With less than four months to go, how much are this year's midterm elections at risk for the kind of interference sowed by Russia in 2016?
It's a question that's coming up again after President Trump's seemingly shifting positions this week about Russia's responsibility for the interference in 2016, and after special counsel Robert Mueller's recent indictments of 12 Russian intelligence officers accused of hacking the Democratic Party and state election computer networks.
It would be "foolish" to think Russia is not trying to influence the 2018 elections, said Homeland Security Secretary Kirstjen Nielsen on Thursday at the Aspen Security Forum.
"They have the capability and they have the will," Nielsen also said.
But two years after the first tendrils of the Russian influence and disruption campaign were detected, the U.S. response remains incomplete because of partisan politics, bureaucratic confusion and differing priorities among state and local governments.
The threat level
Director of National Intelligence Dan Coats offered a stark warning last week, comparing this moment to the period immediately preceding the Sept. 11, 2001, terrorist attacks.
"I'm here to say the warning lights are blinking red again. Today, the digital infrastructure that serves this country is literally under attack," he said.
But whether state election websites and networks will be targeted this fall is less clear.
"We are not yet seeing the kind of electoral interference in specific states and voter databases that we experienced in 2016," continued Coats. "However, we fully realize that we are just one click of the keyboard away from a similar situation repeating itself."
For now, the highly-decentralized American voting system is viewed as an asset that makes it difficult to disrupt. Also, state and local officials are more cyber-literate and alert for threats than they were two years ago, which could make a huge difference considering how much of the Russian interference effort was based on duping unwitting and unexpecting targets.
David Becker, who founded the Center for Election Innovation and Research, said the 2018 midterms will be the most secure elections the U.S. has ever held, and that should only improve looking ahead to 2020.
"U.S. election infrastructure is fundamentally resilient," declared the Senate intelligence committee in a report issued in May.
Still, the consequences of a successful cyberattack could be devastating.
"It's not about changing votes necessarily," said Sen. Marco Rubio, R-Fla., who laid out a doomsday scenario involving hackers breaking into voter registration databases to change people's polling places, or hacking election websites to show the wrong winner on Election Night. These parts of election infrastructure are considered more vulnerable to attack than ballot manipulation.
Rubio suggested such an outcome could cause a constitutional crisis and sow doubt in democracy.
"I'm confident about America's election system, but I'm equally confident about the determination and capability of Russian intelligence to interfere, in ways that most people don't think about," said Rubio. Trump's own seemingly shifting position as to whether the Russian government was responsible for interfering in the 2016 election and his administration's subsequent response has frustrated state election officials, who already felt that they had been kept in the dark by the Department of Homeland Security about the extent and nature of the 2016 hacking attempts.
The National Association of Secretaries of State issued a statement Tuesday, after Trump's Monday press conference with Russian president Vladimir Putin, that reaffirmed that states are responsible for election security. "We ask, however, the White House and others help us rebuild voter confidence in our election systems by promoting these efforts and providing clear, accurate assessments moving forward," the state election officials said.
Still, it's clear many elements of the national security community remain concerned about a potential attack on voting and election systems this fall. The Washington Post reported this week that the National Security Agency and Cyber Command, home of the military's offensive and defensive cybercapabilities, are working together to counter threats to the elections.
A swirl of politics
It took Congress more than a year following the 2016 election to release much-needed funds for states to beef up their cyberdefenses. The $380 million is only now making its way out to state and local election authorities and, in most instances, states are unlikely to be able to make full use of the funds before November.
While Congress has recently held a series of increasingly urgent hearings about the need to prevent and mitigate future attacks on elections, it's unlikely additional money is coming anytime soon. House Republicans argue the $380 million is more than enough to meet states' existing needs for the time being.
"There is not at this time a request necessary for more money," said Rep. Pete Sessions, R-Texas, on the House floor this week.
"I know what we need for safe and secure elections, and that's voter ID," Rep. Jim Jordan, R-Ohio, told The Washington Post.
House Democrats clashed with Republicans on the House floor Wednesday and Thursday in an attempt to attach more funding for election security to a spending bill, only to see their efforts brushed off.
"It's very troubling that we can't agree that we're vulnerable," said Rep. Mike Quigley, D-Ill. "What we're trying to defend here is the democratic process and the credibility of that process."
There remains a bipartisan effort in the Senate to increase funding for election security — that would also require the Department of Homeland Security to report possible cyberattacks to states in real time and require states to conduct a post-election audit of results — but that effort is moving slowly through the Senate.
"A strong democracy is good for everyone. I think that's why you see Democrats and Republicans on this bill," said one the bill's authors, Sen. Amy Klobuchar, D-Minn., in an interview Thursday with NPR's Morning Edition.
Copyright 2021 NPR. To see more, visit https://www.npr.org.