With less than four months to go, how much are this year's midterm elections at risk for the kind of interference sowed by Russia in 2016?
It's a question that's coming up again after President Trump's seemingly shifting positions this week about Russia's responsibility for the interference in 2016, and after special counsel Robert Mueller's recent indictments of 12 Russian intelligence officers accused of hacking the Democratic Party and state election computer networks.
It would be "foolish" to think Russia is not trying to influence the 2018 elections, said Homeland Security Secretary Kirstjen Nielsen on Thursday at the Aspen Security Forum.
"They have the capability and they have the will," Nielsen also said.
But two years after the first tendrils of the Russian influence and disruption campaign were detected, the U.S. response remains incomplete because of partisan politics, bureaucratic confusion and differing priorities among state and local governments.
The threat level
Director of National Intelligence Dan Coats offered a stark warning last week, comparing this moment to the period immediately preceding the Sept. 11, 2001, terrorist attacks.
"I'm here to say the warning lights are blinking red again. Today, the digital infrastructure that serves this country is literally under attack," he said.
But whether state election websites and networks will be targeted this fall is less clear.
"We are not yet seeing the kind of electoral interference in specific states and voter databases that we experienced in 2016," continued Coats. "However, we fully realize that we are just one click of the keyboard away from a similar situation repeating itself."
For now, the highly-decentralized American voting system is viewed as an asset that makes it difficult to disrupt. Also, state and local officials are more cyber-literate and alert for threats than they were two years ago, which could make a huge difference considering how much of the Russian interference effort was based on duping unwitting and unexpecting targets.
David Becker, who founded the Center for Election Innovation and Research, said the 2018 midterms will be the most secure elections the U.S. has ever held, and that should only improve looking ahead to 2020.
"U.S. election infrastructure is fundamentally resilient," declared the Senate intelligence committee in a report issued in May.
Still, the consequences of a successful cyberattack could be devastating.
"It's not about changing votes necessarily," said Sen. Marco Rubio, R-Fla., who laid out a doomsday scenario involving hackers breaking into voter registration databases to change people's polling places, or hacking election websites to show the wrong winner on Election Night. These parts of election infrastructure are considered more vulnerable to attack than ballot manipulation.
Rubio suggested such an outcome could cause a constitutional crisis and sow doubt in democracy.
"I'm confident about America's election system, but I'm equally confident about the determination and capability of Russian intelligence to interfere, in ways that most people don't think about," said Rubio. Trump's own seemingly shifting position as to whether the Russian government was responsible for interfering in the 2016 election and his administration's subsequent response has frustrated state election officials, who already felt that they had been kept in the dark by the Department of Homeland Security about the extent and nature of the 2016 hacking attempts.
The National Association of Secretaries of State issued a statement Tuesday, after Trump's Monday press conference with Russian president Vladimir Putin, that reaffirmed that states are responsible for election security. "We ask, however, the White House and others help us rebuild voter confidence in our election systems by promoting these efforts and providing clear, accurate assessments moving forward," the state election officials said.
Still, it's clear many elements of the national security community remain concerned about a potential attack on voting and election systems this fall. The Washington Post reported this week that the National Security Agency and Cyber Command, home of the military's offensive and defensive cybercapabilities, are working together to counter threats to the elections.
A swirl of politics
It took Congress more than a year following the 2016 election to release much-needed funds for states to beef up their cyberdefenses. The $380 million is only now making its way out to state and local election authorities and, in most instances, states are unlikely to be able to make full use of the funds before November.
While Congress has recently held a series of increasingly urgent hearings about the need to prevent and mitigate future attacks on elections, it's unlikely additional money is coming anytime soon. House Republicans argue the $380 million is more than enough to meet states' existing needs for the time being.
"There is not at this time a request necessary for more money," said Rep. Pete Sessions, R-Texas, on the House floor this week.
"I know what we need for safe and secure elections, and that's voter ID," Rep. Jim Jordan, R-Ohio, told The Washington Post.
House Democrats clashed with Republicans on the House floor Wednesday and Thursday in an attempt to attach more funding for election security to a spending bill, only to see their efforts brushed off.
"It's very troubling that we can't agree that we're vulnerable," said Rep. Mike Quigley, D-Ill. "What we're trying to defend here is the democratic process and the credibility of that process."
There remains a bipartisan effort in the Senate to increase funding for election security — that would also require the Department of Homeland Security to report possible cyberattacks to states in real time and require states to conduct a post-election audit of results — but that effort is moving slowly through the Senate.
"A strong democracy is good for everyone. I think that's why you see Democrats and Republicans on this bill," said one the bill's authors, Sen. Amy Klobuchar, D-Minn., in an interview Thursday with NPR's Morning Edition.
NOEL KING, HOST:
The midterm elections are four months away. And there are real concerns about election interference. Yesterday, at the Aspen Security Forum, Director of National Intelligence Dan Coats talked about the threat that Russia poses.
(SOUNDBITE OF ARCHIVED RECORDING)
DAN COATS: I think we have to be relentless in terms of calling out the Russians for what they've done. We have to be vigilant in terms of putting steps in place to make sure it doesn't happen again.
KING: I talked with NPR reporter Miles Parks about whether there's more security around these upcoming elections than there was around the presidential election in 2016.
MILES PARKS, BYLINE: When you think about how Russians operated this cyberattack, basically, a lot of it was what's called spear phishing - targeted emails to try and get passwords from people. Election officials were not thinking like targets before the summer of 2016. And there was a lot of clicking on emails like that. Now they're thinking like targets. And that kind of changes the game in a lot of different ways. But now that caveat - the technology that we're actually using to vote - that has not really changed in the past two years. One study found that 41 states will use equipment to vote in this upcoming midterm election that's more than a decade old.
KING: Ten years old.
PARKS: Yeah, exactly. Earlier this week, I asked Senator Marco Rubio how confident he is in America's voting system. And here's what he told me.
MARCO RUBIO: I'm confident about America's election system. But I'm equally confident about the determination and the capability of Russian intelligence to interfere in ways that most people don't think about. It's not about changing votes, necessarily.
KING: When Rubio says it's not about changing votes, what does he mean? What is he saying that he is worried about?
PARKS: What he's talking about is voter confidence. Basically, this scenario does not involve actually affecting vote tallies. What it involves is going into voter registration systems, changing where people are supposed to cast their ballots, breaking into election websites that are supposed to show the winners and then showing losers instead. And basically, that sews chaos within the voting public without ever affecting or changing a vote.
KING: What is the government doing to fix this or to at least improve it?
PARKS: Right, so Congress did allocate $380 million this year to election security, which is a big deal. But it's important to realize that money in context. The state of California got more money than that for the 2000 elections to overhaul just their voting infrastructure. I don't want to say it's a drop in the bucket, but it's not enough to actually affect the hardware that people are voting on. It's going to go towards trainings and software improvements and things like that. What's unclear is whether there's more money coming down the road. House Democrats released a report earlier this month that said it would cost about $1.4 billion over the next 10 years to actually get America's voting infrastructure up to where we need it to be.
KING: And so when President Trump sort of veers back and forth on the extent to which Russia interfered in the 2016 election, as we've seen him do this week, what effect does that have on the government's ability to get the money out there and to get the job done?
PARKS: Right. I think it definitely doesn't help, so the National Association of Secretaries of State actually released a statement after that remarkable press conference in Helsinki earlier this week. And they asked the White House to, quote, "provide clear and accurate statements going forward." And then when you look at the fact that it's been academic groups and private sector groups who've actually made a lot of strides in training election workers and thinking about this issue in - on the big picture, it kind of shows that the government has had trouble making this a priority.
KING: NPR's Miles Parks. Thank you so much, Miles.
PARKS: Thank you. Transcript provided by NPR, Copyright NPR.