Pages

29 July 2019

The Cybersecurity 202: Senate Intelligence Committee still can't agree on best way to secure the 2020 election

By Joseph Marks

Senators on the Intelligence Committee who spent two years probing every facet of Russia’s attempts to interfere in the 2016 U.S. election still can't agree on a path forward to secure the next one.

The long-awaited 67-page report released yesterday contains dozens of recommendations for securing elections. But most artfully sidestep a boiling policy battle between Republicans and Democrats over whether the federal government should ensure they actually happen.

The report endorses a slew of voting security improvements championed by Democrats, for example — including having paper records of votes, buying new secure voting machines and conducting post-election audits. But it also endorses “states’ primacy in running elections” — a key talking point from Republicans who argue it would violate states’ rights if the government mandates those fixes.


The report also notes that states may need more federal money to upgrade or replace their outdated voting systems but kicks the can down the road until states have fully spent $380 million in election security money that Congress approved in 2018 — evading a partisan dispute over funding.

Yet Sen. Ron Wyden (D-Ore.) refused to go quietly. Highlighting divisions within the Republican-controlled committee, he appended a full-throated rebuttal to those compromises in a "minority views" section at the end of the report. He argued for a more muscular approach from the federal government as intelligence officials warn Russia and other countries continue to try to interfere in U.S. elections.

“America is facing a direct assault on the heart of our democracy by a determined adversary,” he said, insisting that leaving election defense to state and local officials would be akin to “ask[ing] a local sheriff to go to war against the missiles, planes and tanks of the Russian Army."

“The defense of U.S. national security against a highly sophisticated foreign government cannot be left to state and county officials,” Wyden wrote. “For that reason, I cannot support a report whose top recommendation is to “reinforce … state's primacy in running elections.”

The dissent highlights how -- despite states, intelligence agencies and the Department of Homeland Security taking steps to improve election security since 2016 -- Congress has mostly sat on the sidelines caught in partisan squabbling.

Indeed, Senate Democrats spent many of their final hours before adjourning for the August recess Thursday unsuccessfully pushing for election security bills that Senate Majority Leader Mitch McConnell (R-Ky.) has been blocking for months from coming to a vote.

The election security report is just the first of five volumes the Senate panel is planning to release from its investigation in the coming months.

Here are three more big takeaways from the report.

1. Russian hackers probably probed government or election infrastructure in all 50 states, the report confirms.

But they didn’t always do it the same way. In one state, hackers scanned the entire state’s infrastructure looking for weak spots. In another, they pummeled the state’s networks in one place so attacks elsewhere might go undetected.

Officials from yet another state noted that Russian hackers scanned the state’s entire voter registration database but never tried to break in. The officials compared that to “a thief casing a parking lot” but not breaking into any cars.

The state-level narratives are the richest source of newly disclosed information in the report, but that information is also limited. With the exception of Illinois — where it was publicly known that hackers actually penetrated the state’s voter registration database but didn't appear to have changed any information — the names of the states are redacted. Portions of the state narratives are also redacted, as are large portions of the full report.

2. Federal, state and local governments were not at all ready for Russia’s hacking efforts in 2016.

The report is unsparing in its details on this issue. “State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor,” the report notes. And when DHS and the FBI did alert the states about Russia’s hacking efforts, “they provided no clear reason for states to take this threat more seriously than any other alert received.”

The report praises DHS for making great strides in helping state and local officials defend their election infrastructure since 2016 but also notes that “much more needs to be done to coordinate state, local, and federal knowledge and efforts in order to harden states' electoral infrastructure against foreign meddling.”

3. Russia should fear the U.S. response if it tries to hack 2020.

The report also urges deterring election attacks by ensuring Russia and other adversaries know they’ll pay a price as part of its recommendations to improve their security.

“The United States should communicate to adversaries that it will view an attack on its election infrastructure as a hostile act, and we will respond accordingly,” the report states, adding that officials should outline a range of consequences election hackers might face.

The report also urges the government to work with U.S. allies to develop rules of the road about what’s unacceptable in cyberspace and to collectively impose consequences when other nations violate those rules.

No comments:

Post a Comment