All 50 U.S. states’ election systems were targeted by
Russian hackers during the 2016 presidential election, according to a U.S.
Senate report released Thursday.
Written by the Senate Select Committee on Intelligence,
the report—the first in an ongoing investigation—found that the Russian
government “directed extensive activity, beginning in at least 2014 and
carrying into at least 2017, against U.S. election infrastructure at the state
and local level.” However, the committee said it had no evidence that any votes
were changed or that voting machines themselves were manipulated.
The committee also added that it could not say “with
confidence” why Russia targeted U.S. election infrastructure, but that it could
be for future activities or to undermine confidence in America’s democratic
“Russian activities demand renewed attention to
vulnerabilities in U.S. voting infrastructure,” the committee explained. “In
2016, cybersecurity for electoral infrastructure at the state and local level was
sorely lacking; for example, voter registration databases were not as secure as
they could have been. Aging voting equipment, particularly voting machines that
had no paper record of votes, were vulnerable to exploitation by a committed
One key finding of the report was that DHS and the FBI issued
warnings about threats to election infrastructure to U.S. states in late summer
and fall of 2016. But that information did not provide enough context for many
states to take action, and in some cases, it was not relayed to the appropriate
individuals to take action.
“The disconnect between DHS and state election officials
became clear during committee interactions with the states throughout 2017,”
according to the report. “In many cases, DHS had notified state official
responsible for network security, but not election officials, of the threat.
Further, the IT professionals contacted did not have the context to know that
this threat was any different than any other scanning or hacking attempt, and they
had not thought it necessary to elevate the warning to election officials.”
Despite these vulnerabilities and numerous reports acknowledging
them, Congress has not been able to pass legislation to directly address them. Intelligence
Committee Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) said
in statements upon the report’s release that more work remained to be done.
“The Department of Homeland Security (DHS) and state and local
elections officials have dramatically changed how they approach election
security, working together to bridge gaps in information sharing and shoring up
vulnerabilities,” Burr said. “The progress they’ve made over the last three
years is a testament to what we can accomplish when we give people the
opportunity to be part of a solution.”
Congress is facing additional pressure to address election
security following former Special Counsel Robert Mueller III’s testimony on
Capitol Hill earlier this week. Mueller said that Russia will continue its
efforts to interfere with U.S. elections and that more “countries are
developing capability to replicate what the Russians have done.”
Less than 24 hours after Mueller's testimony, however, Senate Republicans blocked two election security measures from proceeding in the chamber.
"Democrats tried to get consent to pass two bills that would require campaigns to alert the FBI and Federal Election Commission about foreign offers of assistance, as well as a bill to let the Senate Sargeant at Arms offer voluntary cyber assistance for personal devices and accounts of senators and staff," according to The Hill. "But Senator Cindy Hyde-Smith (R-MS) blocked each of the bills."
Security Management will take a deeper dive into election
security issues in its November 2019 issue.