In a Senate Intelligence Committee hearing Wednesday morning, Senators' questions revealed the United States is not prepared to fend off likely Russian meddling in the 2018 midterms.
Both homeland security secretary Kirstjen Nielsen and former department head Jeh Johnson testified before the committee Wednesday, one day after the panel issued a list of recommendations to bolster election security at the state and federal levels. The rare appearance of both the current and former secretaries gave lawmakers the chance to probe the government's response across administrations.
Nielsen told lawmakers that the 2018 midterms and future elections are "clearly potential targets for Russian hacking attempts," but she ... said DHS has improved information sharing with states and has expanded its assistance for cybersecurity risk assessments to the states. States can now have three election officials with security clearances to receive classified information, and DHS provides "one day read-ins" about threats for senior officials.
Nielsen said 20 state officials — out of a possible 150 — had received clearances to date, saying they were working with other agencies to speed up the process.
“When I listen to your testimony, I hear no sense of urgency to really get on top of this issue,” said Senator Susan Collins, Republican of Maine.
Senator Angus King, a Maine independent who caucuses with the Democrats, warned bluntly that the threat was “not being treated with the urgency that it deserves” and that a patchwork of defenses would mean little without a comprehensive cyberdeterrence strategy. Of the Russians’ targeting of state systems in 2016, he said, “What it looks like is a test.”
“This country has to wake up,” he said, later telling Ms. Nielsen, “I encourage you to go back with your hair on fire.”
Committee Vice Chairman Mark Warner (D-VA) emphasized, once again, the need for the president to lead on the issue of election interference.
"The threat is real; the need to act is urgent," Warner said. "Perhaps most of all, we need a President who will acknowledge the gravity of this threat, and lead a whole of society effort to harden our defenses and inoculate our society against Russia's malicious interference."
Sen. Dianne Feinstein, a California Democrat, questioned why DHS wasn't notifying the public when state election systems are attacked, rather than leaving that decision up to the states themselves.
"America's the victim. And Americans have to know what's wrong," Feinstein said. "And if there are states that have been attacked, America has to know what's wrong. So this victim answer with me has no credibility at all."
Feinstein also slammed the Obama administration's response to election hacking during 2016.
"I don't understand, you learned about this in August," Feinstein asked Johnson. "You did a number of specific things, you spoke about the dates that you did these things, and yet the American people were never told. Why?"
"Well senator, the American people were told," Johnson said.
"Not sufficiently in any way, shape, or form to know that there was a major active measure going on, perhaps by a foreign power," Feinstein shot back.
Secretary Johnson explained states can be skeptical of federal assistance and that has slowed attempts to create comprehensive plans.
In August 2016, Johnson said, he told the state election officials that he wanted to offer DHS assistance in securing their election infrastructure, and he wanted to designate election systems as "critical infrastructure" for the federal government.
But he said the state reaction on a conference call with state officials "was neutral to negative."
"Those who expressed negative views stated that running elections in this country was the sovereign and exclusive responsibility of the states, and they did not want federal intrusion, a federal takeover, or federal regulation of that process," Johnson said in his opening statement. "This was a profound misunderstanding of what a critical infrastructure designation would mean, which I tried to clarify for them."
As a result, Johnson said, the federal government did not move forward with the critical infrastructure plan until after the election.
Both Nielsen and Johnson noted that some states are more willing to work with DHS than others.
Johnson said there was a role for the Senate to play to help the federal government convince uncooperative states to take help from DHS.
Speaking of help, the $1 trillion spending bill before Congress this week reportedly does include money for cyber defense and election security.
According to a congressional official familiar with the bill, it includes $380 million for state grants to improve election infrastructure, as well as $307 million above what the Trump administration had requested for the F.B.I. to combat cyberattacks.
But the Trump administration does not appear to be spending or doing enough to counter severe cyberthreats. Last week, the DHS and the FBI issued a joint alert revealing Russian hackers have access to our energy grids, nuclear power plants, water facilities, aviation systems, and more.
Even before the blockbuster report, the Energy Department has [sic] begun to lay the groundwork for the creation of a new office meant to address the heightened natural and man-made threats to the U.S. electric grid.
The department first announced it was creating CESER last month. To ensure the office works with scientists at the Energy Department's national laboratories dotted across the country, CESER will report directly to Mark Menezes, who as undersecretary of energy is the No. 3 official in the department. [Energy Secretary Rick] Perry said Tuesday that reporting relationship creates a “direct pipeline of information” back to him.
Now, the Trump administration is asking for $470 million to prevent and address cyberattacks on the energy sector, $93 million of which would be injected into the new office.
On Tuesday, [top Democrat on the Senate Energy and Natural Resources Committee Maria] Cantwell of Washington countered that is not enough. "I’ve called for a doubling," she said, "but I can see where I am wildly underfunding what is one of the most serious threats to us as a nation right now."
Sen. Lisa Murkowski (R-Alaska), chair of the committee, backed her Democratic colleague: “Know I share Senator Cantwell’s concern on this. I want to make sure that DOE is cooperating with DHS and the FBI with implementation of actions in response.”
At least three times over the past year, Cantwell has called on the Trump administration to produce a risk assessment on Russia's capability to hack the grid. So far there has been silence from the Trump administration on the request, her office said.
"Do you believe that we need a risk assessment as a nation?" Cantwell finally asked Perry at the hearing.
"I think that’s going on as we speak," Perry responded. "We have three different areas in DOE that are focused on cyber and have been meeting and having these conversations."
Yet just last week, Perry expressed doubts the federal government as a whole is doing enough to check the threat.
"I’m not confident that the federal government has a broad strategy in place that is not duplicating," Perry told the House Appropriations subcommittee on energy and water issues, "or is least duplicative as it can be."
Watch the full hearing (NBC News)