Cyberattack hits Georgia county at center of voting software breach

State officials in Georgia have severed Coffee County’s access to statewide election systems while the breach is being addressed.

The post Cyberattack hits Georgia county at center of voting software breach appeared first on CyberScoop.

Continue reading Cyberattack hits Georgia county at center of voting software breach

Georgia election officials withheld evidence in voting machine breach, group alleges

A filing accuses county election officials of withholding records related to unauthorized copying of voting software by Trump allies in 2021.

The post Georgia election officials withheld evidence in voting machine breach, group alleges appeared first on CyberScoop.

Continue reading Georgia election officials withheld evidence in voting machine breach, group alleges

Online voting provider paid for academic research in attempt to sway U.S. lawmakers 

Democracy Live directed academic research aimed at demonstrating its product’s security and used that material in lobbying campaigns.

The post Online voting provider paid for academic research in attempt to sway U.S. lawmakers  appeared first on CyberScoop.

Continue reading Online voting provider paid for academic research in attempt to sway U.S. lawmakers 

First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard

The ElectionGuard technology that Microsoft touts as a way to make elections more secure and verifiable is taking its biggest step yet: Hart InterCivic, one of the big three election vendors, says it will incorporate ElectionGuard into one of its voting systems. The ElectionGuard open-source software development kit gives voters a unique code to track their encrypted vote and confirm it wasn’t manipulated, and it offers a way for third parties to validate election results, according to Microsoft. The two companies jointly announced the partnership on Thursday. Hart InterCivic is the biggest partner to date for ElectionGuard, as one of three vendors — alongside Election Systems & Software and Dominion Voting Systems — that dominate the marketplace for voting machine technology. “We believe we must constantly re-imagine how technology can make voting more secure and also more transparent, and this partnership with Microsoft is a strong step in that direction,” […]

The post First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard appeared first on CyberScoop.

Continue reading First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard

Election Assistance Commission loses another key staffer, Jerome Lovato

Another top official is exiting the staff of the Election Assistance Commission, the third in recent months for the small agency that plays an outsized role in U.S. election security. Jerome Lovato, the testing and certification director for voting system certification at the EAC, is leaving that position next month, two sources told CyberScoop. And the commission began advertising the opening for the job he holds last week. His departure follows Josh Franklin leaving his job as EAC chief technology officer in December, and in November, Maurice Turner leaving as senior adviser to the executive director of the commission. The exits come at a sensitive time for the commission. The EAC this month voted to approve a long-awaited update to its widely-used voluntary voting system guidelines, nicknamed VVSG 2.0, and a perhaps years-long implementation period will follow. Those guidelines emphasize the value of risk-limiting audits that help verify election results, […]

The post Election Assistance Commission loses another key staffer, Jerome Lovato appeared first on CyberScoop.

Continue reading Election Assistance Commission loses another key staffer, Jerome Lovato

Federal election agency adopts updated voting security standards. Not everyone is happy.

The Election Assistance Commission on Wednesday voted to adopt the first comprehensive update to its voting system security guidelines in more than 15 years, concluding a lengthy process that ended with a mixed reception from some election security experts. The security community largely greeted the update as a security upgrade to standards that most states rely upon at least partially for their own equipment testing and certification. A significant number of academics, activists and even some in Congress, though, voiced displeasure in particular for how the so-called Voluntary Voting System Guidelines 2.0 would handle wireless connections on voting systems. The update stands to shape the next generation of voting systems that election vendors produce for use around the country during a period of sinking trust in the electoral process. Regardless, the more than five-year drafting process and resulting EAC vote won’t immediately transform election security because states, equipment manufacturers and […]

The post Federal election agency adopts updated voting security standards. Not everyone is happy. appeared first on CyberScoop.

Continue reading Federal election agency adopts updated voting security standards. Not everyone is happy.

As voters cast their ballots, courts nationwide issue election security edicts

Legal battles with election security implications raged across the country over the holiday weekend, even with early voting well underway at historic levels in many states. In no state did those two things coincide more than in Georgia. Peach State voters amassed in lines marked by reports of 10-hour waits on Tuesday, following two key court rulings. Northern District of Georgia Judge Amy Totenberg on Sunday denied a bid to scuttle touch screen voting machines over cybersecurity vulnerabilities. On Monday, she also denied a request to require a specific number of emergency ballots to be on hand at Georgia polling sites. The ruling Sunday represented a setback for election integrity advocates who contend that Georgia’s machines have not been secure enough, and still aren’t. Totenberg ruled last year that Georgia must phase out its existing paperless voting machines, citing doubts about cybersecurity safeguards for direct-recording election equipment tabulations that couldn’t be audited without a paper record. […]

The post As voters cast their ballots, courts nationwide issue election security edicts appeared first on CyberScoop.

Continue reading As voters cast their ballots, courts nationwide issue election security edicts

Feds, states unveil pilot program meant to secure voter databases and other election systems

Election officials and nonprofit security advocates on Wednesday announced a pilot program for testing and verifying voter registration databases, election night reporting and other systems meant to support voting. The pilot program will focus on making the software that’s used in election systems more secure as it is developed, and before it is deployed. The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines, which are already the subject of voluntary federal security guidelines. “There is no standard process for verifying that non-voting election technology is secure, reliable, and usable,” said the nonprofit Center for Internet Security, which is spearheading the pilot program. “Existing election technology verification processes are costly, slow, and disincentivize updating products at the same pace as technology changes and security threats.” Under the pilot program, election systems vendors will submit their products to CIS for testing. […]

The post Feds, states unveil pilot program meant to secure voter databases and other election systems appeared first on CyberScoop.

Continue reading Feds, states unveil pilot program meant to secure voter databases and other election systems

Election commission hires cybersecurity expert to help states with 2020 infrastructure

The federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election. Joshua Franklin will start in the coming weeks in a top cybersecurity position at the Election Assistance Commission, according to multiple people familiar with the matter. It is an effort by the EAC, a tiny agency with a big responsibility, to bolster the cybersecurity expertise it has on staff. Franklin, who spent six years as an engineer at the National Institute of Standards and Technology, is expected to protect EAC networks from hacking threats and support the commission’s cybersecurity work with state and local election officials. Franklin has been working as an election security advocate for years, drawing attention to the issue at hacking conferences. In 2018, Franklin presented research at DEF CON comparing the vulnerabilities in the websites of House and Senate candidates for the […]

The post Election commission hires cybersecurity expert to help states with 2020 infrastructure appeared first on CyberScoop.

Continue reading Election commission hires cybersecurity expert to help states with 2020 infrastructure

Klobuchar to voting vendors: Don’t turn your back on good hackers when setting up a CVD program

After years of getting pummeled by critics for not embracing ethical hacking, the country’s biggest voting equipment vendors took a big step in that direction in September. They asked the cybersecurity community for ideas on how to set up a process through which researchers could flag software flaws for vendors to fix. Companies that specialize in coordinated vulnerability disclosure (CVD) programs like Bugcrowd and Synack responded to the request for information. But the usual suspects weren’t the only entities to submit ideas. A Democratic presidential candidate and one of the most outspoken voices in the Senate on election security also chimed in. In a four-page letter to the industry association establishing the CVD program, Sen. Amy Klobuchar, D-Minn., advised the voting-gear vendors to ditch their reservations about working with unvetted researchers, pay close attention to their supply chains, and set a timeline for getting software bugs fixed. “[V]oting system manufacturers […]

The post Klobuchar to voting vendors: Don’t turn your back on good hackers when setting up a CVD program appeared first on CyberScoop.

Continue reading Klobuchar to voting vendors: Don’t turn your back on good hackers when setting up a CVD program