The release of Special Counsel Robert Mueller’s report has generated pitched debate over whether it vindicates President Donald Trump or damns him. But lost in this partisan fight is one of the investigation’s most important findings: its detailed documentation of Russia’s interference in the 2016 U.S. presidential election, which Mueller concluded was “sweeping and systematic.” If Democrats and Republicans cannot unite to take action against this threat to U.S. national security, they will leave Americans vulnerable to further attacks. Luckily, there are clear steps policymakers can take to secure American democracy—but they will require bipartisan leadership.

WHAT MUELLER FOUND

Mueller’s investigation found that the Russian government carried out a sustained campaign to interfere in the election, undermine trust in democracy, and “provoke and amplify political and social discord.” Mueller determined that the effort included a disinformation and social media campaign reaching more than 100 million Americans online, and using digital platforms to organize dozens of rallies offline. The effort also included computer hacking operations by Russian military intelligence to penetrate campaign operations in order to gather and disseminate information to influence the election and to target state and local election systems. Mueller’s investigation led to the indictment of 12 Russian military intelligence officers and of the Internet Research Agency and associated companies and individuals. Russia’s operations targeted politicians and activists across the political spectrum, from the Black Lives Matter movement to Republican Senator Ted Cruz of Texas.

Mueller’s report adds detail to other inquiries, including bipartisan congressional probes and other Justice Department investigations. Those investigations have highlighted the continuous and wide-ranging nature of Russia’s interference efforts. Last July, the Justice Department charged Russian national Maria Butina with operating as an unregistered foreign agent and attempting to influence U.S. political figures. In October, it charged a bookkeeper working for the IRA with facilitating Russian information operations before the 2018 midterm elections. Mueller reported that Russian cyber operators scanned more than two dozen states’ election websites for vulnerabilities, and the Department of Homeland Security (DHS) revealed that the Russian government conducted “malicious or suspicious cyber activity” in 21 states in the run-up to the 2016 election.

While Democrats and Republicans bicker over what happened in 2016, authoritarian interference continues largely unchecked.

Mueller’s investigation of Russia’s interference campaign was a law enforcement effort—but the attack on U.S. democracy is a national security issue, demanding a national security response. So far, that response has largely failed to materialize. Partisans have conflated Russia’s actions with the question of collusion, undermining efforts to fight authoritarian interference operations and fueling public skepticism about Russia’s actions. Russia itself has fanned the flames, using IRA accounts masquerading as progressives or conservatives to promote divisive content related to Mueller’s investigation. The public is split along partisan lines over the question of whether Russia interfered at all: in an Ipsos poll last year, a majority of Democrats said that it did; only a minority of Republicans agreed. The United States will never muster a whole-of-society response if the whole of society doesn’t first acknowledge the problem.

While Democrats and Republicans bicker over what happened in 2016, authoritarian interference continues largely unchecked. In January, FBI Director Cristopher Wray warned Congress: “Not only have the Russians continued [their interference campaign] in 2018, but we’ve seen indications that they’re continuing to adapt their model and that other countries are taking a very interested eye in that approach.” China has used financial, economic, and information tactics to interfere in political processes in Australia and New Zealand, and the U.S. intelligence community has warned that it might do the same in the United States. Iran has spread pro-regime and anti-American content through fake accounts on social media. Even U.S. partners such as Qatar, Saudi Arabia, and the United Arab Emirates have hacked one another as well as in some cases, U.S. citizens, and weaponized (potentially altered) information in leaks to U.S. media outlets in an effort to influence U.S. policy debates.

MISSED OPPORTUNITIES

So far, the partisanship surrounding Mueller’s investigation has stymied prospects for meaningful policy change. Lawmakers introduced a dozen bipartisan pieces of legislation aimed at curbing foreign interference in U.S. democracy in the last Congress and several have reintroduced their bills in the current one, but none have become law. The Senate Select Committee on Intelligence has conducted a bipartisan investigation into Russian interference. It held substantive hearings examining cyber threats to U.S. election systems and foreign manipulation of social media, commissioned expert reports on Russian activities to undermine U.S. democracy, and released specific—but as yet unimplemented—recommendations for securing election systems. Other related issues, such as the need to strengthen financial transparency, have also gone unaddressed. As detailed in Mueller’s report and the Butina case, opaque financial activity is a key way that malign foreign influence makes itself felt in the United States. Lawmakers should close loopholes allowing anonymous political advertising online, require companies to disclose their owners, better track real estate purchases nationwide, and more stringently enforce requirements that people acting as foreign agents register publicly.

At the other end of Pennsylvania Avenue, the Trump administration has taken some steps to counter foreign interference. DHS now shares more information on threats with state and local election officials, and it has created task forces on election security and foreign influence (although it has reportedly scaled back the latter). DHS and law enforcement now share threat information with tech companies on an ad hoc basis, helping the companies remove information operations on their platforms. The Department of Justice has laid out an approach to countering foreign interference by investigating, exposing, and prosecuting adversaries engaging in such activity. U.S. Cyber Command’s reported move to cut off the IRA’s Internet access on the day of the 2018 midterm elections was a step in the right direction, even if it was too little, too late.

This patchwork of efforts is far from sufficient. Like the 9/11 attacks before them, Russia’s operations in 2016 revealed major—and as yet unaddressed—weaknesses in coordination among government agencies and different levels of government. Identifying and countering information operations falls to several different agencies which do not coordinate well; cyber attacks and information operations continue to be handled in separate silos. State and federal officials also continue to have communication gaps about threats to election systems. Most recently, Florida officials’ expressed shock at Mueller’s report that Russian hackers compromised a Florida county network in advance of the 2016 election and reported difficulty obtaining information from the FBI about Mueller’s findings. Trump signed an Executive Order in September 2018 warning of penalties for foreign interference, but the administration’s failure to impose the threatened sanctions on Russia for its continued interference risks emboldening Russia and encouraging other countries to interfere similarly without fear of repercussions.

As we wrote last year, technology companies must also play a role in countering foreign manipulation of their platforms. Although the big companies have taken some action, many efforts have focused more on improving their public images than addressing the underlying problem. Russian information operations employ content that is often not demonstrably true or false, so a focus on fact-checking instead of modifying engagement-focused algorithms that reward the outrageous content that drive these operations results in a cosmetic approach that achieves little that is concrete. Meanwhile, Congressional hearings with tech executives have revealed little more than many members’ thin understanding of technology. And partisan attention to supposed bias against one side or the other online has crowded out discussion of the national security threats with which Silicon Valley is grappling.

In the absence of U.S. leadership, other countries are setting the agenda on digital policy. Australia, Germany, the United Kingdom, and others have proposed or passed legislation to address disinformation and other problematic online activity, but their focus on removing ill-defined problematic content risks impinging on speech. That outcome must please Beijing and Moscow, which have long-sought to control information online. Unless Washington provides thoughtful, united leadership, U.S. tech companies will continue to fall short of real solutions and other governments will set norms and rules at odds with U.S. interests and values.

A TIME FOR LEADERSHIP

The United States cannot afford to wait any longer. Chris Krebs, the Director of the Cybersecurity and Infrastructure Security Agency, put it in stark terms when he told Congress in March, “I know what [the Russian government] did in ‘16. I know what they tried to do in ‘18. What will they do in 2020? That’s what keeps me up at night.”

Now that we know more than ever about Russia’s actions in 2016, Mueller’s report should bring leaders of both parties together to defend U.S. democracy. Congress should pass measures to secure election systems, enforce the same standards for online political advertising as apply offline, set consequences for any foreign group or country that interferes in U.S. democracy, and tighten anti-corruption measures. It should also work with the executive branch to create a hybrid threat center to coordinate analysis of such threats across the intelligence community, and require the White House to designate a policy coordinator for the issue on the National Security Council staff.

The President and senior officials should send deterrent warnings to U.S. adversaries and impose consequences for interference operations. Elected leaders of all political persuasions and at all levels—from the President and his cabinet to members of Congress and local officials—should send a clear and consistent message to the American people about the nature of the threat. The administration should also coordinate with U.S. allies that face similar threats. And political parties and candidates running for office should publicly pledge not to use weaponized information obtained through hacks or other illicit means.

When it comes to Silicon Valley, policymakers need to address underlying issues that manipulators exploit, including by crafting legislative frameworks for data protection and online transparency that also protect speech. They should also create formal mechanisms for law enforcement and tech companies to share information and remove malicious users. Nascent efforts by Senators Mark Warner and Marco Rubio to work with the intelligence community and tech executives to share declassified information on the threat posed by China’s actions provides a model of bipartisan engagement between government and tech companies.

The facts about Russia’s interference in U.S. elections are now better known, thanks in part to the Mueller investigation. Now it falls to political leaders to put aside partisanship to protect U.S. democracy.