As ballot counting continues in states across the country and potential election fraud is being flagged and litigated, we are thankfully not hearing about another form of election meddling; namely, foreign interference.
Such interference, particularly from Russia, was a frequent claim in the 2016 presidential election. Government at the federal, state, and local levels have learned from 2016 and were better prepared for the 2020 election.
We know this because we are not hearing “Russia, Russia, Russia” from politicians or the media this time.
In 2018, President Donald Trump declared a national emergency and sanctions authority to deal with any national security threat of foreign interference in U.S. elections, including through the “unauthorized accessing of election and campaign infrastructure or the covert distribution of propaganda and disinformation.”
In its 2019 report on Russian interference in the 2016 election, the Senate Select Committee on Intelligence found that:
1) Although the Russian government directed extensive activity, beginning in at least 2014 and carrying into at least 2017, against U.S. election infrastructure at the state and local level, there was no evidence that any votes were changed or that any voting machines were manipulated;
2) State election officials were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor;
3) The Department of Homeland Security and the FBI alerted states to the threat of cyberattacks in the late summer and fall of 2016, but the warnings did not provide enough information or go to the right people in the states who administer our election;
4) Cybersecurity for electoral infrastructure at the state and local level was sorely lacking in 2016 (although many state election officials disagree with that assessment). For example, aging voting equipment, particularly electronic voting machines that had no paper record of votes, were alleged to be vulnerable to exploitation by a committed adversary. Despite the focus on this issue since 2016, some of these vulnerabilities remain.
5) DHS has focused its efforts to build trust with states and deploy resources to assist in securing elections (again, however, with limited results, according to some state election officials).
What has changed since the 2016 election?
In January 2017, then-Homeland Security Secretary Jeh Johnson designated election infrastructure to be critical infrastructure. That meant DHS could prioritize its cybersecurity assistance to state and local election officials who request it.
The designation also made it easier for the federal government to have full and frank discussions with key stakeholders regarding sensitive vulnerability information.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which is responsible for election infrastructure security, has been working closely with state and local election officials in all 50 states to secure their election systems.
The Cybersecurity and Infrastructure Security Agency provides actionable information and intelligence to election officials and technical assistance to secure systems, and supports election-focused incident response planning, training, and exercises.
That cooperation among federal, state, and local officials has paid off.
State and local election officials are taking the threat of hacking seriously and have been reporting suspicious activity more often to the Cybersecurity and Infrastructure Security Agency. An agency official explained, “It’s not an actual increase in activity. It’s an increase in awareness and information-sharing across all partners.”
Over the past four years, state election officials were better informed about what cybersecurity issues to look for, what to protect against, and how to mitigate cyber-related issues.
We can also thank the U.S. Cyber Command for taking actions against adversaries the past several weeks to prevent interference in our elections.
Iran, for example, had been sending intimidating emails to American voters in October. Gen. Paul Nakasone, the director of the National Security Agency and U.S. Cyber Command leader, also credits the strong coordination among U.S. agencies, social media companies, private sector firms, academia, the National Guard, and foreign partners for working to secure elections against foreign interference.
Facebook and Twitter have removed foreign accounts targeting U.S. elections, for example, although they have been justifiably criticized for censoring Americans using their platforms to discuss candidates and election issues.
On Wednesday, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said officials had “no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.”
In a politically charged post-election environment, we should be thankful for the cooperation among all levels of government, as well as between government and industry, to remove foreign interference as a factor in our 2020 election.