Italy: Hacking attacks: a pre-election setback for Italy’s 5-Star Movement | Reuters

Hacking attacks on the web platform used by Italy’s 5-Star Movement to select representatives and shape policy threaten to dent confidence in its methods before a parliamentary election it is well placed to win. Internet-based direct democracy, in which members vote online, is a hallmark of the anti-establishment group that first entered parliament in 2013 and leads many opinion polls before the election, due to be held by May. Gianroberto Casaleggio, the late internet guru who co-founded 5-Star in 2009, believed the web would eventually supplant representative democracy, the system under which all eligible citizens vote on representatives to pass laws for them. But in August anonymous hackers broke into 5-Star’s web platform, called “Rousseau” after the 18th century Swiss-born philosopher, and obtained secret data on its members and donors.

Colorado: Denver Elections Director & CIO Share Advice to Secure Elections | EfficientGov

Amber McReynolds, director of elections in Denver and Scott Cardenas, chief information officer for the city and county of Denver, attributed the centralization of the city’s IT services as one of the most important factors securing Denver elections. Over the past nine years, centralization and collaboration have increased expertise in elections from one person to five, according to GCN.com. “We can have year-round conversations on the expectations and needs, so by the time that election night rolls around we can have a fairly smooth process,” Cardenas, who oversees more than 50 local agencies, said during an October 4th cybersecurity roundtable hosted and moderated by U.S. Election Assistance Commission.

Virginia: State Officials Working to Maintain Voting Integrity Following Russian Hack Attempt | WVTF

As voters begin casting absentee ballots in Election 2017, new details are emerging about the role Russia played in Virginia’s election last year. About a year ago, leaders at the Department of Elections noticed something odd — the equivalent of a burglar checking the locks on the doors to its website. “There were IP addresses traced back to Russia that scanned our public-facing websites.” That’s Edgardo Cortes at the Virginia Department of Elections.

National: DHS Creates Task Force To Bolster Election Security | Defense Daily Network

The Department of Homeland Security is upping its game to help state and local officials with strengthening the security of their election systems through the creation of a new task force, according to a senior department official. Last week the DHS National Protection and Programs Directorate established an election task force that includes members from the different departments components, including the Office of Intelligence and Analysis, to work with state and local governments to help them protect their election systems, Christopher Krebs, the acting undersecretary of the NPPD, on Tuesday told the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection. Prior to the creation of the task force, the Office of Infrastructure Protection within NPPD was in charge of working with state and local governments to provide any help they needed with their election systems. Krebs said that elevating this role to a task force is comes down to “matching my words with our execution,” adding that the entity is being resourced “appropriately.”

Illinois: Sen. Michael E. Hastings works to make sure Illinois meets challenges of the 21st century | Chicago Tribune

State Senator Michael E. Hastings (D-Tinley Park) is proud to announce the state of Illinois will be observing National Cybersecurity Awareness Month throughout October. “National Cybersecurity Awareness Month is a good opportunity for Illinois residents to educate themselves on new laws and scams to protect their personal information,” Hastings said. “There are a number of resources available and new laws that will help us meet the technological challenges of the 21st century.” … The 2016 presidential elections were plagued with nationwide security breaches to 21 states’ online voting systems, including Illinois’ voter registration database. Last week, Hastings announced. Homeland Security confirmed Russian hackers were behind the breach.

National: DHS is standing by its initial assessment that 21 states were targeted | HuffPost

Top election officials in two states say the Department of Homeland Security gave them faulty information last week when it said Russian hackers scanned their election systems last year. The accusations underscore the persistent barriers in information sharing as the federal government and states try to respond to hacking in last year’s election. DHS informed election officials in 21 states on Friday that Russian hackers had tried to access voter information, the first time many states found out they had been targeted. DHS has faced criticism for being slow to share information with states. Now election officials in Wisconsin and California say DHS has provided them with additional information showing that Russian hackers actually scanned networks at other state agencies unconnected to voter data. In Wisconsin, DHS told officials on Tuesday that hackers had scanned an IP address belonging to the Department of Workforce Development, not the Wisconsin Elections Commission. … Scott McConnell, a DHS spokesman, said in a statement the agency stood by its assessment that 21 states were targeted by Russian hackers last year. He suggested hackers still could have targeted election records, even if they did not target the IP addresses of the state’s election body.

National: Trump administration furthers states’ frustration over election hacking | CNN

Tension between state election officials and the Trump administration is only growing after two states say they were misinformed by the Department of Homeland Security about Russian government-linked hacking, further prolonging a months-long dispute over delayed information from the federal government. California and Wisconsin say DHS was incorrect in its initial assessment that their states’ systems connected to election administration were targeted by Russian hackers. The latest flap started September 22, when the Department of Homeland Security sought to notify state election officials on whether their states were among those targeted during last year’s presidential election. DHS previously said that 21 states’ election-related systems had been targeted — but had never said which ones were on the list. By Wednesday, DHS had to revise its alerts to both California and Wisconsin.

Wisconsin: Authorities didn’t tell Wisconsin about Russian hacking for a year | Milwaukee Journal Sentinel

Wisconsin officials for a year were not told about specific attempts by the Russian government to gain access to the state’s voter registration database, the leaders of the state Elections Commission said Friday. Friday’s statement from the commission comes after a week of conflicting reports about what Russian agents attempted to do and when state and federal officials knew about it. Wisconsin systems were targeted in July and August 2016. Wisconsin officials were aware of the attempts but not that Russian government actors were behind them, according to Friday’s statement and public records. In one of the incidents, the attack was targeted at a different state agency, not the Elections Commission.

Wisconsin: State has made progress heading off hackers but more could be done | Milwaukee Journal Sentinel

Russian hacking attempts grabbed headlines this week, but they weren’t the Wisconsin elections agency’s first cyber attack with an international flavor. For a day in August 2011, an older version of the state’s elections website and several other state sites were knocked out of commission by a cyber vandal. The elections site had its homepage plastered with the phrase “hacked by sovalye” — a phrase that appeared to refer to the Turkish word for “knight.” Since then, the state government as a whole has gotten more serious about protecting itself from internet attacks — efforts that may have paid off last year amid Russian attempts to influence, or undermine confidence in, the November elections. 

National: Obama DHS officials pitch election cybersecurity fixes to Congress | The Hill

Former high-level Obama administration officials appeared before congressional Democrats on Thursday to offer suggestions on how to secure future elections from cyber threats. Jeh Johnson, the former secretary of Homeland Security, and Suzanne Spaulding, a former high-level cybersecurity official at the Department of Homeland Security (DHS), faced a myriad of questions from lawmakers about what Congress can do to help states shore up the cybersecurity of their election systems. The meeting took place less than a week after Homeland Security officials notified 21 states of evidence that Russian actors targeted their networks ahead of the 2016 election. Among their recommendations, Spaulding encouraged lawmakers to provide more resources to states for cybersecurity, suggesting that the money could be allocated through a grant program that also mandates a full assessment of their systems.

Virginia: Learning 2016’s Lessons, Virginia Prepares Election Cyberdefenses | NPR

This fall’s statewide elections in Virginia and New Jersey are the first big test of security measures taken in response to last year’s attempts by Russia to meddle with the nation’s voting system. Virginia was among 21 states whose systems were targeted by Russian hackers last year for possible cyberattacks. While officials say the hackers scanned the state’s public website and online voter registration system for vulnerabilities and there’s no sign they gained access, state authorities have been shoring up the security of their election systems. One of the most drastic steps was a decision by the Virginia Board of Elections earlier this month to order 22 counties and towns to adopt all new paper-backed voting machines before November. The board decided that the paperless electronic equipment they had been using was vulnerable to attack and should be replaced.

Wisconsin: Variety of intelligence points to Wisconsin elections threat | Associated Press

A variety of intelligence gathered by the U.S. Department of Homeland Security, including some that is secret, led to the conclusion that Wisconsin’s elections system had been targeted last year by Russia, state election leaders said Friday. Elections officials repeated, as they said last week, there’s no evidence that Wisconsin’s elections systems were compromised or that Russian scans of state websites resulted in a security breach. “These scanning attempts were unremarkable, except for the fact that (the U.S. Department of Homeland Security) later identified their source as being Russian government cyber actors,” said Michael Haas, the state’s elections administrator, and Mark Thomsen, chairman of the Wisconsin Elections Commission, in a joint statement. The commission’s update Friday was the latest effort to explain fully what happened with the reported Russian run at Wisconsin’s systems, and the first to cite intelligence as a foundation for the federal report.

National: Former DHS chief feared catastrophic attack on election systems | FCW

Russian interference in U.S. institutions reaches further than the interference in the election infrastructure in 2016 and requires a strong strategy to counter a sustained effort by that country to undermine the integrity of the vote, former DHS leaders told a congressional task force. Russian probes and alleged attempted hacks of state election systems in the last election are “a wake up call” for upcoming state and congressional elections in 2018, former Secretary of Homeland Security Jeh Johnson told House Democrats on the Election Security Task Force in a Sept. 28 public meeting. House Democrats created the Election Security Task Force in June to study ways to keep Russian interference out of 2018 elections. While Johnson told the panel that he found no evidence that Russian probes of state systems, including voter registration systems, altered ballots or election results, he said those efforts “exposed cyber vulnerabilities.”

National: Homeland Security Clarifying State Election Hacking Attempts | NECN

The Department of Homeland Security has notified two states that Russian hackers attempted to scan networks other than their election systems in the run-up to the 2016 presidential election, contrary to details provided last week. On Wednesday, California became the second state — after Wisconsin — to receive the clarification. California Secretary of State Alex Padilla said in a statement that homeland security officials told him the scanning activity took place on the state technology department’s network and not on the Secretary of State website, as the state was told last week. “Our notification from DHS last Friday was not only a year late, it also turned out to be bad information,” Padilla said in a statement. He said the public and officials who oversee elections “deserve timely and accurate information” from Homeland Security

Iowa: Secretary of State seeks upgrades to battle attempted hackers | Des Moines Register

Iowa Secretary of State Paul Pate says the integrity of the state’s elections system remains intact, although he acknowledges it’s been repeatedly attacked by outsiders who have included would-be hackers from Russia. “On a regular basis, we have bad actors who attempt to breach our system. Hundreds of thousands every single day … and we deflect them so that they are not successful,” Pate said. “To be a hacker, they have to actually get into the system. We have not been hacked. The Russians have not hacked us.” But Pate, a Republican who is Iowa’s chief elections official, confirmed to The Des Moines Register this week that he intends to ask the Iowa Legislature in 2018 for additional money for technology upgrades to the state’s elections system. The cost won’t be in the millions of dollars, but it will be significant, he added. “We have to stay ahead of the curve here. We need to make sure we are head of the bad guys before they come,” Pate said.

North Carolina: New York Times story on Russian election hacking peeves North Carolina officials | The Washington Post

The New York Times never reported that election systems in Durham, N.C., had succumbed to Russian hacking. In fact, the story indicated straight-up that “no clear-cut evidence of digital sabotage has emerged, much less a Russian role in it.” Even so, the Sept. 2 front-page story by Nicole Perlroth, Michael Wines and Matthew Rosenberg did quote an election “troubleshooter” as saying something suspicious regarding irregularities on Election Day in Durham: “It felt like tampering, or some kind of cyberattack,” Susan Greenhalgh told the newspaper. There were indeed difficulties, as laid out in the lede of the story by Perlroth, et al. So-called e-poll books — essentially digital rolls that guide voting-day check-ins — malfunctioned, resulting in potential voters leaving in frustration or standing in line, annoyed. The state’s vendor for e-poll books was VR Systems, a Florida company that was targeted by Russian state hackers, according to a leaked document from the National Security Agency. Many accounts have concluded that VR Systems was “successfully infiltrated,” though the company disputes the characterizations. “Absolutely we deny it,” says VR Systems’s Ben Martin.

National: Democratic election task force to hear from Obama Homeland Security chief | The Hill

A task force of congressional Democrats is slated to meet with an Obama-era Homeland Security secretary this week as part of an ongoing effort to address cyber threats to election infrastructure. The election security task force announced that it will host a public forum on Thursday featuring Jeh Johnson, who led the Department of Homeland Security (DHS) under the Obama administration. News of the forum comes days after the DHS notified nearly two dozen states that they were targeted by Russian hackers ahead of the 2016 presidential election. It was Johnson who was responsible for engaging with state-level officials on cybersecurity ahead of the election last year. The department offered voluntary cybersecurity assistance to states to shore up their systems ahead of the vote.

California: San Luis Obispo County voting won’t change due to cyber security | The Tribune

Citing concerns about election cyber security, San Luis Obispo County Clerk-Recorder Tommy Gong has decided to keep neighborhood polling places with an option to vote by mail in 2018, opting out of a state test of an all-vote-by-mail system. Gong said the new model that also would have included a handful of voting centers to be open for multiple days — and expected to increase voter participation and save money — may be implemented for the presidential primaries in March 2020. Gov. Jerry Brown signed the bill to modernize California elections a year ago. Fourteen counties, including San Luis Obispo, were offered a chance to participate in 2018. So far, Sacramento, Nevada, Napa and San Mateo counties decided to make the switch, according to the State Secretary of State Office.

Editorials: With Russian hackers apparently bent on wrongdoing, Pennsylvania must protect its voting systems | LNP

Last week, the Trump administration informed election officials in 21 states, including Pennsylvania, that Russian hackers targeted their election systems before last year’s presidential election, The Associated Press reported. Pennsylvania was not the only key battleground state targeted; so, too, were Florida, Ohio, Virginia and Wisconsin. The targeting was reported to have been mostly preparatory — scanning computer systems for weaknesses that could be exploited — and to have been aimed at voter registration systems, rather than vote-tallying software. The notification “came roughly a year after U.S. Department of Homeland Security officials first said states were targeted by hacking efforts possibly connected to Russia,” the AP reported. …  In 2015, the state Supreme Court rejected an appeal from voters who sought to halt the use of direct-recording electronic voting machines in Pennsylvania. Election officials say that because the machines aren’t connected to the internet, they’re safe. But they don’t produce a verifiable paper trail — which now seems like a glaring deficit.

Editorials: Will Virginians’ votes get counted properly in November? | Richmond Times-Dispatch

When state election officials ordered the immediate elimination of touch-screen voting machines in early September, the decision struck some localities as hasty. Now it looks as though it might have come just in the nick of time. The Board of Elections issued the order after hearing about vulnerabilities in the touch-screen systems. A demonstration at a tech conference this summer showed just how easy it is to hack into supposedly secure machines — by using a touch-screen machine from Virginia. Replacing the machines in the dozen or so localities, mostly small and rural, that still rely on them will strain their abilities. Board member Clara Bell Wheeler even expressed concern that the resulting confusion could disenfranchise some voters. But after hearing about technical vulnerabilities in a closed-door session, Wheeler agreed the switch was necessary. She called the briefing “enlightening.”

Kenya: Opposition leader targets Safaricom staff over election | Reuters

Kenyan opposition leader Raila Odinga has asked his lawyers to prosecute six employees of telecoms operator Safaricom for conspiring with election board officials to rig the nullified Aug. 8 presidential poll. The Supreme Court annulled President Uhuru Kenyatta’s re-election on Sept. 1, citing irregularities and illegalities in the transmission of results, and ordered another election within 60 days. Kenya used two systems to transmit results from polling stations: paper forms and the electronic transmission of the vote tallies plus scanned copies of the forms, using three local telecoms firms and hardware from French IT firm OT-Morpho. Odinga accused Safaricom of failing to alert the authorities about illegal activities during the electronic transmission of results. He said they were sent to a server in Europe rather than the election centre in the Kenyan capital.

Washington: State Reveals Upcoming Federal Cybersecurity Pilot, After DHS Confirms Attempted Election Breaches | Gov Tech

Department of Homeland Security (DHS) officials said three months ago that people linked to the Russian government had attempted to hack election-related sites and information in 21 states. But on Sept. 22, DHS made it official, contacting election officials in those states to more formally notify them of having been targeted. Only one, the state of Illinois, was deemed as having been “breached,” according to a Washington Post analysis that pointed to the previously revealed exposure of personal information belonging to “tens of thousands of voters.” With its next election about six weeks away, a top Washington state elections official said the agency will soon embark on a three-month federal pilot aimed at improving cybersecurity, and officials are optimistic the electoral cycle will be uneventful and appear largely unchanged to voters.

Wisconsin: In reversal, DHS says Russians did not seek to hack Wisconsin’s election system | Milwaukee Journal Sentinel

The federal Department of Homeland Security reversed itself Tuesday and told Wisconsin officials that the Russian government had not tried to hack the state’s voter registration system last year. Instead, Homeland Security said, the Russians had attempted to access a computer system controlled by another state agency. The development — disclosed during a meeting of the Wisconsin Elections Commission — came four days after federal officials told the state that Russians had tried to hack systems in Wisconsin and 20 other states. Juan Figueroa, a member of Homeland Security’s election infrastructure team, on Tuesday told state officials by email that Wisconsin’s voter registration system had not been targeted in a hacking attempt after all. He said Russians had tried to access a computer system run by the state Department of Workforce Development.

Wisconsin: Elections Commission to consider new security after hack attempt | Milwaukee Journal-Sentinel

The Wisconsin Elections Commission Tuesday will consider increasing its cyber security efforts, a move that follows reports that Russians unsuccessfully attempted to hack the agency last year. On Friday, the U.S. Department of Homeland Security notified Wisconsin that it was one of 21 states that Russians attempted to hack during the presidential elections.Elections Commission members and the news media will be briefed on this attack at the agency’s Tuesday board meeting, spokesman Reid Magney said. The new security would include encrypting WisVote, the statewide voter registration system used by local clerks, and requiring two-factor authentication for clerks and state workers signing into that system. That two-factor system requires both a typical password and then a second code that is sent as a text to a user’s cellphone or an email to their private account. 

National: DHS tells states about Russian hacking during 2016 election | The Washington Post

The Department of Homeland Security contacted election officials in 21 states Friday to notify them that they had been targeted by Russian government hackers during the 2016 election campaign. Three months ago, DHS officials said that people connected to the Russian government tried to hack voter registration files or public election sites in 21 states, but Friday was the first time that government officials contacted individual state election officials to let them know their systems had been targeted. Officials said DHS told officials in all 50 states whether their systems had been attacked or not. “We heard feedback from the secretaries of state that this was an important piece of information,” said Bob Kolasky, acting deputy undersecretary for DHS’s National Protection and Programs Directorate. “We agreed that this information would help election officials make security decisions.”

National: DHS notifies states that Russian hackers targeted during election | Politico

The Department of Homeland Security on Friday notified the 21 states that it says Russian government hackers tried to breach during the 2016 election. Alabama, Minnesota, Washington and Wisconsin have all confirmed that DHS had said they were among the states targeted. But all four said the breach attempts were unsuccessful. In total, a DHS official said only a few networks were successfully breached, and none of those networks involved vote tallying. “DHS notified the Secretary of State or other chief election officer in each state of any potential targeting we were aware of in their state leading up to the 2016 election,” DHS spokesman Scott McConnell told POLITICO.

Editorials: We’re under constant threat of cyberattack, and Congress isn’t prepared to do anything about it | Brianna Wu /The Washington Post

Last October a coordinated cyberattack sabotaged massive parts of the American and European Internet. The Mirai Botnet turned our Internet-connected devices against us. Millions of webcams, VCRs, baby monitors and telnet services were seized and used to take down Twitter, major news outlets and commercial infrastructure. Web access was cut off, electronic systems stopped working, and we couldn’t get news about what was happening. It wasn’t a team of sophisticated hackers behind the attack, but one angry gamer — reportedly a man with a grudge against the PlayStation network. The truth is that someone with minimal technical knowledge can set up a node of the Mirai Botnet in less than 15 minutes. One would think that members of Congress would lie awake at night at the thought of a malicious botnet whose next target could be military and financial institutions. And yet, no major federal initiatives were launched in the aftermath of Mirai. Rather, the security of vital infrastructure was left for private industry to solve.

Editorials: The Russians are hacking. Luckily Trump fraud commission isn’t in charge | Michael P. McDonald/USA Today

It’s bad news that Russian hackers targeted election systems in 21 states last year, as the Department of Homeland Security confirmed in calls to the states Friday. And it would be bad news if we had to rely on President Trump’s Commission on Election Integrity to clean up this mess. Fortunately, we don’t. Trump’s commission has been in the spotlight as commission members trade accusations and refutations of voter fraud. It happens, but wild allegations of oceans of fraud evaporate to drops once vigilant election officials and law officers conduct their investigations. Meanwhile, another group is quietly tackling the cyberattacks that are a potentially greater threat to the integrity of our elections. In the closing days of the Obama administration, under the cloud of Russian interference in 2016 campaigns and voting, the Department of Homeland Security (DHS) announced elections as critical infrastructure. This designation triggered work to form an Election Infrastructure Government Coordinating Council to address cybersecurity. The differences between the voter fraud and infrastructure efforts reveal much about what is wrong and right about contemporary politics.

Wisconsin: Turns out Russia went after Wisconsin’s voter registration system | Mashable

Another piece of the messed-up puzzle that was the 2016 U.S. presidential election fell into place today, as the Department of Homeland Security confirmed that “Russian government cyber actors” targeted the voter registration system of a key battleground state. While U.S. officials had already claimed that the Russian government went after 21 states’ voter registration systems, this is the first time that names have been publicly named. And, sorry to say it Wisconsin, you have the dubious distinction of being the state in the spotlight. According to Reuters, the Department of Homeland Security notified all 21 states on Sept. 22, with Wisconsin Elections Commission Administrator Michael Haas quickly identifying his specific state as being affected soon after.

National: DHS Shares More Details With States About Russian Election Hacking | NPR

One of the public’s unanswered questions about Russia’s attempts to break into election systems last year was which states were targeted. On Friday, states found out. The Department of Homeland Security said earlier this year that it had evidence of Russian activity in 21 states, but it failed to inform individual states whether they were among those targeted. Instead, DHS authorities say they told those who had “ownership” of the systems — which in some cases were private vendors or local election offices. State election officials were finally contacted by federal authorities on Friday about whether their election systems were among those targeted for attack last year by Russian hackers. State election officials have complained for months that the lack of information from the federal government was hampering their efforts to secure future elections. “We heard that feedback,” says Bob Kolasky, acting deputy undersecretary for DHS’s National Protection and Programs Directorate. “We recognize that it is important for senior state election officials to know what happens on their state systems.”