A week that raised the profile of U.S. cybersecurity concerns

I have written in this space of a pattern of executive actions on cybersecurity coming in February around Valentine’s Day.  The Obama administration issued several cybersecurity executive orders in successive Februaries. While the current administration did not get out its first cybersecurity order in time to match the February pattern – much less as a Valentine’s Day offering – a close version leaked around the same time last year.

Last week marked the fourth anniversary of a keystone of federal cybersecurity policies, the Cybersecurity Framework issued by the National Institute of Standards & Technology. Here at Brookings, we held a public forum to review what the framework has achieved and what lies ahead to improve cybersecurity preparedness and resiliency.

The week of Valentine’s Day did not feature any new cybersecurity executive orders or policy pronouncements from the administration. But it is hard to imagine how the week could have been any more eventful in raising the profile of Russia’s use of cyberattacks as a weapon to disrupt and exploit U.S. elections, and of what the U.S. is doing – and not doing – in response.

Tuesday, February 13

Director of National Intelligence Dan Coats and other leaders of the agencies that make up the Intelligence Community went before the Senate Intelligence Committee to present their Worldwide Threat Assessment. Their report flags Russia as a leading cyber threat that is “testing more aggressive cyberattacks that pose growing threats to the United States.” In his testimony, Coats made it clear Russian activities are continuing and said “there should be no doubt that Russia perceives its past efforts as successful and views the 2018 midterm as a potential target for Russian influence operations.”

The same day, bipartisan election and cybersecurity experts of the Defending Digital Democracy Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs released a set of guides for state and local officials to improve the security of election systems and incident response – one on key vulnerabilities and best practices to address them, another on the basics of incident response, and another on communications response.

Wednesday, February 14

On Wednesday at the Brookings forum, Jeanette Manfra, a career cybersecurity professional who heads cybersecurity operations for the Department of Homeland Security as Assistant Secretary for Cybersecurity and Communications, explained previous disclosures that some state election systems were “compromised” during the 2016 elections and described DHS efforts to work with state and local officials to increase information sharing and resiliency of election systems that have been declared critical infrastructure.

Friday, February 16

On Friday came the detailed indictments of 13 Russians on charges of conspiring to influence the 2016 presidential election by undermining Hillary Clinton and promoting Donald Trump. While these focused on the large-scale social media campaign and were unrelated to hacking of Democratic National Committee emails, the papers and the simultaneous guilty plea included the use of identity theft to set up social media accounts and setting “false flag” servers in the U.S. to use as proxies for Russian activities.

Saturday and Sunday, February 17-18

On Saturday, National Security Adviser H. R. McMaster told the world’s national security elites at the Munich Security Conference that in light of the indictments, “the evidence is now incontrovertible and available in the public domain, whereas in the past it was difficult to attribute.”

Over the weekend, the nation’s top election officials met at the conference of the National Association of Secretaries of State in Washington, D.C. There DHS, according to news reports, DHS officials gave a closed-door briefing that were short on details but explicit about the threat from Russia.

This was a head-spinning sequence of events on Russian election meddling. Then it took another 180-degree turn out of The Exorcist late Saturday night when @realDonaldTrump controverted McMaster’s “incontrovertible” remark.

General McMaster forgot to say that the results of the 2016 election were not impacted or changed by the Russians and that the only Collusion was between Russia and Crooked H, the DNC and the Dems. Remember the Dirty Dossier, Uranium, Speeches, Emails and the Podesta Company!

— Donald J. Trump (@realDonaldTrump) February 18, 2018

Leadership at the top

At the Brookings forum on Wednesday, both Jeanette Manfra and Annie Antón, professor of interactive computing at Georgia Tech and a member of the 2016 presidential Commission on Enhancing National Cybersecurity, emphasized the need to avoid undermining public confidence in our electoral systems. The machinery of American elections builds in significant resiliency because its decentralization and layers prevent hacking of voting and counting systems on a large scale. These also create numerous checkpoints for error. State and local officials, civil society, and most of the federal government are working to enhance these strengths and shore up vulnerabilities to prevent future hacking that could alter outcomes.

What is missing is leadership at the very top. Donald Trump’s preposterous battle against the mounting evidence of Russia’s influence campaign and his refusal to implement bipartisan sanctions or otherwise stand up to Russia amount to a dereliction of duty. His actions violate the oath he took to “preserve, protect and defend the Constitution of the United States” because they undermine the confidence that Americans should share in the elections that govern our constitutional system.