THE KEY

President Trump’s dogged refusal to acknowledge Russia’s interference in the 2016 election and his embrace of bizarre conspiracy theories threatens to imperil the security of the 2020 contest.

That’s the warning from election security advocates and former officials who see the president’s failure to firmly acknowledge or condemn Russia’s hacking of the Democratic National Committee and other election interference as a signal that similar interference next year would be tolerated.

“It sends a message to foreign adversaries that the environment in the United States is very conducive to interference because you have the president muddying the waters at the top,” Thomas Rid, a professor of strategic studies at Johns Hopkins University, told me.

Trump's stance, they said, could hurt U.S. defenses by signaling to state and local election officials that alarms raised by the Department of Homeland Security and other agencies are actually overblown. And it could damage Americans’ faith in the election by signaling the White House isn’t concerned about the security of voters' ballots.

Americans are already widely worried elections aren’t safe from hacking. Less than half believed election systems were secure before the 2018 midterms and Democrats were more concerned than Republicans, according to late 2018 data from the Pew Research Center. Confidence grew after the midterms went off without clear evidence of successful foreign interference, with 65 percent of Americans saying they thought the election were secure, Pew found. But government officials warn 2020 will be a far juicier target, which could raise public anxiety.

“Democracies depend on voters’ faith that elections are fair and when the White House either diminishes the unanimous conclusion that Russia interfered in 2016 or when it amplifies conspiracy theories, that can have very negative impacts on voter confidence,” David Becker, executive director of the Center for Election Innovation and Research, told me.

The warnings come as the Trump administration is increasing efforts to prevent and punish Russia for its interference — but without much visible support from the White House.

The Treasury Department imposed new sanctions on a Russian oligarch and six employees of an infamous troll farm yesterday for efforts to influence the 2018 midterms and the National Security Agency is today launching a new cyberdefense directorate charged, in part, with creating a more nimble defense against election hacking.

DHS’s cybersecurity division, meanwhile, has installed a network of security sensors at every voting jurisdiction in the country and made protecting the 2020 contest among its top priorities.

But, in a dramatic split screen, the public has also been pummeled with a slew of new revelations about Trump dismissing election security or trying to undermine conclusions about Russia’s 2016 interference operation from his own intelligence agencies and from special counsel Robert S. Mueller III.

During a 2017 Oval Office meeting, the president told Russian officials he didn’t care about their efforts to compromise the 2016 election as my colleagues Shane Harris, Josh Dawsey and Ellen Nakashima reported.

The transcript of a call with Ukraine’s president also revealed Trump pressing his counterpart to investigate a debunked conspiracy theory that posits Russia didn’t really hack the DNC and that the hacking was faked by Democratic leaders and the cybersecurity firm CrowdStrike.

Those comments even brought blowback from Trump’s former homeland security adviser Tom Bossert, who lashed out at Trump’s personal lawyer Rudolph W. Giuliani on ABC's "This Week" on Sunday for “repeating that debunked theory to the president” and complaining the theory sticks in Trump’s mind because “he hears it over and over again.”

 “The DNC server and that conspiracy theory has got to go,” Bossert said. “They have to stop with that.”

The Cybersecurity 202 will publish Oct. 2, 3, 8, 9 and 10 while Congress in recess. We will return to our normal schedule Oct. 14.

PINGED, PATCHED, PWNED

PINGED: U.S. officials are reviving a program to probe cybersecurity protections in the aviation sector amid growing concerns that cyberattacks could provide new opportunities for terrorists, Robert McMillan and Dustin Volz at the Wall Street Journal report. U.S. officials with DHS in the lead will work to make sure hackers can't exploit vulnerabilities in aviation infrastructure or in planes themselves.

DHS isn't offering full details on the program, but it will involve limited testing on actual aircraft. In an earlier phase of the program, DHS spent more than $10 million looking for bugs in a Boeing 757, but discontinued testing after disagreements with Boeing about some early results, the Journal reports.

The U.S. Air Force, which operates over 5,000 planes including converted commercial airliners, will also invest more in examining the cybersecurity defenses of the commercial aviation industry. “If we don’t probe first, our adversaries will,” Will Roper, the service’s assistant secretary for acquisition, technology and logistics, told the Journal.

PATCHED: The NSA's new Cybersecurity Directorate, which launches today, will focus on more quickly declassifying threat intelligence to make “fresher and faster” data available for use by private-sector firms, my colleague Ellen Nakashima reports. To start, the NSA has already partnered with the DHS to identify vulnerable banking systems to monitor.

The NSA’s defensive operations were rolled into its intelligence-gathering unit in 2016, a shake-up that some critics say diminished the agency’s defensive operations. The new agency will focus on better employing that intelligence into a defensive strategy, director Anne Neuberger tells Ellen.

“The mission of the organization is to prevent and eradicate threats,” Neuberger said.

PWNED: Sen. Elizabeth Warren (Mass.), who’s among the top polling candidates for the Democratic presidential nomination, wants to help members of Congress wise up when it comes to technology-driven issues including election security, artificial intelligence and privacy. Warren announced a campaign plan to bring back the Office of Technology Assessment (OTA), a congressional research agency that was defunded over two decades ago.

Reviving the OTA would help lawmakers and their staff tackle highly complex technology and cybersecurity topics including privacy and encryption instead of relying on lobbyist talking points, Warren said. She's also proposing an increase in congressional staff salaries to attract more in-house tech talent. 

Congress's lack of tech knowledge became painfully apparent in 2018 hearings over Facebook's Cambridge Analytica scandal, Warren said, noting that "members struggled to engage meaningfully in a conversation about basic technological concepts," let alone "difficult concepts like end-to-end encryption, location tracking and the competitive landscape of Silicon Valley."

The idea has also gotten traction with other members of Congress. Sens. Thom Tillis (R-N.C.) and Mazie Hirono (D-Hawaii) and Reps. Mark Takano (D-Calif.) and Bill Foster (D-Ill.) introduced legislation last month that would re-create the office, citing a need to understand complex technological issues from "cybersecurity to artificial intelligence to quantum computing."

PUBLIC KEY

— Cybersecurity news from the public sector:

A whistle-blower said advisers improperly restricted access to a record of President Trump’s Ukraine call. Here is how that storage system works.
New York Times
Every two years, the Department of Homeland Security hosts a large-scale exercise to test critical infrastructure companies’  ability to respond to a disruptive, hypothetical cyberattack.
CyberScoop
A new audit of Baltimore’s information technology department says the agency lost key data during May’s ransomware attack because some in the agency used an outdated method for storing files: their individual hard drives.
The Baltimore Sun
PRIVATE KEY

— Cybersecurity news from the private sector:

A hacker claims to have hacked Zynga's Words With Friends social mobile game, gaining access to a database of information on more than 218 million users.
VentureBeat
A new twist on the usual porn-related cyberattacks.
Forbes
Teenagers across the country are forming hack clubs and trying to spread the word that hacking doesn’t always mean breaking into government servers or stealing bank data. Convincing teachers and parents of that isn’t always easy.
Wall Street Journal
Their creation has been successfully fully outsourced to a factory, the security researcher behind the cables said.
Vice
THE NEW WILD WEST

— Cybersecurity news from abroad:

The European Union’s executive branch has warned that Europe is placing its core values and strategic influence at risk due to an over reliance on computer hardware and software provided by other countries.
Bloomberg
ZERO DAYBOOK

— Today:

  • The House Committee on House Administration subcommittee on elections will host a hearing on voting rights and elections administration in Arizona at 10 a.m.

— Coming Up:

  • The Washington Post Live will host a Cybersecurity Summit featuring. The event starts at 9 a.m. You can sign up here.
  • The Aspen Institute Cyber Summit will take place in New York City tomorrow.
CHAT ROOM

Iran's Foreign Minister Mohammad Javad Zarif said Sunday on "Meet the Press"  that the Stuxnet attack against Iran's nuclear program could have killed millions. But that's not true, cybersecurity reporter Kim Zetter says. Zetter wrote the book "Countdown to Zero Day" about the attack.