By Joseph Marks
Senate Intelligence Committee Chairman Richard Burr (R-N.C.), right, and the committee's vice chairman, Sen. Mark Warner (D-Va.). (Susan Walsh/AP)
Senators on the Intelligence Committee who spent two years probing every facet of Russia’s attempts to interfere in the 2016 U.S. election still can't agree on a path forward to secure the next one.
The long-awaited 67-page report released yesterday contains dozens of recommendations for securing elections. But most artfully sidestep a boiling policy battle between Republicans and Democrats over whether the federal government should ensure they actually happen.
The report endorses a slew of voting security improvements championed by Democrats, for example — including having paper records of votes, buying new secure voting machines and conducting post-election audits. But it also endorses “states’ primacy in running elections” — a key talking point from Republicans who argue it would violate states’ rights if the government mandates those fixes.
The report also notes that states may need more federal money to upgrade or replace their outdated voting systems but kicks the can down the road until states have fully spent $380 million in election security money that Congress approved in 2018 — evading a partisan dispute over funding.
Yet Sen. Ron Wyden (D-Ore.) refused to go quietly. Highlighting divisions within the Republican-controlled committee, he appended a full-throated rebuttal to those compromises in a "minority views" section at the end of the report. He argued for a more muscular approach from the federal government as intelligence officials warn Russia and other countries continue to try to interfere in U.S. elections.
“America is facing a direct assault on the heart of our democracy by a determined adversary,” he said, insisting that leaving election defense to state and local officials would be akin to “ask[ing] a local sheriff to go to war against the missiles, planes and tanks of the Russian Army."
“The defense of U.S. national security against a highly sophisticated foreign government cannot be left to state and county officials,” Wyden wrote. “For that reason, I cannot support a report whose top recommendation is to “reinforce … state's primacy in running elections.”
The dissent highlights how -- despite states, intelligence agencies and the Department of Homeland Security taking steps to improve election security since 2016 -- Congress has mostly sat on the sidelines caught in partisan squabbling.
Indeed, Senate Democrats spent many of their final hours before adjourning for the August recess Thursday unsuccessfully pushing for election security bills that Senate Majority Leader Mitch McConnell (R-Ky.) has been blocking for months from coming to a vote.
Here’s Wyden on that effort:
Russia's biggest ally in its quest to infiltrate America's elections again is Mitch McConnell. https://t.co/fFQvo5tUQz— Ron Wyden (@RonWyden) July 25, 2019
Here are three more big takeaways from the report.
1. Russian hackers probably probed government or election infrastructure in all 50 states, the report confirms.
But they didn’t always do it the same way. In one state, hackers scanned the entire state’s infrastructure looking for weak spots. In another, they pummeled the state’s networks in one place so attacks elsewhere might go undetected.
Officials from yet another state noted that Russian hackers scanned the state’s entire voter registration database but never tried to break in. The officials compared that to “a thief casing a parking lot” but not breaking into any cars.
The state-level narratives are the richest source of newly disclosed information in the report, but that information is also limited. With the exception of Illinois — where it was publicly known that hackers actually penetrated the state’s voter registration database but didn't appear to have changed any information — the names of the states are redacted. Portions of the state narratives are also redacted, as are large portions of the full report.
2. Federal, state and local governments were not at all ready for Russia’s hacking efforts in 2016.
The report is unsparing in its details on this issue. “State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor,” the report notes. And when DHS and the FBI did alert the states about Russia’s hacking efforts, “they provided no clear reason for states to take this threat more seriously than any other alert received.”
The report praises DHS for making great strides in helping state and local officials defend their election infrastructure since 2016 but also notes that “much more needs to be done to coordinate state, local, and federal knowledge and efforts in order to harden states' electoral infrastructure against foreign meddling.”
3. Russia should fear the U.S. response if it tries to hack 2020.
The report also urges deterring election attacks by ensuring Russia and other adversaries know they’ll pay a price as part of its recommendations to improve their security.
“The United States should communicate to adversaries that it will view an attack on its election infrastructure as a hostile act, and we will respond accordingly,” the report states, adding that officials should outline a range of consequences election hackers might face.
The report also urges the government to work with U.S. allies to develop rules of the road about what’s unacceptable in cyberspace and to collectively impose consequences when other nations violate those rules.
Baltimore Mayor Bernard "Jack" Young. (AP Photo/Jose Luis Magana)
That confirms statements by Rep. Dutch Ruppersberger (D-Md.), who represents parts of Baltimore, and by Sen. Chris Van Hollen (D-Md.), who were briefed by the NSA on the attack. But it contradicts a New York Times report that claimed the tool called Eternal Blue was used – and which sparked a debate about whether NSA bore some responsibility for the attack or If Baltimore was at fault for allegedly not patching against the hacking tool more than two years after NSA advised organizations to do so.
The city says in its fact sheet that “independent computer forensic experts have found no evidence that EternalBlue was a factor” in the attack and “have found no evidence” that confirms the Times report.
NSA used Eternal Blue for five years to gather reams of intelligence before it was stolen in 2017 by a group called Shadow Brokers that hasn’t yet been tied to any nation’s intelligence agency. The malicious code has been used in numerous hacking campaigns, including the 2017 NotPetya attack, which U.S. officials have attributed to Russia and crippled thousands of computers in Ukraine and elsewhere.
FBI Director Christopher Wray. (Steve Helber/AP)
Twitter and Facebook logos (Nicolas Asfouri and Lionel Bonaventure /AFP/Getty Images)
-- Should pineapple go on pizza? DHS's Cybersecurity and Infrastructure Security Agency posed that question to help demonstrate how foreign influence campaigns seek to divide Americans online. And, boy, did they get a response from the cybersecurity community.
A few brave souls were pro-pineapple in the war. The National Association of Secretaries of State:
— NASS (@NASSorg) July 25, 2019
Total propaganda. @pamelafessler @CISAKrebs are right! Pineapple on pizza sullies the reputation of a truly great food. #NoPineappleOnMyPie #WarOnPineapple https://t.co/GIgITlq9bo https://t.co/n4A8ciBgWk— Matthew Masterson (@mastersonmv) July 25, 2019
Sen. Ron Wyden (D-Ore.) wasn't as amused.
My opinion on pineapple pizza is Mitch McConnell and Donald Trump need to stop obstructing election security legislation https://t.co/lymKOUMlFU— Ron Wyden (@RonWyden) July 25, 2019
-- A bipartisan commission on modernizing Congress released a slate of 24 recommendations that were unanimously endorsed by the commission’s 12 members yesterday. One big one was mandating that all federal lawmakers get cybersecurity training.
Ivan Moreno | AP
New York Times
Bulletin of the Atomic Scientists
Source: The Washington Post