbreak has put much of the US out of service, shutting down schools, stores and sports events for the foreseeable future. With several crucial primaries coming up in the US presidential race, election officials need to figure out how to get the vote out while handling a public health crisis. On Monday, we got a sign of just how fluid the situation is, as Ohio planned to postpone its primary, a day ahead of scheduled voting. Three other states — Arizona, Florida and Illinois — are forging ahead with their primaries Tuesday. It was just on Friday that election officials for those states issued a group statement saying they planned to keep the primaries going, despite the outbreak. Several of those states are considered battleground states for the presidency. “They voted during the Civil War. We’re going to vote,” Florida Gov. Ron DeSantis said at a press conference Friday. That was two days before the Centers for Disease Control and Prevention on Sunday urged against gatherings of more than 50 people throughout the next eight weeks. Then on Monday afternoon, President Donald Trump advised against gatherings of more than 10 people. At around the same time, Ohio Gov.Mike DeWine announced that he planned to postpone the state’s primary to June 2.

National: Coronavirus Putting US Cyber Vulnerabilities in the Crosshairs | Jeff Seldin/Voice of America

The race to slow the spread of the coronavirus in the United States is placing an unprecedented burden on the country’s cyber infrastructure, potentially making it as vulnerable as it has ever been. At issue are the U.S. government agencies, thousands of businesses and millions of Americans, who suddenly have been forced to telework and rely on the security of their internet connections and good cyber hygiene, to keep businesses and services running. The result, some officials warn, is an opening for anyone who would like to strike a virtual blow. “We’re mindful that our adversaries often see opportunity in situations like these,” a U.S. official told VOA on the condition of anonymity, given the sensitive nature of the subject. Both the FBI and private cybersecurity firms warn the assault is already well underway.  “We’re seeing a significant amount of threat in email, leveraging social engineering at scale to do a variety of attacks,” said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Some of the emails are designed to look like they are coming from legitimate agencies such as the U.S. Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO), using fear of the coronavirus to get a recipient to click on a malicious attachment or link.

National: Facing coronavirus pandemic, US confronts cyberattacks | Ali Dukakis, James Gordon Meek, Mike Levine, Luke Barr and Josh Margolin/ABC

The United States, already dealing with the coronavirus pandemic, is also being targeted for cyberattacks and foreign disinformation campaigns, as federal officials feared. Multiple sources confirmed to ABC News in recent days that both the efforts that slowed computer systems at the Health and Human Services Department Sunday night and the weekend rash of bogus text messages warning a national quarantine is imminent were the products of foreign actors or components of foreign governments or entities connected to them. “We are seeing multiple disinformation campaigns right now,” said one federal official briefed on the situation. The two types of cyber incidents are different, but both are aimed at sowing panic in the American population and feeding distrust in government, according to intelligence officials. Federal officials said the two most likely perpetrators are Russia and China, two nations with the sophistication, skill and desire to carry out such campaigns against the U.S. In the case of the HHS incident, officials said outsiders deployed automated users — called bots — to target the public-facing computer system. A source familiar with the investigation into the incident told ABC News that it is thought to be either a widespread campaign to scan HHS systems for vulnerabilities, or possibly a “clumsy” attempt to paralyze public online systems with a flood of visitors, something called distributed denial of service, or DDOS.

National: Election Assistance Commission hires cyber-savvy adviser to support 2020 efforts | Sean Lyngaas/CyberScoop

The U.S. Election Assistance Commission is hiring a senior policy adviser to bolster its cybersecurity work with election officials and voting equipment vendors ahead of the 2020 presidential vote. Maurice Turner is set to join the federal commission at the end of the month as a senior adviser to the executive director, supporting the EAC’s internal operations and programing. Externally, he says he can help the commission with an update to important guidelines for voting systems security, and in supporting states as they set up programs to find and fix software vulnerabilities. “I want election officials to expect that EAC is a place that they can go for this type of information,” Turner told CyberScoop. “Whether it’s about security standards or new methods for election administration.” Turner has spent the last two years working on election security at the nonprofit Center for Democracy & Technology. He was previously a fellow in the Senate advising the Homeland Security and Governmental Affairs Committee on cybersecurity issues.

National: Audit finds severe vulnerabilities in Voatz mobile voting app | Benjamin Freed/StateScoop

An extensive audit published Friday of Voatz, the mobile app that’s been used to collect live ballots from overseas voters in multiple states since early 2018, revealed 16 “severe” technical vulnerabilities. These include sensitive user data being exposed to the company’s developers and improper use of cryptographic algorithms, a blow to a company that has staked its reputation on its use of blockchain technology. The audit confirmed the findings revealed last month by researchers at the Massachusetts Institute of Technology who found, among other flaws, that Voatz’s use of third-party vendor to authenticate the identity of its users could compromise the anonymity of ballots the app collects. But unlike other reviews of Voatz’s technology, including the MIT study, the new audit, which was prepared by the cybersecurity firm Trail of Bits, was authorized by the company and Tusk Philanthropies, the venture capital-backed foundation that’s been promoting online voting by funding pilot uses of Voatz around the United States for nearly two years. Among the most glaring vulnerabilities Trail of Bits found was that Voatz had been storing authentication key passwords, which are required to release new versions of the app and could give an attacker an opening to masquerade as Voatz to distribute malware. Researchers also criticized Voatz for its reliance on unvalidated client data and weak security procedures, including a lack of insufficient continuous monitoring and risk-assessment plans. The audit’s executive summary chalks up Voatz’s flaws as a result of the company’s rush to get its app to market.

National: Our Full Report on the Voatz Mobile Voting Platform | Trail of Bits Blog

Voatz allows voters to cast their ballots from any geographic location on supported mobile devices. Its mobile voting platform is under increasing public scrutiny for security vulnerabilities that could potentially invalidate an election. The issues are serious enough to attract inquiries from the Department of Homeland Security and Congress. However, there has been no comprehensive security report to provide details of the Voatz vulnerabilities and recommendations for fixing them—until now. Trail of Bits has performed the first-ever “white-box” security assessment of the platform, with access to the Voatz Core Server and backend software. Our assessment confirmed the issues flagged in previous reports by MIT and others, discovered more, and made recommendations to fix issues and prevent bugs from compromising voting security. Trail of Bits was uniquely qualified for this assessment, employing industry-leading blockchain security, cryptographic, DARPA research, and reverse engineering teams, and having previously assessed other mobile blockchain voting platforms. Our security review resulted in seventy-nine (79) findings. A third of the findings are high severity, another third medium severity, and the remainder a combination of low, undetermined, and informational severity.

Read our Voatz security report and threat model for full details.

National: Hackers Attack Health and Human Services Computer System | David E. Sanger, Nicole Perlroth and Matthew Rosenberg/The New York Times

A crude effort by hackers to test the defenses of computer systems for the Department of Health and Human Services on Sunday evening escalated Monday, with administration officials saying they were investigating a significant increase in activity on the department’s cyberinfrastructure. But officials backed off earlier suggestions that a foreign power was behind the attack, coming as the nation and the world struggle to cope with the coronavirus. The incident appeared to be a particularly aggressive, if somewhat conventional, effort to scan the department’s networks for vulnerabilities, and perhaps to try to break into its email system. But while the effort set off alarms, given sensitivities around the work on the coronavirus, officials said they could not determine whether the action was the result of foreign actors or just hackers seizing on the moment to create chaos. The first reports came from White House officials, some of whom said that Iran may have been seeking revenge for American-led sanctions or for the U.S. drone strike in Iraq that killed Maj. Gen. Qassim Suleimani, the country’s most important military commander. While some officials embraced that view, cyberexperts who examined the incident said it was little different than the thousands of routine attempts that companies and government agencies fend off daily, as hackers and security researchers scan the internet for weak spots.

National: Election Assistance Commission hires cybersecurity expert to help states with 2020 infrastructure | Sean Lyngaas/CyberScoop

The federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election. Joshua Franklin will start in the coming weeks in a top cybersecurity position at the Election Assistance Commission, according to multiple people familiar with the matter. It is an effort by the EAC, a tiny agency with a big responsibility, to bolster the cybersecurity expertise it has on staff. Franklin, who spent six years as an engineer at the National Institute of Standards and Technology, is expected to protect EAC networks from hacking threats and support the commission’s cybersecurity work with state and local election officials. Franklin has been working as an election security advocate for years, drawing attention to the issue at hacking conferences. In 2018, Franklin presented research at DEF CON comparing the vulnerabilities in the websites of House and Senate candidates for the midterm elections. Franklin and others scanned the websites in their spare time and spent hours trying to contact administrators to fix them.

National: ‘Kill Chain’: HBO’s Election Security Doc Stresses Urgency | Lily Hay Newman/WIRED

In spite of documented Russian election meddling in the 2016 United States presidential election, and years of warnings from security researchers about insecure voting infrastructure, the US has moved slowly to improve its election defenses. Now a new documentary, Kill Chain, is attempting to lay out the urgency of taking action before it’s too late. Many of the problems and insecurities in voting systems across the United States are straightforward, yet it’s not easy to get voters—or lawmakers—to understand the risk or the path forward. That represents both a challenge and opportunity for Kill Chain, which like Netflix’s Cambridge Analytica documentary The Great Hack, tries to make an assortment of sometimes esoteric technical issues tangible and compelling. “It’s difficult material, which is why so many people don’t approach it and don’t cover it and don’t understand it,” filmmaker Sarah Teale tells WIRED. “That was definitely the hardest thing was to find the language of the film that made it make sense and made it some sort of a story.”

National: RSA Cryptographer Ronald Rivest Seeks Secure Elections the Low-Tech Way | Susan D’Agostino/Quanta Magazine

onald Rivest sports a white beard, smiles with his eyes and bestows his tech gifts on the people of the world. The Massachusetts Institute of Technology professor is the “R” in RSA, which means that he, along with Adi Shamir (the “S”) and Leonard Adleman (the “A”), gave us one of the first public key cryptosystems. It’s still common today: Nearly all internet-based commercial transactions rely on this algorithm, for which the trio was awarded the 2002 A.M. Turing Award, essentially the Nobel Prize of computing. In recent decades, Rivest has continued to work on making it computationally hard for adversaries to break a system, though he now focuses on ensuring that votes in democratic elections are cast as intended, collected as cast and tallied as collected. Elections, he has discovered, have stricter requirements than nearly any other security application, including internet-based commerce. Unlike online bank accounts and the customer names with which they are affiliated, ballots in an election must be stripped of voters’ names because of voting’s secrecy requirement. But the ballot box’s anonymity sets conditions for real or perceived tampering, which makes proving the accuracy of tallies important to voters, election officials and candidates. Another requirement is that voters can’t receive receipts verifying their candidate selections, lest the practice encourage vote selling or coercion. But without a receipt, voters might wonder if their votes were faithfully and accurately counted. It’s a tough problem to crack, and Rivest thinks the solution lies not with fancier computers, but with pen, paper and mathematics. “I mainly argue for some process by which we have confidence in our election results,” he said. “No one should say, ‘It’s right because the computer said so.’”

National: Government report offers guidelines to prevent nationwide cyber catastrophe | Maggie Miller/The Hill

A much-anticipated government report aimed at defending the nation against cyber threats in the years to come opens with a bleak preview of what could happen if critical systems were brought down. “The water in the Potomac still has that red tint from where the treatment plants upstream were hacked, their automated systems tricked into flushing out the wrong mix of chemicals,” the Cyberspace Solarium Commission wrote in the opening lines of its report. “By comparison, the water in the Lincoln Memorial Reflecting Pool has a purple glint to it. They’ve pumped out the floodwaters that covered Washington’s low-lying areas after the region’s reservoirs were hit in a cascade of sensor hacks,” it continues. So begins the report two years in the making from a congressionally mandated commission made up of lawmakers and top Trump administration officials, pointing to the vulnerabilities involved with critical systems being hooked up to the internet.

Illinois: Secretary of State can’t explain latest voter registration gaffe | Neal Earley/Chicago Sun-Times

In the latest gaffe in the state’s voter rolls, 1,151 Illinois residents were improperly classified as not registered to vote in next week’s primary before officials caught the mistake. State election officials sent out letters Monday to local election authorities, ahead of the March 17 primary, alerting them to the problem and telling them to allow the people mistakenly listed as not registered, to vote. All 1,151 people affected by the problem were attempting to apply for REAL ID, but a spokesman for Illinois Secretary of State Jesse White said he does not know what caused the error, saying it could have been any one of a number of problems. A spokesman for the Illinois State Board of Elections said he doesn’t think anyone who was mistakenly listed as not registered was inappropriately turned away during early voting, which began last week, since anyone not registered to vote has the option to do so on the spot and election judges are trained to tell people about that option. “This is our way of making sure that these folks got registered in time for the election,” said Matt Dietrich, board spokesman. Dietrich said the 87 local election authorities impacted by the error should work to make sure those wrongly classified as not registered are allowed to vote.

National: Trump administration officials brief Congress on election security | Olivia Gazis/CBS

Top law enforcement and intelligence community officials briefed members of Congress on election security in a pair of panels Tuesday afternoon, telling lawmakers they had “nothing to support” the notion that Russian President Vladimir Putin favored one candidate or another or had ordered actions on any given candidate’s behalf. They said the Russian government’s objective was to sow discord in U.S. political processes, sources said. Three sources familiar with Tuesday’s briefing said there were inconsistencies between the election security assessment delivered Tuesday and the one given to the House Intelligence Committee last month. It appeared to two sources familiar with both February’s and Tuesday’s briefings that the assessment delivered Tuesday was crafted to avoid saying the Russian government had established a preference for Mr. Trump, a conclusion that had been expressed by representatives from multiple intelligence agencies before that panel in February. Lawmakers were also briefed last month on Russia’s efforts to boost Democratic candidate Bernie Sanders’ campaign.  Separately, three sources also said the intelligence community has not yet furnished intelligence that members of both parties had requested in the February closed-door session that supported the assessment that the Russian government had developed a preference for President Trump.

North Carolina: Two ‘Russian’ Ransomware Attacks Take Down Durham North Carolina City And County Government Systems | Davey Winder/Forbes

The same Russian ransomware that is thought to have been responsible for the City of New Orleans state of emergency last year has now struck Durham City and the County of Durham in North Carolina. As 2019 wound down to an end, the City of New Orleans was hit by a ransomware attack, thought to be attributable to Ryuk. That attack was severe enough for Mayor LaToya Cantrell to declare a state of emergency. Now the City of Durham and Durham County, in North Carolina, have had to shut down networks after being hit by the same Russian ransomware. The City of Durham and Durham County Government IT systems were subject to a successful cyber-attack late Friday evening, March 6. Malware detection systems kicked in to provide immediate notification of the attack, and networks were closed down to prevent further spread. The incident was described as a cyber malware attack, or rather “two separate attacks” at a press conference held by officials Monday, March 9. Thomas Bonfield, Durham City manager, said that while the malware had “been contained ” and the city was in recovery mode, “most city networks and phones remain intentionally offline during the initial stages of the recovery process.” Bonfield said that the National Guard cybersecurity team was helping with the recovery effort. It should be noted, however, that critical public safety systems, including access to the 911 network, remained operational thanks to the emergency cyber-attack remediation process.

National: Election security: GAO warns of issues this year and chides federal security agency | Joe Davidson/The Washington Post

Just as the presidential primary season began, a government watchdog warned the Trump administration that it “urgently needed” to address problems with election security infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, was to have finalized plans by January to support states and localities with their election security operations. That did not happen, according to a Government Accountability Office (GAO) report. While noting that state election officials generally “were very satisfied with CISA’s election-related work,” the report said the agency “is not well-positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle” because it has not completed plans. As if to prove the point, shortly before the GAO findings were released in February, the Iowa caucuses ended in a debacle when a new app for reporting results failed, plunging the first contest of the season into disarray. Then, during Super Tuesday last week, voting machine malfunctions and other technical problems combined with higher than expected turnout, leaving some voters in Texas and California waiting hours to cast ballots.

National: Acting intelligence chief will not brief lawmakers on election security despite expectation he was coming | Alex Marquardt and Zachary Cohen/CNN

Acting Director of National Intelligence Richard Grenell said late Monday he will not be briefing lawmakers on Tuesday about election security despite being expected on Capitol Hill by members of Congress to be on the panel of the country’s most senior national security officials. Grenell had been due to appear alongside the other senior officials in a pair of classified briefings to all members of the House and Senate. A list of top agency officials obtained by CNN from two congressional sources and a person familiar with the plans listed Grenell alongside National Security Agency Director Gen. Paul Nakasone, FBI Director Christopher Wray and others. As of late Monday night, the list and guidance circulated to Congress had not changed. However, Grenell and the Office of the Director of National Intelligence denied that he would be briefing. Grenell’s office would not explain why his name was on the list sent around by multiple congressional offices, and did not respond to requests for comment until after CNN reported Grenell was expected to appear. In a message, Grenell told CNN the expectation was “fake info” and said the intention was always to send “experts.”

Illinois: State Board of Elections without IT chief Matt Eammons week before Illinois primary | Chuck Goudie, Barb Markoff and Ross Weidner/WLS

The ABC7 I-Team has learned that Matt Emmons, Illinois State Board of Elections IT director, has departed for a job in private industry. After authorities said the state’s voter registration database was breached by Russian attackers in 2016, resulting in the theft of several hundred thousand records, Emmons helped coordinate security operations before the midterm elections. “The most sophisticated threats we are facing are coming from outside the country,” Emmons told StateTech, an online government technology site, in 2018. “We consider the threat of nation-state actors and their near limitless resources the most threatening issue today. Most federal law enforcement agencies believe the foreign meddling with our election systems is going to continue.” Emmons explained that the first task after the breach was to ensure that there was no permanent hacking stake in the Illinois election system. “In the weeks and months after the attack, we worked with the FBI and DHS to confirm the attack was limited to the exfiltration of data,” Emmons said. Now Emmons is gone a week before the 2020 Illinois primary, having taken a position that is said to be in the insurance industry.