Lacking direction from White House, intelligence agencies scramble to protect midterm elections from hackers

(CNN)With the midterm election only a few months away, government officials working to counter election interference from Russia have been operating with no strategy from the top, including from President Donald Trump’s fractured National Security Council, leaving each agency to fend for itself without White House support or direction, according to lawmakers and national security officials who spoke with CNN.

On Friday, following bipartisan criticism about the White House’s focus on pressuring Russia on election interference, Trump is expected to convene a meeting of the NSC to discuss election interference efforts where high-ranking officials including Secretary of State Mike Pompeo are expected to attend. Further details, including Trump’s planned remarks, weren’t available.

Defense of America’s electoral system has traditionally centered around the security of election infrastructure, like voting machines and voter rolls.

However, as indictments from special counsel Robert Mueller allege, Russian operatives also seek to exploit weaknesses in the cyber infrastructure of individual political campaigns, while weaponizing social media platforms to spread targeted disinformation.

Despite President Trump’s reassurance last Tuesday that, “We’re doing everything in our power to prevent Russian interference in 2018,” Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, has said the White House isn’t taking the lead.

“I think it’s an embarrassment that this White House has not made election security a top priority and has not put the kind of attention and focus on it that we need,” Warner said on CNN’s “State of the Union.”

Guidance from the White House on an issue like this would normally come from the West Wing’s NSC. But intelligence and congressional sources tell CNN that isn’t happening.

“There’s no overall strategy, there is no one in charge. You have a lot of disconnected, discombobulated efforts that are quite frankly dysfunctional,” said Brett Bruen, the former White House director of global engagement in the Obama administration who had also criticized that administration for not taking the threat posed by disinformation seriously enough.

The Department of Homeland Security, which says it is the lead agency on electoral cybersecurity efforts, insists the agencies are “very interconnected” in their preparations for the 2018 midterms, though officials and overseers privately contradict that.

Turnover at the National Security Council, a lack of direction from the President and agency rivalries have kept different efforts at least partially walled off from each other.

Meanwhile, social media companies that have been roundly criticized for allowing Russian disinformation campaigns targeting Americans run rampant on their platforms in the lead up to the 2016 election are looking to the intelligence community for guidance for how to best prepare.

The 2018 threat

Speaking at the Aspen Security Forum last week, FBI Director Christopher Wray said that while the intelligence community has not yet observed an effort by Russia to target specific election infrastructure as they did in 2016, information operations “aimed at sewing discord and divisiveness in the country” were “very active.”

Multiple sources working in intelligence and national security tell CNN that there is no indication that Russia will assert itself with the same vigor as 2016. However, as Wray remarked on Wednesday, “we could just be a moment away from it going to the next level.”

The President’s comments, particularly those made in support of Russian President Vladimir Putin in Helsinki, have routinely undermined their efforts, forcing some intelligence officials to draw ranks internally and debate whether or not it’s better to stay or go.

Even Trump’s own intelligence chief, Director of National Intelligence Dan Coats, has warned of the constant barrage of cyber-attacks on the US, including against its critical infrastructure. At the Hudson Institute in Washington, DC, he recently compared the current state of danger to the months prior to the 9/11 attacks, when agencies did not communicate sufficiently to combine resources and attempt to prevent tragedy.

“I’m here to say, the warning lights are blinking red again,” he said.

“DHS does not have evidence of the fact that anywhere near what happened in 2016,” Coats later said at the Aspen Security Conference last Thursday. “However, despite that, we absolutely have to … we cannot just rest on that assumption.”

The threat posed to 2018 candidates was made clear on Thursday, when Missouri Democratic Sen. Claire McCaskill confirmed a Daily Beast report that Russians had targeted her Senate computer network.

The White House has often been on the defensive when accused of being under prepared or failing to be aggressive against Russia — pointing to instances when it has acted against Russia in the past but failing to lay out a specific plan for the future.

“President Donald J. Trump and his Administration are defending the integrity of our election system,” proclaimed the White House in a recent press release, though NSC and WH spokespeople would not provide specific answers on the all of government strategy to do just that in the midterms.

Who’s doing what?

Since the US intelligence community announced in January 2017 that high-level Kremlin officials directed an aggressive and varied campaign to disrupt the 2016 presidential elections, agencies employing people with skills in cybersecurity, counterintelligence, technology and foreign influence have doubled down on efforts to prevent it from happening again.

The Department of Homeland Security is “in the lead” protecting election infrastructure, a spokesperson told CNN. However, it’s unclear how actively states have sought guidance. While DHS says it has worked with every state, according to a White House fact sheet published earlier this month, only 18 states have requested on-site “risk and vulnerability assessments,” and only 34 states receive ongoing cybersecurity scans from the federal government.

While DHS is in the lead and doing “some” work, one Democratic congressional source familiar with the matter said, “there are still a lot of holes,” including a lack of openness with states about cyber vulnerabilities in the voter registration and polling infrastructure — 90% of which is supplied by three vendors.

West Virginia Secretary of State Mac Warner, who oversees elections in the state and is in his first term, told a meeting of local election officials on Monday that he pressured DHS to share more information with states about threats.

Matt Masterson, a senior DHS election security official, encouraged local officials at the event to sign up to a new DHS-funded service that shares threat information.

The FBI is leading the counterintelligence effort and stood up a foreign influence team earlier this year to monitor and counter election interference. The head of that unit departed recently to join the private sector, though the FBI told CNN its work “continues without interruption.”

The State Department’s Global Engagement Center (GEC) works to detect and counter disinformation campaigns outside the US. The State Department told CNN, “If the GEC detected a coordinated campaign directed at a US political candidate, it would pass that information off to the FBI and DHS that have the lead on countering that type of propaganda and disinformation.”

The National Security Agency, the top digital intelligence agency, and US Cyber Command, which conducts cyber-attacks against foreign adversaries, last week joined together under the direction of their new leader Gen. Paul Nakasone to specifically counter Russian aggression prior to the election, according to The Washington Post.

The agencies recently built a brand-new center to host joint cyber operations between NSA and Cyber Command as well as foreign partners.

However, Nakasone’s predecessor, Mike Rogers, told Congress that he had not been given instructions by the President on responding to Russian aggression. Cyber Command is currently authorized to act in a wide variety of circumstances, including in war zones and against ISIS militants, one source familiar with matter told CNN. For broader authorities, Trump may need to issue a presidential finding delineating which targets are approved —something that could happen in secret. However, according to the Democratic congressional source this administration has given more latitude to agencies to be more aggressive — and Nakasone could likely act against Russia in the absence of specific direction not to.

There have been some public successes in the ongoing effort.

In March, DHS and FBI worked together to release detailed information on the Russian government targeting the energy sector and other critical infrastructure since at least March 2016.

The administration has levied increased sanctions on Russian companies and individuals and expelled a large number of Russian officials from the United States. But based on the news conference between Trump and Putin in Helsinki, the Kremlin may still be hoping to extract major concessions from the President. It is still unknown if Trump made any promises to President Vladimir Putin behind closed doors, accompanied only by official translators.

A disconnect

But despite those efforts, thanks in part to a lack of coordination at the top and gaps in international norms in cyberspace, officials don’t appear to always be working off a central, organized playbook.

At the National Security Council, John Bolton has eliminated the position of cybersecurity coordinator, pushing out or firing his top officials on cybersecurity, Tom Bossert and Rob Joyce. Former and current NSC officials expressed frustration at the lack of progress the agency has made on cybersecurity strategy, and other national security officials said the council is not coordinating and elevating the different agencies’ strategies on countering Russian aggression.

Coats said last Thursday that Bolton is “putting in the replacements” for the absent cybersecurity coordinator, though it has been widely reported that he eliminated the job entirely.

Hoping to avoid a repeat of 2016, when its platform was exploited by a Russian government-linked group posing as American activists, Facebook hosted a meeting with top tech companies and US intelligence officials at its headquarters in California in May.

The New York Times, which was first to report the meeting, reported that “neither the FBI nor the Department of Homeland Security was willing or able to share specific information about threats the tech companies should anticipate.”

But there appears to be signs of progress. Facebook told CNN last week that the company is working with the FBI and DHS, and said, “There is more to do but we are encouraged to see progress in other areas, such as the creation of the (FBI) Foreign Influence Task Force.”

The tech companies are hoping intelligence agencies will share technical information that could help identify ongoing disinformation campaigns on their platforms but appear to appreciate that it isn’t straightforward.

A Facebook spokesperson said the company understands the sharing of threat intelligence information is complicated for the government and that finding solutions will take time.

Hillary Clinton’s former campaign manager Robby Mook, whose campaign was extensively targeted and hacked in 2016, said campaigns need help from the intelligence agencies.

“The intelligence community has access to human and signals intelligence campaigns don’t,” Mook said. “They can provide critical early warning and context. We must develop a framework for this collaboration to happen.”