Effective coordination within the federal government and with state and local partners has vastly reduced the risk of hackers disrupting election infrastructure this year, according to the heads of DHS and the FBI, though lawmakers say challenges remain over resources and clarity of leadership over cybersecurity efforts.
FBI Director Christopher Wray and Homeland Security Acting Secretary Chad Wolf made separate appearances before the Senate Homeland Security Committee this week, and both highlighted effective efforts to secure voting infrastructure.
But whether those efforts can be replicated in other areas of cybersecurity is an open question, and Homeland Security ranking member Gary Peters (D-MI) repeatedly poked at the idea that there is “not one person in charge” of overall cyber policy.
“We all work together,” Wray said in response.
A Government Accountability Office report issued this week flagged the lack of central leadership in implementation of the White House’s 2018 National Cyber Strategy. The report is being touted by congressional backers of legislation to create a new National Cybersecurity Director post.
Wray in his testimony said the FBI is closely coordinating with agency partners and sharing threat intelligence with states, locals and the private sector, in a robust effort to stay ahead of threat actors.
Under questioning from Sen. Tom Carper (D-DE), Wray declined to rank the election threats posed by Russia, China and Iran.
But Wray said: “Coordinating closely with our partners and leveraging relationships we have developed in the technology sector, we had a number of instances where we were able to quickly relay threat indicators that those companies used to take swift action, blocking budding abuse of their platforms.”
He explained that “All efforts are based on a three-pronged approach, which includes investigations and operations; information and intelligence sharing; and a strong partnership with the private sector.”
Wray said, “Following the 2018 midterm elections, we reviewed the threat and the effectiveness of our coordination and outreach. As a result of this review, we further expanded the scope of the [Foreign Interference Task Force]. Previously, our efforts to combat malign foreign influence focused solely on the threat posed by Russia. Utilizing lessons learned over the last year and half, the FITF is widening its aperture to confront malign foreign operations of China, Iran, and other global adversaries. To address this expanding focus and wider set of adversaries and influence efforts, we have also added resources to maintain permanent ‘surge’ capability on election and foreign influence threats.”
Acting Homeland Security Secretary Chad Wolf, at his Senate confirmation hearing on Wednesday, said “November is going to be the securest election to date,” and noted work with “all 50 secretary of states, thousands of local jurisdictions, technology vendors and the like.”
Wolf said he was “very proud of the work that CISA has been doing on election security. And so we know in this election cycle the [Intelligence Community] has said they … have not attributed any cyber campaign against any election infrastructure from a nation-state adversary. And I think that speaks to the type of work that we have done over the past three and a half to four years. Because at this time going all the way back to 2016, there were indicators and warnings that they were targeting our election infrastructure. We don't see that today as I sit here today and I think that's because all of the work that not only CISA has done but the entire interagency has done.”
Asked about a recent Microsoft report citing ongoing threats to election infrastructure, Wolf said, “So when we talk about nation state threats to our election systems we talk about three specifically--we talk about Russia, we talk about China and we talk about Iran. And they all come about this differently--but all three are a threat. So I have been very consistent about that. The intelligence assessment put out by the [Director of National Intelligence] in August was very consistent about that. And again, the Microsoft report senator, that you mention also talks about all three of those nation states being a threat.”
He said, “So I know that there continues to be a lot of focus on Russia as there--as there should be. You cannot do that at the exclusion of making sure that we continue to address the threats that are from both China and Iran. … So they're not focused or we don't have any specific intelligence that they are focusing on election infrastructure -- that's not to say they can't or they won't. But as I sit here today they're not focused on election infrastructure.”
The Homeland Security and Governmental Affairs panel has set a Sept. 30 vote on the Wolf nomination.
On other topics addressed at today’s Homeland Security hearing, Wray pointed to “very aggressive” Chinese hacking efforts targeting COVID-19 research.
Sen. Maggie Hassan (D-NH) said state and local officials face a critical need for more resources to battle ransomware attacks.
And Sen. Rob Portman (R-OH) expressed concern about inadequate implementation of Federal Information Security Modernization Act requirements across federal agencies, saying some “just aren’t doing it.” He promised legislation in this space.
Other developments on the Hill
A Senate Commerce Committee hearing Wednesday on privacy revealed bipartisan agreement on many areas of a national privacy law, but the stalemate continues over pre-empting state laws and providing a private right of action.
The Cyberspace Solarium Commission is beginning to determine priorities for the next year with a reduced staff and targeted approach for getting key recommendations through Congress.
The Pentagon’s cyber certification program is facing some scrutiny on Capitol Hill, while the annual National Defense Authorization Act – currently the subject of House-Senate negotiations – is undergoing scrutiny from the White House. A vote on a final version of the NDAA is expected in a lame-duck session.
Separately, lawmakers are also raising concerns about a Defense Department proposal to stand up and operate its own 5G network.
Meanwhile, efforts continue to line up support for “hotlining” an Internet of Things security bill through the Senate by unanimous consent. “We’re working through the process,” commented a spokesperson for Sen. Mark Warner (D-VA), a sponsor of the Senate bill. The House has passed its version, which requires NIST and the Office of Management and Budget to set standards for IoT devices purchased by the federal government. –- Charlie Mitchell (cmitchell@iwpnews.com)