President Trump has shown little interest in fighting the threat of Russians hacking U.S. elections. He’s shown a lot of interest in fighting voter fraud, something he insists — without evidence — is widespread.
Parts of his administration are doing just the opposite.
Bob Kolasky, an acting deputy undersecretary at the Department of Homeland Security (DHS), told a group of election officials gathered in Washington, D.C., this week that the threat of Russian hacking in future elections is “a national security issue.”
“We have seen no evidence that the Russian government has changed its intent or changed its capability to cause duress to our election system. That may not be the only concern we have in the future,” Kolasky said, adding that another nation-state or bad actor could also attempt to interfere in U.S. voting.
The intelligence community concluded last year that Russian hackers probed election systems in at least 21 states before the 2016 election, although there’s no evidence any vote tallies were affected.
Since then, DHS has been working closely with state and local election officials to set up a system where they can share intelligence about potential threats and provide assistance in protecting against those threats.
Kolasky said Homeland Security is geared up to provide its most complete security assessment to any state calling for it. The assessment involves sending in teams of experts to test state election systems for vulnerabilities and to propose ways to close security gaps. There had been a waiting list for such help, but Kolasky said his agency should be able to send teams into any state that requests them prior to the 2018 midterm elections.
One thing his agency shows no signs of doing is following up on Trump’s allegations that the nation’s election system is riddled with fraud. When the president last week suddenly dissolved an advisory commission he set up to investigate voter fraud, the White House said the Department of Homeland Security had been asked “to review its initial findings and determine next courses of action.”
The former vice chair of the commission, Kansas Republican Secretary of State Kris Kobach, told NPR that the agency could compare state voter data collected by the commission against immigration databases to find evidence of non-citizens who voted illegally.
But in a sworn statement filed in court this week, Charles Herndon, the director of White House Information Technology, said that state data would not be transferred to DHS, and would instead be destroyed, pending resolution of litigation and consultation with the National Archives. Herndon also stated that the president’s voter fraud commission “did not create any preliminary findings.”
When asked this week whether DHS would pursue the voter fraud investigation, spokesman Tyler Houlton told NPR that the agency will continue to work on “election security.”
“It’s ultimately up to state and local governments to administer elections and we’re there to help,” he said, without elaborating.
Election officials say they’ve been privately assured by DHS that administrators there have no plans to get involved in a search for voter fraud, which could jeopardize the working relationship that’s been built up in recent months to address the threat of cyberattacks.
That threat appears to be foremost in many election officials’ minds, according to those speaking at the Washington meeting, which was organized by the U.S. Election Assistance Commission.
“I can assure you that there is a sense of urgency, there is a sense of purpose in making sure we are as prepared as we can be,” David Stafford, elections supervisor in Escambia County, Fla., told the gathering. He is among two dozen state and local election officials working closely with DHS.
Stafford said he’s also been talking with the University of West Florida about the possibility of using its cyber security range, which can simulate threats, to help train local officials how to respond.
Rhode Island Secretary of State Nellie Gorbea noted that she, along with the Rhode Island National Guard and DHS, held a cyber summit last fall for election officials in her state. She said one of the challenges was convincing some local participants that they’re now part of an army fighting a global threat.
“This is real. There are actually people trying to hack into systems, regardless of where they’re from and what their intentions are, and we need to protect for that,” she said she told the election workers. “So if you’re a local clerk and somebody comes to your office and says, ‘Can you download this onto your drive?’ and that’s the way that you’re getting access into your central voter registration system, you need to be conscious that that’s a weak link.”
Jeremy Epstein, a computer security expert, warned that it can take months before an intrusion is detected. Though there is no evidence voting systems were compromised in 2016, some computer experts nevertheless worry that hackers might have already gained access to a system unnoticed, with plans to exploit that vulnerability in future voting.
“These systems are uniformly vulnerable,” Epstein said. “If you think you’re secure, you haven’t looked hard enough.”