2020 campaigns 'under-prepared' to combat foreign cyberattacks: Experts

Officials warn of election security shortcomings a year from general election.

Former senior government officials and private sector executives warned of major election security shortcomings in a Capitol Hill hearing less than a year out from the 2020 elections.

"Our assessment is that campaigns are under-prepared," said Gen. Frank Taylor, a former under secretary for Intelligence and Analysis at the U.S. Department of Homeland Security. "Their focus is on getting their candidate elected, and the investment that's required to protect against a more sophisticated threat is much more expensive than campaigns can afford."

The campaigns of former Vice President Joe Biden, Sen. Kamala Harris, D-Calif., and Sen. Cory Booker, D-N.J. have all confirmed reports of foreign disinformation efforts aimed at tarnishing their candidate's image with primary voters.

According to a study composed by the Foreign Policy Research Institute that analyzed favorable Russian media mentions about 2020 Democratic candidates, Biden had the lowest favorability rating while Hawaii Rep. Tulsi Gabbard had the highest positive rating.

Former Democratic presidential nominee Hillary Clinton, without naming names, in October told David Plouffe on "Campaign HQ," a podcast run by the 2008 Obama campaign manager, that a female 2020 candidate is a "favorite of the Russians" and is being "groomed' by Republicans for a third-party run.

Clinton did not mention Hawaii Rep. Tulsi Gabbard by name. However, the comment appeared to be aimed at Gabbard. Gabbard decried the comments as a "concerted campaign to destroy my reputation."

The Democratic National Committee says it has provided briefings to the campaigns aimed at helping them counter disinformation and earlier this year rolled out a checklist to help fight against cyberattacks.

But at this early stage, security experts believe the campaigns still need more help than is currently being provided to counter both cyberattacks aimed at accessing confidential voter information and disinformation designed to mislead the public.

"We recognize that campaigns might not be equipped to receive a nation state attack notification," Ginny Badanes, director of strategic projects at Microsoft, told the House Subcommittee on Cybersecurity, Infrastructure Protection & Innovation. "While the information can be very valuable, it doesn't serve much purpose if the recipient isn't sure what to do with the information they receive."

When it comes to existing voter machine equipment, experts warned of a system susceptible to tampering by adversaries both foreign and domestic.

"To be blunt, it's widely recognized and indisputable that every piece of computerized voter equipment used at polling places today can be easily compromised in ways that have the potential to disrupt election operations," said Matt Blaze, chairman of computer science at Georgetown University. "Voting technology must maintain a paper record that reliably reflects the voters' choices."

Former special counsel Robert Mueller's 448-page report revealed the purported "sweeping and systematic" effort by the Russian government to interfere in the 2016 presidential election. The U.S. government is left with a pressing challenge looking forward: how to prevent or defend against more attacks in 2020.

House Democrats have so far passed several election security related bills, but they've hit a roadblock in the Republican-controlled Senate.

Senate Majority Leader Mitch McConnell last month spoke out in opposition to the SHIELD Act (Stopping Harmful Interference in Elections for a Lasting Democracy) on the Senate floor.

"This proposal will not do anything to stop malign foreign actors, something that every member of this body cares deeply about," he said. "It's a textbook example of policy designed to reduce the amount of free speech in our country."

The legislation as written, however, would require campaigns to report to the government any foreign attempts to hack into their data systems to federal authorities, including the Federal Election Commission and the FBI.

"We don't expect the local sheriff to single-handedly defend against military ground invasions and we should not expect county election IT managers to defend against cyberattacks by foreign intelligence agencies," Blaze said.