Analysis | The Cybersecurity 202: DHS will run a war room for a week or more to protect November election
“That will remain in place, frankly, until the election community says, 'Okay, you can stand down now. We're in good shape,' " a senior official at DHS’s Cybersecurity and Infrastructure Security Agency said.
The expanded operation is emblematic of how the coronavirus pandemic has vastly complicated officials’ plans for what was already shaping up to be the most complex and closely watched election in U.S. history from a security perspective.
CISA is already running a 24/7 operation monitoring election offices across the country for hacking threats through a network of hundreds of digital sensors, said the official who spoke to reporters on condition of anonymity. The agency will shift to an “enhanced readiness posture” during the last 45 days before the election, ramping up how often it shares information with agencies across the government. It will also begin offering biweekly threat briefings to election officials then.
“The reality is, it’s not about Election Day anymore. It’s about an election time period and understanding what takes place over that [whole] time period,” the official said.
The pandemic – and consequent surge in mail voting – made it easier for adversaries to raise doubts about the election's legitimacy.
“The opportunity for uncertainty is there… and uncertainty is a fertile battleground for our adversaries to seek to divide us and undermine trust in the process,” the CISA official said. “[That’s] why we need prepared, patient and participating voters to engage in the process.”
But it probably hasn’t made the election substantially more vulnerable to hackers from Russia or elsewhere. That’s largely because it’s comparatively easy to track mail votes and to audit them to make sure they were tallied correctly.
So far, there’s no evidence Russia or other U.S. adversaries are trying to sabotage mail voting.
While Trump and Attorney General William P. Barr have both suggested adversaries might print and mail in phony ballots, “we have no information or intelligence that any nation-state threat actor is engaging in any kind of activity to undermine any part of the mail-in vote or ballots,” a senior intelligence official said during the same media briefing.
An FBI official also said the bureau has not seen any “coordinated national voter fraud effort” and warned such an effort would be “extraordinarily difficult” to pull off. Nevertheless, the FBI is on the lookout for such efforts, the official said.
Deputy Attorney General Jeffrey A. Rosen made a similar point at a separate appearance Wednesday, Devlin Barrett reports.
“We have yet to see any activity intended to prevent voting or to change votes, and we continue to think that it would be extraordinarily difficult for foreign adversaries to change vote tallies,” Rosen said during an address at the Center for Strategic and International Studies think tank.
Election officials have also said it would be impractical if not impossible to commit widespread mail ballot fraud because of systems that allow election offices and voters to track mail ballots during their journey and verification procedures once those ballots arrive.
There also haven’t been any substantial efforts to hack election systems so far this cycle, officials said.
But that doesn’t mean such attacks won’t happen in the approximately three months remaining before Election Day.
DHS has spotted a lot of hackers scanning county election offices looking for vulnerabilities they might exploit — but that’s common for all IT systems and it’s not clear the hackers even know that they’re looking at election systems, the CISA official said. The scanning hasn’t been aimed specifically at high-value targets that would make it easy to disrupt an election such as voter registration databases, the official said.
In 2016, Russian hackers compromised voter registration databases in at least two states, but there’s no evidence they manipulated them in any way that would have disrupted election operations.
There have been a handful of instances where election offices were affected by cyberattacks this year, but those attacks weren't aimed specifically at the offices and didn't disrupt election operations, the CISA official said. For example, there have been cases where county governments were hit with ransomware attacks that impacted their election divisions. In general, the election components have done better at resisting those attacks than other agencies, the official said.
“Frankly, what we've seen from the election community is a level of resilience and responsiveness that outpaces their county brethren,” he said.
TikTok CEO resigns as U.S. ban approaches.
Kevin Mayer, a former Disney executive, had only been in the role for three months. The company’s U.S. operations were upended soon after he took the job by the Trump administration’s plan to ban the app over national security concerns, Rachel Lerman reports.
“I understand that the role that I signed up for — including running TikTok globally — will look very different as a result of the US Administration’s action to push for a sell off of the US business,” he wrote in a letter obtained by The Washington Post.
TikTok is suing the administration over the ban and denies that it’s a security threat.
The U.K. government’s review is likely to determine the app isn’t a major security threat on the level of the Chinese telecom Huawei. But the app is still sparking concerns from privacy hawks in Parliament — especially a plan to open up an international headquarters in London. TikTok has also discussed plans to open a European data server in Ireland.
“With a flashy campus in the U.K., ByteDance would be free to masquerade as a British equivalent to Facebook or Google, gaining credibility in London,” said Conservative lawmaker Iain Duncan Smith.
North Korean hackers are ramping up global attacks on banks.
The campaign has included initiating fraudulent money transfers and forcing ATMs to dispense cash, a group of federal agencies including the Treasury Department and FBI warned, Christopher Bing reports.
The bank heists have been going on since 2016 but they ramped up in February, the agencies said.
U.S. officials have repeatedly accused North Korea of using such attacks to fund its government, which has been crippled by severe sanctions imposed by the United States and other Western countries. The Treasury Department imposed sanctions on the same group of hackers in the fall.
“The continued attacks are proof of the reliance the regime has on these funds, along with being a testament to their technical ability and determination,” Vikram Thakur, a technical director for the U.S. cybersecurity firm Symantec, told Reuters.
North Korea has denied the charges.
Disinformation operations are targeting Black voters — again.
Researchers are seeing actors in Iran, China and Romania pose as Black voters on social media to exacerbate America's racial divide and suppress Black voters as the election nears, Craig Timberg and Isaac Stanley-Becker report. It's a playbook popularized by Russia during the 2016 election.
One such phony account featured a profile photo of a young Black man claiming to be a former Black Lives Matter protester who switched allegiances to the Republicans. It was retweeted 22,000 times and had more than 15,000 followers before getting deleted.
Twitter suspended the account and several others that posted similar messages for violating rules about “platform manipulation and spam,” said a company spokesman, Trenton Kennedy. The company didn't provide any details about who was behind the account.
“These methods seem crude, but at the end of the day it shows how easy it is to game Twitter, and how a false account can get so many impressions and potentially influence or reaffirm the existing prejudices of an untold amount of people,” said disinformation researcher Marc Owen Jones, who found the account.
Facebook has also run into coordinated behavior against Black voters.
Apple is giving users more control over their privacy. Facebook is mad.
Under the new rules, Apple will block Facebook and other companies that use advertising software from tracking users without their permission.
Facebook denounced Apple's update as harmful to small developers, But it didn't garner much sympathy.
Bloomberg News's Sarah Frier and the New York Times's Sheera Frankel:
CEO of Digital Content Next Jason Kint:
Facebook's Audience Network is also the part of the company we know least about, Elizabeth Dwoskin points out:
Coronavirus apps are raising privacy fears in India.
A central government coronavirus app has already faced international scrutiny over privacy issues. But there are also dozens of state-level apps and its hard for experts to tell how effectively they're protecting privacy, Reuters reports.
More cybersecurity news:
- President Trump will speak at the Republican National Convention tonight.
Secure log off