The Senate Intelligence Committee concluded Thursday that election systems in all 50 states were targeted by Russia in 2016, an effort more far-reaching than previously acknowledged and one largely undetected by the states and federal officials at the time.
But while the bipartisan report’s warning that the United States remains vulnerable in the next election is clear, its findings were so heavily redacted at the insistence of American intelligence agencies that even some key recommendations for 2020 were blacked out.
The report — the first volume of several to be released from the committee’s investigation into Russia’s 2016 election interference — came 24 hours after the former special counsel Robert S. Mueller III warned that Russia was moving again to interfere “as we sit here.”
While details of many of the hackings directed by Russian intelligence, particularly in Illinois and Arizona, are well known, the committee described “an unprecedented level of activity against state election infrastructure” intended largely to search for vulnerabilities in the security of the election systems.
A spotlight on the people reshaping our politics. A conversation with voters across the country. And a guiding hand through the endless news cycle, telling you what you really need to know.
It concluded that while there was no evidence that any votes were changed in actual voting machines, “Russian cyberactors were in a position to delete or change voter data” in the Illinois voter database. The committee found no evidence that they did so.
In his testimony to two House committees on Wednesday, Mr. Mueller had sought to highlight the continued threat that Russia or other adversaries would seek to interfere in the 2020 elections. He said many more “countries are developing capability to replicate what the Russians have done.”
quote:
While the report is not directly critical of either American intelligence agencies or the states, it described what amounted to a cascading intelligence failure, in which the scope of the Russian effort was underestimated, warnings to the states were too muted, and state officials either underreacted or, in some cases, resisted federal efforts to offer help.
Even today, after a two-and-a-half-year investigation, the committee conceded that “Russian intentions regarding U.S. election infrastructure remain unclear.” Moscow’s intelligence agencies — chiefly the G.R.U., Russia’s main military intelligence unit — may have “intended to exploit vulnerabilities in the election infrastructure during the 2016 elections and, for unknown reasons, decided not to execute those options.”
But more ominously, the report suggested that it might have been cataloging options “for use at a later date” — a possibility that officials of the National Security Agency, the Department of Homeland Security and the F.B.I. said was their biggest worry.
The report also hinted at some intriguing new findings — but their effect was muted by the scope of the deletions demanded by intelligence agencies. For example, the report noted that the State Department was aware that Russian officials had requested to send election observers to polling places in the 2016 election — just as the United States often seeks to send observers to elections in foreign nations, including Russia.
That was of concern to the committee because testimony about election machines, which are disconnected from the internet, suggested the most efficient way to alter votes was with physical access to the machines or computers rather than programming them with ballots.
We need a cyber doctrine that lays out to our adversaries what sorts of retaliation they will face if we detect "assaults" on the US. The retaliation does not need to be "like," i.e. we would not retaliate against Russian election interference by going after their "elections." That would be pointless, and kind of absurd. What elections?
Instead we announce that we will choose our spots, and that the idea of proportionality doesn't fit the cyber realm. It's not easy to define proportionality, and the attempt to do so would limit the deterrence effect. A list of potential actions might include shutting down power systems, subway lines, air traffic control etc. And yes, accidents happen so anyone who commits this sort of "attack" on the US may face material damage, and people may be harmed by our response, even if we do not intend that harm.
At present we seem to have absolutely no deterrence against direct cyberattacks by Russia or any other player. And there are no internationally established rules or conventions.
Posts: 12759 | Location: Williamsburg, VA | Registered: 19 July 2005