Trump Still Hasn’t Gotten Around to Appointing Someone to Protect Our Elections From Cyberattacks

The National Protection and Programs Directorate remains leaderless 10 months after Trump promised to get cybersecurity personnel in place.

Chip Somodevilla/CNP/ZUMA

On January 6, after intelligence agencies briefed Donald Trump on cyberattacks against the United States during the election, he pledged to “appoint a team to give [him] a plan within 90 days of taking office.” Ten months later, Trump not only lacks that cybersecurity plan, he doesn’t even have the team.

The president has still not nominated anyone for arguably the most important cybersecurity job in the government, Homeland Security undersecretary running the department’s National Protection and Programs Directorate, which oversees private and public networks in the United States. Trump has also failed to nominate a new chief for the entire department since former DHS Secretary John Kelly left to become White House chief of staff. Kelly’s former job is among nine out of 14 top DHS posts that currently are filled by acting officials or remain vacant.

Trumps refusal to accept the conclusion of American intelligence agencies that Russia used cyberattacks to help him win the presidential election has of course gained wide notice. But critics say his head-in the-sand stance has more quietly hamstrung his entire his entire administration, impeding government-wide efforts to prepare for expected meddling by Russian hackers and others in the 2018 midterm elections. 

On Wednesday, Sens. Richard Burr (R-N.C.) and Mark Warner (D-Va.), the chairman and vice chairman of the Senate Intelligence Committee, will hold a news conference where they’re expected to lambast the White House for its refusal to prepare for intrusions in upcoming elections. A Warner aide says the senator “plans to highlight the urgency of the threat to state elections systems and the administration’s failure to lead.”

Homeland Security veterans say the lack of senior staff at DHS leaves the department hard-pressed to keep up with daily cyberattacks on federal agencies and businesses, let alone beef up cyber defenses. “When you’re pushing out new policies, not having people in place really slows it down,” James Norton, a former deputy assistant secretary at DHS under President George W. Bush and head of cybersecurity consulting firm Play-Action Strategies, tells Mother Jones.

Former DHS officials describe Trump’s failure to pick a head of National Protection and Programs Directorate as particularly problematic for efforts to combat electoral intrusions. “The dynamic nature of the cyber threat requires an agile defense able to quickly move in a new direction,” Suzanne Spaulding, who headed the office under President Obama, says in an email. “The administration needs to name a nominee to head the directorate at DHS responsible for protecting critical infrastructure like elections from cyber and physical threats.”

Trump in May did issue executive orders related to cybersecurity, but those mostly amounted to continuing Obama-era policies and requiring that DHS, along with other departments, produce reports on a dozen cybersecurity-related matters. For instance, DHS and the Energy Department were supposed to report within 90 days on the “resilience of the electric grid” against cyberattacks. DHS declined to say how many of the reports are done. None have been made public.

In August, members of National Infrastructure Advisory Council, which is supposed to advise DHS on issues including cybersecurity, quit, citing among their concerns Trump’s failure to take that issue seriously. “You have given insufficient attention to the growing threats to the cybersecurity of the critical systems upon which all Americans depend, including those impacting the systems supporting our democratic election process,” the members wrote in a joint resignation letter posted by NextGov.

DHS relations with state officials who oversee local election processes have become strained over the election hacking issue. Some secretaries of state bristled at the department’s “critical infrastructure” designation for local voting systems, which includes enhanced federal oversight of the voting facilities. Some conservative state officials have accused the agency of attempting to take over local voting processes. States and members of Congress also blasted the agency last month for waiting 10 months to officially inform 21 states that hackers targeted their election systems in 2016. Senior, Senate-confirmed leaders that the department now lacks would be crucial players in helping navigate touchy political issues like these, department veterans say.

Noah Kroloff, a partner at security consulting firm GSIS who previously served as Homeland Security Secretary Janet Napolitano’s chief of staff, says that notices like the October 7, 2016, statement DHS and the National Intelligence Director released warning of Russian efforts to interfere with the presidential election—a key example of how DHS deals with foreign interference—would be far harder without a permanent undersecretary overseeing cybersecurity. “It’s tremendously important,” he says. “It’s critical to have leadership there.”