Skip to main content

Analysis | The Cybersecurity 202: State election officials warn that federal strings on stimulus cash stand in way of using it

By Joseph Marks

with Tonya Riley

State officials are pushing Congress to reverse restrictions they say are too burdensome on $400 million aimed at protecting elections during the coronavirus pandemic.
Congress approved that payout last month as part of a $2 trillion coronavirus stimulus bill but also required states match 20 percent of it out of their own budgets. Coming up with that money would be tough for some states in normal times and may be simply impossible with every spare dollar going to pandemic response and economic recovery, the officials say.
State revenues are plummeting across the country and this means some states will not be able to utilize that money,” Vermont Secretary of State Jim Condos (D) said during a call with reporters.
The dispute highlights the cash crunch state and county election offices are facing as they prepare for a general election unlike any they’ve ever run — challenged by possible hacking and disinformation from Russia and a public health crisis that could make in-person voting perilous.
Some election officials also need approval for those matches from state legislatures that aren’t meeting or are busy responding to the pandemic. And each day the states can’t get their hands on the money is a day lost in preparing for elections.
The officials are also bristling because the relief bill included far larger cash packages for industries including airlines and agriculture with far fewer strings attached.
“I don't see a 20 percent match for the business community, so I'm not sure why all the sudden we have to have a 20 percent match,” said Condos, who was formerly president of the National Association of Secretaries of State and serves on its executive board.

Voters masked against coronavirus line up at Riverside High School for Wisconsin's primary election. (Morry Gash/AP)
Getting any of the provisions rolled back will be a long shot in the Senate. 
Majority Leader Mitch McConnell (R-Ky.) has consistently pushed back on pleas for election funding and agreed to the $400 million payout only after Democrats consented to the 20 percent match, said an aide for Sen. Amy Klobuchar (D-Minn.), who championed the funding. McConnell’s office didn’t respond to a request for comment.
That deal came after Democrats in the House had initially pushed for up to $4 billion for elections in the stimulus bill.
Senate Democrats also tried to reverse the provisions in a bill last week aimed at shoring up small businesses during the pandemic. But they were rebuffed again, said the Klobuchar aide, who requested anonymity because he wasn’t authorized to speak for attribution.
There is some Republican support for such a move, however. Sen. Susan Collins (R-Maine) joined Sen. Michael Bennet (D-Colo.) in a letter to Senate and House leadership that urged rolling back the requirements for states facing economic distress.

A poll worker receives an absentee ballot from a voter. (Joshua A. Bickel/Columbus Dispatch/AP)
State officials are also keeping up steady pressure. 
The 11-member NASS executive board sent a letter to Senate leaders earlier this month urging them to reverse the match in future legislation. “Legislatures across the country are … dealing with depleted surpluses, lower tax revenues, increased healthcare costs and other financial challenges in response to the pandemic,” the officials write.
Secretaries of state are also sending similar pleas to members of Congress from their home states, Condos told me.
But the fight is also likely to be subsumed by a cavalcade of other election challenges.

A mail carrier of the U.S. Postal Service (USPS) wearing a protective face mask. (Michael Reynolds/EPA-EFE/Shutterstock)

States are preparing for a surge in voting by mail in November that could overwhelm their systems for such voting — especially in places used to only a small percentage of absentee ballots.
There’s growing concern that a shortfall in U.S. Postal Service funding during the pandemic could handicap the service’s ability to deliver a crush of ballots and ballot requests, especially if voters request ballots close to Election Day.
The impact of the loss of the U.S. Postal Service in this election would be devastating for our democracy,” Washington state Secretary of State Kim Wyman (R) said during the call.
Wyman and Condos are calling on Congress to ensure the Postal Service gets a $10 billion line of credit aimed at supporting it through the pandemic.
That loan was included in the stimulus bill, but President Trump has threatened to block it unless officials there agree to raise postage rates.
If the Post Office has to reduce services, Wyman and Condos say, that raises the chances that ballots will arrive too late for some voters, forcing them to risk their health by voting in person and diminishing faith in the electoral process.
Trump has also been highly critical of voting by mail, claiming without evidence that it creates widespread voter fraud — even though he voted by mail himself in Florida this year.
American Postal Workers Union President Mark Dimondstein took a swipe at that fact during the call, saying, “We were happy to move the president's absentee mail ballots through the mail. He trusted us to do that. Tens of millions of people trust us to do that … and we look forward to doing that on a nonpartisan basis for generations to come.”
The keys
An American extremist seeking to spread conspiracy theories probably was responsible for sharing 25,000 credentials from the WHO and other institutions leading pandemic response efforts.

The logo of the World Health Organization. (Fabrice Coffrini/AFP/Getty Images)

Researchers don’t know the real-world identity of the culprit but deduced the person was probably inspired by conspiracy theories popular on far-right websites, including that governments are exaggerating coronavirus deaths, Souad Mekhennet and Craig Timberg report
The individual probably wanted others to help him hack the World Health Organization, the Gates Foundation and other institutions using those emails for evidence of his theories, the researchers from SITE Intelligence Group concluded. Most of the credentials, which came from an older breach, didn't work. 
“The user framed the email credentials as a sort of gold mine of information and urged users to log on and save as much as they could, said Rita Katz, executive director of SITE.
A separate review this week found the World Bank and WHO may have cybersecurity weaknesses that could lead to another password leak. The cybersecurity firm Prevallion found malware inside both organizations' networks that’s about a decade old but still sending signals to an outside computer. There’s no evidence at this point the malware was used to steal emails or other credentials.
WHO said in a statement that an internal investigation found no traces nor evidence” of the malware.  The World Bank declined to comment, saying it does not discuss cybersecurity issues.
Some apps to track the coronavirus’s spread are launching with serious security vulnerabilities.

A photo illustration shows a new COVIDSafe app by the Australian government. (Saeed Khan/AFP/Getty Images)
One Android app called Quarantine Watch, used by the Indian state of Karnataka, “lacked common security measures." Another, the Android version of an app introduced by India's central government, leaked user location data to YouTube, Jennifer Valentino-DeVries, Natasha Singer and Aaron Krolik at the New York Times found.  
The early red flags underscore how a rush to find digital solutions to the pandemic has outpaced privacy and security concerns.
Members of Congress have pressed Apple and Google about the privacy features of their new contact-tracing technology, but state tracking efforts have endured less scrutiny and some have been put together in a rush. A North Dakota app, for example, was retrofitted from an existing app used by football fans to stay in touch on the way to out-of-state games and stores data in the developer’s private server.
A Senate panel plans to mull proposals for remote congressional voting in a videoconference today. 

House Speaker Nancy Pelosi (D-Calif.)  and House Majority Whip James E. Clyburn (D-S.C.). (Amanda Andrade-Rhoades/Bloomberg News)
A memo released in advance of the meeting lists a series of remote voting options including using end-to-end encrypted and Blockchain-based voting systems.
The online gathering of the Senate Homeland Security Committee’s investigations panel comes amid numerous proposals for how senators could vote and debate bills remotely during the pandemic, but they’ve all met staunch opposition from McConnell who favors senators voting in person. The panel's chair, Sen. Rob Portman (R-Ohio), co-sponsored a proposal with Sen. Richard Durbin (D-Ill.), which would basically task the chamber’s tech adviser with approving a remote voting system. It has won support from 15 senators.
The Senate is scheduled to resume business in Washington next week despite concerns that returning before the pandemic subsides could endanger lawmakers, their staffs and other Capitol employees. The House, meanwhile, is delaying its return. 

Chat room

One big problem with remote voting plans: Low levels of tech savvy among some members. NBC News's Stephanie Ruhle spoke with Rep. Katie Porter (D-Calif.):
Asked by @SRuhle about resistance to remote voting technology in Congress, @RepKatiePorter refers to the "flip phone caucus" as primary obstacle
— Mike Memoli (@mikememoli) April 29, 2020

Cyber insecurity

"Zoombombing isn't the only cybersecurity threat plaguing educators.

A student of landscape architecture. (Darek Delmanowicz/EPA-EFE/Shutterstock)
  • Virtual learning systems at the University of Michigan and other higher-ed institutions contained vulnerabilities that could allow hackers to steal personal information from students and teachers, researchers at Check Point found. The vulnerabilities could have also allowed hackers to swipe funds from educators and change grades. The bugs were in components offered by three companies    LearnPress, LearnDash and LiferLMS   that are used by 100,000 other virtual learning platforms. All three companies have patched the bugs.
  • Scammers are also finding new ways to exploit economic anxieties prompted by the virus. They're using fake Zoom invitations that pose as meetings with human resources managers to try to swipe employees’ personal information, SophosLabs found.
More in hacks and breaches:

The NYPD is on alert over a twisted coronavirus blackmail scheme by cybercriminals looking to profit off the pandemic and people’s anxiety.
The Daily Beast

Exclusive: The education company said hackers made off with employee records, including Social Security numbers.
At least 400 apps in Google’s Play Store are feeding malicious ads into apps through abuse of a mobile advertising firm's SDK.

Industry report

Microsoft's cloud computing business is raking in cash during the coronavirus pandemic.

Microsoft CEO Satya Nadella. (Manjunath Kiran/AFP/Getty Images)
The company recorded huge revenue gains, pushing stocks up nearly 12 percent since the beginning of the year, Jay Greene reports.
The pandemic could actually help Microsoft consolidate power during a rocky economy, analysts say. “The big get bigger. Scale wins,” Stifel Nicolaus & Co. analyst Brad Reback said. “These guys have all the right products in place."


Send your cybersecurity related events to


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in