Cyberwarfare / Nation-state attacks
NSA Chief Says Putin Expects ‘Little Price to Pay’ for US Election Interference
The chief of the National Security Agency says President Donald Trump has not ordered him to confront Russian election meddling at its source, via network operations.
See Also: How to Scale Your Vendor Risk Management Program
“My concern is, I believe that President Putin has clearly come to the conclusion there’s little price to pay here and that therefore, I can continue this activity,” Adm. Michael S. Rogers, director of the NSA and chief of U.S. Cyber Command, testified before the Senate Armed Services Committee on Tuesday.
In January 2017, the U.S. intelligence community said in an assessment that it had “high confidence” that “President Vladimir Putin ordered an influence campaign in 2016” designed to disrupt the U.S. elections. Earlier this month, U.S. national security chiefs reaffirmed that assessment and said they’d seen no decrease in election-meddling attacks originating from Russia (see Russia Will Meddle in US Midterm Elections, Spy Chief Warns).
Multiple members of the Senate committee pressed Rogers about whether anything was being done to counter Moscow’s efforts.
“In fairness, you can’t say nothing has been done … but clearly, what we’ve done hasn’t been enough,” Rogers told the committee.
“Everything, both as a director of NSA and what I see on the Cyber Command side, leads me to believe that if we don’t change the dynamic here, this is going to continue, and 2016 won’t be viewed as something isolated; this is something that will be sustained over time,” he said. “So I think the challenge for all of us is, what are the tools available to all of us?”
Rogers said such tools included diplomatic and economic options as well as “some cyber things” that he declined to describe in full.
Democratic Sen. Jack Reed of Rhode Island asked Rogers if any other agencies, such as the Department of Homeland Security or the FBI, or any states have the legal authority to attempt to disrupt Russian election meddling where it originates. Rogers replied that while there are gray areas, the Department of Defense and the Department of Justice have some legal authority to do so.
Reed noted that intelligence agencies can operate under a presidential finding – a presidential directive that authorizes covert action. He then asked if the NSA had been so directed to respond, “given the strategic threat that faces the United States and the significant consequences you recognize already.”
Rogers said he has not been given the day-to-day authority to conduct such targeted network operations. But based on his authority as a commander, he said that he has “directed the national mission force to begin some specific work” that his position automatically authorizes him to do. Rogers declined to describe those efforts in the open and unclassified briefing. But he offered to brief the Senate Armed Services Committee in greater detail in a later closed-door session.
White House Promises Action
On Tuesday, White House Press Secretary Sarah Sanders pushed back against Rogers’ statement that the president had not authorized the NSA to respond directly.
“Nobody is denying him the authority,” Sanders said. “We’re looking at a number of different ways that we can put pressure.”
Sanders said the State Department will spend $40 million on an effort to counter Russian and Chinese propaganda and disinformation. She also repeated last week’s announcement that the Department of Homeland Security will begin working with state, local and federal election officials to help secure their operations.
In response to criticism that the Trump administration hasn’t been doing enough to respond to Russia’s 2016 election meddling and prevent a recurrence during the 2018 and 2020 elections, the White House continues to claim that it’s being tough on Russia (see White House Says It’s Been ‘Very Tough’ on Russia).
Faced with questions about whether the Trump administration has responded quickly and forcefully enough to the January 2017 U.S. intelligence community’s alert, the White House often attempts to reframe the question as being whether President Barack Obama did enough. “Look, this president, as I told you last week, has been much tougher on Russia than his predecessor,” Sanders said. “Let’s not forget that this happened under Obama. It didn’t happen under President Trump. If you want to blame somebody on past problems, then you need to look at the Obama administration.”
Pressed for details about what the Trump administration is doing to protect future elections, however, Sanders declined to offer more specifics.
“The president is open to looking at a number of different ways of making sure that Russia doesn’t meddle in our elections,” she said.
Report: 7 States Hacked in 2016
On Tuesday, NBC News reported that “state websites or voter registration systems” in seven states were compromised before the November 2016 elections, while 14 others were probed, according to three unnamed intelligence officials.
The report said that a top secret analysis ordered by President Barack Obama in the final months of his presidency determined that systems were compromised in Alaska, Arizona, California, Florida, Illinois, Texas and Wisconsin.
“According to classified intelligence documents, the intelligence community defines compromised as actual ‘entry’ into election websites, voter registration systems and voter look-up systems,” NBC reported.
In June 2017, DHS officials told Congress that in 2016, attackers had probed 21 states’ networks and websites, including, in some cases, election systems. At the time, Jeanette Manfra, DHS’s cybersecurity chief, told lawmakers: “We saw targeting of 21 states, and an exceptionally small number of them were actually successfully penetrated.”
Earlier this month, the National Association of Secretaries of State claimed that only one state – Illinois – was breached by the attackers. “Please make no mistake, all 50 states consider themselves a target,” NASS said in a statement.
DHS Promises Security Briefings
DHS continues to stress that it’s working with states. “This relationship is built on trust and transparency, and we have prioritized sharing threat and mitigation information with election officials in a timely manner to help them protect their systems,” Tyler Houlton, DHS’s acting press secretary, said in a Tuesday statement.
“In addition to granting state officials clearances to give them access to classified information, we work to declassify information rapidly and have the ability to grant one-day waivers when necessary to provide state officials with information they may need to protect their systems. We are committed to this work and will continue to stand by our partners to protect our nation’s election infrastructure and ensure that all Americans can have the confidence that their vote counts – and is counted correctly.”
But some state officials have said that while their working relationship with DHS has recently improved, much more needs to be done.
Earlier this month, secretaries of state from many U.S. states met at a NASS event in Washington to discuss their top concerns, and cybersecurity featured high on the agenda.
Attendees also received classified DHS briefings. But some told Reuters that the briefings were unhelpful and criticized DHS for providing inadequate information about the full scope of the Russian threat (see States Seek Federal Help to Combat Election Interference).