Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

State elections officials struggle with some of the basics of office cybersecurity, according to a new report from cybersecurity auditor NormShield.

Why it matters: With the 2020 elections looming, there is a massive push to button down election cybersecurity.

Details: NormShield audited how state election authorities in all 50 states, D.C. and the territories handled common security tasks not related to the specialized equipment used in elections. NormShield only evaluates what it can see externally, without breaching a system.

  • NormShield uses letter grades to denote how skilled a hacker would have to be to exploit red flags they found. "A C grade means an average hacker could take advantage," said Bob Maley, chief security officer at NormShield and a former chief information security officer for the state of Pennsylvania. "You'd want to see A or B grades for elections boards."
  • In a July scan, by the NormShield metrics, an average hacker would be able to breach 27 state's systems. States had particular trouble with keeping patches up to date — nearly averaging the lowest possible grade in tests — and in preventing stolen credentials from showing up on the dark web, although states by and large performed well in other areas of testing.
  • NormShield informed states of what they found, giving them a chance to mitigate vulnerabilities, and performed a new scan in August. In the follow-up scan, states preformed dramatically better, though 13 states would still be vulnerable to an average hacker.

The reason the patch management grades suffered: Election boards' web servers use older operating systems and programs that are at or near their end of life.

  • A hacked website may not sound as critical as a hacked voting machine, but it could create confusion about voting locations, times and procedures.
  • In July, 4 states used Windows Server 2003, which Microsoft ceased releasing security patches for in 2015; 4 states used a version of the Apache web server that hasn't been patched since 2017; and 9 states used unsupported versions of the NGNIX web server.

Leaked credentials can be a problem, Maley said, even if they don't provide access to official accounts. Election officials shouldn't be using their official email addresses to sign up for personal online accounts.

  • "I actually saw leaked credentials from one state's CISO," said Maley.

Go deeper

1 hour ago - Health

Black churches become vaccine hubs

A woman arrives at a COVID-19 vaccination clinic outside the Pennsylvania Avenue Baptist Church in southeast D.C. Photo: Jacquelyn Martin/AP

Black pastors have a new job on their plates during COVID-19: encouraging skeptical congregants to get vaccinated.

Why it matters: “There’s distrust in our community. We can’t ignore that,” Rev. James Coleman of D.C.'s All Nations Baptist told AP.

Biden names USPS board of governors nominees, as Democrats put pressure on DeJoy

United States Postal Service Postmaster General Louis DeJoy at a Feb. 24 committee hearing. Photo: Graeme Jennings/pool/AFP via Getty Images

President Biden on Wednesday nominated a former postal union lawyer, a vote-by-mail advocate, and a former deputy postmaster general to sit on the Postal Services' Board of Governors.

Why it matters: The nominations, which require Senate confirmation, come as some Democrats call for Postmaster General Louis DeJoy's ouster and others push for Biden to nominate board members to name a new postmaster general.

Kendall Baker, author of Sports
Updated 2 hours ago - Sports

Tiger Woods crash: What we know

Photo: Wally Skalij/Los Angeles Times via Getty Images

Tiger Woods underwent emergency surgery to repair damage to his right leg and ankle, after he was involved in a single-vehicle accident on Tuesday in which his SUV ran off the road.

What we know: The golf star "is currently awake, responsive and recovering in his hospital room" at Harbor-UCLA Medical Center, according to a late-night statement from his team.

You’ve caught up. Now what?

Sign up for Mike Allen’s daily Axios AM and PM newsletters to get smarter, faster on the news that matters.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!