Twenty-one state election systems were targeted by Russian hackers during last year’s presidential election, a Department of Homeland Security official told the Senate Intelligence Committee Wednesday.
While Russian attempts to infiltrate state voting systems have been widely reported, this appears to be the first acknowledgment of the scope of the attempted hacking.
Acting Deputy Undersecretary of Cybersecurity Jeanette Manfra told the Senate panel, “We have evidence of election systems in 21 states that were targeted,” while reiterating that actual voter tallies were not altered in any way.
Manfra would not disclose which states were targeted, but earlier reports have cited Arizona and Illinois as being two where voter registration systems were targeted last year.
Wisconsin and Indiana election officials told the committee their states were not among those affected by the hackers.
Manfra also indicated that among the 21, the states that had data successfully exfiltrated by the Russians were notified, though she would not reveal in a public setting which states those were.
Manfra’s testimony came the same day that Obama Administration Department of Homeland Security Secretary Jeh Johnson said voter registration data bases were particularly vulnerable in the hacking, and advised that Congress consider grants to state election officials to help them harden their cybersecurity.
Johnson, testifying before the House Intelligence Committee, called for increased awareness among state election officials, state government employees, and the general public “the evils and the hazards of spear phishing.”
He also called for establishment of a full-time position at DHS or elsewhere in the federal government to handle cybersecurity issues.
“But, first and foremost, on the ground, we need to encourage state governments, state election officials, to engage in best practices when it comes to vote tallies and so forth – and through grants, we ought to consider grants, I hear that from state election officials themselves,” Johnson said.
Johnson said he would advise DHS Secretary John Kelly or his undersecretary for the National Protection Programs Directorate – a position that is now vacant – to make cyber security a “front-burner issue.”
“When I came into office in 2013, I viewed counterterrorism as the cornerstone mission of DHS, and then, after a time, when I got a sense of the threat environment, I realized that cybersecurity needed to be the other cornerstone, needed to be the other top priority of our department’s mission,” he told the panel.
“It’s going to get worse before it gets better, and bad cyber actors all the time are more and more ingenious, more tenacious, and more aggressive, and so I would urge Secretary Kelley to make this one of his top one or two priorities,“ he said.
Bill Priestap, FBI Assistant Director of Counterintelligence, told the Senate committee the scale of last year’s intrusion separates it from previous Russian attempts to meddle in American politics.
In terms of how the FBI is addressing the targeting of states’ election systems, Priestap said, “We have a number of open investigations in regards to that,” though he would not go into detail.
He also warned the committee not to assume Russian attempts to influence future elections in the United States will cease due to the results of last year’s election.
“I believe Russia will absolutely try to conduct influence operations in the U.S., which will include cyber intrusions,” he said.
Steve Hirsch is a senior national security editor at The Cipher Brief; Verdi Tzou is a contributing national security editor.