Department of Homeland Security officials plan to visit European allies to share lessons learned from defending the 2018 U.S. midterm elections, a top DHS official said Tuesday.
“What we’re doing is taking some of the ’16 and ’18 lessons learned, packaging them together, and then doing a bit of a roadshow,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, told reporters. Details of the trip are still being finalized, but Krebs said it also would offer CISA officials an update from the field on adversary activity ahead of the 2020 U.S. presidential election.
Many millions of Europeans are expected to head to the polls in late May to choose new representatives in the European Union parliament. European officials have issued a series of warnings that Russia is likely to interfere in the vote, including an assessment last week from Estonia’s foreign intelligence agency.
In another key election, Ukrainians will choose a president later this month. The Ukrainian president has already accused the Russian government of conducting distributed denial-of-service attacks on Ukraine’s election commission website.
All of those threats matter to the CISA teams charged with protecting the 2020 vote in the U.S.
“I know what [the Russians] did in ’16,” Krebs said. “I know what they tried to do in ’18. I don’t know what they’re going to do in ’20, but I guarantee you, the Russians are road-testing it right now in certain spaces in Europe.”
Attention to election-security-related issues in Europe has only grown more acute in recent weeks. In February, Microsoft revealed hacking attempts on European think tanks. The tech giant said a hacking group linked to the Russian government was responsible.
“If I can go over there and get ahead of the curve … and bring those defensive measures back to the blue team here, I think we’ll be better off for ,” he added.
Before the 2018 midterms, U.S. Cyber Command went on a European trip in that same spirit, conducting defensive exercises with Ukraine, North Macedonia, and Montenegro.
There is plenty of recent data for DHS officials to draw on in sharing U.S. experiences with election security. During the 2016 presidential campaign, Russian intelligence operatives conducted an incisive hack-and-leak operation designed to support Donald Trump’s candidacy, the U.S. intelligence community concluded. After that intervention, federal officials poured resources into shoring up defenses at the state and local level. The 2018 midterms passed without evidence of large-scale intervention approaching that of 2016.
There is now a recognition in the election security community that 2016 was a watershed – that foreign adversaries will continue to use digital tools to try to meddle in the electoral process for the foreseeable future.
That “new normal” was reflected in the fact that CISA put election security on its shortlist of priorities as the agency came back to full staff in late January following the record 35-day partial government shutdown. The agency spent a good portion of the RSA Conference in San Francisco this month meeting with allies to discuss election security, according to Krebs.
“We’re not waiting until six months before the  election” to prepare, he said.