Cybersecurity

California: DHS gave ‘bad information’ on Russian hacking

California election officials are accusing the Department of Homeland Security (DHS) of giving them “bad information” about Russian efforts to target the state’s election systems ahead of Election Day last year. 

The charge comes days after Wisconsin also said it received misleading information from the federal department, which notified 21 states last Friday of Russian efforts to target their election-related systems.

The DHS, though, is standing by the assessments, saying they were “based on a variety of sources, including scanning detected from malicious IP addresses and intelligence information that cannot be publicly disclosed.” 

{mosads}The department told California officials that Russian actors “scanned” the state’s internet-facing systems last year, according to California Secretary of State Alex Padilla, who serves as the state’s chief election officer. But Padilla, a Democrat, said that DHS’s conclusions were proven “wrong” after further requests for information. He also criticized the department for providing the information a year after the fact. 

“DHS confirmed that Russian scanning activity had actually occurred on the California Department of Technology statewide network, not any Secretary of State website,” Padilla said in a statement on Wednesday. “Based on this additional information, California voters can further rest assured that the California Secretary of State elections infrastructure and websites were not hacked or breached by Russian cyber actors.”  

“Our notification from DHS last Friday was not only a year late, it also turned out to be bad information,” Padilla added. 

Earlier this week, The Associated Press reported that DHS initially told Wisconsin officials that Russian actors unsuccessfully targeted its voter registration database, but later told the state that the IP address affected belonged to Wisconsin’s Department of Workforce Development.

“DHS has made an effort to respond quickly to questions and requests for further information from states following Friday’s calls, and we have provided additional information and clarity to a number of states,” a DHS spokesman told The Hill. 

“The Department stands by its assessment that Internet-connected networks in 21 states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure,” the spokesman added. 

The department is not disclosing specific information about states targeted, instead leaving it up to state officials to decide whether to publicly disclose details of discussions about its networks with the DHS. 

News broke Friday evening that the DHS had notified states whose systems were targeted by Russian actors ahead of the election. In most cases, Russian actors did not successfully compromise networks, though both Arizona and Illinois had voter registration databases penetrated ahead of the election, as has been previously reported. 

The targeting is believed to be part of a broader campaign by Russia to interfere in the presidential election, laid out in an unclassified U.S. intelligence community assessment released in January.