“It’s sobering to see all in one place the various attacks on the election in 2016,” Lawrence Norden, deputy director at the Brennan Center’s Democracy Program, told ABC News. “We’re much more aware of this problem than we were in 2016, and we’ve taken some steps, but [the report] also highlights in some respects how inadequate our response has been.”
The U.S. intelligence community and previous Mueller indictments had already accused Russia of three interference efforts: a hack-and-leak operation that targeted democratic figures, a widespread online influence campaign designed to sow social and political discord in the U.S. and cyber attacks targeting election infrastructure itself, such as voter databases. But on Thursday, the Mueller report laid out, in narrative detail, the push by the Kremlin to weaken American democracy – a strategy that officials and experts say continues today.
The 2018 midterm elections did not see the hack-and-leak strategy, or any especially-significant attacks on voting infrastructure, but foreign online influence operations continued unabated, an intelligence community assessment said. Top U.S. security officials have been vocal in their warnings that Russia, potentially along with China, Iran and others who learned dark lessons from 2016, are likely to take aim at the 2020 race.
“The risk of election interference by a foreign government is an existential national security threat,” said John Cohen, a former senior Department of Homeland Security official and current ABC News contributor. “While some agencies like the FBI, the Department of Homeland Security and U.S. Cyber Command are working to mitigate this threat, the U.S. government can and must do more to address the threat to our election process, but that requires visible leadership from the White House and the president himself.”
Former Donald Trump campaign adviser and ABC News contributor Chris Christie told the ABC News podcast “The Investigation” Thursday that if he were speaking to the president, who’s been publicly reticent to accept the intelligence community’s findings that Russia interfered in the election to his benefit, he would tell him to “shift focus” now to the 2020 threat.
“You know, bring in [CIA Director] Gina Haspel and [FBI Director] Chris Wray, bring in the DNI [Director of National Intelligence Dan Coats] and say, ‘Listen, we now have a roadmap for what the Russians did, what are we doing to prepare for the 2020 election? I authorize you to do everything it is you need to do to protect the integrity of that election and we’ll work with Congress to make sure… if you need additional funding that you’ll get it in order to protect the integrity of our elections.’
“I have often thought that that would be a really productive thing for him to do, and a smart thing for him to do politically,” Christie, the former governor of New Jersey, said.
A spokesperson for the White House National Security Council declined to comment for this report but pointed to moves by the administration to counter foreign election interference, from loosening offensive cyber rules to paving a pathway for sanctions for those “determined to have interfered in a United States election,” to the Department of Justice indictments against suspected Russian operatives.
Secretary of State Mike Pompeo said Friday that he would warn his Russian counterparts about the “steadfast requirement that Russia not engage in activity that impacts the capacity of our democracy to be successful."
“And we will make very clear to them that this is unacceptable behavior and as you’ve seen from this administration, we will take tough actions which raise the cost for Russian malign activity,” he said. “And we’ll continue to do that.”
In the wake of the 2016 elections where, according to the Department of Homeland Security, at least 21 states were targeted by foreign hackers, Congress appropriated $380 million in grants made available to states to help upgrade their election infrastructure ahead of the 2018 midterms, the first such money since 2010.
But despite mounting threats from increasingly sophisticated bad actors, Congress has been deadlocked on additional legislation ever since and failed to approve any additional funding.
One bill, the Secure Elections Act that sought to shield voting systems from cyberattacks, seemed to be on a glide-path to passage last year with bipartisan support from lawmakers as well as a powerful group of former national security professionals.
But the legislation, authored by Sens. James Lankford, R-Okla., and Amy Klobuchar, D-Minn., who is now running to unseat President Trump in 2020, was scuttled by White House objections of federal overreach. Its House counterpart bill, while not garnering a single Republican signature, suffered a similar fate.
State officials also decried the lack of funding attached to mandates in the measures, though many supported the granting of security clearances for states' top election officers to receive real-time briefings on threats. (Ahead of the 2018 election the federal government worked to approve state officials for at least temporary security clearances for the purpose.)
Another bill that was introduced in June 2018 would mandate disclosures on political ads – like the ones Mueller said Russia bought on social media – has yet to receive a vote.
Scores of lawmakers have thrown out other ideas -- from a cybersecurity inspector general to conduct spot audits of voting systems, to a new standing cybersecurity committee in Congress, but none of those ideas have stood a chance in the current partisan environment ahead, and the prospects are likely only to get worse ahead of the already highly-divisive 2020 presidential race.
“Election security is national security, and we know that adversaries are likely to continue to evolve their tactics and attempt to influence future elections,” the Department of Homeland Security said in a statement Friday.
But a recent report from the Brennan Center said the election infrastructure still has concerning weaknesses, from out-of-date voting machines to states and counties still using voting systems that don’t have a paper trail, which can be critical to identifying irregularities.
The DHS official also said the department has begun reaching out to announced presidential campaigns, “trying to get an early start” on advising them on how to secure their campaign infrastructure in hopes of avoiding a repeat of the purported Russian hack of Hillary Clinton campaign chairman John Podesta’s emails in 2016, as detailed in the Mueller report. The outreach follows a September 2018 FBI initiative designed to encourage campaigns to up their “cyber hygiene.”
On the online influence front, FBI Director Christopher Wray told the RSA cybersecurity conference in March that there’s a “lot more engagement” with the social media companies so that the FBI can warn them about abuse of their platforms, and the social media companies, in turn, can provide information to the FBI for potential investigative leads.
Over the past two years, major social media firms like Facebook and Twitter made public commitments to combat “inauthentic behavior,” periodically announced major takedowns of fake accounts and updated their transparency policies.
Still, Wray said the online “malign influence campaigns” ramp up as elections approach, and the FBI is “gearing up for it to continue and grow again in 2020.”
So with the presidential primary season around the corner, the question remains: has enough been done?
“There’s a lot of things that keep me up at night,” a DHS official, who spoke on the condition of anonymity, said. “What could our adversaries do? What could they do to undermine our democratic system?... I’ll certainly be nervous but confident in the lines of communication we have and the steps that we’ve taken.”
Norden, the election security expert, said he’s concerned that the ongoing work isn’t moving fast enough.
“I don’t want to make it sound like we haven’t made progress, but when you read the Mueller report, it’s hard not to say, ‘Why is this taking so long and why is this so difficult, when there’s such a consensus in the national security community?’” he said.
The Russian government has long denied the hacking and online influence campaign allegations, calling it a symptom of anti-Russian hysteria in the U.S.