The Senate could be headed for a showdown this week over funding for state election security.
Democrats are pushing for a floor vote on an amendment that would set aside an additional $250 million in grants for states to upgrade their voting systems and make other improvements. But they face firm opposition from Republicans, who say the initial round of funding Congress provided states earlier this year is sufficient. A similar amendment was rejected by the House two weeks ago in a party-line vote.
Election security funding is fast emerging as a political hill Democrats are willing to die on. Although the amendment is unlikely to pass in the GOP-controlled Senate, Democrats can use it to hammer President Trump at a time when the White House is frantically trying to patch up the damage from his recent flip-flopping on the threat from Russia.
Democrats are also hoping that a floor fight over the merits of grant money could make Republicans look like they’re standing in the way of resources state officials say they need to protect the vote. Whether that will help Democrats come November is unclear, but public polling has showed strong majorities of Americans want to see more action from the administration on election security.
Sen. Patrick J. Leahy (D-Vt.), who is sponsoring the amendment to the package of appropriations bills known as a "minibus," seized on Trump’s election security meeting with senior national security advisers Friday to make his case for the amendment. He said it was “a lie” for the administration to claim credit for a “whole-of-government” response to election interference, as the White House asserted in its official statement on the closed-door huddle.
“The Trump budget would ZERO OUT election security funds,” Leahy wrote in a tweet. “My Senate amendment, blocked by House GOP, would continue much-needed funding for election security grants. The Senate should be allowed to vote on it.”
To say this effort was put into motion by his administration is a lie. The Trump budget would ZERO OUT election security funds. My Senate amendment, blocked by House GOP, would continue much-needed funding for election security grants. The Senate should be allowed to vote on it. pic.twitter.com/3ot7HnNNrJ— Sen. Patrick Leahy (@SenatorLeahy) July 28, 2018
It should be no surprise that Democrats are willing to force the issue: For one thing, public opinion seems to be on their side. In a July 24 Quinnipiac poll of more than 1,000 American voters, 62 percent of respondents said the Trump administration “should be doing more to protect the 2018 U.S. elections from Russian interference.” That seems to play well with the Democratic base and potential swing voters: 88 percent of Democrats, 65 percent of independents and 31 percent of Republicans said the administration wasn't doing enough. The numbers have hardly changed since early March — before Congress approved election security funding — when 61 percent gave the same answer, according to the poll.
Other Democrats are lining up behind Leahy. Sen. Christopher A. Coons (D-Del.), who is co-sponsoring the amendment, said on the floor last week that it “should not be controversial. This is about protecting our democracy.”
“All Americans who want to know that their votes are counted should care about a federal role in supporting states and localities as they work to ensure that our election systems are protected and our equipment can't be compromised,” he said.
Sen. Amy Klobuchar (D-Minn.) also voiced support for the measure. A separate bill she's co-sponsoring with Sen. James Lankford (R-Okla.) called the Secure Elections Act would streamline the way the Department of Homeland Security shares cyberthreat information with states but doesn't include any election security funding.
Sen. Klobuchar, @SenatorLeahy & @ChrisCoons just introduced an amendment to the spending bill that would provide additional funds for election security. We can’t ask states to protect our election infrastructure against foreign attacks without giving them the resources to do it.— Senator Amy Klobuchar (@SenAmyKlobuchar) July 25, 2018
Republicans don't seem likely to budge. Lankford and others say it's better to wait until they have a full accounting of how states used their shares of the $380 million in election security money Congress appropriated in March. “We don’t know if they’re spending it for security or for other issues at this point,” Lankford told Politico recently. Sen. Roy Blunt (R-Mo.) raised similar concerns during an Appropriations Committee markup in June. “I think we want to be thoughtful about what really has been a local responsibility,” Blunt said. “I’d like to see us have a little more sense of how this last $380 million was used before we make that an annual process.”
The standoff could set the stage for a clash such as the one that played out in the House earlier this month, when Republicans shot down a motion by Democrats to approve more funding for states. In a series of floor speeches, Democrats accused the GOP of kowtowing to Trump and refusing to stand up to Moscow's offensives. Republicans dismissed the attacks as political theater.
To be sure, the Trump administration has efforts underway to help protect the vote. DHS is taking the lead in helping states bolster their election systems by conducting vulnerability scans and recommending fixes. The agency has also set up a clearinghouse for sharing threat information that more than 1,000 state and local governments are participating in.
But state officials across the country say they need an ongoing stream of funding to replace outdated voting equipment, train new IT staff and make other upgrades, as I've reported.
“Congress oversees federal elections, and they need to take responsibility for helping the states insure we have the resources to protect voting integrity,” Vermont Secretary of State Jim Condos, a Democrat, told me recently. He added that he was concerned about the debate becoming too polarized. “I do worry about politicization getting in the way of what we need to do,” he said. “And I can tell you that all states are focused on the security issue.”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: It looks like Russian hackers are more keen to infiltrate America's power grid than tamper with the 2018 midterms, the New York Times's David E. Sanger reported Friday. “Despite attempts to infiltrate the online accounts of two Senate Democrats up for re-election, intelligence officials said they have seen little activity by Russian military hackers aimed at either major American political figures or state voter registration systems,” according to Sanger. “By comparison, according to intelligence officials and executives of the companies that oversee the world’s computer networks, there is surprisingly far more effort directed at implanting malware in the electrical grid.”
But just because there have been few signs of Russian interference in U.S. politics this year doesn't mean that Russia won't try later, according to the Times. “It is possible that Russian hackers are holding their fire until closer to Election Day in November,” Sanger wrote. “Given the indictments this month of 12 Russian military officers who are accused of American election interference, the agency once known as the G.R.U. may be all too aware it is being closely watched by the National Security Agency and other American intelligence services.”
PATCHED: The Trump administration is working to put together online privacy guidelines and has been consulting with the private sector as well as advocates, according to The Washington Post's Tony Romm. “Over the past month, the Commerce Department has been huddling with representatives of tech giants such as Facebook and Google, Internet providers including AT&T and Comcast, and consumer advocates, according to four people familiar with the matter but not authorized to speak on the record,” Romm wrote Friday. “The government’s goal is to release an initial set of ideas this fall that outlines Web users’ rights, including general principles for how companies should collect and handle consumers’ private information, the people said. The forthcoming blueprint could then become the basis for Congress to write the country’s first wide-ranging online-privacy law, an idea the White House recently has said it could endorse.”
Privacy advocates have argued that the Trump administration should use recent European guidelines as an example, while businesses are calling for a more flexible approach, my colleague reported. “So far, the Trump administration has held 22 meetings with more than 80 companies, trade associations and consumer groups since late June, according to the National Telecommunications and Information Administration, one of the entities involved in the effort,” Romm wrote.
PWNED: FBI Director Christopher A. Wray in November announced the creation of a task force to counter foreign influence operations in the United States but it's still unclear what the group has been doing, according to BuzzFeed News's Kevin Collier. So far, Wray and the FBI have provided few details about the task force beyond general information. “An agency spokesperson was willing to confirm to BuzzFeed News that the unit’s name is indeed the Foreign Influence Task Force, a phrase that does not appear on the FBI.gov website, and that it pulls its staff from the FBI’s counterterrorism, cyber, and counterintelligence divisions, which Wray had said in November,” Collier wrote Sunday.
Additionally, Jeffrey Tricoli, an FBI official who was among the task force's leaders, left the bureau in June and the agency has refused to answer questions about the task force's achievements or the number of employees assigned to the effort, according to BuzzFeed News. “Groups outside of the federal government that have worked with the task force describe it as slow to get off the ground and tight-lipped about what it's been able to uncover,” Collier reported. “To date, there has been only a single joint meeting between the task force and the major tech companies whose platforms Russian trolls rely on.”
— More cybersecurity news:
— “The Pentagon is working on a software 'do not buy' list to block vendors who use software code originating from Russia and China, a top Defense Department acquisitions official said on Friday,” Reuters's Mike Stone reported. “Ellen Lord, the undersecretary of defense for acquisition and sustainment, told reporters the Pentagon had been working for six months on a 'do not buy' list of software vendors. The list is meant to help the Department of Defense’s acquisitions staff and industry partners avoid buying problematic code for the Pentagon and suppliers.”
— Montana Secretary of State Corey Stapleton on Friday said for the first time that Montana was among at least 21 states that Russian hackers scanned for vulnerabilities in 2016, and then denied that he was acknowledging that fact for the first time, the Associated Press's Matt Volz reported. “He could not cite any past public statements, his office never issued a press release and a database search did not turn up any news reports of him addressing the matter,” Volz wrote about Stapleton. “ 'We said it wide and clear,' he said. 'I don’t think anybody reported it because I don’t think anyone was interested.'”
— The District reported to federal authorities that hacking attempts originating from abroad and domestically targeted municipal employees last week, The Post's Fenit Nirappil reported Saturday. “City employees received strange emails on Tuesday that attempted to lure them into revealing their passwords and other sensitive information,” Nirappil wrote. “Officials say they aren’t aware of any information that was compromised as a result of the phishing attacks, and said they 'successfully defended' against the attack.” Barney Krucoff, the city's interim chief technology officer, told city employees in an email Thursday to be wary of such hacking operations. “Phishing attempts like this one are common attacks most government agencies experience, and being in Washington, D.C. we are particularly susceptible,” Krucoff wrote, as quoted by my colleague.
— The hacking of 123 surveillance cameras of the D.C. police department a few days before the presidential inauguration of Donald Trump last year was part of a broader hacking campaign, The Post's Peter Hermann reported Saturday. “Federal authorities say two Romanians accused in the hacking planned to use the police department computers to email ransomware to more than 179,000 accounts,” Hermann wrote. “That would have allowed them to extort those users as well — and use city government computers to hide their digital tracks. Prosecutors said the alleged hackers had also stolen banking credentials and account passwords, and, using the police computers, could have committed 'fraud schemes with anonymity.'”
— More cybersecurity news from the public sector:
— Facebook suspended conspiracy theorist Alex Jones for 30 days for posting videos that encouraged violence and contained hate speech against Muslims and transgender people, the Verge reports. Facebook removed four videos Friday, saying they violated its community guidelines. Following the suspension, Sen. Ted Cruz (R-Tex.) came to the defense of the right-wing radio host: He was “no fan of Jones,” he said in a tweet, but “who the hell made Facebook the arbiter of political speech?”
Am no fan of Jones — among other things he has a habit of repeatedly slandering my Dad by falsely and absurdly accusing him of killing JFK — but who the hell made Facebook the arbiter of political speech? Free speech includes views you disagree with. #1A https://t.co/RC5v4SHaiI— Ted Cruz (@tedcruz) July 28, 2018
— More cybersecurity news from the private sector:
- The Department of Homeland Security holds a National Cybersecurity Summit in New York tomorrow.
- Senate Commerce subcommittee hearing on “global Internet governance” tomorrow.
- Senate Intelligence Committee hearing on foreign influence operations on social media on Aug. 1.
- Black Hat USA security conference on Aug. 8 through Aug. 9 in Las Vegas.
- DEF CON security conference on Aug. 9 through Aug. 12 in Las Vegas.
California wildfire forces TV station to evacuate mid-broadcast:
After trusting Cohen for years, Trump now thinks he has no credibility:
An oral history of Sen. John McCain's “thumbs down” vote against repealing Obamacare: