By Joseph Marks

Senate Intelligence Committee Chairman Richard Burr (R-N.C.), right, and the committee's vice chairman, Sen. Mark Warner (D-Va.). (Susan Walsh/AP)
Senators on the Intelligence Committee who spent two years probing every facet of Russia’s attempts to interfere in the 2016 U.S. election still can't agree on a path forward to secure the next one.
The long-awaited 67-page report released yesterday contains dozens of recommendations for securing elections. But most artfully sidestep a boiling policy battle between Republicans and Democrats over whether the federal government should ensure they actually happen.
The report endorses a slew of voting security improvements championed by Democrats, for example — including having paper records of votes, buying new secure voting machines and conducting post-election audits. But it also endorses “states’ primacy in running elections” — a key talking point from Republicans who argue it would violate states’ rights if the government mandates those fixes.
The report also notes that states may need more federal money to upgrade or replace their outdated voting systems but kicks the can down the road until states have fully spent $380 million in election security money that Congress approved in 2018 — evading a partisan dispute over funding.
Yet Sen. Ron Wyden (D-Ore.) refused to go quietly. Highlighting divisions within the Republican-controlled committee, he appended a full-throated rebuttal to those compromises in a "minority views" section at the end of the report. He argued for a more muscular approach from the federal government as intelligence officials warn Russia and other countries continue to try to interfere in U.S. elections.
“America is facing a direct assault on the heart of our democracy by a determined adversary,” he said, insisting that leaving election defense to state and local officials would be akin to “ask[ing] a local sheriff to go to war against the missiles, planes and tanks of the Russian Army."
“The defense of U.S. national security against a highly sophisticated foreign government cannot be left to state and county officials,” Wyden wrote. “For that reason, I cannot support a report whose top recommendation is to “reinforce … state's primacy in running elections.”
The dissent highlights how -- despite states, intelligence agencies and the Department of Homeland Security taking steps to improve election security since 2016 -- Congress has mostly sat on the sidelines caught in partisan squabbling.
Indeed, Senate Democrats spent many of their final hours before adjourning for the August recess Thursday unsuccessfully pushing for election security bills that Senate Majority Leader Mitch McConnell (R-Ky.) has been blocking for months from coming to a vote.
Here’s Wyden on that effort:
Russia's biggest ally in its quest to infiltrate America's elections again is Mitch McConnell. https://t.co/fFQvo5tUQz— Ron Wyden (@RonWyden) July 25, 2019
Here are three more big takeaways from the report.
1. Russian hackers probably probed government or election infrastructure in all 50 states, the report confirms.
But they didn’t always do it the same way. In one state, hackers scanned the entire state’s infrastructure looking for weak spots. In another, they pummeled the state’s networks in one place so attacks elsewhere might go undetected.
Officials from yet another state noted that Russian hackers scanned the state’s entire voter registration database but never tried to break in. The officials compared that to “a thief casing a parking lot” but not breaking into any cars.
The state-level narratives are the richest source of newly disclosed information in the report, but that information is also limited. With the exception of Illinois — where it was publicly known that hackers actually penetrated the state’s voter registration database but didn't appear to have changed any information — the names of the states are redacted. Portions of the state narratives are also redacted, as are large portions of the full report.
2. Federal, state and local governments were not at all ready for Russia’s hacking efforts in 2016.
The report is unsparing in its details on this issue. “State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor,” the report notes. And when DHS and the FBI did alert the states about Russia’s hacking efforts, “they provided no clear reason for states to take this threat more seriously than any other alert received.”
The report praises DHS for making great strides in helping state and local officials defend their election infrastructure since 2016 but also notes that “much more needs to be done to coordinate state, local, and federal knowledge and efforts in order to harden states' electoral infrastructure against foreign meddling.”
3. Russia should fear the U.S. response if it tries to hack 2020.
The report also urges deterring election attacks by ensuring Russia and other adversaries know they’ll pay a price as part of its recommendations to improve their security.
“The United States should communicate to adversaries that it will view an attack on its election infrastructure as a hostile act, and we will respond accordingly,” the report states, adding that officials should outline a range of consequences election hackers might face.
The report also urges the government to work with U.S. allies to develop rules of the road about what’s unacceptable in cyberspace and to collectively impose consequences when other nations violate those rules.

Baltimore Mayor Bernard "Jack" Young. (AP Photo/Jose Luis Magana)
That confirms statements by Rep. Dutch Ruppersberger (D-Md.), who represents parts of Baltimore, and by Sen. Chris Van Hollen (D-Md.), who were briefed by the NSA on the attack. But it contradicts a New York Times report that claimed the tool called Eternal Blue was used – and which sparked a debate about whether NSA bore some responsibility for the attack or If Baltimore was at fault for allegedly not patching against the hacking tool more than two years after NSA advised organizations to do so.
The city says in its fact sheet that “independent computer forensic experts have found no evidence that EternalBlue was a factor” in the attack and “have found no evidence” that confirms the Times report.
NSA used Eternal Blue for five years to gather reams of intelligence before it was stolen in 2017 by a group called Shadow Brokers that hasn’t yet been tied to any nation’s intelligence agency. The malicious code has been used in numerous hacking campaigns, including the 2017 NotPetya attack, which U.S. officials have attributed to Russia and crippled thousands of computers in Ukraine and elsewhere.

FBI Director Christopher Wray. (Steve Helber/AP)
“It
cannot be a sustainable end state for us to be creating an unfettered
space that's beyond lawful access for terrorists, hackers and child
predators to hide,” Wray said at the International Conference on Cyber
Security at Fordham University on Thursday. Wray called encryption a
“national security issue” and claimed it posed serious obstacles to the
work of law enforcement.
Barr's comments reignited criticism from privacy advocates
that giving law enforcement backdoor access to encrypted communications
would create vulnerabilities that hackers could also exploit to steal
regular citizens’ personal information. Experts also dispute the
severity of the problem that encryption poses to law enforcement. Under
Wray the FBI inflated the number of times encrypted phones posed challenges to law enforcement.Twitter and Facebook logos (Nicolas Asfouri and Lionel Bonaventure /AFP/Getty Images)
PWNED:
Iran is following Russia’s lead and launching disinformation campaigns
on social media aimed at influencing Americans’ political views, my colleagues Craig Timberg and Tony Romm report.
And other countries may be joining the fray. Saudi Arabia, Israel,
China, the United Arab Emirates and Venezuela are just a few of the
countries that could launch Russian-style disinformation operations, my
colleagues report.
“That means American voters are
likely to be targeted in the coming campaign season by more foreign
disinformation than ever before, say those studying such operations,”
Craig and Tony report.
Researchers at the cybersecurity
firm FireEye have noticed Iranian disinformation campaigns on Facebook,
Instagram, YouTube and even in local newspapers. Unlike Russian
influence operations that favored President Trump in 2016, Iranian
operations are mostly aimed at undermining Trump, criticizing his
withdrawal from the Iran nuclear deal and other administration actions.
Researchers
tell Craig and Tony that cooperation between the FBI and Silicon Valley
on combating influence operations has improved since 2016, but new
enemies and strategies could go undetected. Former special counsel
Robert S. Mueller III also warned Congress this week that Russia and
“many more countries” have their sights set on the 2020 elections.
CHAT ROOM-- Should pineapple go on pizza? DHS's Cybersecurity and Infrastructure Security Agency posed that question to help demonstrate how foreign influence campaigns seek to divide Americans online. And, boy, did they get a response from the cybersecurity community.
A few brave souls were pro-pineapple in the war. The National Association of Secretaries of State:
— NASS (@NASSorg) July 25, 2019
Total propaganda. @pamelafessler @CISAKrebs are right! Pineapple on pizza sullies the reputation of a truly great food. #NoPineappleOnMyPie #WarOnPineapple https://t.co/GIgITlq9bo https://t.co/n4A8ciBgWk— Matthew Masterson (@mastersonmv) July 25, 2019
Sen. Ron Wyden (D-Ore.) wasn't as amused.
My opinion on pineapple pizza is Mitch McConnell and Donald Trump need to stop obstructing election security legislation https://t.co/lymKOUMlFU— Ron Wyden (@RonWyden) July 25, 2019
-- A bipartisan commission on modernizing Congress released a slate of 24 recommendations that were unanimously endorsed by the commission’s 12 members yesterday. One big one was mandating that all federal lawmakers get cybersecurity training.
— More cybersecurity news from the public sector:
House
Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and Rep.
Debbie Wasserman Schultz (D-Fla.) sent a letter to President Trump this
week questioning his administration's efforts to secure elections.
The Hill
The Hill
-- The cyber insurance industry has grown by $2 billion — or 26 percent — since 2015, according to a new report from Moody's. The
growth has been greatest in the education, hospitality and retail
sectors, but lower in healthcare and financial services, the report
found.
The jump is driven by a major increase in
hacking and companies trying to reduce risk, Marc Pinto, managing
director of financial institutions at Moody’s, told me. Companies may
increasingly turn to cyber insurance to reduce their risks as states
pass privacy laws that threaten harsh penalties for data breaches, the
report states.
— More cybersecurity news from the private sector:
If
you’ve used FormGet in the past few years, there’s a good chance we
know about it. FormGet bills itself as an online form maker and email
marketing company based in Bhopal, India. The company allows its 43,000
customers to create online forms so others can submit their resumes or
app…
TechCrunch
TechCrunch
— Cybersecurity news from abroad:
A
British cybersecurity expert credited with stopping a worldwide
computer virus in 2017 will be in Milwaukee federal court to be
sentenced for creating malware to steal banking passwords
Ivan Moreno | AP
Ivan Moreno | AP
The
scheme has called into question the fairness of high-profile
prosecutions in the wide-ranging corruption investigation known as Car
Wash.
New York Times
New York Times
Five
months after CBC News reported an attempt by four IT staff at the
Montreal-based International Civil Aviation Organization to cover up
their mishandling of a major cyberattack, a UN whistleblower is going
public with accusations of misconduct against ICAO's top brass.
CBC News
CBC News
Autocrats
around the world are using relatively cheap digital technologies to
surveil their populations. Countries invest in these technologies more
once they prove their effectiveness, setting in motion a vicious cycle
and weakening democracy in the process.
Bulletin of the Atomic Scientists
Source: The Washington Post
Bulletin of the Atomic Scientists
Source: The Washington Post
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.