This week in the Russia investigations: Washington turns its focus to election security. Will it be enough?
The Russia imbroglio is so vast that only parts of it come into focus at one time.
But one of the biggest, least appreciated and potentially most important threads in the story hasn’t gotten as much focus: securing future elections from more active measures. Until now.
This week, the floodgates opened. The House and Senate intelligence committees both issued recommendations for securing the 2018 races and beyond.
Then Congress offered hundreds of millions of dollars‘ worth of new funding for election security, both for states and specifically to help the FBI fight cyberattacks.
How much difference will it all make? Will it be enough?
One question too early to answer is how soon the money would begin flowing, and how quickly states could then use grants or other support from the federal government to begin upgrading their systems. There may not be enough time to make much of a difference in this year’s races.
Over the longer term, though, many states may buy new voting equipment.
Five states use computer voting systems that leaves no paper trail and nine others use combinations of digital and paper ballots that also don’t leave a paper record. One priority about which there was consensus this week was the importance of paper ballots and physical accounting that takes vote tallying out of the potential realm of electronic sabotage.
Although officials say cyberattacks didn’t change any vote tallies in 2016, that is a theoretical danger with any computerized system.
Much of what state-level elections officials do, however, will remain networked, including working with registrations and local coordinators. So even paper-voting states require better defenses against cyberattacks like those that targeted state systems and their vendors two years ago.
The Department of Homeland Security says Russian hackers probed 21 states in 2016. Attackers only got into one — Illinois — according to DHS, and did not alter any of the data it contained.
Everyone is unhappy with the way things went in 2016. It took DHS nearly a year to notify states and the public about what it and the intelligence community knew about the cyberattacks. That enraged state officials and irked members of Congress.
Another lesson from this week was how difficult those relationships remain as the technical nature of the threat stays well ahead of America’s 18th century institutions.
Homeland Security Secretary Kirstjen Nielsen told senators things are getting better. She also acknowledged there are many roadblocks still to navigate.
For example, Nielsen told senators that the basis by which DHS deals with states in terms of discussing cyberthreats or compromises is entirely voluntarily. That means she doesn’t want to announce findings publicly or even necessarily brief the congressional oversight committees.
“What we find is when we notify others of who the victims are, unfortunately it has a chilling effect and we no longer get the information from those who have been attacked,” she said.
States not only don’t want to be embarrassed, they want voters to vote.
So if they, or DHS, or the intelligence community got into the business of talking more openly about cyberthreats or cyber-preparedness, that would not only be politically bad, it would further erode confidence in democracy — which is one of the objectives of foreign attackers in the first place.
Press reports and public hearings, however, are some of the best ways to compel action from often close-mouthed government officials. This dilemma won’t go away.
Compounding the problem, as NPR’s Miles Parks reported, is that states aren’t equal in their importance to elections, especially on a national level. States that could swing in decisive ways, as Wisconsin, Pennsylvania and Michigan swung in 2016, are facing many more attacks than states that tend to remain solidly red or blue.
The enemy gets a vote
Russia’s campaign of active measures that peaked in 2016 has never stopped, as top intelligence and national security officials warn. That also means that Americans are keyed into it in ways they weren’t then — so if part of what made it effective was its novelty, that is dulled this time around.
Many more voters will be on guard for 2018 and 2020, the thinking goes.
At the same time, foreign powers aren’t standing still either. Another important question about Washington’s new consensus on election security is whether the United States is enlisting a horse-drawn army to fight a mechanized opponent.
One example is what’s been described as a new wave of digitally altered video, which could make it appear as though public officials or others had said things on TV they haven’t actually said.
Another example: custom malware that might cause chaos on Election Day in key places. One top House intelligence committee member, Rep. Mike Conaway, R-Texas, said a “cyber-bomb” might scramble all the voter registration information for a key polling place at an important moment.
Election officials and voters would need to improvise, raising questions about whatever workarounds were put in place to placate the lines of people waiting to vote — perhaps leading them to go home without casting a ballot.
And none of this means, however, that the 2016 playbook wouldn’t also work again. Facebook and Twitter remain susceptible to manipulation. The emails of political organizations or elected officials remain vulnerable to being captured and released in order to embarrass them.
Members of Congress this week urged DHS to work quicker to attribute cyberattacks and make the information public.
Still, no matter how quickly the government confirmed that, for example, a politician’s tranche of emails had been stolen and aired as part of an active measures operation, it couldn’t stop the press from covering what they contained. The government couldn’t stop the subject from being changed in the middle of a campaign or make what had become public information private again.
Diagnosis confirmed. Prognosis uncertain.
Although House intelligence committee Republicans have given Trump a clean bill of health over whether his campaign conspired with the active measures, the imbroglio wore on. The Senate committee and Justice Department special counsel Robert Mueller continue their work.
Meanwhile, America’s body politic has received a chronic diagnosis.
Elections are going to continue to suffer from interference as they have for decades but at greater levels of intensity than ever, national security officials warn.
Although Washington continued with preparations this week to manage this condition, it still isn’t clear whether many Americans have accepted it.