Election officials from states spanning New England and the Midwest visited Capitol Hill yesterday with a clear message: Send us more money to help secure the vote.
Yet lawmakers are acknowledging that states probably won’t get more federal funding for election security upgrades anytime soon — which does not bode well for states seeking to upgrade to their systems before an anticipated surge of cyberattacks surrounding the midterm elections. It also could hinder states trying to carefully plan longer-term improvements they hope to make for the next political cycle.
The Secure Elections Act is the main bill senators are pushing to help states respond to the mounting threats. But at this point, senators “will not use this bill to send additional funding to states,” said a Republican Senate aide who spoke on the condition of anonymity so as not to disrupt deliberations about the bill.
Lawmakers are seeking to pass the bipartisan legislation by the fall, and there is broad consensus in the Senate about the need to do more to help states. Although Sen. Amy Klobuchar (D-Minn.), one of the bill’s co-sponsors, said she was exploring ways to get annual election security funding into the legislation, she said it could be difficult before the midterms.
When the bill was introduced in December, it included a $380 million grant program for states to pay for election system upgrades. Congress peeled off that provision and approved it as part of the massive government spending bill President Trump signed in March. Most states are drawing down their shares of those funds now, but election officials and election security experts say it’s just a start — that most states need far more to replace aging voting equipment, hire IT staff and take other steps to secure their networks.
At a Senate Rules Committee hearing Wednesday, Vermont Secretary of State Jim Condos testified that the state plans to use all of the $3 million share of the election security funding it received from Congress. "What we really need is ongoing maintenance, if you want to call it,” he said. “Cybersecurity is an evolving science and it's an evolving practice, and we have continuous needs.”
“Given the costs of regular technology refreshes and support for human resources with cyber capacity, the needed investment is very large,” added Noah Praetz, director of elections in Cook County, Ill., in written testimony. “We need a signal that we can invest now for security and not squirrel away recent money for some future episode.”
Minnesota Secretary of State Steve Simon agreed. He told senators that his state planned to use “every penny” of its $6.6 million share of the funds. A steady stream of additional funding was necessary for buying software and hardware, and implementing cybersecurity recommendations from the Department of Homeland Security and private contractors, he said.
"When DHS and others say 'Great, we’ve done this magnificent overview of your system and here the ten steps or seven steps or 20 steps that we’ve recommended,' very often they have price tags, and so any help we can get on that score is really important," Simon told me after the hearing. “What is fresh and new can become obsolete awfully quickly in this space, which means there will be an ongoing need for resources, wherever those resources come from.”
Klobuchar, who is the top Democrat on the Rules Committee, said that even without funding, other provisions in the legislation would go a long way toward deterring the type of cyberattacks that took place during the 2016 presidential race, in which Russian hackers targeted election systems in 21 states.
“We have to stop admiring the problem . . . We have to start doing things to stop it from happening again, to stop foreign interference in our elections and to show the rest of the world that we’re serious about this,” she said. “Even if you can’t get very penny out there, it sends a message to our adversaries that we’re going to take this on.”
In its current form, the Secure Elections Act would streamline the way the Department of Homeland Security shares cyberthreat information with state and local election offices, speed up security clearances for state election officials and set voluntary guidelines for voting equipment and post-election auditing.
Sen. James Lankford (R-Okla.), who introduced the Secure Elections Act with Klobuchar and several other senators from both parties, said passing the legislation was a priority.
“I will continue to work with my colleagues to have revised election security legislation enacted into law,” he said in an email. “While additional election funding for states was included in the Omnibus, funding alone is not enough. As we get closer to the 2018 election, it's irresponsible not to act on the Secure Elections Act to protect against interference from foreign entities.”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Two former Obama officials are urging the Trump administration not to make the same mistakes on Russian interference. “Former Obama administration officials warned President Trump on Wednesday to learn from their mistakes and respond forcefully to Russian interference, urging him to make sure Moscow knows exactly what the U.S. will do if the Kremlin attempts to interfere in another election,” The Washington Post’s Karoun Demirjian writes. “‘The Russians, and particularly this Kremlin, watch what we do more than what we say — so active deterrence measures would have perhaps been more effective,’ former assistant secretary of state Victoria Nuland told the Senate Intelligence Committee. ‘We know that they may very well do this again, so now we need to be planning what the retaliation will be — and we need to be signaling it.’”
Nuland and Michael Daniel, who was White House cybersecurity coordinator under Obama, "warned that the Trump administration was in danger of allowing foreign efforts to influence elections proceed unchecked — exposing the United States to potential interference not just from Russia, but from China and others as well,” Karoun writes.
Additionally, Nuland, who serves as chief executive of the Center for a New American Security, said in a written statement that even though the Trump administration has moved to punish Russia for its actions, “it has not launched the kind of Presidentially-led, whole-of-government effort that is needed to protect our democracy and security from malign state actors who are intent on weaponizing information and the internet.” Karoun adds: “Daniel and Nuland recommended a spectrum of policy options, from having the president convene a public-private commission to coordinate potential responses to threats, to approaching cyberattacks as the United States would any other act of war."
PATCHED: A bipartisan group of Senate and House lawmakers asked Google to “reconsider” its partnership with the Chinese tech giant Huawei. “Chinese telecommunications companies, such as Huawei, have extensive ties with the Chinese Communist Party,” the lawmakers wrote to Google chief executive Sundar Pichai in a letter released Wednesday. “As a result, this partnership between Google and Huawei could pose a serious risk to U.S. national security and American consumers.”
Sens. Tom Cotton (R-Ark.), Marco Rubio (R-Fla.), and Reps. K. Michael Conaway (R-Tex.), Liz Cheney (R-Wyo.) and C.A. Dutch Ruppersberger (D-Md.) also chided Pichai for Google's decision to end its involvement in an artificial intelligence program with the Defense Department. After Google employees expressed worries about the company's work on Project Maven, the firm said it would not renew its contract with the Pentagon when it expires in March 2019. “This project uses artificial intelligence to improve the accuracy of U.S. military targeting, not least to reduce civilian casualties,” the lawmakers wrote. “While we regret that Google did not want to continue a long and fruitful tradition of collaboration between the military and technology companies, we are even more disappointed that Google apparently is more willing to support the Chinese Communist Party than the U.S. military.”
PWNED: Tesla on Wednesday sued a former employee who it said hacked the firm's computer systems and stole company secrets. "But the employee, Martin Tripp, told The Washington Post that he did not tamper with internal systems and is instead a whistleblower who spoke out after seeing 'some really scary things' inside the company, including dangerously punctured batteries installed in cars," The Post's Drew Harwell reports. "Tesla attorneys wrote in their lawsuit that Tripp, a former technician at the company's Gigafactory battery plant in Nevada, wrote software to aid in an elaborate theft of confidential photos and video of Tesla's manufacturing systems."
Attorneys for Tesla also said in the lawsuit that the former employee, who worked at the company from October till last week, provided false information about the firm to journalists, Harwell writes. They added that the company “lost business, lost profits and damage to its goodwill” because of Tripp's actions. “Tripp, the Tesla lawyers said, had been 'disruptive and combative' with colleagues and had grown disgruntled after being assigned to a new role,” Harwell writes. “The company is seeking an untold amount in damages to be decided in trial.”
— More cybersecurity news from The Post and elsewhere:
— It's not just Google's ties to Huawei that raise eyebrows on Capitol Hill. Rubio and 25 other lawmakers from both chambers wrote to Education Secretary Betsy DeVos to voice concerns about Huawei's partnerships with dozens of American universities. They said those relationships may threaten national security, arguing that “Huawei is not a normal private sector company the way we have grown accustomed to thinking of the commercial economy in the West.”
“We urge that you promptly request a complete and classified briefing by the Federal Bureau of Investigation and the Director of National Intelligence on Huawei and Chinese technology acquisition modalities in general (as the technology transfer problem set is bigger than Huawei),” the lawmakers wrote in the letter, which was released Wednesday. They also asked the Education Department to request information from U.S. universities that have relationships with the company and to assemble a “senior-level working group” to study how Chinese authorities seek to collect technology from American universities.
— The Trump administration and Congress still disagree on ZTE. Republican lawmakers on Wednesday said they and Trump moved closer to an agreement on how to keep the Chinese tech company open while alleviating national security concerns on Capitol Hill, Bloomberg News's Erik Wasson, Jenny Leonard and Roxana Tiron report. “But a White House meeting between the president and Republican members of the House and Senate concluded with no agreement on Trump’s attempt to soften a provision in a Senate defense policy bill that would reimpose a ban on ZTE doing business with its U.S. suppliers,” Wasson, Leonard and Tiron write. “Trump had agreed to lift crippling U.S. sanctions, which threatened to put China’s second-largest telecom equipment maker out of business, after a personal plea from China’s president, Xi Jinping.”
— More cybersecurity news from the public sector:
— A few people among the millions whose information was exposed in last year's huge Equifax data breach have successfully sued the company in small-claims courts. “Those who have won against the company in court say that the key to their success was being prepared and having proof of the harm they experienced — receipts, for example, for services they would not otherwise have purchased,” the New York Times's Niraj Chokshi reports. “Research local laws that might apply, they advised. Document everything.” The credit report company's breach extended to more than 145 million Americans, many of whom received an apology and free credit monitoring, according to Chokshi.
— Israeli Prime Minister Benjamin Netanyahu on Wednesday said governments should collaborate to counter cyberthreats so powerful that they could take down civilian and military planes, according to Reuters. “We cannot go back to the world of levers, pulleys and couriers,” Netanyahu said during a cybersecurity conference at Tel Aviv University. “Since we are going forward, we are absolutely vulnerable. Our airlines can be brought down, our fighter planes can be brought down.” Netanyahu also said cybersecurity is a promising market and noted that about 20 percent of global investment in that field goes to Israel, according to Reuters. “This is a supreme test for our civilization,” the Israeli prime minister said. “It’s going to be tested not only by criminal organizations, by terrorists, but by other states. We have to combine forces.”
— More cybersecurity news from around the world:
— Cyberattacks keep targeting cryptocurrency exchanges, and that's because the security of some of those portals sometimes leaves much to be desired, according to The Post's Brian Fung. Fung writes that “hackers love going after exchanges because they are rewarding and often easy targets. In this respect, exchanges are little different from health-care providers with lucrative medical data, or credit reporting bureaus that hold Social Security numbers.” Fung also provides some advice on how to avoid getting hacked on a cryptocurrency exchange. In short, the idea is to approach those portals in a similar way that you put your savings in an account and keep the money you spend regularly in a checking account.
More cybersecurity news you can use:
- Capitol Hill National Security Forum in Washington.
- BSidesPGH conference in Pittsburgh tomorrow.
- Cyber Security for Defense conference in Alexandria, Va., on June 25 through June 27.
- Two House Science subcommittees hold a hearing on artificial intelligence on June 26.
- The Council on Foreign Relations holds a discussion on the future of data privacy on June 26.
- Tennessee Digital Government Summit in Nashville on June 26.
- The New York City Bar Association organizes a panel discussion on the legal challenges from the Internet of Things in New York on June 26.
- SIA GovSummit in Washington on June 27 through June 28.
Two starkly different realities for migrants crossing into the United States. This is what they look like:
The Trump administration’s wildly contradictory statements on family separation:
“Gotti” is not the only movie Rotten Tomatoes hates: