Midterms may be the 'warm-up' for Russians seeking to target 2020, officials say

Christopher Krebs, undersecretary for the national protection and programs directorate at the Department of Homeland Security (DHS), listens during a Senate Banking Committee hearing in Washington on Aug. 21, 2018. less Christopher Krebs, undersecretary for the national protection and programs directorate at the Department of Homeland Security (DHS), listens during a Senate Banking Committee hearing in Washington on Aug. 21, ... more Photo: Bloomberg Photo By Andrew Harrer Photo: Bloomberg Photo By Andrew Harrer Image 1 of / 1 Caption Close Midterms may be the 'warm-up' for Russians seeking to target 2020, officials say 1 / 1 Back to Gallery

WASHINGTON - In the first national vote since Russia's interference in the 2016 election, U.S. federal and state officials see little evidence that Moscow has attempted the same level of disruption this year, but the relative quiet has made some nervous.

"The midterm is . . . just the warm-up, or the exhibition game," said senior Department of Homeland Security cyber official Christopher Krebs. "The big game, we think, for the adversaries is probably 2020."

Nonetheless, officials have amped up efforts to secure Tuesday's vote.

DHS has created round-the-clock communications channels with election officials in all 50 states, run national tabletop exercises with state and local officials to game out how to respond to possible crises, and at the states' request is monitoring election system network traffic for cyber threats.

Social media companies and political organizations have also strengthened their defenses.

Facebook has doubled to 20,000 the size of its staff monitoring the platform for disinformation, run war games to anticipate threats, and set up a round-the-clock operation so teams can react quickly to incidents such as targeted hate speech - as happened in the recent Brazilian election.

And the Democratic National Committee, which in summer 2016 was hacked by Russian spies, has moved all email to the "cloud," runs regular spear-phishing tests on employees and has mandated that everyone use an encrypted chat app to send messages to one another.

"We're not sleeping," said Raffi Krikorian, DNC chief technology officer. "We're extremely stressed and extremely concerned - any sophisticated attack would fly under our radar. So every day that nothing happens is a day we're stressed out of our minds because we're trying to figure out, 'What are we missing right now?' "

The FBI and DHS have set up task forces on foreign influence. U.S. Cyber Command has signaled directly to Russian trolls and hackers that they had better not interfere. The Treasury Department has imposed sanctions on Russians accused of election interference. Perhaps of most significance, the Justice Department has criminally charged more than two dozen Russian trolls, spies and operatives for seeking to interfere in U.S. elections, including one last month in connection with the midterms, which have raised public awareness of Russia's tactics and its overarching goal: To amplify divisions in American society and undermine U.S. democracy.

But for some, the biggest threat to election security and democracy is not the Russians or even the Chinese, but a deeply polarized society, said Laura Rosenberger, director of the Alliance for Securing Democracy at the German Marshall Fund of the United States.

"When we have political leadership that is fanning flames of division, they are making us much more vulnerable to external impact," said Rosenberger, a former National Security Council official in the Obama administration. "Until we have both political leadership and broader civil society activity to address some of those real divisions in the country, these are going to be vulnerabilities that are ripe for exploitation."

Still, on election infrastructure, the trend overall is toward improvement, officials say.

"We're miles ahead of where we were in 2016," said Matt Masterson, the Department of Homeland Security's point person on election security. "The work we've been able to do with our state and local partners has improved the resilience and security across all 50 states."

The most important difference between then and now, officials said, is communication: between the federal government and state and local officials, between law enforcement and social media companies, and between the public and private sectors and voters.

"In 2016, DHS made a conscious effort to talk to state chief information officers, but those officers weren't always talking to state election officials," said Thomas Hicks, chairman of the Election Assistance Commission, an independent bipartisan panel created after the Florida election debacle of 2000 to improve election administration. "They weren't alerting the right people of the threats."

But now they are, in part thanks to a "government coordinating council" formed with the EAC's help that expedites information-sharing to help election officials learn about security threats quickly.

In late 2016 and early 2017, DHS was eyed warily by some states, which feared its plan to designate elections systems as part of the nation's "critical infrastructure" was a play to extend federal authority.

But today, the critical infrastructure designation is accepted, and all 50 states as well as more than 1,000 local jurisdictions take part in a communications channel run by the Elections Infrastructure Information Sharing and Analysis Center [EI-ISAC], a federally funded body set up in 2017. That includes the state of Georgia, whose secretary of state, Brian Kemp, was an outspoken critic of federal assistance in 2016.

Every Friday for the past several weeks, DHS has held a conference call with 80 to 100-plus election officials, often with participation by the FBI and representatives of election machine vendors, to update them on what threat activity they're seeing. "Even if it's to say we have nothing new to report, they know we're regularly checking in with them," Masterson said.

A number of states have hired more cybersecurity staff or outside vendors to help them, 43 have installed monitors to enable DHS to monitor traffic for threats, and almost half have had DHS conduct risk and vulnerability assessments.

But there are still 13 states using in some or all districts electronic touch-screen machines that are vulnerable to hacking, said Lawrence Norden, deputy director of the Brennan Center for Justice's Democracy Program. There are no federal standards for election infrastructure other than voting machines - and those standards are voluntary. There is little insight into who voting machine vendors hire or their security practices.

"Those are really big areas where we need to be a lot more focused in the next year or two," he said.

Even if no machines are hacked, experts fear that the Russians - or some other mischief-maker - could claim they had hacked into a machine and altered votes, causing confusion.

That's why states have been coached by DHS and national election official associations to be prepared to correct the record promptly.

"Whether it's intentional disinformation or inadvertent misinformation, we respond," Colorado Secretary of State Wayne Williams said. "We monitor social media. We work with our media very well here and we try to get out accurate information."

The social media firms that bore the brunt of the Russian assault have acted more aggressively since 2016 to patrol their platforms. Facebook since 2017 has removed thousands of pages, groups and accounts linked to Russia and Iran from Facebook and Instagram platforms - accounts engaged in "inauthentic" behavior of the sort that might indicate an effort to sow discord.

With China, said Nathaniel Gleicher, Facebook head of cybersecurity policy, "we haven't seen the kind of coordinated information operations that we have from other states."

Facebook has taken measures to make fake accounts harder to create and easier to detect. The Russians and others "need to be more concealed in their identities, which forces them to be more disciplined, which forces them to screw up," Gleicher said.

While the vast majority of divisive and inauthentic content is domestic, he said, "we've also seen indications of foreign actors seeding material, which domestic actors don't realize [is of foreign origin] and pick up."

He said the coordination with the FBI has improved since 2016, when the bureau was not sharing information it had received indicating Russians setting up fake troll accounts. But it's still a challenge. "It's hard simply because information operations are a new kind of threat," said Gleicher, a former federal prosecutor.

In August, Director of National Intelligence Daniel Coats told White House reporters that when it came to propaganda and sowing discord in America, Russia "stepped up their game big-time in 2016. We have not seen that kind of robust effort from them so far."

Part of that is social media companies taking down accounts and forcing the trolls to go to greater lengths to conceal their identities. As a result, said Ben Nimmo of the Atlantic Council's Digital Forensic Research Lab, they've increasingly been reposting divisive memes created by others and trying to spin up protests by directly engaging with Americans from both sides of the political spectrum "to get them out on the street against each other."