The report is the first of five volumes set to be released. It is centered around Russia's targeting of American election infrastructure.
And while the report makes clear that it found no evidence to suggest that any actual vote tallies were changed in a way that would affect the outcome of the 2016 election, it details a more expansive foreign effort to "intrude" into the election system than has previously been revealed.
"The Russian government directed extensive activity, beginning in at least 2014 and carrying into at least 2017, against U.S. election infrastructure at the state and local level," the report said as its topline finding. "Election infrastructure" here is designated quite broadly, referring to "storage facilities, polling places, and centralized vote tabulation locations [...] registration databases, voting machines, and other systems."
"The Committee has seen no evidence that any votes were changed or that any voting machines were manipulated," it added.
Much of the report is redacted.
According to the committee, it is not entirely clear what Russia's intent was in targeting election infrastructure given that it does not appear to have actually intervened in this way to influence the result.
"Russia may have been probing vulnerabilities in voting systems to exploit later," the committee wrote. "Alternatively, Moscow may have sought to undermine confidence in the 2016 U.S. elections simply through the discovery of their activity."
In June of 2016, the report noted, Russian actors breached Illinois' voter registration database. While the hackers don't appear to have made any alterations — alterations which could, theoretically, completely distort who is allowed to vote in crucial elections — the report said that "Russian cyber actors were in a position to delete or change voter data." It's possible that, while the Russia government could have taken this step, it feared that the potential retaliation for doing so would have been extreme.
Previous reporting had revealed that the Russian government had apparently targeted U.S. election infrastructure, but the number of states that were actually subject to these cyber attacks was unclear, as LA Times reporter Chris Megerian noted. Some reports had suggested that as many as 21 states were targeted. (Mueller reported that the FBI concluded the GRU, a Russia intelligence agency, had successfully accessed the "network of at least one Florida county government.")
But Michael Daniel, a former assistant to the president and cybersecurity coordinator, told the committee "by late August 2016, he had already personally concluded that the Russians had attempted to intrude in all 50 states, based on the extent of the activity and the apparent randomness of the attempts."
"My professional judgment was we have to work under the assumption that they've tried to go everywhere, because they're thorough, they're competent, they're good," he said.
The committee added: "Intelligence developed later in 2018 bolstered Mr. Daniel's assessment that all 50 states were targeted."
So how safe should Americans consider their election systems? The committee concluded that, while the Department of Homeland Security has made strides to address the problem, significant vulnerabilities remain:
In the face of this threat and these security gaps, DHS has redoubled its efforts to build trust with states and deploy resources to assist in securing elections. Since 2016, DHS has made great strides in learning how election procedures vary across states and how federal entities can be of most help to states. The U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and other groups have helped DHS in this effort. DHS's work to bolster states' cybersecurity has likely been effective, in particular for those states that have leveraged DHS's cybersecurity assessments for election infrastructure, but much more needs to be done to coordinate state, local, and federal knowledge and efforts in order to harden states' electoral infrastructure against foreign meddling.
There's another troubling aspect of the report. Sen. Ron Wyden (D-OR) issued his own minority opinion, meaning that it was not shared with the rest of the committee, which urged that federal action is needed to secure elections and that local governments cannot be left to fend for themselves:
If there was ever a moment when Congress needed to exercise its clear constitutional authorities to regulate elections, this is it. America is facing a direct assault on the heart of our democracy by a determined adversary. We would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army. We shouldn't ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia's cyber army. That approach failed in 2016 and it will fail again. The federal government's response to this ongoing crisis cannot be limited offers to provide resources and information, the acceptance of which is voluntary. If the country's elections are to be defended. Congress must also establish mandatory, nation-wide cybersecurity requirements.
No comments:
Post a Comment