Two officials from the Department of Homeland Security testified on Wednesday before the U.S. Senate Intelligence Committee that Internet-connected election networks and websites in 21 states were potentially targeted by Russian hackers.
The officials, Dr. Samuel Liles, DHS' acting director, cyber division, with DHS' Office of Intelligence and Analysis, and Jeanette Manfra, the DHS' acting deputy undersecretary for cybersecurity and communications, would not specifically name the targeted states, or how many of the 21 states had voters' registration data exfiltrated. A recent Bloomberg report had stated that 39 states were hit in voting-related attacks.
In a separate hearing on the same day by the House Intelligence Committee, former DHS Secretary Jeh Johnson testified about his efforts to raise awareness of state and local electoral officials as the threat of Russian election interference grew in mid-to-late 2016. Johnson defended his decision to designate electoral systems as critical infrastructure, describing resistance on the part of state election officials who accused the federal government of trying to strip states of their sovereignty. "This was a profound misunderstanding of what a critical infrastructure designation would mean, which I tried to clarify for them," Johnson stated in written testimony.
Johnson explained that the critical infrastructure designation actually means that DHS has given high priority to local election officials' requests for federal services, and that election infrastructure now will benefit from various domestic and international cybersecurity protections.
Back in the Senate hearing, however, Connie Lawson, president-elect of National Association of Secretaries of State (NASS), and Indiana's secretary of state, objected to Johnson's critical infrastructure designation, arguing that it should be rescinded. In written testimony, Lawson derided the critical infrastructure designation over "a lack of clear parameters around the order, which currently gives DHS and other federal agencies a large amount of unchecked executive authority over our elections process." She also criticized federal government agencies failing to collaboratively share information pertaining to election threats.
Johnson also reasserted the contention of the intelligence and cybersecurity communities that Russia was, indeed, the culprits behind the hack of the Democratic National Committee. "In 2016, the Russian government, at the direction of Vladimir Putin himself, orchestrated cyberattacks on our nation for the purpose of influencing our election. That is a fact, plain and simple," said Johnson.
Liles, Manfra, and Johnson all testified that they have not seen any evidence that presidential vote tallies were altered, with Liles emphasizing that any large-scale effort to modify votes would have been detected. However, Manfra and Liles acknowledged that no forensics work has been performed on voting machines to fully quash such concerns.