Despite some additional detail about cyber hacking by Russia during the 2016 U.S. presidential election, there were no surprises in Special Counsel Robert Mueller’s report last week given what was already uncovered by the intelligence community, the top cyber security official at the Department of Homeland Security said on Tuesday.
The report “was pretty consistent with the intelligence community assessment [and] with the indictments of last summer” of Russian officials in connection with Russian interference in the 2016 election, Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, told reporters during a brief media gaggle following his morning keynote remarks at an AFCEA homeland security conference in Washington, D.C.
‘It’s just a reinforcement that they were incredibly active in ’16, they were active in ’18, and we’re going to be ready for them in 2020,” Krebs said. “We are heavily engaged.”
Following the 2016 election, the intelligence community investigated Russian interference in the 2016 elections and concluded that Russia’s government was behind attempts to influence the outcome on behalf of then Republican candidate Donald Trump. The report by Mueller released by the Justice Department last week into alleged collusion between the 2016 Trump campaign and Russia to bolster the Republican candidate’s chances to become president confirmed the intelligence community’s assessment and provided additional detail, including a successful hacking of a network of at least one county government in Florida through the use of spearphishing emails.
Krebs told Defense Daily before his address that that the hack only penetrated a laptop computer with administrative functions and that no election-related data was compromised and no harm done. The hack was uncovered via intelligence means, he said, without elaborating.
Before 2016, election security wasn’t a “huge focus” for the Department of Homeland Security but in the two years since then it has become a “top priority,” Krebs told attendees.
Ahead of the 2018 midterm congressional elections, DHS was working with relevant officials at the state level nationwide and with between 1,400 and 1,500 of local election agencies, Krebs said. The goal by the 2020 elections is to work in one way or another with all 8,800 local election jurisdictions, he said.
DHS works directly with state and local officials as well as through the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), a non-profit entity that provides various cyber security services to its members. The department provides funding for the EI-ISAC.
Krebs also mentioned that before 2016 intrusion detection sensors called Albert sensors only provided coverage of about 30 percent of the voting public at election systems. By the 2018 midterms, the Albert sensors covered 92 percent of the voting public, he added.
“So, significant improvement in the ability to share information with state and local governments in just a two-year span,” Krebs said.
Election security will remain a key focus area “at least for the foreseeable future” and CISA will continue to seek funding in this area, he said. One of the ongoing policy questions is “what are the resources the states require to address the risks they have and who’s going to fund that,” Krebs said, adding that “Congress also has the ability to step in as they have done in the past to provide resources.”