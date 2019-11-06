Flint, Mich., residents stand in line to vote on Tuesday. (Jake May/Flint Journal/AP)

From a security perspective, yesterday's odd-year election went off without a hitch: Officials didn't spot any major disruptions from hacking or disinformation campaigns.

But the fight to protect the 2020 contest is only ramping up. And officials were quck to warn that it will be a far juicier target for foreign actors.

“Our adversaries want to undermine our democratic institutions, influence public sentiment and affect government policies. Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions,” officials including FBI Director Christopher Wray, Defense Secretary Mark Esper, NSA Director Gen. Paul Nakasone and DHS’s top cybersecurity official Chris Krebs warned in a joint statement.

They pledged that “the U.S. government will defend our democracy and maintain transparency with the American public about our efforts.”

Still, yesterday's election was effectively the last significant chance to road test its latest security advances before next year's big day. And the Department of Homeland Security’s cybersecurity division brought all its resources to bear on the swath of local, legislative and gubernatorial races.

That included a war room where officials from DHS, the FBI, state election leaders, political parties and tech and social media companies parsed digital threats to election systems and a virtual “situational awareness room” where they shared that information with about 200 state and local election officials across the country.

DHS also pulled in data from relatively new sensors attached to the networks of election administration offices in places holding major contests, which are designed to flag any abnormal activity. And state and local officials ran cybersecurity rapid response plans they’d developed since Russia’s 2016 election interference operation.

Counties in Pennsylvania, Georgia and Texas, meanwhile, piloted the new and more secure voting machines they purchased in the wake of 2016 with help from $380 million appropriated by Congress.

The display was a major demonstration of how far election security has come since 2016 when Russian hackers were able to probe election systems across the country and to compromise a handful of those systems – though there’s no evidence they changed any votes.

The threat won’t diminish after 2020 either, Krebs warned during a news conference with Pennsylvania’s acting secretary of state Kathy Boockvar.

“Today, 2019 Election Day is a milestone; 2020, the presidential, is a milestone and 2022 after that,” he said. “This is a race without a finish line. We will be in this mission as long as we’re in these jobs.”

DHS’s goal, Krebs said, “is to ensure that American elections are decided by Americans, free of foreign interference,”

Working together, we can ensure resilience in the system and that American voters decide American elections. — Chris Krebs (@CISAKrebs) November 5, 2019

DHS first piloted most of its election security protections during the 2018 midterms, which also concluded without any major interference from adversaries. That’s when DHS first piloted the virtual threat sharing room that will now be a key part of protecting the 2020 contest.

Since 2018, DHS has gotten better at identifying whether a digital threat is specifically targeting an election or just part of the usual malicious web traffic that hits IT systems every day, an official told reporters during a press call.

DHS has also improved how it vets the threat information state and local officials share on Election Day to ensure it’s only forwarding the most useful information, the official said.

“We are at full operational readiness,” the official said. “We were successful in 2018 and we’ll continue to build out throughout 2020.”

Sen. Ron Wyden (D-Ore.) speaks during a Senate Finance Committee committee hearing on Capitol Hill on Oct. 24. The committee heard testimony on treating substance misuse in the United States. (Mark Wilson/Getty Images)

PINGED: Sen. Ron Wyden (D-Ore.) wants Federal Communications Commission Chairman Ajit Pai to mandate that wireless carriers turn on advanced encryption protections when they upgrade to next-generation 5G wireless networks, according to a letter shared exclusively with The Cybersecurity 202.

"The FCC must act to ensure that encryption and authentication features included in 5G standards are enabled by AT&T, Verizon and T-Mobile as they upgrade their networks," Wyden writes. So far none of the major U.S. wireless carriers have publicly committed to doing so, he notes.

The letter comes as Facebook and other tech companies are expanding encryption protections but the Justice Department is warning that could allow terrorists and criminals to communicate beyond law enforcement's reach.

Wyden also wants to know whether the FCC agrees with Commerce Department recommendations that phone calls and text messages should be encrypted to prevent security breaches and whether the agency has taken steps to encourage wireless carriers to adopt the recommendations. He asks whether the agency believes it has the authority to mandate that carriers encrypt their data.

5G networks will vastly improve Internet speeds and power a new generation of Internet-connected devices such as autonomous vehicles. But the super-fast networks have also prompted concerns about increased opportunities for spying and hacking by China and other U.S. adversaries.

A man uses his smartphone as he stands near a billboard for Chinese technology firm Huawei. (Mark Schiefelbein/AP)

PATCHED: The Chinese telecom firm Huawei plans to recruit hackers to find vulnerabilities in its mobile phones in an effort to win the trust of foreign governments as it faces suspicions of spying for the Chinese government, Zack Whittaker at TechCrunch reports. The company will gather hackers in Munich later this month.

The move comes as the United States is pressuring allies to bar Huawei from their 5G networks and has blacklisted the company from its own 5G networks and government systems. Huawei disputes charges that it helps Beijing spy and has said it would refuse any spying requests.

Competitors such as Android use similar bug bounty programs, which reward hackers for telling companies about vulnerabilities in their software.

Germany, meanwhile, may still be considering a ban on Huawei equipment in its 5G networks, Reuters reports.

An attendee takes a photograph of a sign during Facebook's F8 developers conference in San Jose in April. (Stephen Lam/Reuters)

PWNED: Facebook will outline plans to expand advanced encryption protections to its entire Messenger platform today at a Lisbon tech conference, Joseph Menn at Reuters reports.

The social media company will also encourage more users to opt in to an end-to-end encryption system that is already available on its Messenger app but tough to find, Facebook messaging privacy chief Jay Sullivan tells Joseph. End-to-end encryption basically makes messages unreadable by anyone but the sender and recipient.

Facebook is continuing to push its encryption plans despite outcry from law enforcement agencies in the United States, United Kingdom and Australia that encryption could make it harder to catch child sex predators who communicate via the app.

The company is also considering additional features to enhance safety once the service is encrypted, including requiring Messenger accounts to be tied to Facebook profiles to reduce throwaway accounts used by criminals.

National Security Justice Dept. trying to finish report on Russia probe before Thanksgiving Attorney General William Barr is scheduled to meet with Sen. Lindsey Graham on Wednesday to discuss the report’s rollout. Devlin Barrett, Robert Costa and Matt Zapotosky

FCC Wants to Know If Huawei Gear Is Near U.S. Military Bases U.S. officials plan to assess where equipment from Huawei Technologies Co. has been installed, and would be concerned if it’s found near domestic military bases, the head of the Federal Communications Commission said. Bloomberg

TikTok faces lawmaker anger over China ties The massively popular social media app TikTok is struggling to assuage lawmakers’ concerns over its ties to the Chinese government and allegations that it is amassing data on U.S. users for Beijing. The Hill

Senators introduce cybersecurity workforce expansion bill Four members of the Senate Commerce, Science and Transportation Committee from both sides of the aisle introduced a bill Tuesday to expand America's cybersecurity workforce. The Hill

— The United States needs nearly half a million more cybersecurity professionals to adequately defend U.S. organizations, according to the latest annual workforce study by (ISC)², a nonprofit organization that provides cybersecurity certifications. There’s a global shortage of about 4 million cybersecurity pros, up from just over 3 million last year, the organization found.

From cat videos to credit cards, Amazon says customers have to secure own data Amazon’s cloud computing customers have to decide themselves how best to protect sensitive information online, a senior executive said on Tuesday, following accusations by U.S. lawmakers that the web giant has not done enough to secure data on its servers. Reuters

Fake ransomware named after Donald Trump tries to trick victims out of a buck Donald Trump can add ransomware to the list of things named after him, thanks to scammers who again have demonstrated how current events create opportunities to steal data. CyberScoop

Spy agency hid warrant bungle from minister for nine months Independent MP Andrew Wilkie has criticised the Australian Signals Directorate after the spy agency made a "significant number of unlawful interceptions". Australian Financial Review

Remember the Election Day hacking war game I wrote about yesterday? Things got pretty heated, as Axios's Joe Uchill details, with hackers trying all sorts of scenarios from deepfakes to murder to derail the mock election.

Red team did this interesting sequence:

They intercepted phone transmissions near the voting machines.

Using the audio of voting supervisors, they used deep fake audio to phish voting officials to get them to reset voting machines with no paper backup — Joe Uchill (@JoeUchill) November 5, 2019

Red Team just steered a bunch of autonomous vehicles into voting lines.



That's...dark. — Joe Uchill (@JoeUchill) November 5, 2019

In a previous Cybereason event I'd attended, there was a no murdering rule.



I suppose there's no reason to assume someone trying to tamper with an election would show restraint. — Joe Uchill (@JoeUchill) November 5, 2019

— Today:

The Senate Judiciary Committee will host a hearing on Reauthorizing the USA FREEDOM Act of 2015 on Wednesday at 2:30 p.m. Eastern time.

—Coming up: