I’ve got a piece coming out on all the Russian-related provisions in the Intelligence Authorization bill for next year, which are for the most part really laudable policy proposals. But I wanted to look more closely at this one.
SEC. 606. REPORT ON CYBER ATTACKS BY FOREIGN GOVERNMENTS AGAINST UNITED STATES ELECTION INFRASTRUCTURE.
(a) Report Required.—Not later than 60 days after the date of the enactment of this Act, the Under Secretary of Homeland Security for Intelligence and Analysis shall submit to congressional leadership and the congressional intelligence committees a report on cyber attacks and attempted cyber attacks by foreign governments on United States election infrastructure in States and localities in connection with the 2016 presidential election in the United States and such cyber attacks or attempted cyber attacks as the Under Secretary anticipates against such infrastructure. Such report shall identify the States and localities affected and shall include cyber attacks and attempted cyber attacks against voter registration databases, voting machines, voting-related computer networks, and the networks of secretaries of State and other election officials.
(b) Form.—The report submitted under subsection (a) shall be submitted in unclassified form, but may include a classified annex.
(c) Definitions.—In this section:
(1) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of Representatives.
(2) STATE.—The term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.
It requires the Department of Homeland Security to submit an unclassified report on all the hacking attempts on election infrastructure last year. It will involve declassifying information that Reality Winner is facing prison time for liberating, which seems like a concession that such information has public value.
But I’m particularly interested in the emphasis on the distribution of this report: both to the intelligence committees and to Congressional leadership, spelled out by job title. Mitch McConnell, Chuck Schumer, Paul Ryan, and Nancy Pelosi.
That’s interesting because — as part of their investigation into last year’s hack — the Senate Intelligence Committee has already been briefed on this information. Indeed, the day after that testimony, Bloomberg reported — relying on three sources briefed on the investigation — that the hacks were much more severe than publicly known.
Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.
In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.
So ultimately, if this bill becomes law, it will require an unclassified report on stuff SSCI has been getting briefing on to be submitted to both SSCI and Congressional leadership.
The move comes in the wake of complaints from Democrats that Mitch McConnell refused to back a stronger statement about such attempted attacks in fall 2016. Now, I think some of the complaints about McConnell’s inaction last year are overblown, a demand that McConnell get ahead of where the Intelligence Community was willing to go publicly. And I think they largely obscure the more pressing question of what Trump advisors Devin Nunes and Richard Burr did.
But I am cognizant of the fact that in a matter of months, we may get a better sense of the kinds of threats to our voting system that McConnell fought against publicizing.