DHS: 21 states' voting systems probed by Russian hackers
- By Sean D. Carberry
- Jun 22, 2017
In the run-up to the 2016 election, Russian hackers probed election-related systems in 21 different states, Department of Homeland Security officials said.
The probes were akin to someone walking down a street to see who is home, according to Samuel Liles, the acting director of DHS's Office of Intelligence and Analysis Cyber Division. In some cases the hackers got inside the door, but their tampering had no connection to vote tallying, he told the Senate Intelligence Committee on June 21.
Although DHS declared election systems to be critical infrastructure in January, the hearing showed there are still questions and concerns about what that protection exactly entails.
DHS has yet to conduct forensic analysis on affected systems and is working through the process to do so, according to Jeanette Manfra, DHS's acting deputy under secretary for cybersecurity and communications in the National Protection and Programs Directorate. She did state that DHS provided warnings to all 50 states before the election to scan their systems for vulnerabilities or signs of intrusion and that the department provided voluntary technical assistance to some states before the election.
DHS has been in contact with the "owners" of the affected systems in the 21 states, Manfra said. However, she was unable to confirm that all state and local election officials in the targeted states have been made aware that their systems were probed.
She acknowledged that DHS has not historically engaged with secretaries of state and election officials and officials are working through that process. Meanwhile, DHS is working with states to develop incident response playbooks and is focusing on information sharing to minimize the potential of future hacks, she said.
State officials, however, raised concerns about that information sharing. So far no secretary of state has been authorized to receive classified threat data from DHS, they said. They also echoed concerns raised by state officials when DHS first designated election systems as critical infrastructure, stating that there are no clear parameters for what DHS oversight would actually entail.
"If I have one major request to Congress and the administration other than rescinding the critical infrastructure designation for elections or placing clear parameters on the Executive Order, it would be to help election officials get access to classified information-sharing," said Connie Lawson, Indiana's Secretary of State and president-elect of the National Association of Secretaries of State.
Alex Halderman, a professor of computer science and engineering at the University of Michigan, said that despite assurances from DHS that voting machines and systems are difficult to hack and that any systemic attempt to change votes would be detected, manipulating machines and the outcome of an election is actually quite easy -- because he has routinely hacked voting machines as part of his research.
As FCW reported prior to the November 2016 election, Halderman confirmed that machines are highly vulnerable and that targeting a few machines in a swing county could change the results of a state or national election.
"The key lesson from 2016 is that these threats are real," he said. "Attacking vendors and municipalities could have put Russia in a position to sabotage equipment on election day … successful infiltration of election IT systems also could have put the Russians in a position to spread an attack to the voting machines and potentially steal votes."
Halderman said there are three main steps the U.S. should take to protect elections: update voting machines to modern optical scanners that use paper ballots; conduct regular "risk-limiting audits" to ensure computer results are correct; and apply "cybersecurity best practices to the design of voting equipment and the management of elections."
"If Congress works closely with the states, we can upgrade our election infrastructure in time for 2018 and 2020," he said. "But if we fail to act, I think it's only a matter of time until a major election is disrupted or stolen in a cyberattack."
This article was first posted to FCW, a sister site to GCN.
Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.