The intelligence community is now trying to help states prepare for ransomware attacks on elections databases ahead of the 2020 election. The federal government is going to launch a program this fall to help inform states about how to protect voter registration databases and systems, but, thanks to Mitch McConnell, money allocated by Congress to the states to fix the systems hasn't been approved.
These are databases and systems used to verify eligible voters on Election Day, the same databases targeted by Russians in 2016. The concern for next year is that the Russians won't just gain entry, but will "manipulate, disrupt or destroy the data." A senior U.S. official says, "We assess these systems as high risk," because these are the systems that are regularly connected to the internet.
"A pre-election undetected attack could tamper with voter lists, creating huge confusion and delays, disenfranchisement, and at large enough scale could compromise the validity of the election," said John Sebes, chief technology officer of the OSET Institute, an election technology policy think tank. Hackers, specifically Russian hackers, have already used ransomware to stage attacks on global corporations that crippled their computer systems in the "NotPetya" attack in 2017. The fear is that they'll target election databases that are "particularly susceptible to this kind of attack because local jurisdictions and states actively add, remove, and change the data year-round," said Maurice Turner, a senior technologist with the Center for Democracy and Technology. "If the malicious actor doesn't provide the key, the data is lost forever unless the victim has a recent backup."
The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, "will reach out to state election officials to prepare for such a ransomware scenario. It will provide educational material, remote computer penetration testing, and vulnerability scans as well as a list of recommendations on how to prevent and recover from ransomware." The focus, a Homeland Security official says, is "preventing it from happening" rather than telling states whether or not to pay or refuse ransom if they're hacked.
All of which is important, but this is going to be a damned difficult program to implement, because states are using all kinds of different equipment and systems, some of them decrepit, coming from a variety of private vendors who will also need to be looped in to these efforts. Combatting this is going to cost money, money that has to be allocated by Congress. The House has legislation to do this, and McConnell won't allow a vote on it in the Senate. He says that it's a matter of states' rights, and the federal government should not be intervening, and also that the issue is being used by Democrats for "political benefit."
Who knew the intelligence community was all partisan Democrats? Moscow Mitch doesn't want to harden our elections systems against Russia. Period.
This has to end. Please give $1 to our nominee fund to help Democrats end McConnell's career as majority leader.