President Donald Trump chaired an election-security meeting Friday afternoon with his top advisers as Democrats called on the White House to delineate a clear strategy to counter foreign attempts to meddle in the U.S. electoral process.
The National Security Council meeting “addressed threats posed to our elections from malign foreign actors, efforts underway to provide cybersecurity assistance to state and local authorities, and actions to investigate, prosecute, and hold accountable those who illegally attempt to interfere in our political and electoral processes,” White House Press Secretary Sarah Huckabee Sanders said in a statement. The Trump administration, she said, is taking a “whole-of-government approach” to secure election systems in all 50 states, Washington, D.C., and territories.
Director of National Intelligence Dan Coats, National Security Agency Director Paul Nakasone, CIA Director Gina Haspel and FBI Director Christopher Wray were among the officials at the meeting, according to the White House.
“The president has made it clear that his administration will not tolerate foreign interference in our elections from any nation-state or other malicious actors,” Sanders said, despite Trump’s history of casting doubt on the U.S. intelligence community’s conclusion that the Russian government interfered in the 2016 election.
As the news reverberated in Washington this week that Russian military hackers had targeted the staff of Sen. Claire McCaskill, D-Mo., Democrats seized on the NSC meeting to demand more leadership on the issue from the White House.
Calling the meeting “long overdue,” five Senate Democrats wrote to national security adviser John Bolton earlier Friday to ask the Trump administration to work to extradite the 12 Russian intelligence officials indicted by Special Counsel Robert Mueller.
“This is more than meddling or interference,” wrote Sens. Amy Klobuchar, Minn.; Dianne Feinstein, Calif.; Dick Durbin, Ill.; Chuck Schumer, N.Y.; and Chris Van Hollen, Md., referring to Russian phishing attacks on midterm candidates. McCaskill is the only one publicly named. Two other candidates reportedly have been targeted, but have not been named by security researchers or the government.
“This a full-fledged cyberattack waged against the U.S. government and should be addressed as such,” the senators wrote.
A White House official would not comment on whether Sanders’s statement about “holding accountable those who illegally attempt to interfere” in the U.S. electoral process was a reference to an effort to extradite the 12 Russian officials.
Before the NSC meeting, top House Democrats also called for a clear strategy from the White House on election security.
“[W]e want to know who at the White House is keeping the president apprised of election interference efforts and who is coordinating interagency efforts to counter them,” the ranking members of the committees on Homeland Security, House Administration, Oversight and Government Reform, and the Judiciary said in a statement.
As critics have pointed out, Bolton’s decision in May to eliminate the White House cybersecurity coordinator position means there is one less top official at the NSC to help tackle election security threats.
“I think it limits the time that leadership in the White House has to focus on this issue because the deputies that are responsible for this have other jobs,” Ari Schwartz, a former top NSC cybersecurity official in the Obama administration, told CyberScoop.
The Department of Justice last week laid out a strategy to prevent election interference, including by warning the public of foreign influence operations. For its part, the Department of Homeland Security has worked with states to boost their election security through, for example, training sessions, classified briefings, and scans of state systems for vulnerabilities.
Congress has allocated $380 million to states to make their election infrastructure more secure, but that money is not enough to implement security measures such as replacing paperless voting machines in all states that use them.
The GRU targets a red-state senator
The Daily Beast reported Thursday that Russian’s military intelligence agency, the GRU, had gone after staffers for McCaskill with phishing emails. McCaskill, a red-state Democrat and a sharp critic of Russian President Vladimir Putin, seems a logical target for renewed Russian cyber operations before the midterm vote. While McCaskill said the phishing attempt was unsuccessful, analysts said it could be a shot across the bow as the fall midterms approach.
The phishing attack on McCaskill’s staff is “a really good reminder that the Russians know what you’re doing,” Michael Sulmeyer, a former top cybersecurity official in the Office of the Secretary of Defense, told CyberScoop.
“This is not random behavior,” added Sulmeyer, director of the Belfer Center’s Cybersecurity Project at the Harvard Kennedy School. “They know what the competitive races are in the United States.”
Schwartz, now a cybersecurity executive at law firm Venable, echoed that observation in saying that “candidates at this point should realize that they’re a target,” of nation-states.
Venable has helped campaigns for this election cycle establish secure communications practices, according to Schwartz. Nonetheless, he added, “I think it’s an open question as to how widespread those security best practices are” among campaigns across the country.