They’re Crying in the Cyber Wilderness
Attacking American institutions has become a lot simpler since 9/11
Seventeen summers ago, 19 men had to make their way physically into the country, train to fly planes while avoiding scrutiny, and then crash them into buildings in order to pull off a devastating attack on a superpower.
In the years since then, attacking the United States and its institutions has become a lot simpler: a few strokes on a keyboard can now disrupt elections or shut off a power grid.
Russia interfered with the 2016 election by managing to probe election computers in 21 states, and in some cases gain entry. Moscow also backed groups that created thousands of fake accounts on social media platforms to incite Americans on contentious issues such as race, gun rights and religious freedoms. Special Counsel Robert S. Mueller III has indicted dozens of Russian agents for breaking into Democratic Party computers to steal emails and publicize them.
Despite work by technology companies to battle such hackers, threats continue to proliferate, as Facebook and Twitter in recent weeks announced they had taken down hundreds of fake accounts backed not only by Moscow but also Tehran.
In recent weeks Microsoft has said it had identified and taken down six internet domains created by entities supported by the Russian government that attempted to create fake websites similar to the ones run by conservative think tanks.
In a reprise of former CIA director George Tenet’s line that the “system was blinking red” with warning signals in the months before the Sept. 11 attack, many top U.S. officials and lawmakers have taken to issuing similar warnings of potentially catastrophic cyberattacks that America’s adversaries could unleash.
Director of National Intelligence Dan Coats in July said the “warning lights are blinking red again,” adding that while U.S. agencies weren’t seeing the kind of intrusion into election systems they had in 2016, “we fully realize we are just one click of the keyboard away from a similar situation repeating itself.”
Homeland Security Secretary Kirstjen Nielsen echoed Coats’ warning in early September, adding that “our digital lives are in danger like never before.”
Is this thing on?
The warning signs in the months before September 2001 not only were ignored or missed because of bureaucratic infighting, as the 9/11 Commission found, but they were never made public. In contrast, 17 years later, despite the public warnings by top officials, it is unclear whether there’s better preparation against such potential attacks.
A few state election officials continue to question U.S. intelligence agencies’ assessment that Russia interfered in the 2016 election. President Donald Trump has gotten rid of top cybersecurity positions in the White House that many experts and lawmakers see as being crucial to coordinating the workings of multiple U.S. agencies.
The Department of Homeland Security has identified 16 critical infrastructure sectors — including power, utilities, chemical and banking — that are eligible to receive information on threats from U.S. intelligence agencies. But timely sharing of information on cyber threats between U.S. government agencies and private companies continues to be a work in progress.
At a recent congressional hearing, Sen. Lindsey Graham, chairman of the Senate Judiciary subcommittee on crime and terrorism, called on fellow Republicans in Congress to take the threat of cyberattacks more seriously.
“Mr. President Trump, our nation is under attack,” the South Carolina Republican said. “To members of Congress, our nation is under attack not just by Russia,” but other actors as well. While the current wave of cyberattacks are not “knocking down buildings, they’re trying to destroy our democracy.”
Graham and the top Democrat on the subcommittee, Sheldon Whitehouse, said the Trump administration and congressional Republicans must do more to counter threats not just from Russia but also from Iran, North Korea and China. Those countries are targeting American institutions, along with private companies and infrastructure operators, they said.
“To Republicans, if you think the Russians don’t have you in mind, you’re making a great mistake,” Graham said. “They’re trying to undermine the democratic process. Now that we are in charge, I think we are a natural target.”
While lawmakers have proposed about three dozen bills to address election security, none of them have passed either chamber.
One bill that would mandate paper ballots across the country as a backup measure to electronic voting machines and require states to conduct post-election audits has been stalled, as some lawmakers question whether the measure amounts to federal intrusion into states’ powers. The White House has also raised objections to the bill.
Private cybersecurity researchers are concerned that despite broad agreement about threats facing the election systems, the federal government has not done enough.
Federal agencies and local election bodies seem unprepared for the kinds of crises that nation states and lone hackers can unleash on unsuspecting voters by sending fake emails with wrong information on voting locations, for example, said Steve Grobman, the chief technology officer at McAfee, a top cybersecurity firm.
The federal government hasn’t taken the kinds of extensive precautions it needs to in order to prevent vote tampering and manipulation, Grobman said. And public awareness is a problem.
While addressing automotive safety back in the 1960s, the federal government and the National Highway Traffic Safety Administration invested in a nationwide advertising campaign to get people to wear seatbelts, Grobman said.
The Department of Homeland Security similarly today could run television ads to educate voters that election officials would never contact them by email, for example, or that voters should not trust stolen data. Such public information campaigns could inoculate people from threats, he said.
Watch: Trump’s Border Wall Shutdown Threats Continue, But Still Not Convincing Many Hill Republicans