The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Trump’s refusal to begin the transition could damage cybersecurity

with Tonya Riley

The Trump administration’s refusal to concede could leave President-elect Joe Biden and his team flatfooted in responding to cyberattacks. 

Without a formal go-ahead from the General Services Administration to start the transition, Biden’s team won’t be able to get access to classified information about cyberthreats and how the government is addressing them. 

That could prove a severe handicap as the former vice president’s team prepares to take office amid a slew of threats from digital adversaries including Russia, China and Iran. 

“The cyber world is eternally vulnerable and it’s very important for the new administration to be prepared to play offense and defense immediately on Jan. 20th,” former Pennsylvania Gov. Tom Ridge (R) who served as the first leader of the Department of Homeland Security, told me. 

It highlights how Trump’s refusal to concede and commit to an orderly transfer of power poses security risks to the country, experts say, even after it came through the 2020 election without any evidence of a major cyberattack

“Cyber attackers thrive on flat-footed administration transitions and delays will only shine a spotlight on the U.S. as a target, especially for espionage campaigns,” Marcus Fowler, director of strategic threats at the cybersecurity firm Darktrace and a former CIA cybersecurity official, told me. 

Some Republicans, such as former House Intelligence Chairman Mike Rogers, said Biden should begin getting classified briefings, as is tradition.

The GSA is refusing to sign paperwork that releases Biden’s $6.3 million share of nearly $10 million in transition resources. 

One silver lining for security: “Biden’s transition team has been given government-issued computers and iPhones for conducting secure communications, for example, and has been granted 10,000 square feet of office space in the Herbert C. Hoover Building in Washington,” our colleagues Lisa Rein, Matt Viser, Greg Miller and Josh Dawsey report. 

But the lack of cooperation makes a transition complicated even beyond wrangling digital risks. “Our country is in the middle of twin crises: a global pandemic and a severe economic downturn. The pandemic will make any transition more complicated,” Ridge wrote in an open letter with the three other homeland security secretaries that served during the George W. Bush and Obama administrations. “At this period of heightened risk for our nation, we do not have a single day to spare to begin the transition.” 

The danger could increase dramatically if Trump continues to stonewall as Inauguration Day draws near. 

“The longer it takes for career staff to be able to engage with the incoming [Biden] teams, that’s going to stretch the ability for the new administration to get everything into place and get up to speed,” said Michael Daniel, who was White House cybersecurity coordinator during the Obama administration. 

“If this is just until the votes are certified and then they cave in and open up, there’s not going to be much of an impact,” another Obama administration cybersecurity official, who requested anonymity to speak candidly, told me. “But if there’s no cooperation at all until the day the new people come in, then that’s problematic.”

Trump allies are standing by the president so far in refusing to concede the election. 

Trump has insisted he’ll be proved the winner of the presidential contest by a slew of lawsuits in states where Biden is either leading in the vote count or has been declared the winner – even though he’s presented no credible evidence of widespread voter fraud in those states and his record in court has been bleak so far. 

His allies have argued the transition should wait until those lawsuits conclude. When asked about the transition yesterday, Secretary of State Mike Pompeo said he expected to manage “a smooth transition to a second Trump administration.” Republican lawmakers also increasingly seem unwilling to risk Trump's ire by suggesting he concede before a pair of critical Senate runoffs in Georgia in January that could decide control of the chamber, Robert Costa, Paul Kane and Erica Werner report

But even waiting for the lawsuits to run their course could be dangerous, Ridge said.

“There's no reason they can't multitask,” he told me. “You can proceed with those claims in court, but you have a responsibility as an incumbent president to at least begin the transition for multiple reasons and at the top of the list is national security.”

Biden, so far, has downplayed the danger of Trump’s refusal to begin the transition. 

“I’m confident that the fact that they’re not willing to acknowledge we won at this point is not of much consequence in our planning and what we’re able to do between now and January 20th,” he said yesterday. 

He called Trump’s intransigence “an embarrassment, quite frankly.”

The campaign also released the names of dozens of people who will serve as part of the transition on “agency review teams". 

Among the list are several former officials with extensive backgrounds in government cybersecurity work, including Caitlin Durkovich and Robert Silvers, two prominent Obama-era DHS officials who will aid the DHS transition. 

Raj De, a former National Security Agency general counsel, will work on the Justice Department team and Robert Litt, who was general counsel for the Office of the Director of National Intelligence, will work on the intelligence community transition. 

Those teams, of course, will only be effective if people in the agencies cooperate with them. That may be tough when it comes to Trump’s political appointees, but career civil servants may be willing to help behind the scenes, the former Obama official told me. 

“Trump told people not to talk to them, but that doesn't mean that the career people won't talk if someone they used to work with calls,” the former official said. 

The keys

A Pennsylvania postal worker admitted to fabricating allegations of ballot tampering, officials say.  

The worker signed an affidavit with the U.S. Postal Service's Office of Inspector General recanting his claims on Monday, Shawn Boburg and Jacob Bogage report. The worker, Richard Hopkins, had claimed that he instructed postal workers in Erie, Pa. to backdate ballots after Election Day, providing fodder for Trump's unfounded claims of widespread voter fraud.

Democrats on the House Oversight Committee tweeted late Tuesday that the “whistleblower completely RECANTED” which Postal Service Inspector General officials confirmed to Shawn and Jacob. 

Hopkins, however, denied recanting in a YouTube message Tuesday. “I’m here to say I did not recant my statements. That did not happen,” he said. Hopkins did not respond to messages seeking comment through his social media accounts, family members and phone messages. 

The claim had been crucial in the Justice Department's decision to launch a probe into potential election fraud. It was also cited by Sen. Lindsey O. Graham (R-S.C.) in a letter to the department calling for the probe. Graham received Hopkins's claims from the Trump campaign. 

The Trump campaign, the Department of Justice and Graham did not immediately respond to requests for comment.

TikTok went back to court to seek a delay on a forced sale.

The video app company asked a D.C. federal appeals court to press pause on a Thursday deadline to sell its U.S. assets, Rachel Lerman and Jeanne Whalen report

The U.S. government argues TikTok is a national security threat because the Chinese government could require its Chinese parent company ByteDance to turn over the data it collects on U.S. customers. TikTok said it made a proposal to address those national security concerns and the government hasn't given it “substantive feedback” on the proposal. 

Trump issued an order in August requiring ByteDance to sell its U.S. operations by Nov 12. In September, the Trump administration announced it would essentially ban TikTok by that same date unless the company sold its U.S. assets.

The company had been working on a deal that would bring Oracle and Walmart on as investors, but hasn't been able to finalize the process.

The shadowy leader of the QAnon conspiracy theory hasn't spoken since the election. 

The disappearance of “Q,” the movement's anonymous leader, has sparked speculation about the conspiracy theory's legitimacy even among its most devoted fans, Drew Harwell and Craig Timberg report

The abrupt lack of posts from “Q” have added to the uncertainty created by the defeat of Trump, who stands at the center of the conspiracy theory. QAnon followers believe that Trump and his allies were working to vanquish a cabal of “deep state” child abusers and Satan-worshiping Democrats and celebrities. 

But even with the election called for Biden, many of QAnon supporters continue to believe Trump will remain in control. Analysts fear the the conspiracy theory's adherents could engage in violent protests. 

“It’s a dangerous movement that truly believes that Biden and other Democrats are killing kids,” said Rita Katz, the executive director of SITE Intelligence Group, which monitors online extremism, “And now, with Biden’s projected victory, the QAnon movement believes with the same zealous certainty that the whole thing is a sham. And that’s a major problem, because … these aren’t a bunch of harmless keyboard warriors — they’re adherents of a movement that has resulted in real-life violence.” 

More cybersecurity news:

Shock and frustration inside Justice Dept. over Barr’s vote-investigation memo (Devlin Barrett and Matt Zapotosky)

Pressure grows to reinstall White House cyber czar (The Hill)

McCabe reiterates FBI believed ‘the president might himself pose a danger to national security’ (Matt Zapotosky)

Swiss report reveals new details on CIA spying operation (Greg Miller)

Samsung May Be the Beneficiary as the U.S. Targets Huawei (Wall Street Journal)

Chat room

The next evolution in ransomware? Hectoring your victims with Facebook ads. Cybersecurity blogger Brian Krebs explains:


  • The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on Nov. 17-18, starting at 11 a.m.
  • USTelecom and Inside Cybersecurity will host a webinar on information technology priorities in the coming year on Nov. 17 at 2 p.m.

Secure log off

A look at the new MacBook:

In its third event of the year, Apple unveiled updated Macbook Air, Mac Mini, and Macbook Pro models with the company's new M1 chip on Nov. 11, 2020. (Video: Apple)