Has the U.S. Done Enough to Stop Foreign Election Meddling?

5 minute read

With just one day left before the 2018 mid-term elections, the Trump Administration says it’s ready to support state and local governments against foreign intrusions into voting systems.

In October, Department of Homeland Security Secretary Kirstjen Nielsen acknowledged the nation faced a “dynamic threat,” but she said she felt confident that this year would “be the most secure election we’ve ever had.”

It was a bold declaration, considering U.S. intelligence and law enforcement officials sounded the alarm last month about ongoing efforts by Russia, China, and Iran to influence U.S. elections and policies. Nielsen said those efforts were more geared toward pushing out online disinformation and propaganda, but she said DHS hasn’t seen any evidence of a “sustained effort to hack voting infrastructure.”

“My biggest concern is that a foreign entity will take the opportunity after the election or the night of the election to attempt to sow discord on social media, suggesting something did not work as it should,” she said Friday during a Council on Foreign Relations event in Washington.

The Russian attacks during the 2016 elections — through cyber-hacks and skillful manipulation of social media — have forced the federal government to come up with various initiatives over the last 18 months aimed at bolstering security. This culminated in a three-day tabletop exercise in August in which 44 states and the District of Columbia participated in a drill that put election systems to the test.

The exercise, which included spearphishing attempts and other cyber hacks, was intended to assess federal government’s ability to share information from Washington and respond. It also tested state and local officials’ ability to take that information and use it to protect their systems, a senior Administration official told reporters last week.

“I can tell you, the progress we’ve made since 2016 working with those state and local election officials is immense,” the official said. “We’re not just able to push information down, but we’re receiving a great deal of information back from the state and local officials that allows all of us here at the federal government to understand the threats that are targeting election systems and respond appropriately.”

The nerve-center for this operation is called the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), which enables the nation’s 8,800 state and local jurisdictions to share real-time technical information about threats to election infrastructure. DHS officials tell TIME that all 50 state governments and more than 1,300 local jurisdictions participate in the 24/7 threat-sharing program

DHS has provided Albert intrusion detection sensors, which detect suspicious activity inside a computer network and relay them to EI-ISAC, to the 43 states that have requested them. Still fears linger among election officials as to whether hackers will be able to breach security firewalls because Albert systems aren’t in every system.

A DHS official told TIME that fewer than half of U.S. states have submitted to an on-site DHS assessment of their vulnerabilities to vote hacking. Only 21 states and 13 localities have requested the service, which includes penetration testing and a thorough assessment of potential risk to their systems. “While DHS provides these services to states that request them, a number of other state and local governments may receive similar services either in-house or from third-party contracts,” the official said.

The department is providing remotely scanning the computer networks of 36 states and 94 localities, providing them with customized weekly reports that identifies any vulnerabilities and recommends ways to fix them.

The fact that not all 50 states have asked for DHS for help, underscores state and local officials’ fierce independence and determination to manage their own elections. But the department can only provide its services to those states that file a request.

The warning signals continue to blink red. Hackers found a wide-range of vulnerabilities during this year’s Voting Village event at the annual DefCon security conference in Las Vegas. The participants were able to easily breach voting systems that are currently in service, according to a 50-page report on their findings. For instance, one device, the “ExpressPoll-5000,” running software still in use in several places in the U.S. allowed hackers to take control because it had a weak root password of “password” and the master administrator password of “pasta.”

Election officials in one state, Oregon, aren’t worrying about their exposure to such vulnerabilities. In order to circumvent any chance of cyber hijinks, Oregon uses paper ballots. The state’s nearly 2.7 million registered voters are mailed their ballots three weeks before each statewide election, according to a NBC News report.

Russia attempted to infiltrate more than a dozen voter registration systems during its brazen influence campaign in the 2016 election. To deter against a repeat offensive by Moscow or any other nation-state, President Donald Trump signed an executive order in September, mandating sanctions in the event of election interference.

Trump has also loosened the reins on hackers in the military and intelligence community to pursue adversaries in cyberspace, according to National Security Advisor John Bolton. “We are right now undertaking offensive cyber-operations in connection with defending the integrity of our electoral process,” he said Wednesday at a Washington event hosted by the Alexander Hamilton Society. He acknowledged it was still “too soon to tell” whether it was having the desired deterrent effect.

But a bipartisan effort by Democratic Sen. Amy Klobuchar and Republican Sen. James Lankford collapsed earlier this year after complaints from state officials led some senators and the White House to pull their support.

The Administration has thus far projected confidence in the blueprint it has laid out. Whether the mix of these new measures actually work will have to be seen on Election Day.

More Must-Reads from TIME

Write to W.J. Hennigan at william.hennigan@time.com