Page:Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 1.pdf/52

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.

   
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY

a ton of time educating outside groups on how elections are run."[1] State 3 officials said, "DHS didn't recognize that securing an election process is not the same as securing a power grid."[2]

(U) By early 2018, State officials gave DHS credit for making significant progress over the next six months. States began to sign up for many of the resources that DHS had to offer, and DHS hosted the first meeting of the Government Coordinating Council required under the critical infrastructure designation. Those interactions often increased trust and communication between the federal and state entities. For example, DHS has identified a list of contacts to notify if they see a threat; that list includes both IT officials and election officials. State 9 described it as "quite a turnaround for DHS," and further stated that the Secretaries of State had been disappointed with how slowly DHS got up to speed on election administration and how slowly the notifications happened, but DHS was "quick with the mea culpas and are getting much better."[3]

(U) Not all of the engagements were positive, however. State 13 in early December 2017 still reported continued frustration with DHS, indicating to the Committee that it had not seen much change in terms of outreach and constructive engagement. As of summer 2017, according to State 13, "the lack of urgency [at DHS] was beyond frustrating."[4]

C. (U) Taking Advantage of DHS Resources

(U) As DHS has pursued outreach to the states, more and more have opened their doors to DHS assistance. DHS told the Committee that its goal has been relationship building and:

In the partnerships with the states and secretaries of states, state election directors, and at the local level, we're trying to shift them to a culture of more information security management, where they can now account for the integrity of their system, or, if something did happen … they know the full extent of what happened on their system. … We're providing vulnerability assessments and trend analysis, in addition to connecting them to the threat intelligence that we can, in order to evolve their … cyber culture.[5]

(U) DHS's assistance can be highly tailored to need, and falls into roughly two buckets: remote cyber hygiene scans, which provide up to weekly reports, and on-site risk and vulnerability assessments. DHS also offers a suite of other services, including phishing campaign assessments. All these efforts seek to provide the states with actionable information to improve cyber hygiene, but DHS has been keen to avoid what could be perceived by the states as

  1. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 8], February 2, 2018.
  2. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 3], December 8, 2017.
  3. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 9], November 17, 2017.
  4. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 13], December 1, 2017.
  5. (U) SSCI interview with DHS and CTIIC, February 27, 2018, pp. 54-55.

52
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY
   

Retrieved from "https://en.wikisource.org/w/index.php?title=Page:Report_of_the_Select_Committee_on_Intelligence_United_States_Senate_on_Russian_Active_Measures_Campaigns_and_Interference_in_the_2016_U.S._Election_Volume_1.pdf/52&oldid=10947491"