With help from Eric Geller and Martin Matishak

THREE RACES IN THE BALANCE — A new poll out Tuesday shows Senate Intelligence Committee Chairman Richard Burr ahead in his race for reelection. It’s one of several races MC has been watching closely because they have a chance to affect cybersecurity policy in the new Congress:

Story Continued Below

— Richard Burr: Burr, as the top man on Senate Intelligence, has been a tireless campaigner for legislation that would mandate law enforcement access to encrypted tech products. He also was one of the major factors behind passage of last year’s cybersecurity information sharing law. Tuesday’s Elon University poll has Burr leading Democratic challenger Deborah Ross 45 percent to 42 percent, with 8 percent undecided.

— Ron Johnson: Senate Homeland Security Chairman Ron Johnson is in worse shape, with an Emerson College Poll over the weekend showing him down 44 percent to 49 percent against former Democratic Sen. Russ Feingold. Johnson played a role — albeit a smaller one than Burr — in shaping last year’s information sharing law, and recently touted his committee’s other cybersecurity accomplishments.

— Will Hurd: There’s less polling data available for Rep. Will Hurd’s reelection chances, although he has a fundraising edge. Hurd — a former CIA officer, computer science major and cybersecurity executive — chairs the House Oversight Subcommittee on Information Technology, where he has held a wide array of cyber-related hearings and has become a player on the topic, despite being a freshman. He’s in a rematch with the man he defeated to take the seat, Democrat Pete Gallego.

HAPPY WEDNESDAY and welcome to Morning Cybersecurity! This is some pretty good trolling, Cleveland Cavaliers. Send your thoughts, feedback and especially tips to tstarks@politico.com, and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

JUST ONE THING — Slate’s story this week about a mysterious server connection between the Trump Organization and a Russian bank has encountered considerable backlash. It’s ranged from casting doubt on anything untoward happened between a presidential candidate and Moscow, to whether malware researchers were the ones being untoward. One of the experts quoted in the Slate story told MC it’s hard to draw many conclusions. Chris Davis, founder and chief technology officer of HYAS InfoSec, said the only real conclusion to draw is that it’s odd. “It very clearly was set up to be a marketing mail server,” he said. Then, he asked upon reviewing the data shared with him, “Why is it only marketing to a bank in Russia and every now and then Spectrum Health? That’s the worst marketing server I’ve ever seen.” (The Verge reported that the server might have queried more than those two.) Also odd is that the server disappeared and was replaced with a new one after The New York Times contacted the bank, Davis said. All in all, he said, “I don’t know if you should be worried about it or not. I catch cyber criminals for a living. I don’t know what it is. It’s certainly weird.”

SECURITY CLEARANCE QUEST — Sen. James Lankford said Tuesday that the State Department hasn’t responded to his request to revoke security clearances for Hillary Clinton and other Clinton aides over her private email server. Appearing on Fox News, Lankford also expressed some sympathy for FBI Director James Comey, under fire from Democrats for disclosing, so close to the election, newly discovered emails of unknown significance potentially related to the server investigation. “The FBI is in a completely untenable situation, that they’re having to manage what’s happening in an election, but Director Comey did not cause this,” Lankford said. “This was caused by a server that should have been secure that was actually put in Hillary Clinton’s home and was managed in a way that clearly made it open to our enemies.”

DDOSING THE VOTE — Carpooling services, polling-place locators and America’s limited online voting are prime Election Day targets for simple but damaging cyberattacks, security researchers warned Tuesday. “With voters from both major parties displaying record high apathy,” wrote Dan Breslaw and Igal Zeifman of the security research firm Imperva, an inability to access these tools “could inconvenience them just enough that they decide to sit this one out.” And all these services could all be taken out with a traditional distributed denial-of-service attack, which floods servers with traffic to block people from accessing websites, the researchers said. A DDoS attack targeting carpooling services could be particularly effective, they added. “Their localized nature enables offenders to launch highly targeted attacks, selectively targeting either conservative or liberal communities.” There’s less reason to fear major consequences from a DDoS attack on an internet voting platform — four of the five states that offer the service only make it available to Americans living overseas. But as Breslaw and Zeifman observed: “While electronic voting is still in its infancy, expansion in future elections may become a target for DDoS offenders and should be closely monitored.”

** A message from Deloitte Cyber Risk Services: Today’s constantly evolving technology powers new strategic and mission initiatives in agencies while also opening doors for cyber criminals. Cybersecurity investments are at an all-time high, yet attacks are still on the rise, in number and sophistication. Deloitte’s Secure.Vigilant.Resilient.™ cyber approach helps agencies manage the cyber risk you know and get ahead of the ones you don’t. **

GETTING AHEAD OF YOURSELVES — Republicans pounced on emails released Tuesday that showed that the Clinton family’s private email server registered 10 failed login attempts, but security researchers said their rhetoric likely doesn’t match reality. The emails show State Department IT employee Bryan Pagliano and Bill Clinton aide Justin Cooper discussing failed attempts to log into accounts for Doug Band, a friend of the former president, and Huma Abedin, a close aide to the former secretary of State. Judicial Watch, which obtained the emails through a Freedom of Information Act lawsuit, claimed that the messages “show the system was hacked 10 times,” a characterization digital experts disputed. The Republican National Committee was a bit more careful, saying that the “previously unknown hacking attempts against Hillary Clinton’s unsecure secret server leaves no doubt she put highly sensitive national security information at risk to hostile foreign actors.” But there’s no evidence that the login attempts were from hackers, as opposed to Abedin and Band themselves. In one email, Pagliano told Cooper that it “would be useful to know if it was them who tried to log in.” The emails did not answer that question.

The Clinton campaign declined to comment on the record, but the FBI, which reviewed these and thousands of other emails related to the Clinton server, did not find evidence that the private system was hacked. And while there were numerous attempts to breach the server, experts have said the efforts were merely scattershot pinging by common criminals, not necessarily foreign government spies.

A more interesting part of the email exchange shows Pagliano and Cooper discussing a possible denial-of-service attack on the server. Pagliano seemed to believe that the attack came from a Domain Name System server run by OpenDNS. Matthew Prince, the CEO of DNS firm Cloudflare, offered a different explanation. What was “much more likely,” he told MC in an email, was that someone was using a random prefix attack on the server. This type of attack — likely used in the recent widespread cyberattack that took out major websites — involves pinging DNS providers with requests for routing information about fake URLs on the server, like test123.clintonfoundation.com. Because the URLs don’t exist, OpenDNS would have kept asking the Clinton server for information and failing to find it, resulting in a heavy traffic load.

SNAZZY URSINES MARCH ON REDMOND — One of the Russian-linked hacker groups that breached the DNC has been using an unpatched flaw in Windows to conduct “a low-volume spearphishing campaign,” Microsoft said Tuesday. The digital assailants exploited two unknown vulnerabilities — one of which was in Adobe Flash — “to target a specific set of customers,” wrote Terry Myerson, Microsoft’s executive vice president for the Windows and devices division, in a blog post. The advanced threat actor — which Microsoft calls “Strontium” but which is better known as “Fancy Bear” — is one of two groups behind the DNC hack disclosed in June. It is believed to have ties to the GRU, Russia’s military intelligence agency. John Hultquist, the director of cyber espionage analysis at iSIGHT Partners, called Fancy Bear’s decision to sit on the limited-use exploit until the end of the presidential campaign “expert arsenal management.”

Google disclosed the so-called zero-day vulnerability in Windows on Monday, only seven days after reporting it to Microsoft — a departure from its usual 60-day delay that the company attributed to the severity of the incident. “This vulnerability is particularly serious because we know it is being actively exploited,” researchers from Google’s threat analysis team wrote. (Google notified Adobe about its flaw at the same time it alerted Microsoft, and Adobe produced a patch within a few days.) Unsurprisingly, Microsoft wasn’t happy about the public notice. “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing,” Myerson wrote, “and puts customers at increased risk.”

DATA, GLORIOUS DATA — Did you know that there are 15,520 cybersecurity job openings in Florida? How about the fact that the supply of cyber workers in California is lower than the national average (1.9 workers for every job in the state, versus 2.2 workers for every job nationally)? Or how about the fact that the concentration of cyber jobs in the D.C. metro area is far higher than the concentration of cyber jobs in San Francisco? These are some of the things that MC learned from the cybersecurity supply-and-demand heatmap on the National Institute of Standards and Technology’s new CyberSeek portal. The site uses interactive charts and multiple data sources to paint a picture of cybersecurity talent needs across the United States. Rodney Petersen, the director of NIST’s National Initiative for Cybersecurity Education, said the site would “assist its users — students, employees, employers, policymakers, training providers and guidance counselors — to explore opportunities they may have never considered.”

CARTER: A.I. MEANS ‘AIN’T INDEPENDENT’ — The Pentagon will never take the decision to use deadly force out of human hands, no matter how many strides the technology takes, Defense Secretary Ash Carter said Tuesday. “When there’s artificial intelligence or autonomous systems, you get this idea that they're going to be weapons of war out there that nobody's controlling,” Carter answered in response to a question at an event in City College. “That's not the way we do things. We will always have a human being in the loop. A human being making decisions about the use of force on behalf of the United States.”

The sci-fi-like topic was based off a recent New York Times article about A.I. weaponry capable of operating without human control and raised the specter of non-nation states getting ahold of the technology, potentially through criminal means. Carter said the article “was very accurate” in terms of the U.S. wanting to be on the “frontier” of “defending ourselves against others who might use the same technologies.” That way, he added, “we can see those problems first and we [can] prepare our defenses and our resilience against them so we can continue to protect our people and more generally protect society against them.”

TWEET OF THE DAY — Never has “be careful what you wish for” been more true.

RECENTLY ON PRO CYBERSECURITY — “Defense Department Chief Information Officer Terry Halvorsen today predicted the Pentagon's key information technology initiatives would survive the presidential election largely unscathed.” … Americans living overseas and service members face a greater risk of their vote being hacked. … The British government will add billions to its cybersecurity budget under a five-year plan.

QUICK BYTES

— “Putin Wants to Push Microsoft Out of Russia in Battle with U.S.” NBC News.

— More on Comey’s view about blaming Russia for hacking Democratic organizations. The Washington Post.

— “Russian hacks show cybersecurity limits.” The Wall Street Journal.

— Secretary of State John Kerry talks encryption and more with Wired.

— Israel isn’t ready for a dramatic increase in cyber threats, according to its comptroller. Jerusalem Post.

— The FBI won’t reveal whether it purchased NSO Group products. Mike Katz-Lacabe.

— “MI5 chief not alone in voicing fears about Russian cyber threat.” The Guardian.

That’s all for today. But this guy takes trolling to the “masterpiece” level.

Stay in touch with the whole team: Cory Bennett (cbennett@politico.com, @Cory_Bennett); Bryan Bender (bbender@politico.com, @BryanDBender); Eric Geller (egeller@politico.com, @ericgeller); Martin Matishak (mmatishak@politico.com, @martinmatishak) and Tim Starks (tstarks@politico.com, @timstarks).

** A message from Deloitte Cyber Risk Services:

Are you prepared to navigate the evolving threat of cyber incidents? Despite heightened attention and unprecedented levels of security investment, the number of cyber incidents—and their associated costs—continues to rise.

What are the underlying reasons for this trend and how can agencies reverse it to start winning the cybersecurity battle? Since agencies can’t secure everything equally, Deloitte, the global leader in cyber risk advisory services, created the Secure.Vigilant.Resilient.™ cyber approach:

· Being Secure: focus protection on risk-sensitive assets at the heart of your agency’s mission.
· Being Vigilant: establish threat awareness throughout your agency, and develop the capacity to detect patterns of behavior that may indicate, or predict, compromise of critical assets.
· Being Resilient: have the capacity to rapidly contain the damage and mobilize the diverse resources needed to reduce impact. **