NSA slammed for failure to share info on Russian cyberattacks

The man in charge of the nations’s largest voting system says the National Security Agency’s failure to share information about threats to American elections “places our democracy in harm’s way.”

In a letter sent last week to NSA director Mike Rogers, California Secretary of State Alex Padilla said he’s “seriously concerned” about the agency’s failure to inform election officials about the Russian cyberattack described in a recent NSA report that was leaked to the press.

“Why was this information not promptly shared with our nation’s election officials?” wrote Padilla, a Democrat. “Why did America’s election officials have to learn about this threat seven months after the fact and as a result of a leaked document from an NSA contractor?”

The letter seems to ask questions not only of Rogers, who was appointed to run the NSA by President Trump, but also of the Obama-era NSA. It asks whether the agency was aware of critical information before the 2016 election “that should have been shared with state and local elections officials in order to better defend ourselves adjacent cyber intrusions.”

The highly classified NSA report, dated May 5 and published earlier this month by The Intercept, revealed that in the days before the November 2016 election, the Russian military sent spear-fishing emails to over 100 local election officials. The Russian military also carried out a cyberattack against a U.S. software company that provides voting systems and services, according to the report. Last week, Bloomberg, citing people with knowledge of the investigation into the matter, reported that the attacks hit 39 states—far more than previously known.

In his letter, Padilla noted that in January, the Department of Homeland Security officially designated election infrastructure as critical infrastructure, which was intended in part to make it easier to share information among sake-holders.

“The purpose of federal agencies designating elections as critical infrastructure and conducting surveillance on nefarious actors is undermined when the information collected is not shared on a timely basis with those who most need it,” Padilla wrote. “Failing to provide timely and critical threat information to election officials places our democracy in harm’s way.”

Padilla’s full letter is below:

 

June 13, 2017

Admiral Michael S. Rogers
Director
National Security Agency
9800 Savage Rd., Suite 6272
Ft. George G. Meade, MD 20755-6000

Dear Admiral Rogers:

As the chief elections officer in the most populous state in the nation, I am seriously concerned about the National Security Agency’s failure to provide timely and critical information to America’s elections officials.

I also currently serve as co-chair of the Elections Committee for the National Association of Secretaries of State (NASS) and as a member the Department of Homeland Security’s Election Infrastructure Cybersecurity Working Group. The stated purpose of the Working Group is to bring together federal, state, and local officials to ensure that critical information and cyber security best practices are being shared in a bipartisan and timely manner. We work in coordination with the U.S. Election Assistance Commission, the National Institute of Standards and Technology, the U.S. Department of Justice, and the Federal Bureau of Investigation.

Last year, heading into the presidential election, the FBI issued a nationwide alert regarding cyber targeting activity against state voter registration systems. This was helpful as states promptly worked with the Department of Homeland Security to ensure our systems were protected from such attacks. What is unclear now is whether the NSA possessed additional critical information prior to the 2016 Presidential Election that should have been shared with state and local elections officials in order to better defend ourselves against cyber intrusions.

Therefore, I request your response to the following questions:

  • When did the NSA first receive documented threat intelligence information targeting our elections, including, but not limited to, the email spear-phishing campaign that is described in the recently leaked NSA report?
  • Why was this information not promptly shared with our nation’s election officials?
  • The leaked report is dated May 5, 2017. Were you aware of these spear-phishing efforts or other efforts to breach election systems prior to the Presidential Election?
  • Why did America’s election officials have to learn about this threat seven months after the fact and as a result of a leaked document from an NSA contractor?
  • What ongoing threats to our elections exist currently?

The security of our people and our democracy should be our absolute priority. Information-sharing was a key justification for the Department of Homeland Security’s January, 2017 designation of election infrastructure as critical infrastructure.  The purpose of federal agencies designating elections as critical infrastructure and conducting surveillance on nefarious actors is undermined when the information collected is not shared on a timely basis with those who most need it. Failing to provide timely and critical threat information to election officials places our democracy in harm’s way.

Thank you for your attention to this matter. I look forward to your prompt reply.

Sincerely,

ALEX PADILLA
California Secretary of State

 

cc:  The Honorable Mitch McConnell, Senate Majority Leader
The Honorable Charles Schumer, Senate Minority Leader
The Honorable Paul Ryan, Speaker, U.S. House of Representatives
The Honorable Nancy Pelosi, Leader, U.S. House of Representatives
The Honorable Richard Burr, Chair, U.S. Select Committee on Intelligence
The Honorable Mark Warner, Vice Chair, U.S. Select Committee on Intelligence
The Honorable Devin Nunes, Chair, House Permanent Select Committee on Intelligence
The Honorable Adam Schiff, Ranking Member, House Permanent Select Committee on Intelligence
The Honorable Dianne Feinstein, U.S. Senator
The Honorable Kamala Harris, U.S. Senator
California Congressional Delegation

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s