Taking a quick break from the #MuellerReport to tweet the Senate Committee on Intelligence

REPORT on RUSSIAN ACTIVE MEASURES CAMPAIGNS and INTERFERENCE in the 2016 US ELECTION

VOLUME 1: RUSSIAN EFFORTS AGAINST ELECTION
INFRASTRUCTURE

THREAD/
#SenateRussiaReport

I. INTRO
From 2017 to 2019, the Committee held hearings, conducted interviews, and reviewed intelligence related to Russian attempts in 2016 to access election infrastructure.

V1 p3

The Committee sought to determine the extent of Russian activities, identify the response of the US Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future.

The Committee received testimony from state election officials, Obama administration officials, and those in the Intelligence Community and elsewhere in the U.S. Government responsible for evaluating threats to elections.

#SenateRussiaReport

II Findings

The Russian government directed extensive activity, beginning in at least 2014 and carrying into at least 2017, against US election infrastructure' at the state and local level.

◼️ = redacted

The Committee has seen no evidence that any votes were changed or that any voting machines were manipulated.

◼️

#SenateRussiaReport
V1 p3

footnote 3: The names of the states the Committee spoke to have been replaced with numbers.

DHS and some states asked the Committee to protect state names before providing [us] with info.

Where .. public testimony by Illinois state election officials, that state is identified

II. Findings (cont)

3. While the Committee does not know with confidence what Moscow's intentions were, Russia may have been probing vulnerabilities in voting systems to exploit later.

#SenateRussiaReport
V1 p4

Alternatively, Moscow may have sought to undermine confidence in the 2016 US elections simply through the discovery of their activity.

4. Russian efforts exploited the seams between federal authorities and capabilities, and protections for the states.

The US intelligence apparatus is, by design, foreign-facing, with limited domestic cybersecurity authorities except where the Federal Bureau of Investigation..

.. and the Department of Homeland Security (DHS) can work with state and local partners.

State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor.

#SenateRussiaReport
V1 p4

II. Findings

5. DHS and FBI alerted states to the threat of cyber attacks in the late summer and fall of 2016, but the warnings did not provide enough information or go to the right people.

Alerts were actionable, in that they provided malicious Internet Protocol (IP) addresses to information technology (IT) professionals, but they provided no clear reason for states to take this threat more seriously than any other alert received.

#SenateRussiaReport
V1 p4

6. In 2016, officials at all levels of government debated whether publicly acknowledging this foreign activity was the right course. Some were deeply concerned that public warnings might promote the very impression they were trying to dispel—that the voting systems were insecure.

7. Russian activities demand renewed attention to vulnerabilities in US voting infrastructure.

In '16, cybersecurity for electoral infrastructure at the state and local level was sorely lacking; for example, voter registration databases were not as secure as they could have been

Aging voting equipment, particularly voting machines that had no paper record of votes, were vulnerable to exploitation by a committed adversary.

Despite the focus on this issue since 2016, some of these vulnerabilities remain.

#SenateRussiaReport
V1 p4

8. In the face of this threat and these security gaps, DHS has redoubled its efforts to build trust with states and deploy resources to assist in securing elections.

Since 2016, DHS has made great strides in learning how election procedures vary across states and how federal entities can be of most help to states.

The US Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the
National Association of State Election Directors (NASED), and other groups have helped DHS in this effort.

DHS's work to bolster states' cybersecurity has likely been effective, in particular for those states that have leveraged DHS's cybersecurity assessments for
election infrastructure,

but much more needs to be done to coordinate state, local, and federal knowledge and efforts in order to harden states' electoral infrastructure against foreign meddling.

#SenateRussiaReport
V1 p4

9. To assist in addressing these vulnerabilities, Congress in 2018 appropriated $380 million in grant money for the states to bolster cybersecurity and replace vulnerable voting machines.

When those funds are spent, Congress should evaluate the results and consider an additional appropriation to address remaining insecure voting machines and systems.

#SenateRussiaReport
V1 p5

10. DHS and other federal government entities remain respectful of the limits of federal involvement in state election systems.

States should be firmly in the lead for running elections.

The country's decentralized election system can be a strength from a cybersecurity perspective,

but each operator should be keenly aware of the limitations of their cybersecurity capabilities and know how to quickly and properly obtain assistance.

#SenateRussiaReport
V1 p5

III. THE ARC OF RUSSIAN ACTIVITIES

In its review of the 2016 elections, the Committee found no evidence that vote tallies were altered or that voter registry files were deleted or modified,

though the Committee and IC's insight into this is limited.

Russian government-affiliated cyber actors conducted an
unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. election ◼️

Throughout 2016 and for several years before, Russian intelligence services and government personnel conducted a number of intelligence-related activities targeting the voting process. ◼️

The Committee found ample evidence to suggest that the Russian government was developing and implementing capabilities to interfere in the 2016 elections, including undermining confidence in U.S. democratic institutions and voting processes. ◼️

Footnote 5. The Committee has limited information on the extent to which state and local election authorities carried out forensic evaluation of registration databases. These activities are routinely carried out in the context of private sector breaches.

#SenateRussiaReport
V1p5

Evidence of scanning of state election systems first appeared in the summer prior to the 2016 election.

In mid-July 2016, Illinois discovered anomalous network activity, specifically a large increase in outbound data, on a Illinois Board of Elections' voter registry website.

Evidence of scanning of state election systems first appeared in the summer prior to the '16 election.

In mid-July '16, Illinois discovered anomalous network activity, specifically a large increase in outbound data, on a Illinois Board of Elections voter registry website.

V1 p6

Working with Illinois, the FBI commenced an investigation.

The attack resulted in data exfiltration from the voter registration database.

#SenateRussiaReport
V1 p6

On Aug 18, 2016, FBI issued an unclassified FLASH to state technical-level experts on a set of ◼️ suspect IP addresses identified from the attack on Illinois' voter registration databases. ◼️

The FLASH product did not attribute the attack to Russia or any other particular actor.

◼️After the issuance of the August FLASH, DHS and the Multi-State-Information Sharing & Analysis Center (MS-ISAC) - asked states to review their log files to determine if the IP addresses described in the FLASH had
touched their infrastructure.

#SenateRussiaReport
V1 p7

This request for voluntary self-reporting, in conjunction with DHS analysis of NetFlow activity on MS-ISAC
internet sensors, identified another 20 states whose networks had made connections to at least one IP address listed on the FLASH.

DHS was almost entirely reliant on states to self-report scanning activity. ◼️

Former Special Asst to the President and Cybersecurity Coordinator Michael Daniel said,

"eventually we get enough of a picture that we become confident over the course of Aug of 2016 that we're seeing the Russians probe a whole bunch of different state election infrastructure, voter registration databases, and other related infrastructure on a regular basis."

V1 p7

Dr. Samuel Liles, Acting Director of the Cyber Analysis Division within DHS's Office of Intelligence and Analysis
(I&A), testified to the Committee on June 21, 2017, that

"by late September, we determined that internet-connected election-related networks in 21 states were potentially targeted by Russian government cyber actors."

#SenateRussiaReport
V1 p7