North Carolina: Ransomware Attack Hits Durham North Carolina City, County Governments | Lucas Ropek/Government Technology

Hackers of “Russian” origin targeted the city and county governments of Durham, N.C., over the weekend, hampering computer and communications networks with ransomware, according to local officials. The attack, which used the infamous Ryuk malware strain typically spread through malicious attachments in phishing emails, was carried out late Friday by a Russian hacking group, according to the North Carolina State Bureau of Investigations, one of the agencies looking into the attack. On the heels of a year with a precipitous rise in ransomware attacks on state and local government, the incident is one of several to occur in the first few months of 2020 that show the trend does not seem to be slowing.  City and county officials confirmed during a joint press conference Monday that the malware appears to have spread after internal employees clicked on infected emails.

National: ‘Internet of Things’ Could Be an Unseen Threat to Elections | Laura DeNardis/Goverment Technology

The app failure that led to a chaotic 2020 Iowa caucus was a reminder of how vulnerable the democratic process is to technological problems – even without any malicious outside intervention. Far more sophisticated foreign hacking continues to try to disrupt democracy, as a rare joint federal agency warning advised prior to Super Tuesday. Russia’s attempt to interfere in the 2016 election has already revealed how this could happen: social media disinformation, email hacking and probing of voter registration systems. The threats to the 2020 election may be even more insidious. As I explain in my new book, “The Internet in Everything: Freedom and Security in a World with No Off Switch,” election interference may well come through the vast constellation of always-on, always-connected cameras, thermostats, alarm systems and other physical objects collectively known as the “Internet of things.” The social and economic benefits of these devices are tremendous. But, in large part because the devices are not yet adequately secure, they also raise concerns for consumer safety, national security and privacy. And they create new vulnerabilities for democracy. It is not necessary to hack into voting systems themselves but merely co-opt Internet-connected objects to attack political information sites, stop people from voting, or exploit the intimate personal data these devices capture to manipulate voters.

National: How Joe Biden’s campaign is protecting itself from cyber attacks | Brian Fung/CNN

Top tech officials working for Joe Biden’s campaign aren’t taking any second chances following the 2016 hacking of the Democratic National Committee. The campaign is constantly trying to fend off email phishing attacks that could give hackers inside access to the campaign’s data, according to Dan Woods, the Biden campaign’s chief technology officer. “The most famous thing to come out of 2016 was phishing,” Woods said at an election security conference in Philadelphia on Thursday. “Besides misinformation and disinformation, phishing remains, without question, the biggest threat we face.” That acknowledgment reflects Democrats’ difficult lesson from the last presidential cycle, when Russian hackers targeted dozens of DNC addresses with legitimate-looking emails designed to entice unwitting staffers into compromising their own security. They also targeted Hillary Clinton’s campaign chairman, John Podesta, obtaining tens of thousands of emails that were later published by WikiLeaks.

Editorials: Securing Our Elections Requires Change in Technology, People & Attitudes | Major General Earl Matthews/Dark Reading

The security of our elections is top of mind for practically every voter in the US. With the state primaries underway, all eyes are on our electronic (and in some cases mobile) voting systems to understand if malicious attacks are happening — and if our systems are able to defend against them. Most experts agree that we are unprepared and underfunded when it comes to securing our elections — which should concern us all. A big problem is that when we look at the entire ecosystem of the national election process, we don’t treat it the same way we treat business systems. This is a mistake. Voting is a business of our state governments. And the most valuable asset for states is voter information — similar to the customer information and data assets of a for-profit business (which are increasingly safeguarded by data privacy regulations). To modernize our current model of election management, trust, and security, it’s important to examine three interrelated pillars for state governments: technology, people, and attitudes.

National: Super Tuesday gives feds and states a test run for securing November vote | Sean Lyngaas/CyberScoop

Federal and state officials were up late Tuesday monitoring for threats from hackers and trolls to the biggest primary day of the 2020 election season. A watch floor at the Department of Homeland Security kept election administrators across the country plugged into threat data coming in from the intelligence community.  While there were some notable technical glitches in the voting process, nothing malicious came to pass. Bleary-eyed officials can go back to work Wednesday with a sigh of relief but also some lessons learned on how to protect the November presidential vote, which U.S. officials have repeatedly warned will draw foreign interference attempts. “We had well over 100 state and local officials in the room with us exchanging information with us throughout the day,” a senior official at the Department of Homeland Security’s cybersecurity division said on a 9 p.m. Eastern call with reporters.

Minnesota: Lawmakers question election security funding after Minnesota poll finder error | Stephen Montemayor/Minneapolis Star Tribune

Some GOP lawmakers are questioning a new round of federal election security money after an employee error caused the Minnesota Secretary of State’s online poll finder to link to a partisan liberal website on Super Tuesday. Republican state lawmakers sharply rebuked Secretary of State Steve Simon, a Democrat, for what he called a “lapse in judgment” by an IT worker who linked the state’s overloaded poll finder tool to a BoldProgressives.org web page. The link was active for 17 minutes on Tuesday before the office removed it. “How can an employee just redirect and get into IT and do all of this?” said state Sen. Mary Kiffmeyer, a Big Lake Republican and former secretary of state, speaking at a Tuesday hearing in her Senate state government and elections committee. “It’s a very concerning issue, especially in this time of security — and ample money was given already in May of last year.” Kiffmeyer engaged in a monthslong standoff last year with Simon over $6.6 million in federal election security money approved by Congress. Minnesota law requires the Legislature to sign off on the funding before it reaches Simon’s office.

National: Bipartisan commission to make 75 recommendations to defend against cyberattacks | Maggie Miller/The Hill

A new report by a bipartisan commission will include at least 75 recommendations for Congress and the executive branch on how to defend the nation against cyberattacks, including bipartisan recommendations for defending elections. Members of the Cyberspace Solarium Commission, which includes lawmakers, federal officials and industry leaders, highlighted the group’s focus on election security during an event at the Center for Strategic and International Studies on Tuesday, previewing some of the recommendations that will be among those released March 11. Commission member former Rep. Patrick Murphy (D-Penn.) said the report — which marks a major effort to create a blueprint for federal action on cybersecurity going forward — was “biased towards action,” and was meant to spur change. “It’s not some report that is going to be in the Library of Congress that no one is going to look at again,” Murphy said. “There is going to be some legislative action, there are going to be some executive actions.” The report’s recommendations around election security will mark a rare bipartisan effort to address the issue following years of contention on Capitol Hill after Russian interference in the 2016 presidential election.

National: Top DHS official says no ‘malicious cyber activity’ seen on Super Tuesday | Maggie Miller/The Hill

A senior official at the Department of Homeland Security’s (DHS) cyber agency said Tuesday night that they had not seen any “malicious cyber activity” aimed at disrupting elections during primary voting in 14 states. “We don’t have any reports of any malicious cyber activity across the states today,” the senior official at the Cybersecurity and Infrastructure Security Agency (CISA) told reporters. The official noted that while there were some “sporadic” information technology (IT) issues, all the election systems were able to get “back up and running” with no issues due to targeting by hackers. One IT incident the official pointed to was in California, where the secretary of state’s website was briefly brought down by what the office tweeted was “higher than normal traffic” and not hacking activity.

National: Super Tuesday brings a supersized election security challenge | Eric Geller/Politico

Millions of voters across the country will cast ballots during Super Tuesday on old, insecure election equipment — even after nearly four years of handwringing and warnings about Russian election interference. The jurisdictions at risk include three of Tennessee’s biggest counties — Shelby, Knox and Rutherford — where the paperless voting machines at the polls will include devices with security flaws so alarming that voters tried suing to have the equipment removed from precincts. Dozens of small counties in Texas are also sticking with risky touchscreen machines that have no paper trail to help detect tampering or malfunctions. And in California, Los Angeles County is debuting new voting machines that have drawn scrutiny for security weaknesses, as well as their developer’s past alleged ties to the Venezuelan government. The news is better in other parts of the Super Tuesday map, as some counties and states have successfully replaced their old paperless voting equipment with more secure paper-based machines. But even some of this new technology presents vulnerabilities that hackers could exploit to tamper with the primaries. Other states holding primaries on Tuesday, including Massachusetts, Maine and Vermont, predominantly use the technology that most experts consider the most secure: paper ballots that voters fill out by hand.

Illinois: Ransomware attack hundreds of LaSalle County government computers | WEEK

The LaSalle County government is seeing a big interruption to its services this week. The LaSalle County government is seeing a big interruption to its services this week. The county is dealing with a ransomware attack on its computers discovered by the Sheriff’s Office last Sunday around 3:30 a.m. Ransomware is a type of virus which locks up all the files on a computer, as hackers demand a ransom, usually money or Bitcoin, to release them. The county’s IT Director, John Haag, said this virus is locking up about 200 computers and about 40 servers in the county government. He said the two areas not affected are the county courts and circuit clerk’s office. About a week later, county employees still do not have access to their emails.

National: States and Federal Government Must Help Local Cybersecurity Efforts | Daniel Castro/Government Technology

Cybersecurity continues to be a major challenge for state and local governments, and the issue will likely grow in importance in the coming year. First, they are popular targets. During the first half of 2019, nearly two-thirds of ransomware attacks targeted state and local governments. Second, they face a multitude of threats — data breaches, ransomware, phishing, malware and more — and they must be prepared to defend against all of them. For example, last year, government officials in Cabarrus County, N.C., fell victim to an online social engineering attack in which the scammer stole $1.7 million in taxpayer funds. Third, and perhaps most important, with continued growth in e-gov applications and smart city initiatives, state and local governments are collecting and storing more data than ever before. Securing this information will need to be a top priority. Unfortunately, many agencies simply aren’t up to the task. They don’t have the talent, training or resources to respond to the most advanced attacks. Nor is it necessarily reasonable to expect them to. They can outsource some of these security roles to the private sector, just as they do with other IT responsibilities, but they still must be accountable.

National: Election related websites outdated, exposed vulnerabilities | Jack Gillum/Pro Publica and Raleigh News & Observer

The Richmond, Va., website that tells people where to vote and publishes election results runs on a 17-year-old operating system. Software used by election-related sites in Johnston County, N.C., and the town of Barnstable, Mass., had reached its expiration date, making security updates no longer available. These aging systems reflect a larger problem: A ProPublica investigation found that at least 50 election-related websites in counties and towns voting on Super Tuesday — accounting for nearly 2 million voters — were particularly vulnerable to cyberattack. The sites, where people can find out how to register to vote, where to cast ballots and who won the election, had security issues such as outdated software, poor encryption and systems encumbered with unneeded computer programs. None of the localities contacted by ProPublica said that their sites had been disrupted by cyberattacks.

National: MIT Professor: Blockchain is good in itself, but not good for votes | Jonita Singh/Wink Report

Computer scientist Ronald Rivest has said that blockchain is not the right technology to vote, although it may find the right application in a number of other areas. Rivest gave his opinion at the RSA Security Conference, held earlier this week in San Francisco, reported technology-focused news broadcast ITWire on February. 28. Rivest – who is a cryptography expert and professor at the Massachusetts Institute of Technology – called voices an interesting problem that requires a stricter approach compared to many existing security applications. He said:

“Blockchain is the wrong security technology to vote. I like to bring a combination lock to a kitchen fire or something. It is good for certain things in itself, but it is not good to vote. “

Editorials: The current “trust us” approach to election security is unearned | Brent Batten/USA Today – Florida

When the issue at hand is security, we understand the need for secrecy. We don’t expect banks to reveal everything they have in place to thwart robbers or the Secret Service to explain every step taken to protect its charges. Like protecting our money and protecting our leaders, protecting our elections is an important security matter, so some of the details are rightly kept on a need-to-know basis. But state and federal officials in Florida have taken advantage of the situation to keep secret aspects of 2016’s vote, in which they concede outside interference was attempted, and the steps taken to prevent a repeat.  In one example, the FBI has refused to name the counties where Russian operatives are known to have hacked into election systems. Why? The Russians certainly know which systems they penetrated and how.

Indiana: House Republicans Reject More Money For Voting Machine Needs | Brandon Smith/Northeast Indiana Public Radio

House Republicans this week voted down Democrats’ attempts to help ensure Indiana’s voting machines are more secure in the 2020 election. More than half of Indiana’s 92 counties have voting machines without a paper backup. Election security experts say those backups are critical to electoral integrity. The General Assembly budgeted $10 million last year to help upgrade. But that amount only covers about 10 percent of the machines that need it. And they plan to get to the rest of them by 2030. House Democrats offered an amendment to force the Holcomb administration to find another $10 million to upgrade voting machines right away. House Republicans – like Rep. Tim Wesco (R-Osceola) – said no. “Frankly, $10 million’s not enough. It will take more than that over the course of the next nine years,” Wesco says. “We just need to stick with the plan that we adopted last year with the $10 million that was appropriated and look to the needs that we need in future budget years.”

National: DHS Rolls Out ‘Tabletop in a Box’ Election Cybersecurity Tool | Phil Goldstein/StateTech Magazine

With the 2020 election primary season fully underway, state and local election officials are ramping up their cybersecurity efforts to counter malicious threats. They are also getting support from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Several weeks ago, CISA released a 58-page guide, its “Elections Cyber Tabletop Exercise Package,” which it calls a “tabletop in a box.” The guide is designed to allow state and local officials to conduct election security drills simulating phishing and ransomware attacks, corrupted voter registration information, disinformation campaigns and attacks on voting equipment. As StateScoop reports, such tabletop exercises, “are designed to give secretaries of state, election directors, IT leaders and other officials a war game-like environment simulating the threats posed by foreign governments and other adversaries that might try to disrupt a real election.” Tabletop exercises can be used to “enhance general awareness, validate plans and procedures, rehearse concepts, and/or assess the types of systems needed to guide the prevention of, protection from, mitigation of, response to, and recovery from a defined incident,” the guide states.

National: #RSAC: Election Security Beyond the Ballot Box | Sean Michael Kerner/Infosecurity Magazine

There has been a lot written in recent years about election security and ensuring the integrity of voting systems. While voting machines are important, so too are non-voting election technologies, which was the topic of a session at the RSA Conference in San Francisco. Aaron Wilson, Senior Director of Election Security at the Center for Internet Security (CIS), explained that non-voting election systems include things that support elections. Those systems include electronic poll books, election night reporting systems, voter registration systems, and electronic ballot delivery. “There is a lot to that attack surface, but there are not a lot of standards and regulations,” Wilson said. The Center for Internet Security has developed a guide to help secure those non-voting election systems that has 160 best practices to help reduce risk and improve confidence. The overall goal, according to Wilson, isn’t necessarily that every election official will do all the steps, but rather they will have a guide that provides questions to ask vendors and IT staff.

Massachusetts: Election officials reported ‘outside activity’ to Homeland Security | WCBV

Ahead of Super Tuesday, Massachusetts’ top election official revealed he has referred at least one suspicious internet traffic incident to federal authorities. As Secretary of the Commonwealth, William Galvin oversees all elections, including the presidential primary, in which early voting is happening this week. Massachusetts uses paper ballots, but Galvin’s office maintains an extensive website full of related information. For example, voters can check their registration or look up their assigned polling place. Volunteers at the polling places use tablets to check voters in and verify party affiliation for the primary. Galvin stopped short of specifying whether the activity he reported was related to those resources, or something else, but did offer some insight into the steps his office takes to prevent intrusions.

Wisconsin: Election officials warn 6 communities of outdated systems | Patrick Marley/Milwaukee Journal Sentinel

Warning of the risk of hacking, Wisconsin election officials voted Thursday to publicly scold six communities if they do not quickly upgrade outdated computer systems. The state Elections Commission last year made more than $1 million available to clerks to update their computers, but not all of them took advantage of the funds. The commission has identified 10 computers in six communities that aren’t up to date, making them more susceptible to cyberattacks. The commissioners have declined to name those communities, but with their 5-0 vote Thursday that could change. The commissioners said they would tell the communities to upgrade their systems or be publicly outed. The commission will make federal funds available to them to help pay for the upgrades, which are expected to cost a few thousand dollars.

National: New Intelligence Chief Asks Election Czar to Remain in Post | Julian E. Barnes/The New York Times

The new acting director of national intelligence, Richard Grenell, has asked an intelligence official who angered some lawmakers with a briefing about Russian interference in the 2020 election to stay on in her role. Mr. Grenell’s move is a peace offering to the 17 intelligence agencies he oversees and a potential sign that he will not be conducting a widespread purge, as some administration officials have feared. Mr. Grenell, a Trump loyalist who has little experience in intelligence, removed the No. 2 official in his office in his first day on the job last week. Whether Mr. Grenell, appointed to the post last week by President Trump, can win over members of Congress and the intelligence community will depend in part whether he can convince them that he will focus on protecting the elections from outside interference. Some administration officials feared that the official who briefed the lawmakers, Shelby Pierson, would be removed as well. As the intelligence community’s top election security official since last year, she was subjected to withering criticism after her briefing to a classified hearing of the House Intelligence Committee on Feb. 13 touched off a fierce partisan debate over the nature of Russia’s interference in the 2020 election.

National: Christopher Krebs – the ‘accidental director’ on the front line of the fight for election security | Maggie Miller/The Hill

Christopher Krebs, the first director of the Cybersecurity and Infrastructure Security Agency (CISA), is zeroing in on elections ahead of November. CISA was created out of the former National Protection and Programs Directorate (NPPD) and signed into law by President Trump in late 2018. It is one of the primary federal agencies tasked with assisting state and local officials in bolstering election security. “I spend at this point 40 to 50 percent of my time on election security issues,” Krebs told The Hill during an interview at CISA headquarters this month. “A top priority for us right now is protecting 2020.” During the 2018 midterm elections, CISA hosted a situational awareness room on Election Day to continuously monitor threats across the country and worked closely with regional officials to address cyber vulnerabilities. Krebs said he saw getting through the midterms “unscathed” as part of his legacy as the first director of CISA, the newest agency in the Department of Homeland Security (DHS). “I’m not looking at 2020 as a metric or some sort of legacy mark, but what I want my legacy to be — and I hope to be here for longer — is that CISA is a meaningful player in the national and international stage,” Krebs said.

National: Ransomware top of mind for DHS cyber chief | Derek B. Johnson/FCW

The Department of Homeland Security’s cyber chief said his organization is trying to do more to address ransomware and other digital threats that directly touch the lives of citizens. Speaking at the RSA Conference in San Francisco, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said his agency has stepped up efforts to proactively reach out to federal agencies, local governments, businesses and critical infrastructure managers about how to prepare and what to do if their data is encrypted and held ransom by criminals or state-aligned hacking groups. “For years and years and years, particularly in the federal government, we’ve been focused on the nation-state adversary, the highly capable, the big four: Russia, China, Iran [and] North Korea,” he said. “I think we’ve been a little bit late to the game on ransomware,” he said, adding, it’s what average Americans see “in their schools, their hospitals and their municipal agencies.” Krebs described CISA’s role as that of a middleman uniquely positioned to canvass all the major stakeholders in the cybersecurity ecosystem and “facilitate a knowledge transfer from the haves to the have-nots.” CISA can leverage the collective financial and human capital resources of the big fish — like major banks — and push that knowledge and awareness down the chain to the broader cybersecurity ecosystem.

National: Americans should not be confident about security of 2020 election, experts say | Joseph Marks/The Washington Post

Americans should not be confident about the security of the 2020 election, according to a slim majority of experts surveyed by The Cybersecurity 202. The assessment from 57 percent of The Network, a panel of more than 100 cybersecurity experts who participate in our ongoing informal survey, puts a serious damper on the years-long push by federal, state and local government officials and political parties to bolster election security since a Russian hacking and influence operation upended the 2016 contest. “There are no signs that any part of our institutions are capable of providing an election that is reasonably secure from tampering and manipulation,” said Dave Aitel, a former NSA computer scientist who is now CEO of the cybersecurity company Immunity. “Every part of the voting process is vulnerable. This includes the voter registration process, the voting itself, the vote tabulation, and the results-reporting system,” said Bruce Schneier, fellow and lecturer at the Harvard Kennedy School of Government. Cindy Cohn, executive director of the Electronic Frontier Foundation, called for “more serious security measures for voting, from registration through to reporting the results back to the central voting authority.”

National: Defending against multifaceted election attacks | Lavi Lazarovitz/GCN

Much has been made of the vulnerabilities inherent in voting infrastructure over the past few years. DEFCON hacking villages have repeatedly found flaws in voting machines, and researchers across the country have outlined the ways attackers could infiltrate voting systems and influence an election. While these headlines generate attention, they tend to overshadow the myriad of other ways attackers could impact elections without touching a single vote. While many of the attacks in 2016 took the form disinformation campaigns, there are many other opportunities — direct and indirect — for attackers to have an impact. So while it is incredibly important to continue hardening the security of the physical voting machines, we must guard against other ways attackers could influence an election outcome without ever compromising a machine. From a security perspective, vulnerabilities have been the main talking point when it comes to elections. But while changing a vote is one thing, preventing voters from getting to the polls altogether could prove more effective.

Editorials: In order to prevent another voting debacle, turn to paper balloting | Lee C. Bollinger and Michael A. McRobbie/The Boston Globe

The Nevada caucuses may have skirted the chaos of Iowa and overcome last-minute fears that the use of new technology would lead to another voting fiasco. As such, we can all let out a collective sigh. But it would be a big mistake to double down on the fortunate outcome in Nevada and believe that what happened in Iowa will stay in Iowa. Iowa saw voting tallies delayed for days, in part, because of technological failure, specifically a not-ready-for-prime-time app. Helped by what seems a more decisive outcome, Nevada quickly declared a winner, but not before scrambling to bring in extra manpower and other resources to run its own complex caucus. Though Iowa-like errors and inconsistencies may yet be found in the Nevada count, there appears to be no evidence of malicious cyber activity in either state. Still, the nation’s first two caucuses heavily underscored the continued challenges and vulnerability of our election systems. They also suggested we may still not properly recognize the urgency of protecting this critical component of American democracy. More than three years after members of Congress and the American public learned about widespread Russian intrusion into our election infrastructure, our nation’s elections are still at major risk of being compromised. And, as Iowa clearly demonstrated, new technologies do not yet pose the answer.

Israel: Voter Data of Every Israeli Citizen Leaked by Election Management Site | Scott Ikeda/CPO Magazine

While most of the attention of international media was on the voting snafus in the Iowa Democratic caucus earlier this month, a much more serious incident was developing in Israel. The registration data of all of Israel’s 6.5 million voters was leaked thanks to a faulty download site for the Likud party’s election management app. The breach included full names, addresses and identity card numbers for all users. The culprit in this breach was not a faulty app, but the public-facing website that directed interested parties to the app downloads. An app called Elector was used by Prime Minister Benjamin Netanyahu’s Likud party to deliver election-related news to supporters. However, in Israel each party is given access to the government’s database of basic contact information for all registered Israeli voters regardless of their party affiliation. The app’s official website leaked the administrative username and password via an unprotected API endpoint listed in the homepage source code. This did not require any hacking acumen to access; anyone who cared to view the source code for the page would see the admin login credentials listed in plaintext by simply clicking through the “get-admin-users” link.

National: With 2020 general election approaching, voting security under growing scrutiny | Maya Rodriguez/Scripps Media

It’s the foundation of American democracy: voting. Depending on where you are in the U.S., though, your election experience could look very different from that in your neighboring state or even just your neighbor. “It really does depend on where you are in the country,” said Marian Schneider, who heads up Verified Voting, a non-profit, non-partisan group that advocates for better election security. In particular, the group takes a closer look at when it comes to the use of computers in elections. “We use computers in every aspect of election administration in this country,” Schneider said. “We have also historically underfunded our elections and not put the money into them that we need in order to run a computerized operation.”

National: Congress to get election security briefing next month amid Intel drama | Jordain Carney/The Hill

The administration is gearing up to brief lawmakers on election security as the country wades deeper into the 2020 primaries. Both the House and Senate will be briefed, separately, on March 10, according to Speaker Nancy Pelosi (D-Calif.) and a Senate aide. The briefings will come a week after Super Tuesday, when primary voters in more than a dozen states will head to the polls. On March 10, voters in six more states will cast ballots. The announcement of the briefings come as President Trump’s shake up of top intelligence community positions has sparked fierce criticism from Democrats and some national security professionals, and after reports that intelligence leaders have told lawmakers that Russia is again seeking to aid Trump’s campaign efforts. “American voters should decide American elections — not Vladimir Putin. All Members of Congress should condemn the President’s reported efforts to dismiss threats to the integrity of our democracy & to politicize our intel community,” Pelosi said in a tweet on Thursday.

Florida: Cyber experts: Public should have known about 2016 Palm Beach County elections ransomware | Hannah Morse/The Palm Beach Post

In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. Is three years too long to learn that a ransomware attack happened at the Palm Beach County Supervisor of Elections Office? Yes, say cybersecurity and IT experts. In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. “Not only should they report this, they should understand that just because everything seems normal it might not necessarily be,” said Silka Gonzalez, founder of ERMProtect in Coral Gables. “Even if a hacker is already inside your network and passively stealing your information everything in your workplace is going to look normal and ‘business as usual.’ These things don’t come with sirens and red lights.” The scrutiny over Zepto and its purported encroachment by an unknown entity through an elections office computer in the weeks before the 2016 presidential vote has been a source of controversy. This month, current Supervisor of Elections Wendy Sartory Link revealed the previously unknown cyber attack via a Zepto virus. The severity of the episode, however, has been disputed by her predecessor, Susan Bucher.

Illinois: ‘Wake-up call’ led to focus on election security | Bernard Schoenburg/The State Journal-Register

As the March 17 Illinois primary approaches, state and local election officials say they are continually working to keep election records, information and vote totals safe from outside meddling. “What I always say is we’re confident that we’re doing everything we can to stay a step ahead of any cyber attacker,” said Matt Dietrich, spokesman for the Illinois State Board of Elections. “But all you can ever hope, when you’re dealing with cyber security, is to stay ahead of the next hacker.” Sangamon County Clerk Don Gray, whose office oversees elections in the county, said every election authority has been “working hard … protecting and defending our election apparatus. It is absolutely imperative today that we are proactive and being out in front of cybercriminals.”