COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY
- 3. (U) Build a Stronger Defense, Part II: Improve Information Gathering and Sharing on Threats
The U.S. government needs to build the cyber expertise and capacity of its domestic agencies, such as DHS and FBI, and reevaluate the current authorities that govern efforts to defend against foreign cyber threats. NSA and CIA collection is, by law, directed outside the United States.
The U.S. government should invest in capabilities for rapid attribution of cyber attacks, without sacrificing accuracy. However, the IC needs to improve its ability to provide timely and actionable warning. Timely and accurate attribution is not only important to defensive information sharing, but will also underpin a credible deterrence and response strategy.
(U) The federal government and state governments need to create clear channels of communication two ways—down from the federal government to the state and local level, and up from the state and local officials on the front lines to federal entities. In 2016, DHS and FBI did not provide enough information or context to election officials about the threat they were facing, but states and DHS have made significant progress in this area in the last two years. For example, Secretary of Homeland Security Nielsen testified to the Committee in March 2018 that "today I can say with confidence that we know whom to contact in every state to share threat information. That capability did not exist in 2016."[2]
(U) A key component of information sharing about elections is security clearances for appropriate officials at the state and local level. DHS and its partners can effectively strip classified information off of cyber indicators, which can then be passed to technical staff at the state level, but in order for those indicators to not get lost in the multitude of cyber threats those professionals see on a daily basis, senior officials at the state and local levels need to know the
55
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY