Under a recent policy change, the FBI will notify states if local election systems are hacked, but some state officials and lawmakers want the feds to commit to informing a broader range of stakeholders. The federal government, in particular the FBI, have taken heat for taking three years to notify the Florida state government and members of Congress that voter registration systems in two counties were breached by Russian hackers leading up to the 2016 elections. While U.S. officials have said they do not have any evidence that suggests voting machines or tallies were compromised, security experts say bad actors tampering with registration data can still sow confusion and wreak havoc on election day. Alabama Secretary of State John Merrill said he and his counterparts in other states spent years pressing the federal government to notify states about local election hacks, arguing that many counties and municipalities lack the technical resources to effectively respond to a breach of their election systems. “They’re not in a position to give any attention to what was going on and to try to correct the issue, and so if [the feds aren’t] contacting us, what’s the value of calling anyone?” he told FCW. “And when we explained that to [the federal government,] they understood.”
National: Analysts question whether FBI election cybersecurity changes are robust enough | Jonathan Greig/TechRepublic
The FBI released new guidelines on how it will approach cyberattacks on elections after facing years of criticism from lawmakers across the country for their response to Russian intrusion attempts during the 2016 election. State officials, particularly those in Florida, were incensed when the Mueller Report revealed that two county voting databases were breached by Russian hackers ahead of the 2016 election. The FBI never told state-level officials and only coordinated with people in the counties that had been hit, waiting nearly two years until meeting and explaining the situation to Florida Gov. Ron DeSantis. The new guidelines, explained on a media call last Thursday and in a press release last Friday, say the FBI will notify a state’s chief election official and other local election workers in the event of any cyberattack. “Understanding that mitigation of such incidents often hinges on timely notification, the FBI has established a new internal policy outlining how the FBI will notify state and local officials responsible for administering election infrastructure of cyber activity targeting their infrastructure,” the FBI statement said.
National: FBI will now notify state election officials when any part of their election systems is hacked | Ken Dilanian/NBC
The FBI will now notify state election officials about cyber breaches to election systems in their jurisdictions, even those that only affect a single county, FBI and Justice Department officials said Thursday. The change stems from a belief that the “traditional policy did not work in the election context,” an FBI official told reporters in a background call. Typically, the FBI notifies only the victim of a cyber intrusion. When it comes to election systems, the victim is often a county. But if the FBI only notifies local officials, “it may leave the state officials with incomplete knowledge of the threats,” the official said. The policy shift comes after a 2018 episode in Florida in which Democratic Sen. Bill Nelson said he had been told that Russian hackers gained access to some voting systems in his state, only to be accused of making that up by then-Gov. Rick Scott, the Republican running to unseat Nelson in that year’s election. Scott said state officials had not been notified of any such breach.
National: Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing | Byron Tau and Dustin Volz/Wall Street Journal
Two top government officials with broad cybersecurity and election-integrity portfolios have announced they are stepping down this month, a loss of expertise in a critical area less than a year before the 2020 presidential election. Amy Hess, the executive assistant director of the Criminal, Cyber, Response, and Services Branch of the Federal Bureau of Investigation will depart for a job as the chief of public services in Louisville, Ky. Jeanette Manfra, the most senior official dedicated exclusively to cybersecurity at the Department of Homeland Security, will leave her post at year’s end for a job in the private sector. Both women have announced their departure in recent weeks. Senior U.S. intelligence officials have warned the elections are likely to be targeted online by Russia and other foreign adversaries following Moscow’s success in disrupting the 2016 race. The FBI and DHS are two of the primary agencies responsible for combating foreign influence operations online, along with intelligence agencies including the National Security Agency. The FBI established a Foreign Influence Task Force in 2017 and has made investments to deepen its cybersecurity capabilities. DHS is the lead federal partner for state and local election officials with a focus on safeguarding voting systems from hackers.
National: Election security drill pits red-team hackers against DHS, FBI and police | Sean Lyngaas/CyberScoop
A year from the 2020 election, sophisticated exercises to help secure the vote are kicking into high gear. On Tuesday, executives from the Boston-based firm Cybereason will conduct a tabletop exercise testing the resolve of officials from the Department of Homeland Security, FBI, and the police department of Arlington County, Virginia, among other organizations. The fictional scenario will involve attackers from an unnamed foreign adversary laying siege to a key city in a U.S. swing state. Hacking, physical attacks and disinformation via social media will be on the table as the attackers seek to flip the vote to their preferred candidate — or sow enough doubt among voters to undermine the result. One of the objectives of the red team — technical specialists from Cybereason and other private organizations — is voter suppression. That is exactly what Russian operatives aimed to achieve in 2016 and what, according to U.S. officials, they could strive for again in 2020. What participants learn from Tuesday’s event can be worked into future election-security drills, which will only grow more frequent as the 2020 vote approaches.
National: Administration officials say election security is a ‘top priority’ ahead of 2020 | Tal Axelrod/The Hill
Several administration officials Tuesday released a joint statement assuring the public that they are prioritizing election security less than a year away from the 2020 presidential race. Attorney General William Barr, Secretary of Defense Mark Esper, outgoing acting Secretary of Homeland Security Kevin McAleenan, acting director of national intelligence Joseph Maguire, FBI Director Christopher Wray and others said they have increased the level of federal support to state and local election officials and are prioritizing the sharing of threat intelligence to improve election security. “In an unprecedented level of coordination, the U.S. government is working with all 50 states and U.S. territories, local officials, and private sector partners to identify threats, broadly share information, and protect the democratic process. We remain firm in our commitment to quickly share timely and actionable information, provide support and services, and to defend against any threats to our democracy,” they said in a joint statement.
National: Feds and police are war-gaming all the ways an election can be hacked | Joseph Marks/The Washington Post
As voters head to the polls today in Virginia’s odd-year contest, federal officials and local police are war-gaming how adversaries could disrupt next year’s contest without hacking any election systems at all. Officials from the FBI, Department of Homeland Security and U.S. Secret Service are working with cops in Arlington to game out how to respond if hackers from Russia or elsewhere in 2020 disrupt electricity at polling places, shut down streetlights, or hijack radio and TV stations to suppress voter turnout and raise doubts about election results. They’ll also test how to respond if adversaries launch social media campaigns to incite fights at polling places — or to spread rumors about riots or violence that deter people from going out to vote. Cybersecurity experts and academics will play the mock hackers, lobbing new challenges at officials throughout the day. The exercise underscores how hackers could destroy public faith in an election’s outcome without changing any votes. And that’s particularly concerning because many of these potential targets are far more vulnerable than voting machines. “If you can prevent people from getting to the polls … if you can effectively disenfranchise certain segments of the population, that’s far more disruptive to the republic than taking out a few voting machines,” Sam Curry, chief security officer at Cybereason, the company organizing the war game, told me.
National: FBI faces new hurdle in election interference fight: Donald Trump | Darren Samuelsohn and Natasha Bertrand/Politico
Nearly two years ago, FBI Director Chris Wray set up an office tasked solely with stopping the type of Russian inference efforts that infected the 2016 campaign. On Wednesday night, Trump undercut the whole operation in a matter of seconds. In an ABC News interview, the president first proclaimed he would have no problem accepting dirt on his opponents from a foreign power, then said Wray was “wrong” to suggest the FBI needs to know about such offers. The comments, according to interviews with nearly a dozen law enforcement veterans, have undone months of work, essentially inviting foreign spies to meddle with 2020 presidential campaigns and demoralizing the agents trying to stop them. And it’s backed Wray into a corner, they added, putting him in a position where he might have to either publicly chastise the president and risk getting fired, or resign in protest. America’s enemies will see Trump’s comments and likely “come out of the woodwork like never before to try to influence the president,” said longtime FBI veteran Frank Figliuzzi, who served as the bureau’s assistant director for counterintelligence until 2012. “And it’s going to be more difficult to defend against because they’ll try harder than ever to mask their attempts.”
National: Trump smashed months of FBI work to thwart election interference | Daren Samuelsohn and Natasha Bertrand
Nearly two years ago, FBI Director Chris Wray set up an office tasked solely with stopping the type of Russian interference efforts that infected the 2016 campaign. On Wednesday night, President Donald Trump undercut the whole operation in a matter of seconds. In an ABC News interview, the president first proclaimed he would have no problem accepting dirt on his opponents from a foreign power, then said Wray was “wrong” to suggest the FBI needs to know about such offers. The comments, according to interviews with nearly a dozen law enforcement veterans, have undone months of work, essentially inviting foreign spies to meddle with 2020 presidential campaigns and demoralizing the agents trying to stop them. And it has backed Wray into a corner, they added, putting him in a position where he might have to either publicly chastise the president and risk getting fired, or resign in protest. America’s enemies will see Trump’s comments and likely “come out of the woodwork like never before to try to influence the president,” said longtime FBI veteran Frank Figliuzzi, who served as the bureau’s assistant director for counterintelligence until 2012. “And it’s going to be more difficult to defend against because they’ll try harder than ever to mask their attempts.”
National: Klobuchar, Wyden demand answers from FBI on 2016 election hacking incidents | Maggie Miller/The Hill
Sens. Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.) are demanding answers from the FBI on its response to Russia attempting to hack voting machine company VR Systems during the 2016 presidential election. The incident was revealed in special counsel Robert Mueller’s report, which said Russia in August 2016 targeted employees of “a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” The company wasn’t mentioned in the report, but VR Systems has since been confirmed as the targeted company. In a letter to FBI Director Christopher Wray on Wednesday, Klobuchar and Wyden asked the FBI what steps it took after VR Systems alerted the FBI in August 2016 that it had found suspicious IP addresses on its systems. “VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests that the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced,” the senators wrote.
Florida: FBI urged to disclose Florida election hack details after ignoring request | Andrew Blake/Washington Times
The FBI faced fresh calls Friday to release additional details about the hacking campaign that compromised election systems in Florida during the 2016 U.S. presidential race. Rep. Ted Deutch, Florida Democrat, pressed for transparency nearly two months since the release of special counsel Robert Mueller’s report about Russian election interference began to reveal the scope of its success in the Sunshine State. The FBI assessed that Russian hackers infiltrated at least one Florida county government during the 2016 race, Mr. Mueller wrote in the report. Many state officials were unaware of the breach prior to the report’s publication, and individuals briefed by the FBI afterward said they were told that a total of two Florida counties had been compromised. Nearly no further details have emerged since, however, and Florida’s governor said he signed a non-disclosure agreement legally preventing him from revealing what counties were hacked.
Florida: Hacked Florida counties could disclose their identities — if they wanted to | Marc Caputo/Politico
Local election officials in the two unnamed Florida counties where Russian agents hacked voter rolls in 2016 are able to publicly disclose whether they had been attacked. But the bureaucrats are clamming up instead. And voters in those counties have no right to know that information, according to the FBI. Nor is the state’s governor or its congressional delegation allowed to tell the public the names of those counties. That’s because the FBI made the governor sign a non-disclosure agreement in order to receive a classified briefing about the hack, along with the members of Congress. Some lawmakers are outraged at what they see as bizarre reasoning from the agency. For now, the information about the two counties is being kept officially secret — even though the identity of one of the hacking “victims,” Washington County’s election office, has leaked out.
Florida: Ron DeSantis ‘not allowed’ to disclose which two Florida counties were hacked by Russians | Emily L. Mahoney/Tampa Bay Times
Gov. Ron DeSantis met with the FBI and the U.S. Department of Homeland Security last week to discuss the revelation in the Mueller report that “at least one” Florida county had its election information accessed by Russian hackers in 2016. On Tuesday, DeSantis told reporters that he had been briefed on that breach — which actually happened in two counties in Florida — but that he couldn’t share which counties had been the target. “I’m not allowed to name the counties. I signed a (non)disclosure agreement,” DeSantis said, emphasizing that he “would be willing to name it” but “they asked me to sign it so I’m going to respect their wishes.”