Russian hackers targeted “election-related systems” in 21 states during the presidential election, an official with the Department of Homeland Security confirmed Wednesday in Senate testimony. The revelation came during a hearing before the Select Intelligence Committee as part of its investigation into Russian influence on the election.
The media has reported that Russia hacked up to 39 states’ systems, and Illinois and Arizona declared their systems were among those affected, but this marks the first time that federal officials themselves have publicly described the number of states that were penetrated successfully by Russian hacking.
Jeanette Manfra, the DHS official who disclosed the numbers, declined to name which states had been targeted to protect their confidentiality, though she says the managers of the various threatened systems have been alerted.
In August of 2016, DHS started getting reports of “cyber-related scanning and probing” of U.S. election infrastructure, testified Samuel Liles, another DHS official. At this point, he said, the agency began analyzing and sharing this information with federal, state, and local partners.
Both DHS officials at the hearing said the Russian probing did not affect the actual vote totals during the presidential election. Instead, Liles compared them to a burglar walking down the street and checking if people were home.
“A small number of systems were unsuccessfully exploited, as though somebody rattled the doorknob and was unable to get in, so to speak,” he said. “A small number of the networks were successfully exploited. They made it through the door.”
Despite federal authorities’ efforts on this front, a state official at the hearing called for better collaboration to prevent election hacking and criticized the intelligence community’s handling of the issue last fall.
On June 5, a leaked NSA report revealed, among other things, the agency knew Russians had allegedly hacked the systems of a vendor dealing with voter information. However, Connie Lawson, Indiana’s secretary of state and the president-elect of the National Association of Secretaries of State, said she and her fellow state officials were not given this intelligence before the election.
“Former DHS Secretary Jeh Johnson repeatedly told my colleagues and me that no specific or credible threats existed in the fall of 2016,” Lawson said at the hearing. “It is unclear why our intelligence agencies would withhold timely and specific threat information from election officials.”
To this day, Lawson said, no secretary of state is currently authorized to receive classified threat information from intelligence agencies.
Johnson designated the nation’s election infrastructure as “crucial infrastructure” this January as a way to ensure more formal cooperation and attention around the subject. According to Johnson’s prepared testimony before a House hearing today on Russian hacking, states’ reaction to this designation was “neutral to negative,” as some state and local officials worried it would undermine their prerogatives to manage elections.
Committee Vice Chair Mark Warner, a Virginia Democrat, also decried the intelligence community’s reticence to give more information about the hacks.
“We are not making our country safer if we don’t make sure that all Americans realize the breadth and extent of what the Russians did in 2017, and frankly, if we don’t get our act together, they might do it in an even more dramatic form in 2018 and 2020.”