Federal News Network: Top House Armed Services Democrat wants oversight of new DoD cyber strategy

Federal News Network: Top House Armed Services Democrat wants oversight of new DoD cyber strategy

By Scott Maucione

With the Democrats taking control of the House starting in January, the likely-incoming chairman of the House Armed Services Emerging Threats and Capabilities Subcommittee is whittling down his priorities for the panel in the next legislative session. The top areas he wants to cover have a common thread that should come as no surprise: cyber.

Rep. Jim Langevin (D-R.I.) was just reelected to his tenth term in Congress, and is poised to take the gavel from current chairman, Rep. Joe Wilson (R-S.C.).

In an interview with Federal News Network, Langevin said cybersecurity, election security and keeping a watchful eye over the Trump administration’s new defense cyber policy are some of the most important topics the subcommittee will face in the coming year.

“We want to make sure they are held accountable and we are properly implementing these new strategies,” Langevin said.

DoD’s new cyber strategy, which was released in September, is much more “forward leaning” than strategies of the past, Langevin said. The strategy focuses on great power competition and also allows DoD to more readily conduct cyber operations in defense of the nation outside of its own networks.

What’s concerning is “the unintended consequences,” Langevin said. “If we are going to be more proactive in cyberspace, I think that can be a good thing, but working with allies and having international coordination is essential.”

To that point, Langevin criticized the administration’s decision to eliminate the cybersecurity coordinator at the State Department and the cybersecurity coordinator role on the National Security Council.

The Trump administration said it got rid of the roles in the NSC and State Department as part of an effort to cut back bureaucracy and streamline decision making.

“Big mistake,” Langevin said. “Cybersecurity is not just a U.S. problem or challenge; it’s an international problem and challenge that we need to work on together. Having an international focus and having someone at the State Department is going to help coordinate those cyber strategies and responses.”

While Langevin thinks international cooperation is imperative to the nation’s cybersecurity, he also thinks the government and private sector need to ramp up their communication about cyber threats.

“We are going to continue to track the implementation of the Cybersecurity Information Sharing Act of 2015,” Langevin said. “It has not lived up to its potential or what I certainly hoped we would accomplish in terms of sharing robust threat information, threat signatures and network speed. That has not happened at all to the level it needs to happen.”

Currently, only six companies are sharing cyber threat information with the government and about 200 are taking the information the government is offering, Langevin said.

“That just seems incomprehensible to that the numbers would be low, but that’s the reality and we have to do better,” Langevin said. He added that it is unclear why the companies are not signing up for the program.

“We need to get our arms around why and how we can incentivize more robust information sharing,” Langevin said. “The only way we are going to really effectively protect ourselves and the government is to properly inoculate ourselves when we know of a threat signature that could pose harm.”

Langevin is also planning on keeping a close eye on the delegation of authorities given to U.S. Cyber Command as it grows in its role as a full combatant command.

The congressman also stressed the need for a law that governs how quickly data breaches need to be reported. Currently each state has its own law about how quickly breaches need to be reported, Langevin wants a federal standard of 30 days.

Numbers around the 2020 Defense budget are already beginning to fly. Langevin said he agreed with Rep. Adam Smith (D-Wash.), who will likely chair the House Armed Services Committee, that the United States needs to specialize in certain areas and leave some slack for allies to pick up. That could have an effect on how big the Defense budget ends up.

Smith said Democrats will look at how they can, within a reasonable budget, manage risk while also prioritizing other factors that make a country “safe, secure and prosperous” like paying down debt and fixing infrastructure.

“The biggest problem I feel that we’ve had is, because we get this ‘Oh my God we have to cover everything [mindset],’ we wind up covering nothing well and that leaves the men and women who serve us in a position where they are not properly trained, properly equipped to meet all the missions we want them to meet,” he said. “It’s a complete impossibility to meet all the missions that we dream up.”

Langevin stated the sequestration caps for both defense and nondefense need to be lifted.

NextGov: DHS and Pentagon Memo Details Future Cyber Cooperation

NextGov: DHS and Pentagon Memo Details Future Cyber Cooperation

By Joseph Marks

The Pentagon and Homeland Security Department have established a memorandum of understanding that details how the departments will work together on cybersecurity in the future, a Homeland Security official confirmed Wednesday.

That agreement “reflects the commitment of both departments in collaborating to improve the protection and defense of the U.S. homeland from strategic cyber threats,” according to written testimony from Homeland Security Assistant Secretary Jeanette Manfra.

It also “clarifies roles and responsibilities between DOD and DHS to enhance U.S. government readiness to respond to cyber threats and establish coordinated lines of efforts to secure, protect, and defend the homeland,” according to the statement delivered to a joint hearing of the cyber panels of the House Homeland Security and Armed Services committees.

A Homeland Security official confirmed the agreement is completed but did not provide additional details.

Rep. Cedric Richmond, D-La., described the agreement in broad terms during the hearing. Richmond, who is the ranking Democrat on the Homeland Security panel, said he has not read the memorandum yet.

The civilian-military agreement comes as the government is trying to ramp up civilian and military cooperation in cyberspace, especially when it comes to protecting election systems and other critical infrastructure such as banks, hospitals and airports.

In advance of last week’s midterm elections, 11 Pentagon cyber officials came over to Homeland Security’s cyber operations center as liaisons, Manfra told lawmakers during the hearing.

Those liaison officers were there to pave the way for their colleagues in case an election cyber threat popped up that state and local officials couldn’t handle on their own with Homeland Security’s support and the military needed to help out, Manfra said.

Though the departments were prepared, that threat didn’t materialize.

Rep. Jim Langevin, D-R.I., the ranking member on the Armed Services panel, praised the Pentagon and Homeland Security for removing legal and bureaucratic barriers to cooperation in advance of the election.

In the future, it will be critical for the two departments to work together on cyber threats, he said.

“While Congress has been abundantly clear about DHS’ primacy in defending civilian networks in the United States, coordination, collaboration and information sharing with the DOD will be critical to the defense of the homeland,” [Rep. Langevin] said.
Congress officially authorized the Defense Department to send those detailees to Homeland Security in August in a pilot program included in the most recent version of the National Defense Authorization Act, an annual defense policy bill.

The mammoth policy bill also mandated other Defense Department efforts to help the civilian government and critical infrastructure providers, such as banks and hospitals, repel cyberattacks if called upon.

The bill also mandated a study on whether to create cyber components in the military reserves that could assist states during a cyber emergency.

Overall, in the months leading up to the election, Homeland Security, the Pentagon and FBI made more progress on sharing cyber threat information and developing a common cyber operations picture than in the prior decade, Manfra told lawmakers.

WPRI: RI officials prepare for potential cybersecurity threats on Election Day

WPRI: RI officials prepare for potential cybersecurity threats on Election Day

By Sarah Doiron

PROVIDENCE, R.I. (WPRI) — With the general election just 11 days away, local and federal officials are working together to make sure every vote counts.

Jeanette Manfra of the Department of Homeland Security was in Rhode Island on Friday, working with election officials to ensure the voting process is secure.

“Don’t let anybody dissuade you go out and vote,” Manfra said. “We’re doing all we can to ensure all votes are counted and counted correctly.”

State leaders say Rhode Island is prepared for any cybersecurity threat that could potentially happen.

“In 2016, the country, in a lot of ways a number of us were caught off-guard and unprepared for the interference that the Russians were carrying out against us,” Congressman Jim Langevin said. “We will not be caught off guard again.”

“The 2016 election made clear we need to make more improvements and set aside additional resources to protect our elections,” Congressman David Cicilline added.

In addition to $3 million in federal funding, the Department of Homeland Security said there will be a local adviser in the state on Election Day as well.

“Rhode Island is just a leader in both election security and cybersecurity,” Manfra said. “The work that is being done here is being copied elsewhere in the country.”

Secretary of State Nellie Gorbea said election security is never done, and it’s never just one precautionary measure. She said the state will have a multifaceted approach on Election Day.

“Our country is facing a real threat by Russians and other foreign actors who want to erode public trust in our elections,” Gorbea said.

Polls will be open on Nov. 6 from 8 a.m. to 8 p.m.

ProJo Editorial: For U.S. House: Cicilline, Langevin

ProJo Editorial: For U.S. House: Cicilline, Langevin

SOURCE: Providence Journal Editorial

PROVIDENCE, R.I. — Rhode Island benefits from experienced, hardworking leadership in Washington. For that reason, we encourage our readers to vote to re-elect U.S. Representatives David Cicilline and James Langevin. As Democrats, they could become more powerful after January, if pollsters’ predictions hold true and control of the U.S. House flips to their party.

Representative Langevin, who serves Rhode Island’s Second District, sits on the House’s Homeland Security and Armed Services committees. Far from being content to serve as a partisan back-bencher, he has been a been a strong and assertive voice on defense and security matters. He supports internet privacy protections and wants to harden cyberprotections for the critical infrastructure of Rhode Island and the country.

He has correctly identified diagnosed weaknesses in America’s cyberdefenses, even as cyberspace is increasingly a battlefield for nation-states, terrorists and criminals. He has demonstrated a grasp of the havoc that could follow a widespread, malicious attack, and consistently advocated for greater cooperation among the interdependent public and private sectors.

Mr. Langevin also has advocated for broader and deeper health care services for all, especially the disabled. As a paraplegic, he provides a unique and personal perspective on issues ranging from stem-cell research to study of the most effective ways for people to undergo rehabilitation after becoming paralyzed.

He is popular, too, with Rhode Islanders, enjoying sizable electoral majorities after successful stints as a state representative and Secretary of State.

Representative Langevin is opposed by military veteran and Republican Sal Caiozzo, who is an advocate for veterans harmed by toxins while serving. Mr. Langevin’s experience and willingness to reach across the aisle suggest he is the better choice.

In the First Congressional District, which includes Providence and Newport, former Providence Mayor Cicilline enjoys a huge party registration advantage over Republican challenger Patrick Donovan and should coast to victory.

Mr. Cicilline has been an advocate for trying to limit the spread of guns in America. He has aggressively pushed for expanded background checks for gun purchasers and a ban on assault weapons.

In Washington, Mr. Cicilline’s articulate tongue has served him well. He has been willing to appear on conservative TV programs, making the case for his party’s values and helping to bridge the yawning partisan chasm in the nation’s capital. He has also spoken out for manufacturing in America. And he has been a champion of newspapers and a free press.

Mr. Cicilline could well be leadership material. A respected member of the Congressional Progressive Caucus, he is competing for the new elected position of assistant majority leader. Little Rhode Island can use all the power it can get in Washington.

We believe Rhode Island voters would be well-served by returning its incumbent U.S. House members to office.

The Hill: Congress falls flat on election security as midterms near

The Hill: Congress falls flat on election security as midterms near

By Jacqueline Thomsen

Congress has failed to pass any legislation to secure U.S. voting systems in the two years since Russia interfered in the 2016 election, a troubling setback with the midterms less than six weeks away.

Lawmakers have repeatedly demanded agencies step up their efforts to prevent election meddling but in the end struggled to act themselves, raising questions about whether the U.S. has done enough to protect future elections.

A key GOP senator predicted to The Hill last week that a bipartisan election security bill, seen as Congress’s best chance of passing legislation on the issue, wouldn’t pass before the midterms. And on Friday, House lawmakers left town for the campaign trail, ending any chance of clearing the legislation ahead of November.

Lawmakers have openly expressed frustration they were not able to act before the 2018 elections.

Rep. Tom Rooney (R-Fla.), who introduced the House version of the election security bill, said it was “disappointing.”

“If you want to call it a message that we’re sending to the American people, that we’re doing everything that we can to ensure that the integrity of the vote is sacred,” he said, “If we have these opportunities to do something and we don’t, then that definitely sends the wrong message. That maybe we just don’t care or whatever.”

Rep. James Langevin (D-R.I.), the co-founder of the Congressional Cybersecurity Caucus, said not passing the legislation was “a missed opportunity” to better protect U.S. elections.

“Every community needs to be on guard, alert and realize that the Russians are a very well-resourced and capable bad actor that are again trying to interfere with our elections,” he said.

Sen. James Lankford (R-Okla.), one of the bill’s cosponsors, told The Hill that the text of the bill is still being worked out after recent changes prompted concerns from state election officials and the White House.

It had appeared the bill would make it across the finish line but last month Reuters reported that the White House had stepped in to hold up the bill. A GOP Senate aide told The Hill at the time that it was paused over a lack of Republican support and over concerns raised by outside groups.
The White House did not return multiple requests for comment, and a spokesperson for Senate Rules and Administration Committee Chairman Roy Blunt (R-Mo.), who delayed the bill’s markup, declined to comment further.

Lankford said the White House told him it had not held up the bill. But he added that “they didn’t talk to me about it in advance.”

Like other lawmakers and experts, Lankford pointed out that even if the bill had passed ahead of the midterms, it would still be too late to implement any of the measures ahead of November’s elections.

“The bigger issue is not the legislation,” Lankford said. “The bigger issue is what the administration has done in the meantime to try to actually get all this done.”

The Department of Homeland Security has offered some cybersecurity support to state election officials, and President Trump signed an executive order earlier this month authorizing sanctions against those found interfering in U.S. elections.

Lawmakers also included $380 million for states to update and secure their election systems in an appropriations bill passed in March. That funding was initially authorized under the Help America Vote Act of 2002, passed in response to the 2000 presidential election, but this year’s grants were the first authorized under the law since fiscal 2010.

However, when Democrats tried to pass more election security funding earlier this year, Republicans knocked down the measure, arguing that substantial funds had already been allocated.

Other security bills have also been introduced after the 2016 elections, but the bipartisan bill spearheaded by Lankford and Sen. Amy Klobuchar(D-Minn.) was touted as the best shot to legislation on the books shielding U.S. election systems from cyber attacks.

Even so, it remained the subject of extensive debate: The original bill included a pilot program for states to conduct audits on limiting risks, which would examine a number of ballots to ensure that systems weren’t compromised.

But that program became mandatory in a later version of the bill, costing it support from state officials and advocacy groups who argued the measure would be too great of a burden.

Voting groups have also voiced disappointment at the lack of action, but were quick to praise Klobuchar and Lankford’s bipartisan push to pass legislation.

Vermont Secretary of State Jim Condos (D), the president of the National Association of Secretaries of State (NASS), told The Hill that while many states are already implementing the measures that would be included in the bill, it was disappointing to not have them on the books. NASS has not taken a public stance on the legislation.

He said that the bill would “send a strong message” to bad cyber actors like Russia, which interfered in the 2016 election, as well as to Americans that their election systems are secure.

“I think this would go a long way to helping us let the public know that our systems are strong and, on top of that, that everyone takes [the issue] seriously,” Condos said.

It is unclear if Congress will be any closer to overcoming the hurdles to legislation after the midterms.

But advocates insist they will keep pushing for a solution.

“This is a time for unity where the country has to unite to fight off foreign meddling in our election because that undermines our democracy,” said Marian Schneider, the president of Verified Voting.
But she also noted that the Lankford-Klobuchar bill was originally introduced in December 2017 and that lawmakers had months to finalize the text.

“I think there’s an unfortunate thing going on here that whenever elections is the topic or is the subject area that it becomes politicized,” she said.

Nextgov: Critical Update- Cyber Leadership Has to Come from the Top

Nextgov: Critical Update- Cyber Leadership Has to Come from the Top

By Joseph Marks

The biggest problems in federal cybersecurity start at the top and fixes need to come from the top too, Rep. Jim Langevin, D-R.I., told Nextgov’s Critical Update podcast.

When Defense Secretary Ash Carter made cybersecurity a top Pentagon priority during the Obama administration, for example, Carter’s subordinates showed the same passion for the issue, said Langevin, who co-founded the Congressional Cybersecurity Caucus.

“You had everyone, all hands on deck, doing more to step up our cybersecurity at the Pentagon,” he said.

By 2018, among other cyber initiatives, the Defense Department had launched five bug bounty contests, which loose troves of ethical hackers to search for vulnerabilities in Pentagon computer systems.

When National Security Adviser John Bolton eliminated the position of White House cybersecurity coordinator in May, by contrast, it marked “an enormous step backward” for federal cyber efforts, Langevin said.

Among other things, the lack of a White House point person on cybersecurity prevents the administration from speaking with a clear and singular voice about issues such as Russian election meddling and foreign efforts to penetrate U.S. critical infrastructure, said Langevin, who has co-sponsored legislation to restore and elevate the cyber coordinator position.

“I’m very concerned about having a lack of coordination and oversight from the top,” he said.

Langevin has criticized President Donald Trump for failing to consistently acknowledge Russian government efforts to undermine the 2016 election and for acceding to the elimination of the cyber coordinator position, but he has also praised some Trump administration moves, such as appointing highly qualified Homeland Security cyber officials and continuing Obama-era cyber policies.

Going forward, Langevin said, he holds out hope the president will make cybersecurity a priority and urge his cabinet secretaries to do the same.

“The president would serve the government well by having his cabinet secretaries around the table and … asking what they’re doing to step up their game in preventing cyber vulnerabilities,” he said.

On the Ash Carter model, he said, more cabinet secretaries may then make cyber a priority “and their subordinates will make it happen.”

You can listen to the full episode [here] and subscribe through the Apple store or Google Play.

Bloomberg: Election Security a Top Concern, Trump Officials Assure Lawmakers

Bloomberg: Election Security a Top Concern, Trump Officials Assure Lawmakers

By Nafeesa Syeed and Anna Edgerton

The Trump administration sought to assure lawmakers on Tuesday that it’s working with states to ensure the security of U.S. elections after Democrats raised concerns that the government isn’t doing enough.

“This is an issue that the Administration takes seriously and is addressing with urgency,” according to a joint statement Homeland Security Secretary Kirstjen Nielsen and FBI Director Christopher Wray released after top intelligence officials briefed House members behind closed doors. The officials said they highlighted efforts to protect “critical infrastructure” for elections.

Democrats have questioned whether the Trump administration has acted forcefully enough to prevent other countries from meddling with U.S. election results after intelligence agencies concluded that Russia sought to help President Donald Trump and hurt Democrat Hillary Clinton in the 2016 presidential contest. Russia denies the accusations.

Raja Krishnamoorthi, an Illinois Democrat, said after the meeting that “I don’t feel confident” that the Homeland Security Department and other agencies are doing enough to secure future elections. Much of the briefing focused on Russia, but there are “others out there” seeking to do the same thing, he said.

“I didn’t walk away thinking that we’re there yet” in terms of being prepared, he said.

Read more: Hack-Resistant Vote Machines Missing as States Gird for ’18 Vote

The briefing comes as primary elections are underway Tuesday in Arkansas, Georgia Kentucky and Texas.

James Langevin, a Democrat from Rhode Island, said after the briefing that “states have had better interaction with the federal government than they did prior to the 2016 election but there are still weaknesses in the system,” especially making sure there’s a paper trail. He said about 50 lawmakers attended the meeting and some raised questions about specific information the government has about efforts by Russia to interfere with elections.
Nielsen said after Tuesday’s meeting that Russians have sought to “manipulate public confidence on both sides” and that “we see them continuing to conduct influence campaigns.”

Michael McCaul, a Texas Republican who is chairman of the Homeland Security Committee, said Russia’s goal is to “create chaos” and not help a specific candidate.

Cyber Scans

House Speaker Paul Ryan organized the classified meeting. Trump held his own briefing May 3 with Director of National Intelligence Dan Coats, Wray and others to discuss efforts to bolster the country’s election systems and how to work with states.

DHS is offering states voluntary cyber services, including remote checks of their election systems and on-site vulnerability assessments. It’s also granting security clearances to election officials, though they haven’t all been finalized.

States are now deciding how to use their share of $380 million in federal election security grants that came with the omnibus spending package earlier this year. But it’s hardly enough to update aging voting equipment in most states ahead of the November polls, and many state officials are hoping Congress will approve more dollars.

Also this month, the Senate Intelligence panel issued its first interim report on election security. While confessing its members lacked a firm grasp on the extent of hacking into voter systems in 2016, the committee said the U.S. should “clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly.”

A group of former U.S. and European officials, including ex-Vice President Joe Biden, who say governments haven’t sufficiently addressed election security threats have started the Transatlantic Commission on Election Integrity, which plans its first meeting in Copenhagen on June 21-22. The group aims to conduct studies on how to better reduce risks to elections from Russian cyber threats, including looking at new technologies, and share their findings with governments.

Every House seat is on the ballot in November general elections, along with a third of Senate seats.

WaPo: The Cybersecurity 202: We surveyed 100 security experts. Almost all said state election systems were vulnerable.

WaPo: The Cybersecurity 202: We surveyed 100 security experts. Almost all said state election systems were vulnerable.

By Derek Hawkins

The midterm elections are less than six months away, but an overwhelming 95 percent of digital security experts surveyed by The Cybersecurity 202 say state election systems are not sufficiently protected against cyberthreats. 

We brought together a panel of more than 100 cybersecurity leaders from across government, the private sector, academia and the research community for a new feature called The Network — an ongoing, informal survey in which experts will weigh in on some of the most pressing issues of the field. (You can see the full list of experts here. Some were granted anonymity in exchange for their participation.) Our first survey revealed deep concerns that states aren’t prepared to defend themselves against the types of cyberattacks that disrupted the 2016 presidential election, when Russian hackers targeted election systems in 21 states.

“We are going to need more money and more guidance on how to effectively defend against the sophisticated adversaries we are facing to get our risk down to acceptable levels,” said one of the experts, Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus.

Congress in March approved $380 million for all 50 states and five territories to secure their election systems, but Langevin says he wants more. He introduced legislation with Rep. Mark Meadows (R-N.C.) that would provide election security funding to states if they adhere to new federal guidelines for identifying weaknesses in their systems and auditing election results. “I hope Congress continues to work to address this vital national security issue,” Langevin said.

Each state is responsible for running its own elections, and many state officials view attempts by the federal government to intervene with skepticism — if not outrightopposition. But some experts said the magnitude of the threats from state-sponsored adversaries is too great for states to deal with alone.

“Given the gravity of the nation-state threats we face, much more needs to be done at every level — including a strong declarative policy that this activity is unacceptable and will trigger a strong response,” said Chris Painter, who served as the State Department’s top cyber diplomat during the Obama and Trump administrations.

Dave Aitel, chief executive of Immunity Inc. and a former National Security Agency security scientist, went further: “Protecting systems from cyberthreats from nation-states can really only be done on a national level. It’s insane we have state-level control of these systems.”

Experts generally agreed that most states are more secure than they were in 2016. Officials have undertaken a variety of measures to improve security — including conducting vulnerability tests of computer networks and voting machines and hiring new IT staff.

But securing this kind of technology isn’t easy. “ ‘Election systems’ are massive, distributed IT systems with thousands of endpoints and back-end systems that hold and process large volumes of highly sensitive data,” said Jeff Greene, senior director of global government affairs and policy at Symantec. “Protecting such systems is no small feat, and election systems are no different. While [the Department of Homeland Security] and the state and local governments have in recent years dialed up their efforts, there are no easy fixes.”

Several experts said that state voter registration databases are particularly vulnerable — and make an appealing target for attackers who want to sow confusion and undermine confidence in the voting process.

“The voting machines themselves are only part of the story,” said Matt Blaze, a cryptographer and computer science professor at the University of Pennsylvania. “The ‘back end’ systems, used by states and counties for voter registration and counting ballots, are equally critical to election security, and these systems are often connected, directly or indirectly, to the Internet.”

There’s no evidence that Russian hackers actually changed any votes in 2016, but they did probe online voter rolls and even breached the statewide voter database in Illinois.“Few if any state and local IT departments are equipped to protect this infrastructure against the full force of a hostile intelligence service, and these systems are very attractive targets for disruption,” Blaze said.

“The level of expertise is quite uneven” across the states, added Daniel Weitzner, founding director of the MIT Internet Policy Research Initiative who was U.S. deputy chief technology officer for Internet policy during the Obama administration. “Of particular concern is the voter registration systems. Imagine how much fear, uncertainty and doubt [that] Russia or any other malicious actor could sow if they raise questions about the accuracy of the voting rolls. That’s every bit as bad as actually changing votes, and much easier to do.”

Jay Kaplan, co-founder of the cybersecurity firm Synack, notes a bright spot: The Election Assistance Commission has a national voting system certification program to independently verify that a voting system meets security requirements.

“However, testing for this certification is completely optional,” said Kaplan, who held previous roles in the Defense Department and at the National Security Agency. “States can set their own standards for voting systems…. As such, some states are significantly more buttoned up than others. The reality is states are understaffed, underfunded, and are too heavily reliant on election-system vendors securing their own systems.”

On top of that, millions of Americans will vote this year on old, hack-prone digital machines that produce no paper trail. Without a paper record, it’s nearly impossible to audit the final vote tally. Federal officials and expertsrecommend scrapping such machines in favor of paper ballots.

Too many states “have taken a less than strategic approach and once again waited too long to start addressing vulnerabilities within their processes and technology,” said Mark Weatherford, a former deputy undersecretary for cybersecurity at the Department of Homeland Security in the Obama administration and chief information security officer in both California and Colorado.

“Additionally, because of significant investments in electronic voting technology, it’s difficult for non-technologists to acknowledge economic sunk costs and re-prioritize current funding to address these … problems,” said Weatherford, a senior vice president and chief cybersecurity strategist at vArmour.

Nico Sell, co-founder of the software maker Wickr, put the problem into perspective: “We will teach the kids how to hack the election system this summer at r00tz at Def Con,” she said. (r00tz is an ethical hacking program for children between 8 and 16 years old held in Las Vegas alongside the Def Con security conference.)

Many experts are worried that states lack the resources to build their defenses in time for the midterms, even with more federal assistance. “What isn’t clear is where our defenses and resiliency have improved if at all,” said Jessy Irwin, head of security at Tendermint. “This is a difficult problem to solve, and it takes something we don’t have enough of to get 50 states and a few territories flying in formation: time.”

Less than five percent of experts who responded to the survey said they were confident that state election systems were well protected.

Cris Thomas, who goes by the name Space Rogue and works for IBM X-Force Red, said that while registration databases, websites and other systems may still be vulnerable, “the election systems themselves are sufficiently protected.”

And the patchwork nature of U.S. elections is actually a bonus when it comes to deterring would-be attackers, said one expert who spoke on the condition of anonymity.

“State balloting systems are diverse and decentralized. They’re administered by some 3,000 counties, making it difficult for malicious actors to uniformly attack voting infrastructure on a vast scale,” the expert said.

That expert was satisfied with the efforts by state and federal officials to secure the vote. “Public and private authorities are taking steps to defend against nation-state attacks. The recent omnibus spending bill provides monies to states for election security; threat data are being shared between states and federal agencies (albeit probably slowly and tentatively); and election officials are utilizing best practices, such as conducting post-election audits and not connecting voting machines to the Internet,” the expert said.

“But bolstering our cyberdefenses, however fundamental, will only take us so far,” the expert added. “The White House needs to authorize agencies to disrupt cyberattacks and information operations at their sources and up the ante for prospective attackers as part of America’s broader deterrence posture.”

As another expert who participated in the survey put it:“The high level of interest has led to more eyes on the process, which itself helps deter would-be hackers.”

Elite Daily: Can The 2018 Elections Be Hacked? Experts Think So, & Here We Go Again

Elite Daily: Can The 2018 Elections Be Hacked? Experts Think So, & Here We Go Again

By Bernadette Deron

With the 2018 midterm elections approaching this fall (and primaries going on throughout the year — check your local elections), the question of whether or not the United States’ voting systems are secure enough to ensure correct results is being widely debated. The Washington Post elected to interview a number of experts on whether or not they believe the upcoming elections can be hacked. According to a majority of those cybersecurity experts, the 2018 midterms are at risk of being hacked, which is just great.

The report published by the Post on May 21 featured quotes and statistics from a panel of over 100 cybersecurity experts from the government, academia, the private sector, and the research community. According to the report, 95 percent of the experts do not believe that state election systems are sufficiently protected from cyberthreats.

In an interview with NBC News on Feb. 8, head of cybersecurity at the Department of Homeland Security Jeanette Manfra revealed that Russian hackers reportedly targeted 21 states prior to the 2016 presidential election, and that “an exceptionally small number of them were actually successfully penetrated.” Back in September 2017, the federal government notified election officials from those 21 states that their systems were targeted by Russian agents during the elections the year before.

In response to these reports, the spending bill that Congress passed on March 22 included a whopping $380 million devoted to ramping up cybersecurity in order to prevent state voting systems from any sort of cyberattack. But not everyone in Congress thinks that this is enough funding to prevent elections from getting compromised by foreign agents. We are going to need more money and more guidance on how to effectively defend against the sophisticated adversaries we are facing to get our risk down to acceptable levels,” Rep. Jim Langevin (D-R.I.) told the Post. Langevin also co-chairs the Congressional Cybersecurity Caucus. If a person with as much authority on this issue as Langevin thinks more needs to be done to protect this country’s elections, it’s definitely something to take seriously.

The impact of the hacks from the 2016 presidential election has not yet been determined. But the fact that foreign agents were able to successfully hack some systems signals that the government should be working harder to ensure that elections in this country are fair and free.

Because the 2018 midterms are so important for both sides of the aisle, it’s imperative that the outcomes of those elections are secure and correct. The problem with current voting systems is that they’re not uniform across the entire country, making some polling counties more vulnerable than others. Those smaller counties could amount to a significant number of compromised votes, which in turn has enough weight to sway an election in one direction or another.

All 435 seats in the House of Representatives up for grabs come November, and 48 of those seats are considered to be competitive, according to The New York Times. In order for the Democrats to regain control of the House, they would need to flip at least 24 seats that are currently controlled by Republicans. The Senate is currently divided 51-49 in favor of Republicans, and Democrats might be able to pull off a Senate majority win following the midterms as well. Although it’s not entirely likely that Democrats will regain control of both chambers of Congress, the tight races in each prove how crucial it is to ensure that state elections are appropriately protected.

The nation is just six months away from the midterm elections, and primaries have been going on. Hopefully, the appropriate authorities are doing what they can to protect your vote.