Senate Intel: Russia waged ‘unprecedented’ cyber campaign on U.S. voting systems

The Senate Intelligence Committee on Tuesday released the unclassified version of its investigation into Russian cyberattacks on digital U.S. voting systems ahead of the 2016 presidential election.

The report finds that Moscow conducted an “unprecedented, coordinated cyber campaign” against the nation’s voting infrastructure. Through its investigation, the committee found that Russia-linked hackers were in a position to “alter or delete voter registration data” in a small number of states before the 2016 vote.

{mosads}The election security report represents the first installment of the committee’s report on Russian interference in the election. It affirms the intelligence community’s assessment that hackers associated with the Russian government targeted state election infrastructure, and echoes officials’ statements that there is no evidence any votes were changed.

Homeland Security officials revealed last year that Russia targeted election-related systems in 21 states, and in a small number of cases breached state systems. Beyond saying that the targeted systems were not involved in vote tallying, officials have provided few details about the effort.

The document released by the Senate Intelligence Committee holds some fresh details about the extent of Moscow’s attempts to hack into state voting infrastructure but largely rehashes information already known from public testimony.

The report states that intelligence officials have “varying levels of confidence” that 21 states were targeted by Russia, including 18 that officials have definitive evidence showing targeting efforts. The lawmakers also found that other states witnessed “suspicious or malicious behavior” that the intelligence community could not trace back to Moscow.

Most of the attempts amounted to hackers scanning a state’s secretary of state website or voter registration infrastructure for vulnerabilities, and did not amount to successful breaches. However, in at least six states, Russia-linked hackers “conducted malicious access attempts on voting-related websites.”

“In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure,” the report states. “In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.”

The committee also found, through its investigation, that Russia conducted intelligence gathering and other “intelligence-related activities” before the 2016 vote likely in preparation for discrediting the integrity of the U.S. voting process. The report provides few details on this activity, or an explanation of why the committee came to the conclusion about the motive behind it. 

Because the committee’s findings are based on information from the states, the report emphasizes that it is possible more states were attacked but that the activity was not detected — echoing a point made by a top Homeland Security official just last month.

The committee found Homeland Security’s response to Russia’s hacking efforts to be “inadequate to counter the threat.” Multiple state election officials have complained that the department was slow to share threat information. Meanwhile, federal officials have defended their actions, saying that they did not understand the full scope of Russia’s efforts until after the election.

It was not until January of 2017 that the intelligence community released its unclassified assessment of Russian interference in the election.

The Intelligence Committee’s report, a summary of which was issued in March, also sets forth a series of recommendations for securing the nation’s voting infrastructure against future attacks.

Its publication is timely — the report comes on the eve of key 2018 primaries in states across the country.

The lawmakers recommend that the federal government establish new “international cyber norms” and bolster information sharing with state and local officials. They also instruct states to implement two-factor authentication, install sensors on state systems to monitor potentially nefarious activity and replace paperless voting systems with those that provide a paper backup. 

“The Committee saw no evidence that votes were changed and found that, on balance, the diversity of our voting infrastructure is a strength,” the report says. “However, the Committee notes that a small number of districts in key states can have a significant impact in a national election.”

The committee has been investigating Russian interference, including whether there was coordination between President Trump’s campaign and Moscow, for well over a year. On Tuesday, Chairman Richard Burr (R-N.C.) told reporters that the panel expects to wrap up its probe in August.