Will midterms be Rus­sia’s ‘warm-up’ for 2020?

De­spite de­creased ac­tiv­ity, gov­ern­ment agen­cies and so­cial me­dia firms amp up cy­ber­se­cu­rity

The Washington Post Sunday - - ELECTION 2018 - BY ELLEN NAKASHIMA ellen.nakashima@wash­post.com

In the first na­tional vote since Rus­sia’s in­ter­fer­ence in the 2016 elec­tion, U.S. fed­eral and state of­fi­cials see lit­tle ev­i­dence that Moscow has at­tempted the same level of dis­rup­tion this year, but the rel­a­tive quiet has made some ner­vous.

“The midterm is . . . just the warm-up, or the ex­hi­bi­tion game,” said Christo­pher Krebs, a se­nior cy­ber of­fi­cial at the Depart­ment of Home­land Se­cu­rity. “The big game, we think, for the ad­ver­saries is prob­a­bly 2020.”

None­the­less, of­fi­cials have amped up ef­forts to se­cure Tues­day’s vote.

DHS has cre­ated round-the­clock com­mu­ni­ca­tions chan­nels with elec­tion of­fi­cials in all 50 states, run na­tional table­top ex­er­cises with state and lo­cal of­fi­cials to game out how to re­spond to pos­si­ble crises and, at the states’ re­quest, is mon­i­tor­ing elec­tion sys­tem net­work traf­fic for cy­berthreats.

Face­book has dou­bled to 20,000 the size of its staff mon­i­tor­ing the plat­form for dis­in­for­ma­tion. It has run war games to an­tic­i­pate threats and set up a round-the-clock op­er­a­tion so teams can re­act quickly to in­ci­dents such as tar­geted hate speech — which hap­pened in the recent Brazil­ian elec­tion.

The Demo­cratic Na­tional Com­mit­tee, which in sum­mer 2016 was hacked by Rus­sian spies, has moved all email to the “cloud,” runs reg­u­lar spearphish­ing tests on em­ploy­ees and has man­dated that ev­ery­one use an en­crypted chat app to send mes­sages to one an­other.

“We’re not sleep­ing,” said Raffi Kriko­rian, DNC chief tech­nol­ogy of­fi­cer. “We’re ex­tremely stressed and ex­tremely con­cerned any so­phis­ti­cated at­tack would fly un­der our radar. So ev­ery day that noth­ing hap­pens is a day we’re stressed out of our minds be­cause we’re try­ing to fig­ure out, ‘What are we miss­ing right now?’ ”

The FBI and DHS have set up task forces on for­eign in­flu­ence. U.S. Cy­ber Com­mand has sig­naled di­rectly to Rus­sian trolls and hack­ers that they had bet­ter not in­ter­fere. The Trea­sury Depart­ment has im­posed sanc­tions on Rus­sians ac­cused of elec­tion in­ter­fer­ence. Per­haps of most sig­nif­i­cance, the Jus­tice Depart­ment has crim­i­nally charged more than two dozen Rus­sian trolls, spies and op­er­a­tives for seek­ing to in­ter­fere in U.S. elec­tions, in­clud­ing one last month in con­nec­tion with the midterms, which have raised pub­lic aware­ness of Rus­sia’s tac­tics and its over­ar­ch­ing goal: To am­plify di­vi­sions in Amer­i­can so­ci­ety and un­der­mine U.S. democ­racy.

In­deed, a ma­jor threat to elec­tion se­cu­rity and democ­racy is a deeply po­lar­ized so­ci­ety, said Laura Rosen­berger, di­rec­tor of the Al­liance for Se­cur­ing Democ­racy at the German Mar­shall Fund of the United States.

“When we have po­lit­i­cal lead­er­ship that is fan­ning flames of di­vi­sion, they are mak­ing us much more vul­ner­a­ble to ex­ter­nal im­pact,” said Rosen­berger, a former Na­tional Se­cu­rity Coun­cil of­fi­cial in the Obama ad­min­is­tra­tion. “Un­til we have both po­lit­i­cal lead­er­ship and broader civil so­ci­ety ac­tiv­ity to ad­dress some of those real di­vi­sions in the coun­try, these are go­ing to be vul­ner­a­bil­i­ties that are ripe for ex­ploita­tion.”

Still, on elec­tion in­fra­struc­ture, the trend over­all is to­ward im­prove­ment, of­fi­cials say.

“We’re miles ahead of where we were in 2016,” said Matt Master­son, the Depart­ment of Home­land Se­cu­rity’s point per­son on elec­tion se­cu­rity. “The work we’ve been able to do with our state and lo­cal part­ners has im­proved the re­silience and se­cu­rity across all 50 states.”

The most im­por­tant dif­fer­ence be­tween then and now, of­fi­cials said, is com­mu­ni­ca­tion: be­tween the fed­eral gov­ern­ment and state and lo­cal of­fi­cials, be­tween law en­force­ment and so­cial me­dia com­pa­nies, and be­tween the pub­lic and pri­vate sec­tors and vot­ers.

“In 2016, DHS made a con­scious ef­fort to talk to state chief in­for­ma­tion of­fi­cers, but those of­fi­cers weren’t al­ways talk­ing to state elec­tion of­fi­cials,” said Thomas Hicks, chair­man of the Elec­tion As­sis­tance Com­mis­sion, an in­de­pen­dent bi­par­ti­san panel cre­ated af­ter the Florida elec­tion de­ba­cle of 2000 to im­prove elec­tion ad­min­is­tra­tion. “They weren’t alert­ing the right peo­ple of the threats.”

But now they are, in part thanks to a “gov­ern­ment co­or­di­nat­ing coun­cil,” formed with the com­mis­sion’s help, that ex­pe­dites in­for­ma­tion-shar­ing to help elec­tion of­fi­cials learn about se­cu­rity threats quickly.

In late 2016 and early 2017, DHS was eyed war­ily by some states, which feared its plan to des­ig­nate elec­tions sys­tems as part of the na­tion’s “crit­i­cal in­fra­struc­ture” was a play to ex­tend fed­eral au­thor­ity.

But to­day, the crit­i­cal in­fra­struc­ture des­ig­na­tion is ac­cepted, and all 50 states as well as more than 1,000 lo­cal ju­ris­dic­tions take part in a com­mu­ni­ca­tions chan­nel run by the Elec­tions In­fra­struc­ture In­for­ma­tion Shar­ing and Anal­y­sis Cen­ter [EI-ISAC], a fed­er­ally funded body set up in 2017. That in­cludes the state of Ge­or­gia, whose sec­re­tary of state, Brian Kemp, was an out­spo­ken critic of fed­eral as­sis­tance in 2016.

Ev­ery Fri­day for the past sev­eral weeks, DHS has held a con­fer­ence call with 80 to 100-plus elec­tion of­fi­cials, of­ten with par­tic­i­pa­tion by the FBI and rep­re­sen­ta­tives of elec­tion ma­chine ven­dors, to up­date them on what threat­en­ing ac­tiv­ity they’re see­ing. “Even if it’s to say we have noth­ing new to re­port, they know we’re reg­u­larly check­ing in with them,” Master­son said.

A number of states have hired more cy­ber­se­cu­rity staff or out­side ven­dors to help them, 43 have in­stalled mon­i­tors to en­able DHS to watch traf­fic for threats, and al­most half have had DHS con­duct risk and vul­ner­a­bil­ity as­sess­ments.

But there are still 13 states us­ing in some or all dis­tricts elec­tronic touch-screen ma­chines that are vul­ner­a­ble to hack­ing, said Lawrence Nor­den, deputy di­rec­tor of the Bren­nan Cen­ter for Jus­tice’s Democ­racy Pro­gram. There are no fed­eral stan­dards for elec­tion in­fra­struc­ture other than vot­ing ma­chines — and those stan­dards are vol­un­tary. There is lit­tle in­sight into whom vot­ing ma­chine ven­dors hire or their se­cu­rity prac­tices.

“Those are re­ally big ar­eas where we need to be a lot more fo­cused in the next year or two,” he said.

Even if no ma­chines are hacked, ex­perts fear the Rus­sians — or some other mis­chief-maker — could claim they had hacked into a ma­chine and al­tered votes, caus­ing con­fu­sion.

That’s why states have been coached by DHS and na­tional elec­tion of­fi­cial as­so­ci­a­tions to be pre­pared to cor­rect the record promptly.

“Whether it’s in­ten­tional dis­in­for­ma­tion or in­ad­ver­tent mis­in­for­ma­tion, we re­spond,” Colorado Sec­re­tary of State Wayne Wil­liams said. “We mon­i­tor so­cial me­dia. We work with our me­dia very well here, and we try to get out ac­cu­rate in­for­ma­tion.”

The so­cial me­dia firms that bore the brunt of the Rus­sian as­sault have acted more aggressively since 2016 to pa­trol their plat­forms. Face­book since 2017 has re­moved thou­sands of pages, groups and ac­counts linked to Rus­sia and Iran from its plat­forms, in­clud­ing In­sta­gram — ac­counts en­gaged in “in­au­then­tic” be­hav­ior of the sort that might in­di­cate an ef­fort to sow dis­cord.

With China, said Nathaniel Gle­icher, Face­book’s head of cy­ber­se­cu­rity pol­icy, “we haven’t seen the kind of co­or­di­nated in­for­ma­tion op­er­a­tions that we have from other states.”

Face­book has taken mea­sures to make fake ac­counts harder to cre­ate and eas­ier to de­tect. The Rus­sians and oth­ers “need to be more con­cealed in their iden­ti­ties, which forces them to be more dis­ci­plined, which forces them to screw up,” Gle­icher said.

While the vast ma­jor­ity of di­vi­sive and in­au­then­tic con­tent is do­mes­tic, he said, “we’ve also seen in­di­ca­tions of for­eign ac­tors seed­ing ma­te­rial, which do­mes­tic ac­tors don’t re­al­ize [is of for­eign ori­gin] and pick up.”

He said the co­or­di­na­tion with the FBI has im­proved since 2016, when the bureau was not shar­ing in­for­ma­tion it had re­ceived in­di­cat­ing Rus­sians set­ting up troll ac­counts. But it’s still a chal­lenge. “It’s hard sim­ply be­cause in­for­ma­tion op­er­a­tions are a new kind of threat,” said Gle­icher, a former fed­eral prose­cu­tor.

In Au­gust, Di­rec­tor of Na­tional In­tel­li­gence Daniel Coats told White House re­porters that when it came to pro­pa­ganda and sow­ing dis­cord in Amer­ica, Rus­sia “stepped up their game big time in 2016. We have not seen that kind of ro­bust ef­fort from them so far.”

Part of that is so­cial me­dia com­pa­nies tak­ing down ac­counts and forc­ing the trolls to go to greater lengths to con­ceal their iden­ti­ties. As a re­sult, said Ben Nimmo of the At­lantic Coun­cil’s Dig­i­tal Foren­sic Re­search Lab, they’ve in­creas­ingly been re­post­ing di­vi­sive memes cre­ated by oth­ers and been try­ing to spin up protests by di­rectly en­gag­ing with Amer­i­cans from both sides of the po­lit­i­cal spec­trum “to get them out on the street against each other.”


Di­rec­tor of Na­tional In­tel­li­gence Daniel Coats speaks in Oc­to­ber at a con­fer­ence on cy­ber­se­cu­rity. In Au­gust, Coats said Rus­sia stepped up its elec­tion-in­ter­fer­ence game in 2016 but has not made the same “ro­bust ef­fort” for the midterm elec­tions.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.