As they near completion of one aspect of their Russia probe, lawmakers on the Senate Intelligence Committee outlined for reporters where federal officials fell short in responding to Russian cyberthreats in 2016.
“We were all disappointed that states, the federal government and Department of Homeland was not more on their game in advance of the 2016 elections,” Intel Vice Chair Mark Warner (D-VA) said.
The committee hosted a press conference Tuesday previewing the unveiling of its initial recommendations for election cybersecurity in which they detailed a lack of communication between states and federal officials in the lead-up of the 2016.
“[There] was such mistrust between the states and DHS that information that should have been shared that would have caused the states to act more aggressively was not shared,” Sen. Susan Collins (R-ME) said.
One problem they identified was the lack of state and local election officials with security clearances so they could review pertinent information.
According to Collins, even eight months after the 2016 elections, in June 2017, no chief elections officials at the state level had a security clearance.
Another issue highlighted by lawmakers was the sufficiency of the messaging that did go from federal agencies to state officials about the potential threats in 2016.
“The warnings did not provide enough information or go to the right person in every case,” Intel Chairman Richard Burr said. Federal officials did not tell state elections administrators that the attempted intrusions were coming from a foreign adversary, nor just how serious the threats were, according to lawmakers.
The lawmakers stressed that the committee had found no evidence that any votes had been changed in the 2016 election. However, they reiterated that the election-related systems of 21 states were targeted by Russian actors, a number that was first revealed in a Senate Intel hearing last June.
Warner called that hearing “an impetus to the Department [of Homeland Security] to communicate that with the states,” which were notified only last September if they were one of the 21 states.
“One of the most frustrating things were that in the aftermath of this information coming out, that it actually took the Department of Homeland Security nearly nine months to notify the top elections officials that their states’ systems had been messed with,” Warner said.
Of those 21 states, at least one state’s systems were breached, the lawmakers said. They did not name that state, but Illinois’ voter registration system was infiltrated in 2016 in an effort later linked to the Russians. (Election officials there have said that no information in the database had been changed or deleted by the intruders.)
“We may never know the full extent of the Russian malicious attacks,” Collins said.
The lawmakers said that in recent months the Department of Homeland Security had “picked up its game,” as Warner put it, but that more work needed to be done. They pointed to a one-day classified briefing hosted by Department of Homeland Security last month with state and local officials.
“It received decidedly mixed reviews from state elections officials,” Collins said.