Revealed – Senate Intelligence Committee Report on Russian Efforts Against Election Infrastructure in the 2016 Election

Revealed – Senate Intelligence Committee Report on Russian Efforts Against Election Infrastructure in the 2016 Election

From 2017 to 2019, the Committee held hearings, conducted interviews, and reviewed intelligence related to Russian attempts in 2016 to access election infrastructure. The Committee sought to determine the extent of Russian activities, identify the response of the U.S. Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future. The Committee received testimony from state election officials, Obama administration officials, and those in the Intelligence Community and elsewhere in the U.S. Government responsible for evaluating threats to elections.

The Russian government directed extensive activity, beginning in at least 2014 and carrying into at least 2017, against U.S. election infrastructure at the state and local level.

3. (U) While the Committee does not know with confidence what Moscow’s intentions were, Russia may have been probing vulnerabilities in voting systems to exploit later. Alternatively, Moscow may have sought to undermine confidence in the 2016 U.S. elections simply through the discovery of their activity.

4. (U) Russian efforts exploited the seams between federal authorities and capabilities, and protections for the states. The U.S. intelligence apparatus is, by design, foreign-facing, with limited domestic cybersecurity authorities except where the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) can work with state and local partners. State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor.

5. (U) DHS and FBI alerted states to the threat of cyber attacks in the late summer and fall of 2016, but the warnings did not provide enough information or go to the right people. Alerts were actionable, in that they provided malicious Internet Protocol (IP) addresses to information technology (IT) professionals, but they provided no clear reason for states to take this threat more seriously than any other alert received.

6. (U) In 2016, officials at all levels of government debated whether publicly acknowledging this foreign activity was the right course. Some were deeply concerned that public warnings might promote the very impression they were trying to dispel—that the voting systems were insecure.

7. (U) Russian activities demand renewed attention to vulnerabilities in U.S. voting infrastructure. In 2016, cybersecurity for electoral infrastructure at the state and local level was sorely lacking; for example, voter registration databases were not as secure as they could have been. Aging voting equipment, particularly voting machines that had no paper record of votes, were vulnerable to exploitation by a committed adversary. Despite the focus on this issue since 2016, some of these vulnerabilities remain.

8. (U) In the face of this threat and these security gaps, DHS has redoubled its efforts to build trust with states and deploy resources to assist in securing elections. Since 2016, DHS has made great strides in learning how election procedures vary across states and how federal entities can be of most help to states. The U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and other groups have helped DHS in this effort. DHS’s work to bolster states’ cybersecurity has likely been effective, in particular for those states that have leveraged DHS’s cybersecurity assessments for election infrastructure, but much more needs to be done to coordinate state, local, and federal knowledge and efforts in order to harden states’ electoral infrastructure against foreign meddling.

(U) In June 2016, Illinois experienced the first known breach by Russian actors of state election infrastructure during the 2016 election. As of the end of 2018, the Russian cyber actors had successfully penetrated Illinois’s voter registration database, viewed multiple database tables, and accessed up to 200.000 voter registration records. The compromise resulted in the exfiltration of an unknown quantity of voter registration data. Russian cyber actors were in a position to delete or change voter data, but the Committee is not aware of any evidence that they did so.

(U) Direct-Recording Electronic (ORE) Voting Machine Vulnerabilities

(U) While best practices dictate that electronic voting machines not be connected to the internet, some machines are internet-enabled. In addition, each machine has to be programmed before Election Day, a procedure often done either by connecting the machine to a local network to download software or by using removable media, such as a thumb drive. These functions are often carried out by local officials or contractors. If the computers responsible for writing and distributing the program are compromised, so too could all voting machines receiving a compromised update. Further, machines can be programmed to show one result to the voter while recording a different result in the tabulation. Without a paper backup, a “recount” would use the same faulty software to re-tabulate the same results, because the primary records of the vote are stored in computer memory.

STASI-Propagandafilm – Kühler Kopf, Heisses Herz, Saubere Hände

STASI-Propagandafilm – Kühler Kopf, Heisses Herz, Saubere Hände

Der Propagandafilm der Abteilung Agitation des Ministeriums für Staatssicherheit ist der Zusammenarbeit der deutschen und sowjetischen Tschekisten gewidmet. Zum 50. Jahrestag der Oktoberrevolution dokumentierte er die Abwehr westlicher “Agitatoren” durch das MfS.

 

Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies

Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies

The National Reconnaissance Office (NRO) Acquisition Manual is hereby amended by adding new sub-part N4.21, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, to implement a provision of the 2019 National Defense Authorization Act prohibiting the procurement and use of covered equipment and services produced or provided by Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company. New provision N52.204-016, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment, is prescribed for use in all solicitations in lieu of FAR provision 52.204-24, and new clause N52.204-017, Prohibition on Contracting of Certain Telecommunications and Video Surveillance Services or Equipment, is prescribed for all solicitations and contracts in lieu of FAR clause 52.204-25. These revisions are effective immediately, and will be incorporated into NRO Acquisition Circular 2019-03.

STASI Film – Revisor – ungesetzliche Verbindungsaufnahme (MfS-Schulungsfilm)

STASI Film – Revisor – ungesetzliche Verbindungsaufnahme (MfS-Schulungsfilm)

Der Stasi-Lehrfilm “Revisor” zeigt die Überwachung, Verfolgung und Inhaftierung eines Mannes im Visier der Stasi. Er dokumentiert unter anderem eine “konspirative” Wohnungsdurchsuchung.

 

TOP SECRET – U.S. Northern Command Federal Reserve System (FRS) Support Branch Plan

TOP SECRET – U.S. Northern Command Federal Reserve System (FRS) Support Branch Plan

1. (U) Situation

a. (U) Purpose. This branch plan provides USNORTHCOM guidance for the support of the Board of Governors of the federal Reserve System to ensure the effective execution of a National Essential Function (NEF).

c. (U) Friendly Forces

(1) (U) Board of Governors of the Federal Reserve System. The Federal Reserve System (FRS) is the central bank of the United States. The primary responsibility of the Federal Reserve System’s Board of Governors is to formulate and administer the Nation’s monetary policy. The Board of Governors operates as a USG Agency.

(b) (U) Division of Reserve Bank Operations and Payment Systems. Oversees the operations of the independent Federal Reserve Banks and of the FRS Law Enforcement program.

(c) (U) Office of National Cash Operations and Business Continuity. The Director of National Cash Operations and Business Continuity is the supported entity for the transportation of monetary instruments within the USNORTHCOM AOR.

(c) (U) Commercial passenger flights are restricted during certain national emergencies.

Download full doc here:

https://info.publicintelligence.net/USNORTHCOM-FederalReserveSupportPlan.pdf