The Russians are coming…again
Intelligence officials warn that Russia hasn’t stopped interfering with U.S. elections. Are we still vulnerable?
What are the Russians doing?
The Kremlin is waging a coordinated campaign to influence and disrupt U.S. elections in order to create doubt about their legitimacy and further divide and weaken the country. Russian hackers have already been detected trying to infiltrate the computer systems of at least three congressional campaigns, including that of Sen. Claire McCaskill of Missouri, one of the Senate’s most vulnerable Democrats. The Russians also appear to be continuing to run influence and disinformation campaigns on social media using fake online accounts designed to inflame America’s political divisions. Facebook revealed last week that it has shut down at least 32 fake accounts with at least 300,000 followers. Intelligence officials have warned that the Russian government could also launch cyberattacks on the country’s voting systems, which it began probing during its campaign to interfere in the 2016 election. “These actions are persistent, they are pervasive, and they are meant to undermine America’s democracy,” said Dan Coats, the director of national intelligence. “The warning lights are blinking red.”
Have election systems been made secure?
No. America’s outdated election infrastructure offers ample targets for hackers. Forty-one states use voter registration databases built more than a decade ago, with many vendors no longer tracking vulnerabilities or providing security updates. Hackers could potentially delete or change voter registration records, or simply shut down some machines in key precincts, creating chaos and doubt about the validity of results. Fully electronic voting machines, where no paper record is generated, are still used in 14 states. In April, J. Alex Halderman, a professor of computer science at the University of Michigan, demonstrated to The New York Times how to hack an AccuVote-TSX, a paperless voting machine used in 10 states, to change the votes recorded on it. “If we were criminals and weren’t worried about going to jail, I think my undergraduate computer security class could have probably changed the 2016 result in Michigan,” Halderman said.
What happened in 2016?
Russian hackers targeted 21 states’ election systems during the election, including the battleground states of Florida, Ohio, Pennsylvania, Virginia, and Wisconsin. The hackers were able to penetrate voter registration data in several states, including Illinois, where they stole data on roughly 500,000 voters. There’s no evidence that any records were deleted or changed, or that hackers were able to change actual vote tallies. But they were clearly probing weaknesses.
How did the U.S. respond?
The White House learned from the CIA in August 2016 that the Russian government was actively working to bolster Donald Trump’s candidacy and hurt Hillary Clinton. But the Obama administration struggled to find ways to push back. Homeland Security Secretary Jeh Johnson warned state election officials and offered federal assistance, but was rebuffed by Republican secretaries of state, who saw it as federal encroachment. At a September 2016 summit, President Obama personally confronted Russian President Vladimir Putin, saying, “Cut it out,” and warning that there would be consequences if Russia continued hacking. The White House also pushed for a bipartisan statement publicly condemning Moscow and urging states to accept federal cybersecurity assistance. But Republicans balked, with Senate Majority Leader Mitch McConnell reportedly expressing skepticism about the intelligence community’s findings. The White House decided against further concrete action, out of fear it would be seen as a partisan attempt to embarrass Trump and throw the election to Clinton. “It is the hardest thing about my entire time in government to defend,” a senior Obama administration official told The Washington Post last year. “I feel like we sort of choked.”
What’s been done since?
After the election, the lame-duck Obama administration designated election systems “critical infrastructure,” giving local election officials access to Homeland Security resources usually reserved for hospitals, power plants, and financial institutions. So far, at least 33 states have asked for assistance in assessing voter registration systems. Congress approved $380 million in election security funding in March to help states upgrade their election infrastructure, but some states say it’s not nearly enough. By way of contrast, Congress approved $3.6 billion in 2002 to help states replace the punch-card voting machines at the center of the disputed 2000 election.
What should be done?
Election security experts say there are several basic steps needed to protect the vote. In an open letter to Congress, 103 computer scientists last year outlined a series of recommendations, including replacing all paperless voting machines, setting minimum security requirements for voter registration systems, and conducting post-election audits. Nonetheless, the Senate last week blocked $250 million in additional election security funding, and many states will not have the recommended defenses in place this November. If control of the House or Senate is decided by just a few seats, hackers could undermine the entire 2018 elections by casting doubt on the results in just a handful of races. “We know what to do,” said cybersecurity analyst Bruce Schneier. “It’s not a matter of figuring out the tech. The problem is our political system.”
International election meddling
The United States is only one front in a worldwide campaign of Russian election interference. Researchers at the University of Toronto have documented 16 electoral interventions linked to Russia since 2015. Nine of those elections led to results that favored the Kremlin’s strategic interests, including Britain’s 2016 vote to leave the European Union. In the run-up to the Brexit referendum, more than 150,000 Russia-linked bots posted tens of thousands of English-language messages urging voters to vote “Leave.” Arron Banks, the Leave campaign’s biggest donor, is also facing questions over his ties to Russian business interests that may have rewarded him financially for his efforts. Hackers linked to Russia have also targeted pro–European Union politicians in Norway, Germany, France, and other countries. “It’s pragmatic,” said Scott Borg, whose cybersecurity firm U.S. Consequences Unit tracks Russian attacks. “The benefits are so great they are willing to take risks. If you can greatly diminish NATO or undermine U.S. relations with Europe, it’s worth it to them.”