Intelligence and security officials, as well as policymakers and other experts talking both on the record and on background say what began with a Russian effort to influence the 2016 presidential election has evolved.They expect the next round of Russian efforts to be more sophisticated and more widespread, likely to include a combination of disinformation campaigns on social media along with the potential hacking of vulnerable targets.
An employee works at the headquarters of Kaspersky Labs, a computer security company in Moscow.
In the near term, many expect the focus to remain on U.S. elections. They also expect it will not be long until countries other than Russia seek to unleash similar influence campaigns and that they may very well expand their targets to private sector companies and other, vital institutions. "I think all of my colleagues probably are worried or should be worried about it," said Senate Intelligence Committee chairman Richard Burr of the near-term threat, during remarks this week at the Council on Foreign Relations in Washington. "I think every state should be worried about it." "To believe that Russia's not attempting in the United States to do things potentially for the '18 cycle I think would be ignorant on our part," Burr said.
Grappling with election threats
In September, the Department of Homeland Security notified 21 states that Russia attempted to hack their computerized election systems. In most cases, officials said they saw preparations for hacking attacks, such as the scanning of systems for points of access. Even before the 2016 election, the states of Illinois and Arizona announced suspected Russian actors had managed to hack into their voter rolls. Although federal and state officials have been quick to point out there is no evidence Russian hackers managed to alter vote tallies during the 2016 elections, many voters do not feel reassured. "We get calls every day … people are concerned," said Indiana Secretary of State Connie Lawson, who is also president of the National Association of Secretaries of State. "I've had just as many calls regarding the security of our elections this year, this off-election year, as I have ever had."
Voters cast ballots in the Illinois primary in Hinsdale, Ill., March 18, 2014. Illinois' top election officials insist that a recent hack into state voter rolls, which contain the names of 8 million active voters, does not pose a threat to the Nov. election
Lawson said states are taking such concerns seriously and have been working more closely with federal officials to better share intelligence about potential threats. They have also been working on additional precautions to keep statewide systems safe. "About the time you say you're comfortable is the time you should be worried," she said. Still, Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania, is not convinced any of those measures will be enough. "I don't want to say our elections are illegitimate but I don't know that I can say that they aren't," he said. "The honeymoon is going to end very, very quickly"
Of particular concern to Blaze are election systems overseen by local officials at the more than 3,000 counties across the United States. "To the extent that they've even been designed against a threat, it's a threat of conventional corruption — somebody to get themselves elected mayor or sell votes," said Blaze. "Nation-state adversaries [like Russia] were not even in the threat model with these systems." For now, experts like Blaze are advocating states simplify their systems and make them easier to audit for anomalies that could indicate someone is trying to tamper with the results.
Outsiders seeking influence