images

There are still unresolved questions about how widespread the Russian influence or misinformation operation really was during the 2016 presidential election cycle. A lot of what the US government knows is classified and therefore not available to the public or even to many state and local election officials. For example, it's still unclear how successful the hackers were in breaching voter databases across the country and why they were doing it. Was it to alter data? Was it an effort to create confusion and uncertainty over the vote?

The Department of Homeland Security (DHS) is now working to share more information with states, in attempts to reinforce election systems ahead of anticipated Russian cyberattacks heading into 2018's midterms and the 2020 presidential election. But there is more to do as the threat continues to evolve. In early 2018, Democratic leaders in the House of Representatives and the Senate sent a letter to the Republican majority asking for an additional $300 million to “counter the influence of hostile foreign actors operating in the U.S., especially Russian operatives operating on our social media platforms.”1

The FBI and DHS will need as much help as they can get. Unlike previous conflicts with foreign adversaries where the military takes the lead, in this new age of cyberwar the FBI and DHS are on the front lines of the battle. As are state and local election officials who must find a way to coexist with the DHS, because without knowing the underlying intelligence, this is a battle they might not be able to win. The DHS must be willing to share.

In early 2018, state election officials and eight different intelligence agencies came together in a secure DHS facility to talk about preparations for the upcoming midterm elections. But some participants in the meeting left disappointed. One source, who is an election official in one of the states targeted by the Russians in the last election, told me that when they met with federal officials in the secure facility to receive the highly classified information, they were told that they could not discuss what they learned outside of the facility. They were warned that if they did share the information with anyone, it would be a “violation of the espionage act.” But after the briefing they were underwhelmed: “They didn't tell us anything we hadn't already read in the New York Times.”2

Many local and state officials have been offered federal security clearances but still have yet to complete the paperwork because it takes nine to fourteen hours to fill it out. The delays securing elections systems are evident both at the federal and state level. This is not a well-oiled machine. DHS officials say, “Building any kind of trusted relationship takes time, particularly one that involves multiple partners at the federal, state, and local levels.”3 They insist that they are working to improve in sharing cyber-threat information with the states.

While the Russians appear to be operating at peak efficiency with their multipronged attack, the United States seems to be sputtering along, perhaps heading for another Election Day hangover and wondering what Russia just did to cast doubt on the results. In late February 2018, the outgoing top cyber commander was asked what had been done and what was being done to strike back at the Russians. NSA director Mike Rogers said, “We're taking steps, but we're probably not doing enough.”4 Democratic senator from Missouri Claire McCaskill angrily asked, “I want to know why the hell not? What's it going to take?” Rogers replied, “Ma'am, I'm an operational commander, ma'am. You're asking me a question that's so much bigger than me.”5 Rogers wasn't the only one who had not been ordered to counter the Russian attack by the White House. Earlier that same month, FBI director Christopher Wray responded to a similar question with a now familiar answer. He had not been directed by the president to stop Russian cyberattacks either.6

Several of my sources who have been tasked with securing elections tell me that, even without leadership on this issue from the White House, voters should rest assured that since the 2016 election there have been numerous security upgrades to their systems. Some states have introduced multifactor passwords, paper trails, and they have even hidden data behind layers of security.

But look around America today. The Russia investigation has led to guilty pleas and indictments as well as suspicions about a president who calls the investigation a “hoax.”7 The curtain has been pulled back on the pitfalls of social media and how vulnerable it is to manipulation to the point that it's difficult to separate what's real from what's fake. Our divisions have been amplified. Whether it's about race, guns, or politics, we're at each other's throats.

Americans may share the blame for where we are now, but the Russian influence operation made the situation worse. Vladimir Putin and his intelligence operatives have, at the very least, succeeded in “softening” the ground for further destructive attacks. But the next round may not unfold the way we think it will. It may just be a guy on YouTube. Michael Daniel, who was special assistant to President Obama and cybersecurity coordinator on the National Security Council Staff, told me that in 2016 one of the “worst-case scenarios” White House officials kicked around involved a “patriotic Russian” hacking into a voting machine and then claiming what he/she had done in a post on YouTube or Facebook.8 All the hacker would have to say is, “We have done this one hundred thousand times across the United States.” Even if they hadn't, the misinformation alone would be enough to sow doubt and distrust in democracy as we know it.

Where you see wrong or inequality or injustice, speak out, because this is your country. This is your democracy. Make it. Protect it. Pass it on.

—Thurgood Marshall