It is unclear if GOP Senators take election security seriously as they blocked two election security bills mere hours after Mueller warned that the Russians are trying to interfere “as we sit here.”
To better align the NSA’s offensive and defensive cyber operations, a new cybersecurity directorate has been formed. This is the latest improvement to U.S. cybersecurity following the Russian-led 2016 election interference campaign.
Former NSA contractor, Harold Martin, was sentenced to nine years in prison for stealing highly sensitive hacking tools developed by the NSA. Prosecutors say that Martin did not disseminate any of the stolen tools.
Foreign hackers were successful in 2016 and they will be back in the future. To protect U.S. elections, Microsoft is offering free election security software to protect U.S. voting machines.
Unsurprisingly, Julian Assange was never a journalist. New information details Assange’s central role in Russia’s 2016 election interference campaign. Assange is directly linked with working with Russian and other foreign hackers.
Election officials in North Carolina and Maryland are probing whether top voting system vendors are foreign-owned and demanding more transparency after revelations in the Mueller report. Russian-backed hackers inserted malware into VR Systems’ voting registration system in Florida in 2016, and equipment from the same vendor caused Election Day glitches and slowdowns in North Carolina. Maryland officials learned last year that its election data host, ByteGrid LLC, was majority-owned by a private equity firm in which a Russian oligarch with close ties to Russian President Vladimir Putin had an investment.
Election security legislation has been facing roadblocks for over a year in Congress, thanks (or no thanks) to Sen. Mitch McConnell, and little activity on the issue is expected in the coming months. But other branches of government have made more progress. Here are some of the steps the federal government has taken to help secure elections in the U.S., as well as some of the possible disinformation threats that could reappear in 2020.
In a letter sent to FBI Director Christopher Wray today, Sen. Amy Klobuchar and Sen. Ron Wyden asked what steps the agency took after an incident of election hacking, revealed in the Mueller report. In August of 2016, Russia targeted employees of “a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” VR Systems has since been confirmed as the targeted company.
A group of 14 Stanford University scholars has published its recommendations for increased election security, addressing problems of cybersecurity, ballot security, and election transparency. Nate Persily, director of Stanford’s Cyber Policy Center, said. “We recognize that the topic of Russian intervention in the 2016 election provokes a partisan reaction… But we believe Democrats and Republicans can unite around what are some common-sense reforms.”
The Dept. of Justice has officially submitted an extradition request for Julian Assange. U.S. officials seek to charge Assange with violation of the Espionage Act.
National Security adviser John Bolton noted that the U.S. is beginning to engage cyber offensive operations to fight back against foreign state actors who seek to steal America’s most sensitive secrets. Previously the U.S. was only taking a defensive posture when it came to cyber warfare.
Democrats are looking to pass legislation that ensures the abuses outlined in the Mueller report can’t happen again—at least not without clear legal ramifications. A package of legislation would address election security and obstruction of justice by a sitting president, prohibiting a president from interfering in a law enforcement investigation. Another likely piece of legislation, Duty to Report, would require campaign aides and entities to report foreign contacts and influence to law enforcement.
It’s not every day that you hear about a company calling for greater regulation of its own industry, but that’s exactly what voting machine vendor Election Systems & Software is doing. ES&S is urging Congress to pass legislation mandating paper trails for all votes as an anti-hacking protection, and requiring security testing of voting equipment by outside researchers. For its part, ES&S has pledged to no longer sell paperless voting machines as the primary voting device in an election jurisdiction.
Traveler images and license plate images were transferred from the U.S. Customs and Border Patrol network by a subcontractor to the subcontractor’s network. The subcontractor’s network was then hit by a massive cyber attack.
“As a nation, the United States should not tolerate such interference. The country has taken some actions against the Russians, but it’s hard to believe they will be deterred from further attacks by the threat of more indictments and more sanctions and more Cyber Command denial-of-service attacks on election day. As long as the release of stolen documents has an impact here, Putin will see it as a cheap and gratifying projection of Russian power. So the U.S. ought to take steps to reduce its impact by restricting the dissemination of stolen data.”
Presidential candidates are struggling to acquire tools needed to defend against cyberattacks and disinformation campaigns because of election rules that prohibit cybersecurity firms from providing assistance to campaigns. A bill introduced last month by Sen. Ron Wyden would have allowed political parties to provide greater cybersecurity assistance to candidates, but Senate Majority Leader Mitch McConnell refuses to bring any election security bills to the floor for a vote. Election security experts say time is running out.
Reps. Stephanie Murphy and Michael Waltz of Florida have introduced legislation that would force the government to notify the public if voter registration systems are hacked. Voters whose information is potentially accessed by hackers, as occurred in two Florida counties in 2016, would be alerted within 30 days of it happening or 48 hours before an election, whichever comes sooner. “It is unacceptable that the Russians know which systems were hacked and not the Americans affected,” Murphy said in a statement.
The Department of Homeland Security has agreed to conduct a thorough inspection of election equipment used in North Carolina that was supplied by a vendor, Florida-based VR Systems, who was targeted by Russian hackers in 2016. It has been three years since the machines — laptops used to check in voters in Durham County — malfunctioned on Election Day, telling voters that they had already voted, even though they had not.
The European Union’s embassy in Russia experienced a powerful cyber attack in 2017. The EU kept the attack a secret, but internal documents show that hackers were able to take information taken from its network. Authorities believed that the hack originated from Russia.
The Russian government-sponsored operation by the St. Petersburg-based Internet Research Agency to manipulate American public opinion during the 2016 election was “a vast, coordinated campaign that was incredibly successful at pushing out and amplifying its messages,” according to a Symantec analysis. And some trolls even used their fake accounts to make money, with one potentially generating nearly $1 million.
Rep. Eliot Engel, chair of the House Foreign Affairs Committee, has placed a hold on the State Department’s notification that it plans to establish a Bureau of Cyberspace Securities and Emerging Technologies (CSET), calling its proposed mission too narrow. “This move flies in the face of repeated warnings from Congress and outside experts that our approach to cyber issues needs to elevate engagement on economic interests and internet freedoms together with security,” Engel said.
Yes, you read that right. Rep. Doug Collins, the top Republican on the House Judiciary Committee, on Tuesday called for “immediate, thorough, and productive” hearings into interference by Russia and others in the 2016 election and beyond, in response to Special Counsel Robert Mueller’s statement last week and ahead of presidential election next year. “Let us protect our citizens from this criminal behavior,” Collins said.
The Appropriations Financial Services Subcommittee approved a bill by voice vote Monday night that grants $600 million to the Election Assistance Commission to increase election security. Pushed by House Democrats, it’s precisely designated for states to purchase voter verified paper ballots, which would hike up anti-hacking defense. The legislation is expected to face challenges, however, as Senate Majority Leader Mitch McConnell said he has no intentions of bringing it to the floor.
Presidential candidates wishing to avoid a fate similar to Hillary Clinton’s in 2016 could be in luck, thanks to an ex-NSA hacker. Oren Falkowitz, founder of Area 1 Security, wants to gift their campaigns with a free tool designed to block hackers from gaining access to their files. Sounds great, right? Maybe not. The FEC might block him due to concerns that the donation appears “too much like a political contribution.”
“If a monopolistic tech company decided to fully embrace its capacity to spy on its users and leverage that data to a personal or political end, the consequences for democracy could be catastrophic. Americans got a taste of what an influence attack looks like during the 2016 U.S. presidential election. So long as big tech remains largely unregulated, future influence attacks on American elections will become only more potent.”
The Senate paid attention to Special Counsel Robert Mueller’s warning about Russian interference. Last night, the chamber unanimously passed the bipartisan DETER Act, which blocks individuals from obtaining a visa if they attempted to or had engaged in “improper interference in U.S. elections,” including violating voting or campaign finance laws, or interfering in a campaign while under the direction of a foreign government. An important win for democracy.
“There is nothing more important to our system of self-government than assuring that each vote is accurately recorded and counted. Our electoral process has been subjected to systematic assault since 2016 and will forever be vulnerable to cyber attack in the digital world. Our traditional voting machines are inadequate in the face of these assaults. They must be replaced to protect our elections.”
Election security has become an increasingly pivotal issue in the 2020 presidential contest. As the election approaches, voting security groups are trying to rally the public behind an effort to ban Internet connections from U.S. voting machines that could be hacked by Russia and other foreign adversaries. They’re getting significant help from Democrats, who fear Russia might try to deliver the president a second term after the success of its 2016 effort.
Electronic poll books, also known as e-poll books, move the voting check-in process from a big book of names that a poll worker must flip through to a tablet or laptop computer. It’s certainly a lot faster. But unlike with equipment used to cast and count ballots, there are no federal regulations or even voluntary guidelines for how e-poll books need to work or how secure they need to be. And that’s a problem.
Senate Democrats are redoubling their efforts to pass additional election security legislation, following Robert Mueller’s warning about the threat of election interference today. Senate Intelligence Committee Vice Chair Mark Warner called for “legislation that enhances election security, increases social media transparency, and requires campaign officials to report any contact with foreign nationals attempting to coordinate with a campaign.” Amen.
“The importance of cybersecurity has become of prime importance, when so much of our daily activities take place online. Hackers are constantly looking to attack individual users, while similar tactics are being used on a global scale to create the potential for digital wars. While a certain percentage of citizens cringe at the idea of yet another federal agency, chatter has already started in the halls of Congress. Expect that it will happen eventually, hopefully before World War III springs into existence from servers spread around the world. Throw the politics out of it. For our own sake, it might be time for a comprehensive national cybersecurity agency to call the shots.”
Microsoft is aiming to make voting more secure with a free, open source software called ElectionGuard, which was unveiled earlier this month. It enables voters and third-party organizations to verify election results, and allows individual voters to confirm their votes were counted correctly. ElectionGuard has the potential to make a difference in the future of voting and is a step in the right direction, said Aaron Wilson, senior director of election security at Center for Internet Security.
“We still have time to draw the necessary lessons. Just as in Europe, it is now our own people who are primarily responsible for twisting the truth on an industrial scale. And, just as in Europe, we are doing little to compel the social media platforms to clean up their act and decontaminate our information environment. And the Trump administration has still done little to develop a coherent program for addressing the problem. There is no hint of an overarching strategy for countering the online machinery of lies that has become such a part of everyday life.”
Yesterday, executives from Google, Facebook, and Twitter came to Capitol Hill to testify about election security. But instead of asking questions about how the companies were tackling disinfo campaigns or preventing foreign governments from purchasing political ads on their platforms ahead of the 2020 election, Republicans on the House Oversight and Reform Committee complained about the “shadow-banning” (i.e., quietly blocking or restricting) of conservative accounts. Really?
It wasn’t that the money wasn’t there…it was just in limbo due to partisan squabbling. Lawmakers have finally come to terms on a measure to free more than $6.6 million in federal funds approved by Congress in 2018, which will be part of a broader state government funding agreement. What was the holdup? Republicans sought to limit funding for cybersecurity in favor of anti-voter fraud initiatives favored by the president, while Democrats were focused on the threat of cyber intrusions in state voting systems.
With 2016 still fresh in everyone’s mind, the intelligence community is leaving nothing to chance. The FBI, Department of Homeland Security, and Office of the Director of National Intelligence have briefed the 2020 presidential candidates on potential cybersecurity and espionage issues they may face, and how to recognize ways that foreign influence operations might try to affect their campaigns. Let’s hope they take it more seriously than a certain past campaign did.
The Mueller report isn’t just about Donald Trump and his allies. It’s about Russia and the serious threat it poses to election security. National security officials and U.S. intelligence agencies are working to bolster American defenses before the 2020 election as best they can, but Senate Majority Leader Mitch McConnell is refusing to bring additional election security bills up for a vote. Why?
Officials from the Election Assistance Commission, the federal agency charged with managing the nation’s electoral systems and helping states adopt good election administration practices, are pleading for more money before the 2020 elections. The agency is operating at half the capacity it had 10 years ago, while threats have increased. “What we are working on is the infrastructure of our democracy,” Vice Chair Benjamin Hovland said. “What we need is an investment from Congress to help us do that work.”
The Archimedes Group is accused of running an influence campaign that sought to disrupt elections in several countries around the world. Facebook barred the Israeli company from using its platform and banned dozens of Israeli accounts for spreading disinformation.
The cybercrime network is accused of stealing hundreds of millions of dollars from businesses around the world and has members in several Eastern European countries. Authorities have arrested most members of the syndicate. Prosecutors in Eastern Europe and in the U.S. are preparing to file criminal charges against those in custody.