From his perch on the U.S. Senate Commerce, Justice, Science and Related Agencies Appropriations Subcommittee, U.S. Sen. Marco Rubio, R-Fla., pressed Federal Bureau of Investigation (FBI) Director Christopher Wray on how the FBI handles cyber attacks and election security and what it has learned from the Marjory Stoneman Douglas High School shooting in Parkland.
Rubio started off his questioning on Tuesday by focusing on election security.
“I’m not going to ask you to comment about any specific cases, especially in this setting, matters that are highly compartmented,” Rubio said. “But I do want to point to things that are in the public record. The first is May of last year the Senate Intelligence Committee, as part of our review of the 2016 election in an interim report, stated that there had been a number of counties across the country in which foreign actors had been in a position, if had they wanted to, to change and influence voter databases. They didn’t do so, but they were in a position to do so. That was disclosed. As you can imagine, a few weeks ago when the Mueller report came out, it had a brief but obviously significant mention that at least one Florida county had been impacted by an intrusion. And it has elicited, as you can imagine, across our 67 counties a tremendous amount of attention to say the least. And I know that you’ve heard from both my colleague Senator Scott and from our new Governor, Governor DeSantis.
“So, on the one hand, I explained to people we are always trying to protect our methods and sources,” Rubio added. “And so sometimes by revealing information, you have revealed how you learned about it, and thereby compromise the ability to learn about it in the future. On the other hand, you can imagine, if you’re a county election official anywhere in America, I’m not talking specifically about Florida, and you hear that you may have been potentially one of those impacted and no one’s told you that directly, it puts them in a very difficult position. So just thinking through how can we handle a matter — these are just hard things and sometimes it’s not entirely the FBI’s decision to make or any other agency for that matter. But I think I’ve described writ large that’s a tough spot to be in. Other than to tell people, if you do these things, you should be fine, but we can’t tell you who it is that’s been impacted because we’ll lose the ability to hear about in the future. Is there any thought being given how to confront this in the future, the balance between notifying a county or a victim of this sort of intrusion and the ability to protect our methods and sources?”
“So, I think you’ve identified a particularly vexing problem, as you’ve correctly framed,” Wray replied. “It is something that we in the intelligence community struggle with quite a bit. We have tried to put in place a fairly specific protocol that is intended to guide a thoughtful and disciplined decision making process for when we notify victims of a cyber-attack, whether it’s in the election context or anything else. And it goes through a lot of the considerations that would apply. So things ranging from — and you anticipated some of them in your question — sometimes the information is a particularly sensitive source or method. And if we lose or jeopardize that source or method, then we lose the ability to even better protect sometimes even the same victim. Sometimes the information comes from a trusted foreign liaison partner and it’s not our decision to make about whether to share the information. Sometimes it affects an ongoing criminal investigation and might jeopardize that. So there’s a whole host of things.
“We also look at things like, how actionable is the information, is the information we’ve had in a form where somebody could even do something with it. And so sometimes those factors come into attention and we try to wrestle through them as best we can. I will say that sometimes we also strike a middle ground, which is we try to provide more general information to help people take appropriate cyber hygiene steps. It’s not a perfect solution, but it’s a solution that intends to kind of have it a little bit both ways where we’re sharing information that allows people to take some steps while still protecting some of those sensitive sources of information. But this is an issue that we all in the intelligence community struggle with, not just in an election context, but in a lot of other settings as well,” Wray added.
Rubio changed course to focus on the Parkland shooting.
“One final question on a different topic,” Rubio said. “Fifteen months ago, as you know, the tragedy took place in Parkland and as you’ve acknowledged, and others, the FBI made some mistakes. There were clear tips that were disregarded about how the shooter was a threat to the lives of others. And there was a commitment to a review of the policies and procedures, but so far there hasn’t been much made public in terms of accountability, aside from acknowledging the mistakes. So what is the status of that review?”
“So we have done not one but two fairly in-depth reviews out at our call center, which is where the key activity occurred,” Wray answered. “We’ve changed training, we’ve changed policies out there, we’ve doubled — well not doubled — we’ve increased significantly the amount of resources that are out there. We’ve increased the amount of oversight. We’ve built certain technology tools to improve, sort of put redundancies in the process, to ensure the right kinds of things are caught. There’s a whole host of things we’ve done. In addition, I’ve met with some of the families of some of the victims as has the deputy director. And we’re committed to trying to get this right. We’ve now recently, and this is very recent information, but I’ve now put in charge of that whole division out there in West Virginia one of our senior most executives to run that division, somebody that we personally enlisted to really bring the right level of maturity and sophistication to running that whole division. I think that’s a measure of how important this is to us.”
Kevin Derby can be reached at Kevin.Derby@floridadaily.com.
