Biden lacks full US cybersecurity support in transition fracas
When it comes to protecting sensitive information from foreign hackers, president-elect Joe Biden’s team is largely on its own.
When it comes to protecting sensitive information from foreign hackers, president-elect Joe Biden’s team is largely on its own.
The federal government, which has some of the most sophisticated antihacking technologies in the world, is offering limited assistance to Mr Biden’s transition operation in securing its email and other communications, despite concerns that the team is likely a top espionage target for Russia, China, and other adversaries, according to people familiar with the transition.
The lack of government cybersecurity support is among the obstacles the Biden transition team has faced as a result of the Trump administration’s refusal to acknowledge Mr Biden’s election victory and make available the resources of the federal government ahead of his inauguration in two months.
Normally, the General Services Administration would own and manage the set up of government email accounts for a presidential transition team, which are typically assigned the “ptt.gov” domain. The cybersecurity wing of the Department of Homeland Security typically assists in helping a transition to protect those newly created government email accounts, according to current and former officials, and could rely on information from US intelligence agencies to inform its protective efforts.
The Trump administration is blocking many of the transition-related resources usually provided to a president-elect, including government email accounts. The GSA so far has declined to identify Mr Biden as the winner of the election, citing ongoing litigation, even though Mr Trump has no clear path to victory, according to legal experts.
Mr Biden’s transition team has taken steps on its own to prevent hacking. Officials involved with the effort said they have put in place security protections that rival those used by the federal government.
“We are preparing to govern during a global pandemic and an economic recession, all while working remotely. From the outset of the transition, we have invested in best-in-class IT systems and processes,” a transition official said.
Frozen out of the government network, the transition team is relying on a standard, paid Google Workspace network, according to people familiar with the matter and a review of publicly available internet registration records associated with the team’s email domain.
The Biden team also is using a set of enhanced protection features on all of its accounts, people familiar with the matter said. It requires that staff use Titan Security Keys, a physical device needed to log into their accounts, and has limited access to internal information on a need-to-know basis in a series of restricted shared drives, the people said.
Current and former US officials and security experts said the transition team’s reliance on its own cyber defenses could make it more vulnerable to attack. Conscious of the hacking threat, the transition team has briefed staff on information security procedures for both their personal and professional accounts, one official said.
The GSA began offering basic information technology and cybersecurity services to Mr Biden’s team when he became the Democratic nominee for president. A memorandum signed by the Biden campaign and the GSA said the administration would provide a telecommunications and information technology infrastructure in its government-provided office space as well as computers for staff.
Mr Biden’s team received access to a small office space at the Commerce Department after he clinched the Democratic nomination, but his team has used the space sparingly because of the pandemic.
Further details on the cyber protections offered are redacted in the memo for security reasons. A GSA spokeswoman declined to elaborate on what additional services are being blocked by the Trump administration.
Presidential campaigns are frequent targets of foreign nation-state hackers. In 2008, both the Obama and McCain campaigns were hacked by China, and in 2016, the Hillary Clinton campaign and the Democratic National Committee suffered cyber breaches at the hands of Russia, which weaponised stolen emails as part of a hack-and-leak interference operation intended to denigrate Mrs Clinton and boost then-candidate Mr Trump’s electoral prospects.
The inner workings of a presidential transition, likewise, are of immense — and potentially even greater — interest to foreign spies, officials and experts said, and would be a top target for hackers hoping to glean insights into the personnel and potential foreign-policy objectives of the incoming administration. Depending on the intent, stolen files from a transition could prove even more valuable than a hack of a campaign.
“Getting access to internal communications of a transition team is an intelligence coup for any nation-state that is adversarial to the interests of our country,” said Dmitri Alperovitch, a cybersecurity expert and co-founder of the Silverado Policy Accelerator think tank. “Understanding who may take on key government posts before they are announced and, more important, what their positions on key issues of interest are would be of huge value to Moscow, Beijing, Tehran or Pyongyang.”
The lack of cybersecurity support from the federal government adds to a list of concerns expressed in recent weeks by Democrats, some Republican lawmakers, and current and former officials who have warned a lack of co-operation between the Trump administration and the Biden transition team could undermine national security.
Without the GSA identifying an apparent winner of the election, Mr Biden has also been unable to receive detailed government intelligence briefings. As the Democratic nominee, Mr Biden was given intelligence briefings, but they were not as detailed as the president’s.
Mr Biden also said “more people may die” because the lack of co-operation could hinder the federal government response to the coronavirus pandemic as he sought to co-ordinate with business and labour leaders ahead of his new administration.
“The GSA and Trump administration’s refusal to acknowledge the results of the election and begin the process for an orderly transition undermines our nation’s security — full stop,” said Senator Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee. “Whether that’s in undermining vaccine distribution and wider Covid response co-ordination, preventing the incoming administration from receiving classified intelligence briefs, or forcing the transition teams to use commercial email services.”
The Wall Street Journal
More Coverage
Recession fears prompt big New Zealand rate cut
The Reserve Bank of New Zealand lowered the official cash rate to 4.75 per cent.
Explainer: A weakened Iran still has a major deterrent … the nuclear option
With Hezbollah reeling and its missiles failing to do much damage, attention turns to the threat posed by Tehran’s nuclear program. How close is it to a bomb and what can Israel and the US do in response?