October 4, 2018
Midterms Seen As Potential Target of Cyberattacks
‘Our adversaries have demonstrated the capability and will,’ says US Department of Homeland Security Secretary Kirstjen Nielsen
By David A. Wemer
“Our goal at the heart of it is to ensure that every American has assurance that their vote is counted and that their vote is counted correctly,” Nielsen said. She gave a keynote address as part of the Atlantic Council’s Global Forum on Strategic Communications and Digital Disinformation (StratComDC), a two-day conference convening global leaders in combatting disinformation and securing digital infrastructure, co-hosted by the United Kingdom’s Foreign and Commonwealth Office, the Embassy of Sweden, the Embassy of Lithuania, and Twitter.
Federal authorities, Nielsen reported, “are working very closely with state and local [governments] to protect their systems” in the run-up to the November midterm elections. “We are providing information, intelligence, no-cost technical assistance, supporting instant-response planning, and… [making] sure that those who have the responsibility to operate the [voting] systems have the ability to receive the information,” she said.
During the 2016 election, Nielsen conceded, “there wasn’t a clear process for how we share this information.” The federal government has responded, she explained by establishing “an election infrastructure and information-sharing and analysis center. The center is providing officials with timely and actionable information. We have all fifty states participating and over 1,100 local jurisdictions.”
Nielsen was clear to state that in 2016 “no votes were altered,” despite “the clear targeting of our systems by the Russian government.” She reported that US officials “now believe that all fifty states were probably likely targeted in the same way—in the form of research, understanding systems [and] what the possibilities are.” This “scanning” by Russian hackers Nielsen compared to a burglar “checking to see if any windows were open, if any doors were open, what the system looks like potentially to understand for a future attack.”
Nielsen announced that “by the midterms more than 90 percent of registered voters will live in an area whose [election] infrastructure is protected by an Albert sensor,” a cybersecurity monitoring system.
She argued that the fact that no votes were changed in 2016 should not make US authorities complacent about 2018. “We no longer assume that because a nation-state or criminal organization has the capability, they will not use it,” she said. “We are changing to a posture of assuming that if the capability exists it in fact could be used against us and we have to prepare accordingly.”
Recently, Nielsen observed, we saw “Russia probing our energy grid, compromising thousands of routers around the world, and unleashing the NotPetya malware, which wreaked havoc and ended up being one of the costliest cyber incidents in history.” Notably Nielsen told a cybersecurity conference hosted by the Washington Post on October 2 that her department had not yet seen evidence of China trying to target American electoral infrastructure—despite US President Donald J. Trump’s claims during the United Nations Security Council meeting on September 26.
US Sen. Chris Murphy (D-CT) argued that the US government continues to not do enough to deter foreign adversaries from trying to disrupt our elections. Speaking earlier at StratComDC, Murphy explained that his 2016 legislation, cosponsored with US Sen. Rob Portman (R-OH), to fund counter propaganda and disinformation programs is on its own “woefully insufficient to try to do the job.” The legislation provides funding of around $60 million a year, which Murphy compared to the more than $4 billion the United States spends on military readiness in Eastern Europe. Murphy called this “a misallocation of resources,” when propaganda, not military action, is “the primary means by which Russia is advancing outside of its borders.”
Murphy criticized the Trump administration for being “a substantial barrier to recognizing that the information threat does not have a capacity in the American foreign policy tool set to meet it.”
Nielsen echoed Murphy’s concern about deterring foreign adversaries, saying that “making clear that there will be consequences” for cyberattacks “not only serves as a deterrent, but makes very clear how very seriously we take this.” Nielsen maintained that the administration believes “any attempt—whether it is successful or unsuccessful—to interfere in our elections is an attack on our democracy, is unacceptable, and we will take it very seriously.”
“Without aggressive action on our part to secure our networks, it is only a matter of time before I believe we get hit and hit hard in the homeland,” Nielsen said, adding “with a month until election day, our role in election security has never been more important.”
David A. Wemer is assistant director, editorial at the Atlantic Council. Follow him on Twitter @DavidAWemer.