States Rush to Defend 2018 Election From Russia After Late StartBy
Situation like ‘changing the tire while the car is driving’
Illinois sees cyberattacks on election system ‘every week’
Weeks before the first U.S. primaries, 40 state election officials filed into a guarded Maryland office for a classified briefing about the threats they’re sure to face between now and the November vote.
But they didn’t need much of a reminder about the menace from abroad. As they arrived, Special Counsel Robert Mueller charged 13 Russians with meddling in the 2016 presidential campaign in a conspiracy of bogus social-media postings.
These state officials are the front-line defense against another assault on the elections this year -- but many say they’re not getting much help from Washington, particularly with President Donald Trump downplaying or dismissing the threat of Russian meddling. With control of both chambers of Congress at stake, state officials admit they’re rushing to bolster security and overcome confusion about how to work with the federal government.
The situation is like “changing the tire while the car is driving,” New Mexico Secretary of State Maggie Toulouse Oliver said in an interview. “We’re already preparing for our elections in November and still trying to find out what we need to know.”
The Department of Homeland Security has said Russians targeted 21 state election systems during the 2016 elections. Though most were instances of Russians scanning state systems, in several cases, they were able to successfully penetrate networks. No vote results were tampered with. But that was then.
No One in Charge
The nation’s top spy chief -- Director of National Intelligence Dan Coats -- sparked alarm among lawmakers last week when he admitted “there’s no single agency in charge” of blocking potential Russian meddling in this year’s midterm elections.
“We’ve had more than a year to get our act together and address the threat posed by Russia and implement a strategy to deter further attacks,” responded Senator Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee. “The fact that we don’t have clarity about who’s in charge means that we don’t have a full plan.”
State officials said they hope Friday’s classified briefing is a sign that federal authorities will mobilize to help them over the coming months. Still, the meeting reflected tensions between the two sides, and both Republican and Democratic state officials vented their frustrations.
“You have two cultures -- the intelligence community, which by its nature keeps things private and secret, and secretaries of state who live and operate in an area where transparency is key -- so, of course, there was going to be a clash,” said Rhode Island Secretary of State Nellie Gorbea.
Some state election officials said last week’s briefing provided helpful context, and they viewed participation by intelligence leaders as a sign they’re being taken seriously. Principal Deputy Director of National Intelligence Sue Gordon attended, as did officials from the FBI, the Department of Homeland Security and the National Counterintelligence and Security Center.
Others, however, said the meeting didn’t give them any new details, and some walked away still confused about Russian cyberintrusions even after what Jay Ashcroft, Missouri’s secretary of state, called “a vigorous discussion.”
Tensions between state and federal officials over election tampering emerged in January 2017, when the federal government designated election systems as “critical infrastructure,” a category that includes nuclear power plants, dams and financial services. Most state election officials opposed the move, fearing a federal takeover.
States have since acquiesced to this “arranged marriage,” Connie Lawson, president of the National Association of Secretaries of State and Indiana’s secretary of state, said during a conference her group held on Saturday in Washington.
Communications remains the biggest gap. Last June, Jeannette Manfra, DHS deputy undersecretary for cybersecurity and communication, first told a Senate panel that Russians had targeted 21 state systems but didn’t say which states were affected. Federal authorities didn’t notify individual states until autumn.
Alex Padilla, California’s secretary of state, said he was frustrated when he got that call. The quality of information shared by DHS -- and the timeliness -- needs to be improved, he said.
“When DHS tells you year-old information, that doesn’t help build confidence,” he said in an interview.
In working with states, DHS has leaned heavily on the Election Assistance Commission, a federal agency that lacks regulatory authority, for technical expertise and connecting with states, according to a February report by the Democratic Congressional Task Force on Election Security, headed by Representatives Bennie Thompson of Mississippi and Robert Brady of Pennsylvania.
DHS has “struggled to build relationships” and communicate information with election officials because the department “lacks both institutional knowledge about election administration and connections within the small, close-knit elections community,” the report said.
Bob Kolasky, DHS acting deputy undersecretary, said more briefings similar to Friday’s may follow.
“When we get new information about the threat changing, we want to bring that in and give that to election officials,” he said.
In October, the department created a coordinating council with federal members meeting every few months with state and local election officials to better explain threats and services. Within DHS there’s also an election task force that includes staffers from the FBI and Office of the Director of National Intelligence. After a pilot project with seven states, DHS is expanding an election information-sharing effort based at the Multi-State Information Sharing and Analysis Center.
The department is also helping 32 states and 31 local governments with remote “cyber hygiene” scans of internet-connected systems, like voter registration databases. And it’s offering on-site risk and vulnerability assessments of election systems. But those are all voluntary services. Whether states take action to follow up on the reviews is also their call.
After Illinois’s electronic voter database was breached in 2016, the state brought in DHS to do regular scans. Since then, “every week they try to hack into our system and they have not been successful,” Matt Dietrich, a spokesman for the Illinois State Board of Elections, said.
In Washington state, Secretary of State Kim Wyman said working with DHS has been “phenomenal” on the technical side. But she said federal agencies often already have connections to a state’s governor or chief information officer, and don’t realize that election officials need to receive information as well.
“They need to be dealing with us directly,” Wyman said in an interview. “We hear about briefings third-hand — that’s not helpful.”
At a lower level, local and county officials say their staffs aren’t aware of the federal government’s services. Not to mention that the bulk of field election workers in the country’s 9,000 voting jurisdictions are volunteers.
In a February report, the Center for American Progress said all 50 states have taken at least some steps to provide security in their election administration. That includes at least 36 states that are coordinating with or have enlisted help from DHS or the National Guard in “assessing and identifying potential threats to voter registration systems.”
Delbert Hosemann, Mississippi’s secretary of state, said after Friday’s indictments and classified briefing that he wants authorities to give him more intelligence on who’s behind social-media manipulation.
“That is something you’re going to see our state partner with the federal government much more on -- giving me information about these nefarious sites that are being set up by foreign countries to influence elections in Mississippi,” Hosemann said.
States are also turning to social media companies. During December’s special senate election in Alabama, Secretary of State John Merrill said a post went viral on Facebook and Twitter claiming that 5,500 ballots had been cast in a fictitious town with only 2,200 residents. Speaking at the conference in Washington over the weekend, Merrill said he wrote both Facebook Inc. and Twitter Inc. about the false report. Officials from the two companies who heard his comments at the conference said they’d look into it.
But some obstacles won’t be resolved this year. In a survey this month by the Brennan Center for Justice in New York, more than 500 election officials in 41 states told the center they will use machines and computers in the midterms that are more than a decade old. Other states are still using voting machines without any paper record of ballots.
It’s too late to fix all those issues before election season gets under way. Illinois and Texas will hold primaries next month.