The good news: “Nevada is organizing cybersecurity under a new central hub, according to the Secretary of State’s Office, and is among more than 35 states sending officials to a cyber security incident response training at the Harvard Kennedy School’s Belfer Center in Massachusetts later this month.” [LVSun 3/18] That’s the good news…it’s more questionable to observe it’s been 530 days since the Department of Homeland Security first issued a warning about Russian interference in our national elections.
“The Obama administration on Friday formally accused the Russian government of stealing and disclosing emails from the Democratic National Committee and a range of other institutions and prominent individuals, immediately raising the issue of whether President Obama would seek sanctions or other retaliation.
In a statement from the director of national intelligence, James R. Clapper Jr., and the Department of Homeland Security, the government said the leaked emails that have appeared on a variety of websites “are intended to interfere with the U.S. election process.” [NYT 2016]
Nevadans have been assured the state was not a direct target of election interference at the systemic level. [LVSun 3/18] In other good news Nevada did address the cybersecurity matter in AB 471 the title of which was:
“An act relating to cybersecurity; creating the Nevada Office of Cyber Defense Coordination within the Department of Public Safety; providing for the powers and duties of the Office; requiring the Nevada Commission on Homeland Security to consider a certain report of the Office when performing certain duties; providing for the confidentiality of certain information regarding cybersecurity; requiring certain state agencies to comply with the provisions of certain regulations adopted by the Office; and providing other matters properly relating thereto.”
Translation from the legalese: Nevada took coordinating cybersecurity seriously enough to require state agencies to get on the same page. This includes the Secretary of State’s office and its related election jurisdiction.
It would be nice if the federal government were taking this issue as seriously as the states. A quick review: On December 9, 2016 President Obama ordered a review of Russian attempts to “hack” the American elections. The president-elect dismissed the warnings from the intelligence community saying in effect these were the people who said Iraq had WMDs. [USAT] On December 28, 2016 President Obama expelled 35 Russian diplomats and closes Russian compounds in New York and Maryland. Nothing happens officially to punish Russian agencies and individuals during the early months of the current administration. On May 17, 2017 the Justice Department appoints Special Counsel Robert Mueller who is tasked with discovering if any US laws were violated on the part of US citizens and others.
As news of Russian interference trickled out in the press more interest in the issue came from congressional quarters, Senator Lindsey Graham (R-SC) introduced S. 341 (Russian Sanctions Review Act) on April 27, 2017. By July the interest increased to the point that HR 3364 passed the Congress almost unanimously, it was signed into law on August 2, 2017. No action was taken by the executive branch to implement the requirements of the law immediately.
Indeed, it was March 15, 2018 before the Department of the Treasury issued enhanced sanctions on Russia, releasing the following statement:
Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated five entities and 19 individuals under the Countering America’s Adversaries Through Sanctions Act (CAATSA) as well as Executive Order (E.O.) 13694, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” as amended, and codified pursuant to CAATSA.
The list of individuals and entities sanctioned was remarkably similar to the Mueller investigation list of those indicted for interference and illegal activities.
The current administration has not convened any cabinet level coordinated meetings to date regarding Russian interference in US elections, a sore point with Senator Benjamin Cardin who issued a minority report from his Senate committee. [pdf] One recommendation was prescient:
“U.S. and European governments should mandate that social media companies make public the sources of funding for political advertisements, along the same lines as TV channels and print media. Social media companies should conduct comprehensive audits on how their platforms may have been used by Kremlin-linked entities to influence elections occurring over the past several years, and should establish civil society advisory councils to provide input and warnings about emerging disinformation trends and government suppression. In addition, they should work with philanthropies, governments, and civil society to promote media literacy and reduce the presence of disinformation on their platforms.”
And, so we continue. The president congratulated Putin on the occasion of his reelection in an election characterized by eliminating competition and blatant voting fraud. Nevertheless, the drip continues… reports of social media manipulation, stories about the machinations of the super PACs, Cambridge Analytical, Facebook, and so forth. We know that 21 states were “hacked” in 2016, we know that one was penetrated, and we know that Nevada — fortunately — wasn’t one of them. However, that doesn’t mean we don’t have a stake in this game.
We owe it to ourselves to keep track of state efforts to thwart foreign efforts to attack our voting security systems. We need to think about the security of our state election rolls and related systems. We need to support efforts to improve the technical acumen of our state and local election officials. We need periodic updates from our Secretary of State on steps taken by our government to upgrade our voting equipment, and secure our registration. We also need to pay more attention to how social media is used and abused to cause disruptions to our politics and political discussions. We need to pay attention.