U.S. hasn't shared enough about cyber risks, official says
(Bloomberg) -- The U.S. government has failed to share enough information about cyber threats, including risks to election systems, with federal agencies and states, according to a top Trump administration intelligence official.
Intelligence agencies are “kicking butt offensively,” but the U.S. needs to be better prepared to defend against future attacks as adversaries constantly learn about “our gaps and weaknesses,’’ William Evanina, director of the National Counterintelligence and Security Center, said Thursday at a conference in Washington.
“We have not done the best job of informing the rest of the government and private sector of what the threat is,’’ Evanina said. But now “we’re doing much better in’’ trying to share information, he added. Evanina’s center is under the Office of the Director of National Intelligence, which held classified briefings with state election officials in Washington last month.
The National Security Agency is also working with the Department of Homeland Security to “inform the states as to what would be prudent for them to do” ahead of this year’s midterm elections, Greg Smithberger, the agency’s director of capabilities, said in an interview Thursday. With the NSA’s mission collecting foreign intelligence, Smithberger said, “we’re always looking for evidence of adversaries trying to attack anything that’s vital to the U.S., including our election systems.”
President Donald Trump said this week that “we’ve actually been working very hard on the ’18 election” and that the U.S. would “very strongly” counteract any Russian efforts to interfere. But he has often dismissed the continuing investigations of Russian meddling in the 2016 presidential election as a “witch hunt” aimed at discrediting his victory. Navy Admiral Michael Rogers, the outgoing chief of the National Security Agency and U.S. Cyber Command, told lawmakers last week that Russia hadn’t “paid a price” for its actions.
Evanina also said 90 percent of data breaches that result in information being stolen come from “spear-phishing” attacks that fool people into opening their devices to intrusions.
“As Americans, we have an unbelievable ability not to click a link,’’ he said.