Russia Targeted All 50 U.S. States Election Systems

Today in Security: Russia Targeted All 50 U.S. States' Election Systems

​All 50 U.S. states’ election systems were targeted by Russian hackers during the 2016 presidential election, according to a U.S. Senate report released Thursday.

Written by the Senate Select Committee on Intelligence, the report—the first in an ongoing investigation—found that the Russian government “directed extensive activity, beginning in at least 2014 and carrying into at least 2017, against U.S. election infrastructure at the state and local level.” However, the committ​ee said it had no evidence that any votes were changed or that voting machines themselves were manipulated.

The committee also added that it could not say “with confidence” why Russia targeted U.S. election infrastructure, but that it could be for future activities or to undermine confidence in America’s democratic system.

​“Russian activities demand renewed attention to vulnerabilities in U.S. voting infrastructure,” the committee explained. “In 2016, cybersecurity for electoral infrastructure at the state and local level was sorely lacking; for example, voter registration databases were not as secure as they could have been. Aging voting equipment, particularly voting machines that had no paper record of votes, were vulnerable to exploitation by a committed adversary.”

One key finding of the report was that DHS and the FBI issued warnings about threats to election infrastructure to U.S. states in late summer and fall of 2016. But that information did not provide enough context for many states to take action, and in some cases, it was not relayed to the appropriate individuals to take action.

“The disconnect between DHS and state election officials became clear during committee interactions with the states throughout 2017,” according to the report. “In many cases, DHS had notified state official responsible for network security, but not election officials, of the threat. Further, the IT professionals contacted did not have the context to know that this threat was any different than any other scanning or hacking attempt, and they had not thought it necessary to elevate the warning to election officials.”

Despite these vulnerabilities and numerous reports acknowledging them, Congress has not been able to pass legislation to directly address them. Intelligence Committee Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) said in statements upon the report’s release that more work remained to be done.

“The Department of Homeland Security (DHS) and state and local elections officials have dramatically changed how they approach election security, working together to bridge gaps in information sharing and shoring up vulnerabilities,” Burr said. “The progress they’ve made over the last three years is a testament to what we can accomplish when we give people the opportunity to be part of a solution.”

Congress is facing additional pressure to address election security following former Special Counsel Robert Mueller III’s testimony on Capitol Hill earlier this week. Mueller said that Russia will continue its efforts to interfere with U.S. elections and that more “countries are developing capability to replicate what the Russians have done.”

Less than 24 hours after Mueller's testimony, however, Senate Republicans blocked two election security measures from proceeding in the chamber.

​"Democrats tried to get consent to pass two bills that would require campaigns to alert the FBI and Federal Election Commission about foreign offers of assistance, as well as a bill to let the Senate Sargeant at Arms offer voluntary cyber assistance for personal devices and accounts of senators and staff," according to The Hill. "But Senator Cindy Hyde-Smith (R-MS) blocked each of the bills."

Security Management will take a deeper dive into election security issues in its November 2019 issue.