DOJ Announces New Cybersecurity Task Force

Yesterday, Attorney General Jeff Sessions announced the creation of a new cybersecurity task force at the Department of Justice:

Attorney General Jeff Sessions has ordered the creation of the Justice Department’s Cyber-Digital Task Force, which will canvass the many ways that the Department is combatting the global cyber threat, and will also identify how federal law enforcement can more effectively accomplish its mission in this vital and evolving area. 

“The Internet has given us amazing new tools that help us work, communicate, and participate in our economy, but these tools can also be exploited by criminals, terrorists, and enemy governments,” Attorney General Sessions said.  “At the Department of Justice, we take these threats seriously.  That is why today I am ordering the creation of a Cyber-Digital Task Force to advise me on the most effective ways that this Department can confront these threats and keep the American people safe.” 

The Task Force will be chaired by a senior Department official appointed by the Deputy Attorney General [Rod Rosenstein] and will consist of representatives from the Department’s Criminal Division, the National Security Division, the United States Attorney’s Office community, the Office of Legal Policy, the Office of Privacy and Civil Liberties, the Office of the Chief Information Officer, the ATF, FBI, DEA, and the U.S. Marshals Service. . . . The Task Force will be responsible for issuing a report to the Attorney General by the end of June.  

The Attorney General has asked the Task Force to prioritize its study of efforts to interfere with our elections; efforts to interfere with our critical infrastructure; the use of the Internet to spread violent ideologies and to recruit followers; the mass theft of corporate, governmental, and private information; the use of technology to avoid or frustrate law enforcement; and the mass exploitation of computers and other digital devices to attack American citizens and businesses.  The scope of the Task Force’s report is not limited to these categories.

Attorney General Sessions realizes that, despite the media attention on alleged Russian meddling in the 2016 election (and indeed, almost every story on this task force has a headline about its study of efforts to interfere with our elections), the cybersecurity threat America faces from bad actors is much broader.  As he says in the memorandum creating the task force, after noting the pervasiveness of technology in the modern world:

Indeed, the scale of this cyber threat, and the range of actors that use cyber attacks and intrusions to achieve their objectives, have grown in alarming ways. . . . Most of the pressing cyber threats that our nation faces transcend easy categorization.  

We look forward to seeing this task force's report.  Unlike many efforts championed by the liberals to respond to allegations of Russian interference in the 2016 election, it will provide guidance and potential solutions that are helpful to state and local election officials without usurping their important role in election administration, will complement the important cybersecurity work being done by election officials, will not create a new permanent federal bureaucracy, and will not limit law-abiding Americans' rights on the Internet.   

DHS Responds to Media's Sensationalism on Russian Election Interference

Last week, NBC News ran a "news" story that was picked up by other outlets about how the Russians had penetrated U.S. voter systems.  The only problem?  This "news" was released last summer, when National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications Jeanette Manfra testified before Congress about attempts to access state voter registration systems.  Today, Ms. Manfra issued an official statement rebuking NBC News' misleading reporting:

“Recent NBC reporting has misrepresented facts and confused the public with regard to Department of Homeland Security and state and local government efforts to combat election hacking. First off, let me be clear: we have no evidence – old or new - that any votes in the 2016 elections were manipulated by Russian hackers. NBC News continues to falsely report my recent comments on attempted election hacking – which clearly mirror my testimony before the Senate Intelligence Committee last summer – as some kind of “breaking news,” incorrectly claiming a shift in the administration’s position on cyber threats. As I said eight months ago, a number of states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure. In the majority of cases, only preparatory activity like scanning was observed, while in a small number of cases, actors were able to access the system but we have no evidence votes were changed or otherwise impacted. 

"NBC’s irresponsible reporting, which is being roundly criticized elsewhere in the media and by security experts alike, undermines the ability of the Department of Homeland Security, our partners at the Election Assistance Commission, and state and local officials across the nation to do our incredibly important jobs. While we’ll continue our part to educate NBC and others on the threat, more importantly, the Department of Homeland Security and our state and local partners will continue our mission to secure the nation’s election systems. 

"To our state and local partners in the election community: there’s no question we’re making real and meaningful progress together. States will do their part in how they responsibly manage and implement secure voting processes. For our part, we’re going to continue to support with risk and vulnerability assessments, offer cyber hygiene scans, provide real-time threat intel feeds, issue security clearances to state officials, partner on incident response planning, and deliver cybersecurity training. The list goes on of how we’re leaning forward and helping our partners in the election community. We will not stop, and will stand by our partners to protect our nation’s election infrastructure and ensure that all Americans can have confidence in our democratic elections.”

Similarly, DHS spokesman Tyler Houlton tweeted:

The repeated inaccurate reporting by @NBCNews that government officials stand idly by is a disservice to every state and local election official across this great nation.

The National Association of Secretaries of State (NASS) and National Association of State Election Directors (NASED) both issued statements correcting the facts of the "Russian hacking" narrative.

The facts are worth repeating here, given that the media wishes to newly sensationalize this story, perhaps fearing that the "Russians stole the election" narrative is collapsing.  1. There is no evidence that any votes were changed or even that any vote tallying systems were accessed.  2. There were scans or attempted hacks of 21 state systems, some of which were not even voter registration systems but other state systems like Department of Transportation systems.  3. Only one state voter registration system was accessed, that of Illinois, and no records were changed.  

As all these people and organizations point out, there are real cybersecurity concerns facing election officials across the country, and election officials are working hard to secure their systems against the latest threats.  The media is quick to sensationalize the issue, such as when DEF CON's efforts to hack electronic voting machines was major news last year, in the interest of clicks and page views, but America is ill-served by the "Russian hacking" narrative.  It feeds liberals' anti-speech agenda, undermines confidence in our election system (which, despite the threats, is remarkably secure), and ignores the hard work that election officials are doing to ensure that our elections are secure.

Improvement But Concerns Remain About DHS's Role in Our Election Process

There is a push in some quarters to have a larger role for the Department of Homeland Security in our elections.  Last Friday, once again, news came out that should cause all to pause in consideration of such an idea. 

The Department of Homeland Security said earlier this year that it had evidence of Russian activity in 21 states, but it failed to inform individual states whether they were among those targeted. Instead, DHS authorities say they told those who had "ownership" of the systems — which in some cases were private vendors or local election offices.

To be clear, the Trump Administration Department of Homeland Security (DHS) has been better than the Obama Administration DHS.  At least they are telling people what is happening. 

"Most importantly, DHS acknowledged that they had contacted the wrong people at the state level and will rectify that going forward by communicating with each state's chief election officials," says [National Association of Secretaries of States] spokesman Stephen Reed. "Finally finding out this information from DHS allows the chief elections officials to move forward on this matter."

However, this whole process calls into question and continues to raise concerns about what a future DHS may do.  It bears remembering that the Obama DHS when considering how to counter a Russian hacking threat drew up plans that included sending armed law enforcement agents to polling places.  As Time magazine reported earlier this year:

President Obama’s White House quietly produced a plan in October to counter a possible Election Day cyber attack that included extraordinary measures like sending armed federal law enforcement agents to polling places, mobilizing components of the military and launching counter-propaganda efforts.

While all can agree that DHS is doing better, serious concerns remain about a larger role in elections for DHS going forward, such as with the designation of election systems as critical infrastructure.  

Concerns with Klobuchar-Graham Election Security Amendment

Democratic Senator Amy Klobuchar of Minnesota and Republican Senator Lindsey Graham of South Carolina have co-sponsored an amendment to the National Defense Authorization Act providing for federal funding for state election security measures.  While the security community has embraced this amendment, and we thank Sen. Graham for taking the problem of election security seriously in a way that attempts to respect state power, we have some concerns about this measure:

• It is a serious amendment of the Help America Vote Act (HAVA) that should be approached carefully, and the process should include hearing where various stakeholders testify.
• It places enormous new responsibilities on the Election Assistance Commission (EAC), an agency which has struggled to fulfill its existing mandate and operate its existing advisory boards, which faces a budget crisis, and which may not have the authority to accomplish what the amendment requires.
• The EAC already accomplishes many of the functions in this amendment, but the amendment adds more bureaucracy and spends more money to do it.  It is an enormous aggregation of federal power.
• It formalizes the role of the Department of Homeland Security and the Executive Branch to set standards, which the states are required to meet to receive federal funding.  Currently, the EAC is the only federal standard-setting standard entity for elections, and it is an independent agency.
• An existing voluntary program to certify voter registration systems appeared to be working well, aside from DHS withholding important security information from the states last fall.  States are agreeing to this new measure because they are already doing these things on a voluntary basis and need the funding, but a voluntary program and a mandatory (at least, from the perspective of funding) program are vastly different in terms of who is controlling the election security standards and systems.
• It excludes states that use direct recording electronic (DRE) voting machines.  While there have been some serious problems with DRE machines (and Virginia decertified all DREs in the state last week), DREs are the only machines many localities have and they make voting easier for voters with disabilities.
• It would allow states to implement mandatory voter registration and other progressive reforms with federal funds.

This amendment needs some serious study and input from election administration experts--not just computer, national security, and cybersecurity experts--before it moves forward in the Senate.

Among other burdens placed on the EAC, the amendment requires it and a commission to conduct an investigation of the foreign interference in the 2016 election and the potential for interference in future elections.  An existing commission, the Presidential Advisory Commission on Election Integrity, is already investigating election security and voting machines as part of its mission to study the U.S. election system and what promotes or decreases voter confidence in the system.  The next meeting of the commission is tomorrow, from 10:00 AM to 4:00 PM Eastern.  RNLA will be live-tweeting the meeting.

The Truth About Hacking Election Machines

RNLA's Executive Director Michael Thielen wrote today in the Daily Caller about one of the hot stories of this week, how hackers were able to gain access to voting machines at the DEF CON conference.  While this made for sensational headlines, the truth is a little more nuanced:

The first and most obvious problem is hacking the machines required physical access and proximity.  One of the beauties of partisan poll watchers, let alone election officials, is they would all notice and immediately raise an alarm if someone were taking a screwdriver to a voting machine or standing close to one for a long period of time. . . . But what about physical access before election day?  States have laws and procedures to physically protect voting machines, and machines are always checked before voting begins to ensure their vote tallies are zero.     

Second, the hacks were done on machines purchased on eBay that were scrapped or decommissioned.  In other words, the hackers proved with sufficient physical access to a machine they could go back in time and hack a prior election.  

So what does this mean?  The elite hackers were not able to change votes or gain access to the machines remotely.  Unlike modern light switches, refrigerators, cars, and door locks, voting machines are never connected to the internet. While our current system of voting machines is far from perfect, it would be very difficult for a Russian, a teen techie in his mother’s basement, or a political operative to alter votes for an election. But a possible solution to the problem of hacking could change all this: the federal government’s Department of Homeland Security (DHS) declaring elections “critical infrastructure.”  

Let’s be clear: the word is “could.” The designation of critical infrastructure is very ill-defined, especially as to what DHS has unilaterally asserted jurisdiction over and what it may do about it. At a meeting last month, DHS officials spoke with state officials, but according to Republican Tennessee Secretary of State Tre Hargett, it cleared up nothing and he was “disappointed” by how unprepared the DHS officials were. Democrat California Secretary of State Alex Padilla echoed Hargett in calling the generic quality of the conversation “disappointing,” as it was months after the designation and DHS officials could not provide details.

As Thielen points out, while real threats to the security of our elections exist, the mainstream media's hysteria over election hacking, reignited this week, and the Department of Homeland Security's designation of elections as critical infrastructure do not help election officials do their important job and further erode the American people's confidence in our election system.

Election Integrity Commission Seeks Input from States

After Vice President Pence announced that the Presidential Advisory Commission on Election Integrity would hold its first meeting on July 19 and that all meetings of the commission will be open to the public, Commission Vice Chair Kris Kobach sent a letter to state election officials asking how the Commission can best help the states:

As the Commission begins it work, I invite you to contribute your views and recommendations throughout this process. In particular: 

1. What changes, if any, to federal election laws would you recommend to enhance the integrity of federal elections? 

2. How can the Commission support state and local election administrators with regard to information technology security and vulnerabilities? 

3. What laws, policies, or other issues hinder your ability to ensure the integrity of elections you administer? 

4. What evidence or information do you have regarding instances of voter fraud or registration fraud in your state?  

5. What convictions for election-related crimes have occurred in your state since the November 2000 federal election? 

6. What recommendations do you have for preventing voter intimidation or disenfranchisement? 

7. What other issues do you believe the Commission should consider? . . .

On behalf of my fellow commissioners, I also want to acknowledge your important leadership role in administering the elections within your state and the importance of state-level authority in our federalist system. It is crucial for the Commission to consider your input as it collects data and identifies areas of opportunity to increase the integrity of our election systems.

This Commission, recognizing the unique role and power of the states in our federalist election system, has given the states the unprecedented opportunity to have input in the Commission's focus and goals.  With the past two presidential election commissions, the chairmen determined the focus and goals.  But the left has responded with its tired refrain of voter suppression and Democrat secretaries of state have already declared they are going to resist any requests from the commission to help make their voting systems better.  

These questions are mostly non-controversial.  They ask for information and opinions and are not partisan or political on their face.   Question two even provides an opportunity for Democrat state officials to opine on the threat that Russian interference posed to last year's election, one of the left's current favorite narratives.  For the questions that are controversial such as those on vote fraud, this provides an opportunity for election officials to make their case denying it is a problem.   

Further, question seven gives an open-ended opportunity for an official who thinks elections are anything less than perfect.  

This shows the political and disingenuous nature of those opposing the report, for they literally have the opportunity to influence what both what the Commission studies and the recommendations it makes. If Democrats aren't willing to provide their opinion on election issues when asked, they will have very little credibility to criticize the Commission's report when it is released.    

Instead of engaging in a bipartisan, federal-state dialogue about how to make American elections better, they are sadly and reflexively resisting the Commission and missing the opportunity to have their voices heard to make elections more open, fair, and honest.

Does the Real Election Interference Involve the Democrats?

In May, RNLA Executive Director Michael Thielen recounted the Obama administration’s long held propensities for election tampering, the latest effort being the DHS’s bid under former Secretary Jeh Johnson to infiltrate numerous state election voter databases during the 2016 election cycle.

Johnson testified last week before the Senate Intelligence Committee, however, that, even though he did not believe that “votes were altered or suppressed in some way,” his organization did not report on potential Russian hacking for the sake of non-partisanship.

David Warrington, RNLA Vice President for Election Education, highlights the Democratic Party’s herculean attempt during this hearing to scapegoat anyone else for its own illegal forays into elections:

Leaving aside for a minute that Russia ‘hacking’ the 2016 election is a wildly inaccurate portrayal of Russia's digital meddling — which to date are only allegations, nothing proven — there's likely another reason Johnson wasn't quick to cry foul: some of the known, legitimate attempts to hack into state election databases were perpetrated by Johnson's own organization, the Obama-led DHS.

DHS is not alone.  As we detailed Friday, even Democrats are raising questions of interference with the election regarding Obama Administration Attorney General Loretta Lynch. What does all this mean?  As Warrington concludes the continued fixation on Russia:

They are little more than an attempt to protect the previous administration from being exposed as election meddlers, albeit unsuccessful ones. But Hillary Clinton's leaked emails, which showed the Democratic National Committee colluding with her campaign to ensure she won the nomination over Bernie Sanders, have already proven that meddling in democratic processes is a strategy the left employs to win. 

Partisan politics in the end is driving this Russia hacking myth. And as Michael Thielen put it, “the reality is that there’s more evidence linking a US federal agency under Obama to state election hacking than there is linking Russia to the presidential election.”

The Russian Distraction

Both houses of Congress held hearings today on Russian interference in the 2016 election.  What did we learn?  Not much.  Obama's Secretary of Homeland Security Jeh Johnson testified before the House Permanent Select Committee on Intelligence.  A variety of officials testified before the Senate Select Committee on Intelligence.  

Indiana Secretary of State, incoming President of the National Association of Secretaries of State (NASS), and member of the Presidential Advisory Commission on Election Integrity, Connie Lawson, testified to separate fact from fiction in the Russia hysteria (and warn about the problems with the Department of Homeland Security's designation of election systems as critical infrastructure) (emphasis in original):

As Senator Warner noted in a letter sent yesterday (June 20, 2017) to Homeland Security Secretary Kelly, we have not seen any credible evidence that vote casting or counting was subject to manipulation in any state or locality in the 2016 election cycle, or any reason to question the results. While still alarming, there is a big difference between manipulating VOTERS and manipulating VOTES.  

Here is what chief state election officials know about documented foreign targeting of state and local election systems in the 2016 election cycle, as confirmed by DHS: No major cybersecurity issues were reported on Election Day: November 8, 2016. . . . We also learned that foreign-based hackers were able to gain access to voter registration systems in Arizona and Illinois last summer, prompting the Federal Bureau of Investigation (FBI) to warn state election offices to increase their election security measures for the November 2016 election. To our knowledge, no data was deleted or modified as part of the breaches, and these are not systems involved in vote tallying. . . . Of course, in more recent days, we have learned from a top-secret NSA report that the identity of a company providing voter registration support services in several states was compromised, and some 122 local election offices received spear phishing emails as a result. . . .  

While there is clearly a pattern of foreign targeting of election systems in the last cycle, it is also very important to underscore that voting machines are not connected to the Internet or networked in any way. I say this not only for the benefit of this Committee, but for the media as well. We must understand how to label, describe and discuss election infrastructure responsibly and accurately when informing the public about elections, because there has been a great deal of misinformation publicized, including statements from the federal government. . . It is gravely concerning that election officials have only recently learned about the threat referenced in the leaked NSA report, especially – and I emphasize this – given the fact that DHS repeatedly told state election officials no credible threat existed in the fall of 2016. 

The media's and Democrat's continued focus on Russian interference in the 2016 election is distracting the nation from addressing some of the important issues facing it, as even Democrats are starting to realize.  Indeed, it is even distracting election officials from important work to address real cybersecurity concerns, such as the actual penetration of voter registration systems by both Russia and the DHS.  With every new revelation and in every new hearing, the same facts are established: no vote was changed through hacking by Russia or any other person or entity; there is no evidence of Trump campaign or administration collusion with Russia; Russia and DHS did hack or attempt to hack voter registration systems, but no voter records were changed; and Russia has long attempted to influence U.S. elections, just as the U.S. attempts to influence elections in other countries.  

Chillingly, the unswerving focus on Russia means that Russia has won, according to some observers:

Some Russia-watchers believe that the goal of the 2016 Russian campaign shenanigans was not to elect Trump but to damage Clinton before her election. That would make a certain kind of sense: Putin does not want a President Trump or a President Clinton — he wants an American president so hamstrung by political rancor, personal weakness, and petty venality that American leadership around the world is compromised. 

Mission accomplished. 

“Russia” is now shorthand for what will be an open-ended investigation of Trump and everybody around him, one that probably will last throughout his term. That may not have been part of Putin’s plan, but it unquestionably serves Putin’s interests. That is something worth keeping in mind.

We hope that Democrats and the media can put aside this hysteria over Russia to focus on real policy issues and the actual threats to election security that come from places like Russia.