That heightened awareness is a key takeaway from a report published just one day before the election about hacking attempts on election infrastructure. The Boston Globe revealed Monday that it had obtained leaked threat reports filed by state and local election officials across the country alerting federal agencies to cyberintrusions and other suspicious activity that appeared to be targeting voter-registration databases, election officials, and election networks in the days before the midterms. One unnamed state—the threat reports don’t name states or detail specific incidents—successfully blocked more than 51,000 login attempts from foreign countries in a 24-hour period, the documents reportedly revealed. Some hackers even had “limited success.”
With today’s midterms, America’s election infrastructure has never been more carefully monitored by government officials. But will that be enough?
The hacking attempts haven’t slowed. The disinformation campaigns are ongoing. And the warning lights have been “blinking red” for a potential foreign operation aimed at disrupting the U.S. 2018 midterm elections, according to the country’s top intelligence official.
But if there is anything positive to take away from Russia’s election interference in 2016, it’s this: America’s election infrastructure has never been more carefully monitored in the days, weeks, and months leading up to a nationwide vote—and voters themselves are more wary than ever of foreign propaganda masked as a political ad or Twitter troll.
Yet voting and cybersecurity experts I spoke with seemed less alarmed than one might expect. “I’m heartened by this,” said David Becker, a former trial attorney in the voting section of the Department of Justice’s Civil Rights Division who now runs the Center for Election Innovation & Research. “We expected there to be this level of activity,” Becker said, pointing to warnings issued by the Department of Homeland Security and the intelligence community in the months leading up to the election. “What’s different this time is that we know about it,” Becker continued. “I think the story here is that DHS even has these threat reports, because of the unprecedented information sharing that’s going on.” That’s how DHS sees it, too. “This sharing is helping us build a national-level understanding of the cybersecurity threats facing our nation’s election infrastructure,” DHS spokesman Scott McConnell told the Globe.
The coordination between the various levels of government in preparation for potential meddling in Tuesday’s election represents a major leap forward since 2016, when many states declined help from the Department of Homeland Security to secure their election systems and balked at declaring such systems “critical infrastructure.” Such a designation, which was finally made in January 2017, puts election infrastructure in the same category as the U.S. power grid and financial sector, and gives states quicker access to classified-threat information sharing. It also means that states can participate in joint-defense exercises. In addition, all 50 states have now opted in to the DHS-funded program that allows election officials to share information with one another and with the government. Many have enrolled in a DHS program that offers states computer-vulnerability scanning for their election systems.
But aging voting machines and outdated software are still a major problem, and Congress has not allocated nearly enough money—only $380 million has been appropriated for the whole country—to help states completely revamp their infrastructure, experts say. Only one state, Virginia, has completely replaced its electronic voting machines since 2016. And while Illinois has bolstered its cyberdefenses since hackers infiltrated its voter database in 2016, its voting machines are still outdated and vulnerable to attack. According to NBC News, 14 states—including Georgia and Florida—still have counties whose voting districts have no paper backup for their electronic voting machines. That would make it impossible to conduct a paper recount if necessary.
That’s particularly concerning because, two years after Russia’s unprecedented interference, there is no sign that the threats are waning. In a joint statement released Monday night, the DHS, Director of National Intelligence, FBI, and DOJ warned that “Americans should be aware that foreign actors—and Russia in particular—continue to try to influence public sentiment and voter perceptions through actions intended to sow discord.” Senior officials in Donald Trump’s administration, including DHS Secretary Kirstjen Nielsen, FBI Director Chris Wray, and DNI Dan Coats, issued a similar warning during a rare joint press conference in August. “Russia attempted to interfere with the last election,” Wray said, “and continues to engage in malign-influence operations to this day.” Days earlier, Missouri Democratic Senator Claire McCaskill, who is seeking reelection in a state that went for Trump in 2016, confirmed that Russians had tried to hack her Senate computer network but were unsuccessful.
So far, however, the kind of massive hacking-and-leaking operation that took the law-enforcement and intelligence communities by surprise in 2016 has not materialized. And, overall, the preparation and response to irregularities in the run-up to the midterms has been reassuring, experts say.
Robert Johnston, the cybersecurity expert who was the first outside investigator to uncover the extent of Russia’s hacks into the DNC during the 2016 election, said that while he believes there’s been an uptick this year in the number of attacks on voter-registration databases and election infrastructure, it would be “disingenuous” to say that it’s “business as usual” on an institutional level in terms of protecting against and responding to these attacks. “There’s still a long way to go,” he said. “But when you have the government providing this much money to the states, the DOJ pumping out indictments against anyone who hacks our election, and our intelligence agencies intimidating people overseas who aren’t acting in our best interests, it becomes clear that we’re on the right track.” (The NSA has reportedly begun sending messages directly to Russian hackers, reminding them that they are being watched.)
Those seeking to sow disinformation and wage information warfare, meanwhile, continue to prey upon social-media users, despite their increased awareness of organized foreign-influence operations.
The Justice Department has already charged a Russian national with interfering in the midterms: Elena Khusyaynova, 44, who allegedly managed the finances of an election-interference campaign run out of the Internet Research Agency in St. Petersburg, code-named Project Lakhta. The troll factory’s budget for the project, which Khusyaynova allegedly controlled, exceeded 73 million Russian rubles—or roughly $1.2 million—a month. The budget grew almost monthly between January and June 2018 as the Russian trolls targeted the midterms, according to the DOJ’s criminal complaint.
Russia’s brazen interference in 2016 has also heightened awareness among social-media companies, which have been either proactive or cooperative in shutting down nefarious actors.
Facebook—which did not discover until late 2017 that the Russians had purchased hundreds of political ads that were seen by approximately 10 million users in 2016—revealed over the summer that it shut down Russian and Iranian accounts that were waging political-influence campaigns to sway the midterms, and set up a “war room” where a team will monitor fake news and disinformation on Election Day. The Democratic Congressional Campaign Committee, meanwhile, successfully encouraged Twitter to delete more than 10,000 “bot” accounts that were posing as Democrats while discouraging people from voting in Tuesday’s midterms.
Experts broadly agree that the disinformation campaign leading up to the midterms has been more muted than in 2016. “We’re seeing activity in the U.S., but we’re seeing it at levels less than we saw in 2016,” Tom Burt, the vice president for customer security and trust at Microsoft, told The New York Times this month. The Russian trolls that are still active have largely focused on Europe, where they’ve sought to deflect blame away from Russia for the poisoning of former Russian spy Sergei Skripal and his daughter, said Clint Watts, a senior fellow at the Center for Cyber and Homeland Security at George Washington University and a Foreign Policy Research Institute fellow. “You only have so many English-language operators,” Watts said. Johnston agreed, noting that Russia’s attention has turned toward fueling division in Europe and Ukraine, which has been a battleground for disinformation and propaganda since at least 2014, when Russia invaded eastern Ukraine and annexed Crimea.
It’s harder, moreover, for foreign actors to influence a local election than a national, presidential election. There is still one fairly easy way, however: sowing doubt in voters’ minds about the election’s legitimacy by waging a disinformation campaign alleging voter fraud and voting-machine irregularities—a narrative that’s becoming more common among Russian bots and trolls, according to Brett Bruen, a former U.S. diplomat who served as director of global engagement at the White House under President Barack Obama. There’s also the option of an actual cyberattack. Experts still worry that a bad actor could interfere at the eleventh hour, altering voter-registration files in databases or hacking websites to change polling locations in a way that would depress turnout and potentially spark mass panic among voters.
“There have been important strides” since 2016, said David Turetsky, a professor at the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany. But he expressed concern that five states still use direct-recording electronic machines, which provide no paper trail of the votes. He noted that “it doesn’t take much in a busy election to disrupt” voting—long lines resulting from faulty equipment or manipulated databases could be more than enough to depress turnout. (If something like that were to happen, the Pentagon would reportedly be ready to retaliate with an offensive cyberstrike.)
The bottom line, Turetsky said, is that we’re on the right track—but much more still needs to be done. “If we have a good day, it’s not because we’ve done everything possible to earn it,” he told me. “It’s because we’ve done some of the things possible to earn it, and we got lucky.”