The Trump administration has taken little meaningful action to prevent Russian hacking, leaking and disruption in the next national election in 2018, despite warnings from intelligence officials that it will happen again, officials and experts told NBC News.
“This attack is really the political equivalent of 9/11 — it is deadly, deadly serious,” said Michael Vickers, a career intelligence official who was the Pentagon’s top intelligence official in the Obama administration. “The Russians will definitely be back, given the success they had…I don’t see much evidence of a response.”
According to recent Congressional testimony, Trump has shown no interest in the question of how to prevent future election interference by Russia or another foreign power. Former FBI Director James Comey told senators that Trump never asked him about how to stop a future Russian election cyber attack, and Attorney General Jeff Sessions, who sits on the National Security Council, testified that he has not received a classified briefing on Russian election interference.
Dozens of state officials told NBC News they have received little direction from Washington about election security.
White House spokesman Sean Spicer said this week he had never addressed the matter with Trump.
That apparent top-level indifference, coupled with a failure to fill key jobs at the Department of Homeland Security and other agencies, has resulted in a government paralyzed by inaction when it comes to protecting the next election, experts and government officials told NBC News.
“The Trump administration is woefully missing in action,” said Gregory Miller, co-founder of the Silicon Valley based Open Source Election Technology Institute, a non-profit research group.
“It isn’t happening,” said David Jefferson, a voter security expert and computer scientist in the Center for Applied Scientific Computing, when asked whether he saw a U.S. government effort to address the problem.
“Many states are very leery or afraid of federal regulation of their election system, even though they are not prepared to defend against the new generation of threats.”
The White House disputes the idea that it hasn’t taken action to protect election systems. One White House official said the U.S. is responding in a variety of ways, “some you’ll see, some you won’t see…You certainly don’t want to telegraph your moves.”
The White House says it’s sending letters to states and municipalities next week asking them to send data to an election fraud commission. It also points to the signing of a cybersecurity executive order as a step toward protecting elections.
Trump, in an interview Friday on “Fox & Friends,” didn’t say what he would do to stop Russian hacking, but he did blame the 2016 hacks on the Obama administration.
“Well I just heard today for the first time that Obama knew about Russia a long time before the election, and he did nothing about it,” Trump said.”But nobody wants to talk about that. The CIA gave him information on Russia a long time before they even — before the election. And I hardly see it. It’s an amazing thing. To me — in other words, the question is, if he had the information, why didn’t he do something about it? He should have done something about it.”
The Russian campaign to disrupt the 2016 election involved at least three tiers: The promotion of false stories through social media; the hacking and leaking of embarrassing material from political campaigns; and the cyber intrusions into state voter registration and election databases that could have — but didn’t — cause major disruptions at polling places around the country.
Each of those three attack vectors requires different defenses, experts say. On the fake news front, the government would need to coordinate with tech companies to slow the flow of false information. In terms of Russian intelligence hacking and leaking, experts say Vladimir Putin needs to be shown that he will incur a high cost if that tactic is repeated. And state election systems need to be better armored against cyber attack, and fully equipped to audit the vote if a successful attack occurs.
Little progress has been made in fully achieving any of those steps, experts say.
States Need Money, Equipment Upgrades
In interviews, dozens of state officials told NBC News they have had limited interaction with the Department of Homeland Security, which is tasked with helping them guard against cyber intrusions. They have seen no major initiative from the Trump administration, they added. In the waning days of the Obama administration, DHS designated election infrastructure to be “critical infrastructure,” which allowed states to request top level help shoring up their networks.
Leslie Bellamy, director of the Arkansas Elections Division, told NBC News there was confusion about what that designation means.
Alex Wong / Getty Images file
What they really need, she said, is more money from Washington to upgrade their computer systems.
“We always have concerns for our IT infrastructure. Our office has been pushing for upgrading the voting equipment.”
It’s a nationwide problem, said Caitlin Durkovich, who was assistant secretary for infrastructure protection under the Obama administration.
“My biggest concern from all of this is that our election infrastructure is incredibly antiquated and is in need of modernization.”
Miller, Jefferson and other experts say Russia and other nation-states have shown themselves fully capable of manipulating actual votes.
“It was and is within the technical capacity of Russia and other nation states to interfere with our elections and to change votes, ” said Edward Felton, a Princeton computer scientist who served as deputy chief technology officer in the Obama administration. “We’re fortunate that they chose not to do it.”
J. Alex Halderman, professor of computer science at the University of Michigan, told a Senate hearing this week that he and his team demonstrated the ability to reprogram voting machines “to invisibly cause any candidate to win. We also created malicious software — vote-stealing code — that could spread from machine to machine like a computer virus, and silently change the election outcome.”
Even the best election cyber defenses can’t defend against human error, however — the kind that happens when a government employee clicks on a malicious link in a spearphishing email. That happened in at least two state election systems in 2016, officials say, amid at least 21 Russian hack attempts.
For that reason, U.S. intelligence officials say, it has to be made clear to the Russians or any other nation that there is a price to be paid for hacking an American election.
So far, beyond some modest sanctions implemented in the waning days of the Obama administration, so such message has been sent, experts say.
John McLaughlin, a former acting CIA director, said he had seen no indication that President Trump and his team have “weighed in with Russians or made clear to the Russians our determination to stop this.”
Vickers, who led key operations against the Soviet Union, added, “You’ve got to restore some measure of deterrence. You hit ’em back, punish ’em in some ways, which I don’t think has been done by the last administration or this one. They are kind of on the offense, and we’re not pushing back.”