Current and former officials with the Department of Homeland Security provided assured that the Russian meddling in the 2016 election failed to alter any votes during testimony on Capitol Hill, but warned that in future elections the vote may not be secure.
On Wednesday, former Department of Homeland Security (DHS) Secretary Jeh Johnson told a House panel that voter registration databases were some of the most exposed elements of the election system and subject to manipulation by outside actors, but they were not the only vulnerabilities.
“The process is vulnerable to future cyberattacks by those who are becoming increasingly aggressive, ingenious and capable,” Johnson said, suggesting that future attacks may not focus on the vulnerabilities identified in 2016.
Russia’s success in sowing doubt in the integrity of the election could embolden other foreign actors, non-state actors or domestic actors to interfere in the future, Johnson warned. Those attacks could include exfiltrating or changing data on voter rolls, theft, ransomware and a host of other politically motivated cyber-tactics.
“I think we have to assume … that the Russians will be back and possibly other state actors and possibly other bad cyber actors,” he warned.
s Johnson spoke to members of the House Intelligence Committee, the FBI’s assistant director of counterintelligence Bill Priestap addressed members of the Senate with a similar warning that there will be more Russian attempts against the United States.
“I believe the Russians will absolutely try to continue to conduct influence operations in the U.S.,” Priestap said, including cyberattacks.
By the end of 2016, the U.S. intelligence community reached a consensus that the Russian government had directed cyberattacks against the U.S. election system and political figures at the direction of Russian President Vladimir Putin with the purpose of influencing the outcome of the election. It included a number of tactics from paid internet trolls and fake news and propaganda campaigns to direct attempts to penetrate voter rolls.
Prior to the election, DHS and the FBI saw a growing pattern of “probing and scanning” voter registration databases in multiple states. In two states, Illinois and Arizona, Russian attempts to breach the networks and access databases were successful.
The acting director of DHS’s cyber division, Samuel Liles confirmed on Wednesday that there were 21 states where the “internet-connected, election related networks” were targeted by Russian government cyber actors. “It is important to note that none of these systems were involved in vote tallying,” he said.
Liles attempted to provide further assurance, saying that prior to the election, DHS had “no indication” that a foreign adversary was planning a cyber operation that would change the outcome of the vote.
“We also assessed that multiple checks and redundancies in U.S. election infrastructure … made it likely that cyber manipulation of the U.S. election systems intended to change the outcome of the national election would be detected,” he continued.
That was essentially the same assessment Secretary Johnson made on October 7, 2016.
Even as Moscow was engaged in active measures to influence the election, because of the diversity of state and local systems, the prevalence of non-internet connected voting machines and extensive checks and balances, “it would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion.”
Those assurances from 2016 provided little relief for lawmakers and officials looking ahead to future elections.
Rather than responding to the last attack, Johnson noted, “try to anticipate the next attack.”
“The warning for future elections is that everybody is going to get better and better at trying to break in,” said Rep. Mike Conaway (R-Texas), the acting head of the House Russia probe.
Even though the Russians were not successful in changing any votes in 2016, Conaway argued that undermining public confidence in the election was the greatest damage to come from the Russian election interference.
“The harm is done in the fact that they are causing us to … even ask that question causes a sense of uncertainty,” he explained.
Across party lines, a number of congressmen expressed concern that the impact of Russian election interference was so impactful because it exploited the already deep political divisions in United States.
“Those internal divisions allowed the Russians to manipulate our politics and that is something we’re going to have to defend against,” ranking Democrat on the Intelligence Committee Adam Schiff told Sinclair Broadcast Group. “Somehow we have to develop a consensus that no matter who it helps or who it hurts, we won’t tolerate any foreign interference in our affairs.”
Utah Republican Rep. Chris Stewart argued that “politically divided democracies are particularly vulnerable” to attacks using propaganda and fake news intended to sow discord.
He charged that the “gullible press” have been “playing to Russian hands” by exacerbating political divisions.
Russia’s attempt to influence U.S. politics was successful, Stewart continued. “And if success breeds success — and it does — then we have to anticipate that they’r’e going try to do it again.”
There are steps that state and local election officials can take to further shore up election systems. Minimizing exposure to the internet, hardening security around voter registration databases, and ensuring that officials practice basis cyber hygiene, like identifying spear-phishing emails.
The January 2017 designation of the U.S. election system as critical infrastructure further ensures that election officials are pushed to the front of the line to receive help from the federal government to protect election infrastructure. DHS Secretary John Kelly has kept that designation in place, but faces pressure to reverse the order from local officials and the incoming president of the National Association of Secretaries of State, Connie Lawson.
