Over the last month, the U.S. government has worked quickly to pause, disband and dismantle the U.S. effort to fight foreign meddling in elections, raising concern among federal lawmakers and election officials across the country who rely on the federal cybersecurity agency and its counterparts to warn them about attacks on election systems.
First came a flurry of notices forcing out Cybersecurity and Infrastructure Security Agency personnel who are tasked with stopping foreign interference in U.S. elections — at least a dozen have been put on leave or fired over the past month. Then, on Attorney General Pam Bondi’s first day in office on Feb. 5, she disbanded the FBI task force targeting foreign influence operations originating from places like Russia, China and Iran.
The focus on election security has been turned toward the past, rather than the future. In an internal memo earlier this month, CISA’s acting director announced an internal investigation to assess every position and program that touches election security – including election misinformation and disinformation — dating back to President Trump’s first term in office, with findings to be delivered in a final report on March 6.
The message, penned by Acting Director Bridget Bean and first reported by Wired, also revealed the defunding of a nationwide program to train state and local government officials and offer threat monitoring services through a center known as the “Elections Infrastructure Information Sharing and Analysis Center.”
“It is necessary to rescope the agency’s election security activities to ensure CISA is focused exclusively on executing its cyber and physical security mission,” Bean wrote in the message, echoing Department of Homeland Security Secretary Kristi Noem’s assertion during her confirmation hearing that the agency had strayed “far off mission.”
The memo landed in the mailboxes of CISA’s roughly 3,400 personnel on Valentine’s Day, hours before more than 130 probationary workers – roughly 4% of the nation’s cyberdefense agency — were summarily fired with form-letter terminations.
Top Democrats on the Senate and House committees overseeing election legislation expressed “grave concern” over the changes in a letter to CISA’s top leaders, noting the agency’s “establishing legislation clearly directs it to work on elections.”
“We’re here because in 2016 a foreign government – Russia – tried to tamper with our stuff,” Minnesota Secretary of State Steve Simon told CBS News. “They tried to physically hack into election systems,” he added, noting Minnesota was just one of 21 states targeted, setting into motion a January 2017 designation of elections as critical infrastructure.
Arizona Secretary of State Adrian Fontes likened the cuts to shutting down the National Oceanic and Atmospheric Administration ahead of hurricane season in a letter to President Trump. “This decision undermines Arizona’s election security at a time when our enemies around the world are using online tools to push their agendas and ideologies into our very homes,” he wrote.
The moves come months after CISA and the FBI aided states responding to a slew of Election Day bomb threats and white powder mailings. Officials debunked phony Russian-linked videos purporting to depict election workers destroying ballots during nationwide voting, and an FBI investigation outed a hack-and-leak operation that stole documents from Mr. Trump’s campaign, leading to the indictment of three Iranian cyber operatives.
CISA and the FBI possess a broader view of the threat landscape that election officials find to be helpful in sizing up the threats facing them. “You know it would be difficult to comprehend 50 states doing this on their own,” Pennsylvania Secretary of State Al Schmidt told CBS News. “Each state runs elections in accordance with federal and state law… but no state has a national or global perspective on the nature of threats and the capabilities of bad faith actors seeking to disrupt our electoral process.”
While state and local governments run elections nationwide, federal agencies like CISA and the FBI coordinate with election offices to help safeguard against rising cyber and physical threats, while uncovering foreign influence campaigns designed to sow division among Americans and uproot voter confidence.
“States can often see only the effects of the attacks — disinformation directed at them and their voters and threats, but they have no insight into where those attacks are coming from, and therefore, have a limited ability to respond,” said David Becker, CBS News election law expert and political contributor. “CISA, the FBI Foreign Influence Task Force, and others, have that ‘birds-eye view’ insight, both detecting the source of the attacks – domestic or foreign, nations or criminal actors – as well as how they all fit into the big picture.”
In a letter to the DHS secretary, Friday, nearly 40 chief election officials wrote to try to persuade Noem to maintain cybersecurity and physical security services provided to states. “Information technology systems related to election administration have long been targeted by sophisticated cyber threat actors including nation-state and cybercriminal groups,” leaders of the National Association of Secretaries of State wrote. “CISA’s prioritized services help election entities defend against these national security threats.”
DHS Assistant Secretary Tricia McLaughlin said in a statement that “CISA needs to refocus on its mission” and is “undertaking an evaluation of how it has executed its election security mission with a particular focus on any work related to mis-, dis-, and malinformation.”
But the cuts across CISA and the FBI targeted teams may not only affect their ability to identify false content online but could also affect safeguards protecting election infrastructure from being undermined, according to multiple current and former U.S. officials. The teams have rooted out covert operations from Russia, China and Iran in the last year alone. Among the cyber agency employees targeted are members of CISA’s Election Security Resilience Team, the Cybersecurity Advisory Committee and Regional Election Security Advisors, multiple current and former federal and state officials told CBS News.
The new administration has not yet nominated a new CISA director, with the agency’s highest-ranking political appointee, Karen Evans, now serving as a senior adviser.
Earlier this month, Mr. Trump attempted to fire the chair of the Federal Election Commission, a move that coincides with the adjudication of campaign finance complaints from the 2024 election, including those against tech billionaire and presidential ally Elon Musk.
Mr. Trump and some conservatives on Capitol Hill have accused CISA of policing speech by coordinating with social media companies to identify online misinformation and disinformation ahead of the 2020 election. They accused the agency of “censorship,” which CISA officials have repeatedly denied. Last year, the U.S. Supreme Court threw out a lawsuit over the government’s work, but the blowback prompted CISA to curb those conversations with tech platforms in 2021, according to three former U.S. officials.
“That is not our role, that’s not what we do,” former CISA Director Jen Easterly told reporters, last year, ahead of the 2024 election. “We’re looking to work with our partners on overall threats to election infrastructure.”
CISA’s ongoing internal probe appears to follow a Jan. 20-related directive instructing the attorney general and agency leaders to investigate Biden administration activities that are “inconsistent” with Trump’s vow to end “online censorship.”
DHS and CISA did not immediately respond to CBS News’ questions about who directed the audit and would not say whether the report would be publicly released. The Justice Department did not respond to questions about whether the attorney general would be consulted on the investigation.
“I’m concerned and alarmed at what looks like a retreat from the anti-disinformation mission,” Simon said. “If a foreign adversary is spinning up a false narrative about our election system that could impact physical security, all it takes is one person who believes this disinformation to act out in a violent or threatening, harassing or intimidating way. All it takes is one.”
- In:
- Federal Bureau of Investigation
- Democracy
- Cybersecurity and Infrastructure Security Agency
- Elections
- Politics
- Trump Administration
Add Comment