Critical Infrastructure Security, Critical Infrastructure Security

Report: Russian-sponsored hackers could have modified U.S. voter data, but didn’t

Russian state-sponsored cyber actors "conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. elections," the U.S. Senate Select Committee on Intelligence concludes in the first volume of its report on Russia's efforts to interference in America's most recent presidential election.

Released yesterday, volume one focuses specifically on Russia's attempts to infiltrate, spy on and diminish confidence in U.S. electoral infrastructure, including states' voter registration databases, voting systems, election websites, and electoral boards, officers and staff members. The heavily redacted report, overseen by Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and Vice Chairman Mark Warner (D-Va.), incorporates details gleaned from hearings, interviews, and reviewed intelligence from 2017-2019.

The report said there is no evidence supporting the notion that actual vote tallies were changed, noting however that the committee's insight into this particular matter was limited. Moreover, the document states that although Russian-sponsored hackers had sufficient access to delete or modify voter registration information, they don't appear to have done so.

Instead, Russia's primary goals may have been to gather as much information as possible for espionage purposes, explore potential vulnerabilities for possible future exploitation and – most likely – "undermine confidence in the 2016 U.S. elections simply through the discovery of their activity."

Indeed, U.S. government officials were uncertain to what extent they should disclose Russia's meddling, or fear that such announcements would erode the public's confidence the democratic process, the report states.

Perhaps with good reason: The report notes that a January 2017 declassified Intelligence Community Assessment said that Russian diplomats "were prepared to publicly call into question the validity of the results" and "pro-Kremlin bloggers had prepared a Twitter campaign, #DemocracyRIP" in the event that Hillary Clinton had won the 2016 elections.

The report notes that Russian interference activities predated the election as far back as 2014 and lasted at least into 2017. Moreover, the activity appears to have targeted all 50 states, according to assessments shared by both the Department of Homeland Security and former Special Assistant to the President and Cybersecurity Coordinator Michael Daniel. Back in 2017, it had been widely reported that intelligence officials could only find evidence of 21 states being targeted by the hackers.

Among the report's chief conclusions is that state election officials were not prepared to handle the hackers' sustained attacks, and warnings and assistance from the FBI and DHS were insufficient to make up for the states' deficiencies.

In response to these lapses, the DHS has "redoubled its efforts to build trust in the states and deploy resources to assist in securing elections," the report states. However, the document recommends, states must continue to replace outdated voting technology with more secure options like paper ballots, optical scanners or electronic systems that include a voter-verified paper trail.

Additionally, the report recommends that the Election Assistance Commission report to Congress on how states are using their individual allotments of the $380 million that federal lawmakers appropriated for election security under the Help America Vote Act, and whether more funding is necessary. Also, it calls for better information gathering and sharing among the intelligence community, and a U.S. cyber doctrine that effectively deters foreign interference.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.