The key Senate committee investigating Russian interference in the 2016 election said it still doesn’t have a firm grasp on the extent of the hacking, even with the November congressional midterms less than six months away.
But the Intelligence Committee reaffirmed one conclusion previously provided by Department of Homeland Security officials: at least 21 states were targeted by Russian operatives. U.S. intelligence officials have warned that Russia could try to meddle in this year’s midterms.
The committee chairman, Richard Burr, a North Carolina Republican, stressed the urgency of acting on the committee’s recommendations as primary voters in some states went to the polls on Tuesday.
In the report, the committee said it had “limited information about whether, and to what extent, state and local officials carried out forensic or other examination of election infrastructure systems in order to confirm whether election-related systems were compromised. It is possible that additional activity occurred and has not yet been uncovered.”
The report, which describes the electoral process as the most fundamental element of a democracy, is part of a series of congressional and intelligence community investigations of how Russia sought to influence the presidential election won by Donald Trump.
“Today’s primaries are the next step toward the 2018 midterms and another reminder of the urgency of securing our election systems,” Burr said. “We are working tirelessly to give Americans a complete accounting of what happened in 2016 and to prevent any future interference with our democratic process.”
A Contrast With the House
Senators from both parties emphasized the bipartisan nature of the Senate inquiry, which stands in stark contrast to the dueling reports with wildly different conclusions issued by Republicans and Democrats on the House Intelligence Committee.
Senator James Lankford, an Oklahoma Republican, said in a statement accompanying the report that “Russian entities targeted presidential campaign accounts, launched cyberattacks against at least 21 state election systems, and hacked a U.S. voting systems software company.”
A Democratic colleague, Mark Warner of Virginia, said he remained concerned “that we as a country are still not fully prepared for the 2018 midterm elections. That’s one reason why we, as a committee, have decided that it is important to get out as much information as possible about the threat.”
The committee said at least 18 states’ election systems were targeted by Russian-affiliated cyber actors in “some fashion,” and that elements of the intelligence community have “varying levels of confidence” about another three states.
Only Illinois has indicated publicly that some of its voter data had been stolen.
Other states experienced suspicious or malicious behavior that intelligence agencies have been unable to attribute to Russia. In almost all of the affected states, “vulnerability scanning” targeted their secretary of state websites or voter registration systems, the report said.
Breaches of Data
In at least six states, Russian hackers conducted malicious access attempts on voting-related websites, and in a small number of states, they gained access to “restricted elements of election infrastructure.” In those states, they were “in a position to, at a minimum, alter or delete voter registration data” but not manipulate individual votes or total tallies.
The committee said its findings as well as those of the Department of Homeland Security and FBI were based on self-reporting by the states and that it’s “possible that more states were attacked, but the activity was not detected.”
The report said the committee found “ample evidence to conclude that the Russian government was developing capabilities to undermine confidence in our election infrastructure, including voter processes,” although it was hard to determine the full scope of Russian activity against states because of “collection gaps.”
The committee recommended a number of steps, including updating aging voting machines with ones that have a paper ballot. It pointed to the diversity of voting systems between more than 9,000 jurisdictions as an element that made the process as a whole more resilient.
This decentralized system is harder to hack because of its lack of networking: Voting machines aren’t connected to the internet, although some voter registration rolls are.
Tuesday’s report follows a summary of recommendations on election security released in March, which urged quick action to prevent a repeat of hacking into voting systems by Russians or others ahead of this year’s midterm elections. The previous report called for more steps to “better defend against a hostile nation-state.”
In its recommendations, the committee said the U.S. should “clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly.” It also said intelligence agencies should make attributing cyberattacks quickly and accurately a “high priority.”
Many states plan to use their share of $380 million in federal grants for election security from the omnibus spending bill passed in March on new equipment. But it’s hardly enough money to replace all of the aging voting systems in the country.
The White House announced that Trump had met last week with top federal security officials to discuss “efforts to bolster the security of the nation’s election systems.” The statement cited efforts to encourage state and local officials to follow “best practices like using paper ballots.”
Indiana, North Carolina, Ohio and West Virginia held their primaries on Tuesday. Next week, Idaho, Nebraska, Oregon and Pennsylvania will have primary elections.