Editorials: Hacker conference proves how weak US voting machines really are | Michael DeLaGarza/The Hill

In January, Secretary of Homeland Security Jeh Johnson announced: “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law.” With this one statement, the nation’s election infrastructure was firmly placed for the first time on equal footing with other parts of America’s critical infrastructure such as emergency services, nuclear reactors, and water systems. While this was a welcome designation, events that unfolded in late July demonstrated just how vulnerable this infrastructure really is. With the ongoing controversy surrounding the integrity of our nation’s voting systems, hackers at the 25th annual DEF CON computer security conference held late last month in Las Vegas were given an unprecedented opportunity to find and exploit possible vulnerabilities in a variety of different voting systems supplied by organizers of the show.

Editorials: Voting Machines Are Easy To Hack – It’s Time We Face The Harsh Reality | Daniel Knighten/News4C

We live in the age of technology and every aspect of our life is evolving. Technology is present everywhere and while this provides numerous advantages, it can also become a major weak spot. The best example is the upgrade of the voting process in the US. It made things easier for voters, but it soon became clear that the voting machines are vulnerable pieces of electronic equipment that require the attention of government officials. Security experts gave out several warnings and earlier this year we have announced that the security of the voting system represents a priority for our country. In the words of Jeh Johnson, Secretary of Homeland Security, “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law.” However, despite the government’s best intentions, the 25th annual DEF CON computer security conference was an eye-opener for national security. The convention, held in July, in Las Vegas, proved just how simple it is to interfere with the voting machines and it managed to expose all their exploitable parts.

National: Trump Election Commissioners Are Resisting Efforts to Protect Elections From Hacking | Mother Jones

The intelligence community fears that Russia’s meddling in US elections did not end in November 2016, and that when the Kremlin tries to intervene again, state and local voting systems will be a prime target. “They will be back,” former FBI Director James Comey warned in June. Many election systems would prove an easy target. Last month, hackers at the annual DEF Con conference demonstrated this vulnerability when they easily breached multiple voting machines. A 16-year-old hacked a machine in 45 minutes. In response to this threat, the Department of Homeland Security has taken a major step to protect elections by prioritizing the cybersecurity of state and local voting systems. Yet several members of President Donald Trump’s controversial election commission oppose DHS’s move, and two of them have dismissed the threat entirely as a ploy for the federal government to intrude on states’ rights. Their opposition is a signal that the commission, tasked with finding vulnerabilities in the country’s election system, is not likely to take cybersecurity seriously. On January 6, the same day that the intelligence community released a declassified report alleging Russian meddling in the election, DHS announced that it would make additional cybersecurity assistance available to states that request it. This was done by classifying election infrastructure as “critical infrastructure,” a designation that already brings heightened security measures to critical infrastructure such as dams and the electrical grid. The move means that DHS will provide risk assessments, system scanning, and other cybersecurity services to states that request them. But several election officials and experts who sit on the Presidential Advisory Commission on Election Integrity quickly condemned the designation.

Illinois: Election Systems & Software Exposes Backup of Chicago Voter Roll via AWS Bucket | Threatpost

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket configured for public access. The data was a backup stored in AWS by Election Systems & Software (ES&S), a voting machine and election management systems vendor based in Omaha, Nebraska. Researchers from UpGuard made the discovery last Saturday and privately reported the leak to a government regulator who connected them to the Chicago FBI field office. The FBI then notified ES&S, which immediately pulled down the data from Amazon. Amazon buckets are configured to be private by default and require some kind of authentication to access what’s stored in them. For some reason, ES&S misconfigured its bucket to public months ago, opening the possibility that others had accessed the data before UpGuard.

Illinois: 1.8 million Chicago voter records exposed online | CNN

A voting machine company exposed 1.8 million Chicago voter records after misconfiguring a security setting on the server that stored them. Election Systems & Software (ES&S), the Nebraska-based voting software and election management company, confirmed the leak on Thursday. In a blog post, the company said the voter data leak contained names, addresses, birthdates, partial social security numbers and some driver’s license and state ID numbers stored in backup files on a server. Authorities alerted ES&S to the leak on Aug. 12, and the data was secured. A security researcher from UpGuard discovered the breach. The data did not contain any voting information, like the results of how someone voted. Jim Allen, a spokesman for the Chicago Board of Elections, said the leak did not contain or affect anyone’s voting ballots, which are handled by a different vendor. “We deeply regret this,” Allen said. “It was a violation of our information security protocol by the vendor.”

Editorials: Utah needs to think about security above all as it buys new voting machines | Robert Gehrke/The Salt Lake Tribune

State elections officials held an open house earlier this month to demonstrate five election systems vying to replace the voting machines that have been chugging away for the past 13 years. Just a few days earlier, a group of hackers in Las Vegas took part in a demonstration of their own, designed to show how easily they could exploit the machines used around the country and potentially compromise our elections process. The results were alarming. The first voting machine was hacked within 90 minutes. By the end of the afternoon, all five had been compromised. One was reprogrammed to play Rick Astley’s 1987 hit “Never Gonna Give You Up.” The whole thing had been Rick Rolled. … Barbara Simons, president of Verified Voting, has been sounding the alarm about voting machine security — or lack thereof — for years. But even she was skeptical before the DefCon hacker exercise that the hackers would be able to compromise the machines. She was wrong. And the Russian interest in hacking election equipment makes her doubly concerned.

Illinois: Info on 1.8M Chicago voters was publicly accessible, now removed from cloud service: election officials | Chicago Tribune

A file containing the names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said Thursday. The acknowledgment came days after a data security researcher alerted officials to the existence of the unsecured files. The researcher found the files while conducting a search of items uploaded to Amazon Web Services, a cloud system that allows users to rent storage space and share files with certain people or the general public. The files had been uploaded by Election Systems & Software, a contractor that helps maintain Chicago’s electronic poll books.

National: For decade-old flaws in voting machines, no quick fix | The Parallax

Hackers rocked the voting machines this summer. On July 28, at the first DefCon “village” dedicated to exposing weaknesses in electronic voting machines—and the first coordinated, research-based assault on EVMs in the United States since 2007—it took visitors just 80 minutes to hack the first machine. The hackers proceeded to find and penetrate multiple security vulnerabilities in each of the village’s 20 machines, representing five voting machine models, calling into question how secure machine-assisted elections are. Rep. Will Hurd (R-Texas) and Rep. Jim Langevin (D-R.I.), two of Congress’ senior cybersecurity experts, visited the village and later told hackers that they were “surprised” by how easy it was to hack voting machines. Langevin promised during the first on-stage appearance of sitting Congressmen at DefCon that when they return to Washington, D.C., “this is going to be a primary topic of conversation.”

National: Election officials: ‘We are going to need more assistance’ | FCW

The Department of Homeland Security continues to work with state and local governments to protect election systems as critical infrastructure. At an Aug. 16 public meeting of the federal Election Assistance Commission, however, officials made clear that risks still remain. EAC Vice-Chairman Thomas Hicks pointed to a recent planning exercise in Albany, N.Y., as an example. That exercise, conducted in July, resulted in some surprising results that remain classified. “I found the meeting very informative, enlightening and frightening,” Hicks said. “I would encourage every state to hold a similar meeting with election officials, emergency management folks and IT officials.”

National: In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking | The New York Times

The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the Dark Web. Last winter, he suddenly went dark entirely. Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in the hacking of the Democratic National Committee. But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I. “I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.” It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the D.N.C. hack and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested. There is no evidence that Profexer worked, at least knowingly, for Russia’s intelligence services, but his malware apparently did.

Illinois: Information about 1.8 million Chicago voters exposed on Amazon server | USA Today

Names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was left exposed and publicly available online on an Amazon cloud-computing server for an unknown period of time, the Chicago Board of Election Commissions said. The database file was discovered on Friday by a security researcher at Upguard, a company that evaluates cyber risk. The company alerted election officials in Chicago on Saturday and the file was taken down three hours later. The exposure was first made public on Thursday. The database was not overseen by the Chicago Board of Election but instead Election Systems & Software, an Omaha, Neb.-based contractor that provides election equipment and software.

National: Will U.S. Cyberwarriors Be Ready for the Next Big Hack? | RealClearDefense

Hackers around the world see weaknesses in U.S. voting systems, electric grids and other pillars of American society. Russia’s alleged election meddling and other high-profile breaches have created a heightened sense of vulnerability even as new gee-whiz technologies to keep hackers at bay flood the market. To deter future attacks, experts warn, the United States needs to shore up its defenses and upend the perception that its systems are easy prey. “I guarantee the North Koreans and the Iranians saw what the Russians did and they’re going to try things in 2018 and 2020,” said former Pentagon cybersecurity policy chief Eric Rosenbach. “We have to change the perception that they’re going to get away with that,” he said at an industry conference last month.

Illinois: Don’t panic, Chicago, but an AWS S3 config blunder exposed 1.8 million voter records | Associated Press

A voting machine supplier for dozens of US states left records on 1.8 million Americans in public view for anyone to download – after misconfiguring its AWS-hosted storage. ES&S says it was notified by UpGuard researcher Chris Vickery of the vulnerable database that contained personal information it collected from recent elections in Chicago, Illinois. The records included voters’ names, addresses, dates of birth, and partial social security numbers. Some of the records also included drivers’ licenses and state ID numbers. “The backup files on the AWS server did not include any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems,” ES&S said in a statement on Thursday. “These back-up files had no impact on any voters’ registration records and had no impact on the results of any election.”

Illinois: Election Systems & Software Leaks 1.8 Million Chicago Voter Records | Gizmodo

A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents. State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents. Some driver’s license and state ID numbers were also exposed. Jon Hendren, who works for the cyber resilience firm UpGuard, discovered the breach on an Amazon Web Services (AWS) device that was not secured by a password. The voter data was then downloaded by cyber risk analyst Chris Vickery who determined Election Systems & Software (ES&S) controlled the data. ES&S provides voting machines and services in at least 42 states.

Russia: A Guide to Russia’s High Tech Tool Box for Subverting US Democracy | WIRED

A dead dog in Moscow. A dead dissident in London. Twitter trolls run by the Kremlin’s Internet Research Agency. Denial of service attacks and ransomware deployed across Ukraine. News reports from the DC offices of Sputnik and RT. Spies hidden in the heart of Wall Street. The hacking of John Podesta’s creamy risotto recipe. And a century-old fabricated staple of anti-Semitic hate literature. At first glance these disparate phenomena might seem only vaguely connected. Sure, they can all be traced back to Russia. But is there any method to their badness? The definitive answer, according to Russia experts inside and outside the US government, is most certainly yes. In fact, they are part of an increasingly digital intelligence playbook known as “active measures,” a wide-ranging set of techniques and strategies that Russian military and intelligence services deploy to influence the affairs of nations across the globe.

National: Russian Cyberattack Targeted Elections Vendor Tied To Voting Day Disruptions | NPR

When people in several North Carolina precincts showed up to vote last November, weird things started to happen with the electronic systems used to check them in. “Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not. Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack. There is no evidence the two incidents are linked, but the episode has revealed serious gaps in U.S. efforts to secure elections. Nine months later, officials are still trying to sort out the details. … At first, the county decided to switch to paper poll books in just those precincts to be safe. But Bowens says the State Board of Elections & Ethics Enforcement got involved “and determined that it would be better to have uniformity across all of our 57 precincts and we went paper poll books across the county.”

Editorials: Our Hackable Democracy | Sue Halpern/The New York Review of Books

The recent news that thirty electronic voting machines of five different types had been hacked for sport at the Def Con hackers’ conference in Las Vegas, some in a matter of minutes, should not have been news at all. Since computerized voting was introduced more than two decades ago, it has been shown again and again to have significant vulnerabilities that put a central tenet of American democracy—free and fair elections—at risk. The Def Con hacks underscored this. So did the 2016 presidential election, in which the voter databases of at least twenty-one and possibly thirty-nine states, and one voting services vendor, came under attack from what were apparently Russian hackers. Last September, then-FBI Director James Comey vowed to get to the bottom of “just what mischief” Russia was up to, but, also sought to reassure lawmakers that our election system remained secure. “The vote system in the United States…is very, very hard for someone to hack into because it’s so clunky and dispersed,” Comey told the House Judiciary Committee. “It’s Mary and Fred putting a machine under the basketball hoop in the gym. These things are not connected to the Internet.” Comey was only partially correct. Clunky and dispersed, American elections are run by the states through three thousand individual counties, each one of which is responsible for purchasing and operating the voting machines set up by Mary and Fred. But Comey missed a central fact about many of those machines: they run on proprietary, secret, black-box software that is not immune to hacking, as Def Con demonstrated. 

National: Is the Path to Secure Elections Paved With Open Source Code? | LinuxInsider

Increased use of open source software could fortify U.S. election system security, according to an op-ed published last week in The New York Times.Former CIA head R. James Woolsey and Bash creator Brian J. Fox made their case for open source elections software after security researchers demonstrated how easy it was to crack some election machines in the Voting Machine Hacking Village staged at the recent DefCon hacking conference in Las Vegas. … “They confirmed what we already knew,” said James Scott, a senior fellow at the Institute for Critical Infrastructure Technology. “These are extremely vulnerable machines.” “Think of what a voting machine is,” he told LinuxInsider. “It’s a 1980s PC with zero endpoint security in a black box where the code is proprietary and can’t be analyzed.” Although the researchers at DefCon impressed the press when they physically hacked the voting machines in the village, there are more effective ways to crack an election system. “The easiest way to hack an election machine is to poison the update on the update server at the manufacturer level before the election,” Scott explained. “Then the manufacturer distributes your payload to all its machines for you.”

National: DefCon hackers made short work of voting machines. Now what? | GCN

The news coming out of last month’s DefCon hacker conference in Las Vegas was not good for voting machine manufacturers — and unsettling for election officials. A “voting village” was set up where hackers tested the security of about a dozen voting machines. They made their way into every single one. Eric Hodge, director of consulting at CyberScout, helped plan the event. There had been plenty of discussion about the security of these machines, he said. American intelligence officials concluded last year that Russia interfered with the 2016 presidential election, but many state election officials  argued that their voting machines were secure because they were not connected to the internet. The DefCon voting village was set up to actually test the physical machines, which Hodge said never experience much penetration testing. In their testing debut, they didn’t fare too well. … Within minutes, some of the machines were hacked.  “These guys are good,” Hodge said. “But, you know, so are the Russians.”

National: Could voting fraud panel create an easy target for hackers? | Associated Press

Officials from both parties had a consistent answer last year when asked about the security of voting systems: U.S. elections are so decentralized that it would be impossible for hackers to manipulate ballot counts or voter rolls on a wide scale. But the voter fraud commission established by President Donald Trump could take away that one bit of security. The commission has requested information on voters from every state and recently won a federal court challenge to push ahead with the collection, keeping it in one place. By compiling a national list of registered voters, the federal government could provide one-stop shopping for hackers and hostile foreign governments seeking to wreak havoc with elections. “Coordinating a national voter registration system located in the White House is akin to handing a zip drive to Russia,” said Kentucky Secretary of State Alison Lundergan Grimes, a Democrat who has refused to send data to the commission.

National: Amid DHS leadership shuffle, voting systems remain vulnerable | FCW

Even with the widespread attention and federal protections provided to election systems, state and federal officials alike have concerns that U.S. election systems remain vulnerable to digital meddling. In the final days of the Obama administration, then-Department of Homeland Security Secretary Jeh Johnson formally designated state election assets as U.S. critical infrastructure in response to digital floods of misinformation, as well as Russian cyber espionage on an election software vendor and spear-phishing attempts against local election officials during the lead-up to the November 2016 presidential election. The move allowed state governments to ask DHS for help on a voluntary basis in securing their election infrastructure, but was met with resistance from many state officials and some members of Congress. Amid this resistance — and the current shuffle in DHS leadership — Johnson expressed fear on CBS’s Face the Nation Aug. 6 that voting systems remain vulnerable to digital meddling. “I’m concerned that we are almost as vulnerable, perhaps, now as we were six, nine months ago,” he said.

National: Voting System Hacks Prompt Push for Paper-Based Voting | Information Week

Calls for paper-based voting to replace computer-based systems at the DEF CON hacker conference have intensified in the wake of a wave of voting machine hacks earlier this month. … “It’s undeniably true that systems that depend on software running in a touchscreen voting machine can’t be relied on,” Voting Village organizer Matt Blaze said in a Facebook Live feed hosted by US congressmen Will Hurd (R-Texas) and James Langevin (D-R.I.), in the aftermath of the DEF CON hacks. “We need to switch to systems that don’t depend on software,” said Blaze, a renowned security expert who is a computer science professor at the University of Pennsylvania. Blaze recommends OCR-based systems using paper ballots that provide an audit trail for counting and confirming votes. … “We know that computers can be hacked. What surprised me is that they did it so quickly” with the voting machines at DEF CON, says computer scientist Barbara Simons, president of Verified Voting. “One of the things that 2016 made quite clear is that we have very vulnerable voting systems and we don’t do a good job” of protecting them, Simons says. “So we exposed ourselves, and we haven’t taken the necessary steps to protect ourselves.”

National: DHS Reassures States it Won’t Step on Election Authority | MeriTalk

he designation of the nation’s election systems as critical infrastructure will not infringe upon state and local authority to run elections. In a recent memo to Senate Homeland Security and Governmental Affairs Committee Members, Ranking Member Claire McCaskill, D-Mo., relayed communications from the Department of Homeland Security that reiterated that fact. “This designation does not allow for technical access by the Federal Government into the systems and assets of election infrastructure, without voluntary legal agreements made with the owners and operators of these systems,” DHS told McCaskill, also confirming that there is no intention to change that critical infrastructure designation. “This dynamic is consistent with engagements between the Federal Government and other previously established critical infrastructure sectors and subsectors.”

National: Hacking the Vote: Why Voting Systems Aren’t as Secure as You Might Think | KQED

Defcon is the annual hacker conference in Vegas and the buzz this year centered around the Voting Machine Hacking Village. A dozen electronic voting machines, like you might see at your local polling place, were set up along the walls of a conference room. In the center were tables where hackers took some machines apart. … In fact, until 2015, hacking voting machines — even to do research — was against the law unless you got a special waiver, said Matt Blaze, a computer science professor at the University of Pennsylvania. “So far, only a few dozen people who are computer scientists thinking about this have been able to get access to these machines,” Blaze said. Blaze helped set up the voting village at Defcon. A decade ago he obtained a waiver to study electronic voting machines in California and Ohio. “And my team of graduate students and I were able to very quickly discover a number of really serious and exploitable problems with those systems,” he said.

Ireland: Digital dark arts now targeting voters | Irish Independent

Last week at the Def Con Hacking Conference in Las Vegas chess grandmaster Garry Kasparov discussed artificial intelligence and cybersecurity, electronic voting machines were hacked into, and the US army taught hacking skills to children. Plus a group called the Online Privacy Foundation unveiled research on whether ‘dark ads’ on social media can sway political opinion. Targeting voters through social media, and customising the messaging based on publicly available data is a recipe for underhand political advertising. It allows for messaging that’s not fit for a party political broadcast to be targeted to an audience in swing areas. For example, in the recent UK election, Conservative attack ads warning voters against ‘Corbyn’s death tax’ were served to voters in the marginal constituency of Delyn in Wales.

National: Jeh Johnson worries U.S. still “vulnerable” to election meddling | CBS

Former Homeland Security Secretary Jeh Johnson said Sunday he is concerned that the U.S. remains “vulnerable” to election meddling, and that the cyber threat facing the U.S. is “going to get worse before it gets better.” “The Department of Homeland Security very much was on alert on Election Day and in the days leading up to it, along with the FBI. And we were very concerned,” Johnson said on CBS News’ “Face the Nation.” He said that “a number of vulnerabilities” in election infrastructure were identified and addressed. “But that process needs to continue,” he said. “I’m concerned that we are almost as vulnerable perhaps now as we were six, nine months ago.”

National: States ramping up defenses against election hacks | The Hill

States across the nation are ramping up their digital defenses to prevent the hacking of election systems in 2018. The efforts come in the wake of Russia’s interference in the 2016 presidential election, which state officials say was a needed wake up call on cybersecurity threats to election systems and infrastructure. … Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out. … But others contend that digital voting machines are vulnerable and could be targeted to influence actual election outcomes. “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”

National: Voting Machine Hackers Have 5 Tips to Save the Next Election | WIRED

American Democracy depends on the sanctity of the vote. In the wake of the 2016 election, that inviolability is increasingly in question, but given that there are 66 weeks until midterm elections, and 14 weeks until local 2017 elections, there’s plenty of time to fix the poor state of voting technology, right? Wrong. To secure voting infrastructure in the US in time for even the next presidential election, government agencies must start now. At Def Con 2017 in Las Vegas, one of the largest hacker conferences in the world, Carsten Schurmann (coauthor of this article) demonstrated that US election equipment suffers from serious vulnerabilities. It took him only a few minutes to get remote control of a WINVote machine used in several states in elections between 2004 and 2015. Using a well-known exploit from 2003 called MS03-026, he gained access to the vote databases stored on the machine. This kind of attack is not rocket science and can be executed by almost anyone. All you need is basic knowledge of the Metasploit tool.

National: To Fix Voting Machines, Hackers Tear Them Apart | WIRED

The toughest thing to convey to newcomers at the DefCon Voting Village in Las Vegas this weekend? Just how far they could go with hacking the voting machines set up on site. “Break things, just try to pace yourself,” said Matt Blaze, a security researcher from the University of Pennsylvania who co-organized the workshop. DefCon veterans were way ahead of him. From the moment the doors opened, they had cracked open plastic cases and tried to hot-wire devices that wouldn’t boot. Within two minutes, democracy-tech researcher Carsten Schürmann used a novel vulnerability to get remote access to a WINVote machine. The Voting Village organizers—including Harri Hursti, an election technology researcher from Finland, and Sandy Clark from the University of Pennsylvania—had set up about a dozen US digital voting machines for conference attendees to mess with. Some of the models were used in elections until recently and have since been decommissioned; some are still in use. Over three days, attendees probed, deconstructed and, yes, even broke the equipment in an effort to understand how it works and how it could be compromised by attackers. Their findings were impressive, but more importantly, they represented a first step toward familiarizing the security community with voting machines and creating momentum for developing necessary defenses.

National: 33 states accepted Department of Homeland Security aid to secure elections | The Hill

The Department of Homeland Security (DHS) provided cybersecurity assistance to 33 state election offices and 36 local election offices leading up to the 2016 presidential election, according to information released by Democratic congressional staff. During the final weeks of the Obama administration, the DHS announced that it would designate election infrastructure as critical, following revelations about Russian interference in the 2016 election. Since January, two states and six local governments have requested cyber hygiene scanning from the DHS, according to a memo and DHS correspondence disclosed Wednesday by the Democratic staff of the Senate Homeland Security and Governmental Affairs Committee. The information is related to the committee’s ongoing oversight of the DHS decision to designate election infrastructure.