Homeland Security Secretary Kirstjen Nielsen said Wednesday that the 2018 midterms and future elections are “clearly potential targets for Russian hacking attempts,” but she argued that her department has made key strides to prepare states to combat hacking.
Nielsen told the Senate Intelligence Committee during a hearing on election security that since the 2016 election, DHS has improved information sharing with the sates and has expanded its assistance for cybersecurity risk assessments to the states.
States can now have three election officials with security clearances to receive classified information, and DHS provides “one day read-ins” about threats for senior officials.
“We know whom to contact in every state to share threat information,” Nielsen said. “That capability did not exist in 2018.”
Nielsen and former department Secretary Jeh Johnson testified before the Senate Intelligence Committee on Wednesday, one day after the panel issued a list of recommendations to bolster election security at the state and federal levels.
Virginia Sen. Mark Warner, the top Democrat on the committee, said that the Obama administration and states were “caught flat-footed” during the 2016 election, failing to notify the states about the threat until fall 2016. And he said the initial response under the Trump administration wasn’t much better.
Warner also knocked Trump for failing to acknowledge the threat posed by Russia.
“The threat is real; the need to act is urgent,” Warner said. “Perhaps most of all, we need a President who will acknowledge the gravity of this threat, and lead a whole of society effort to harden our defenses and inoculate our society against Russia’s malicious interference.”
Warner said it was “extremely troubling” that Trump did not bring up election security when he called Russian President Vladimir Putin this week and congratulated him on his election victory.
During the 2016 election, Russian hackers successfully penetrated Illinois voter registration database and targeted the election databases of 20 other states, although the US government has said no votes were changed as a result of the hacking.
Johnson, who was President Barack Obama’s DHS secretary during the 2016 election, said the states were to blame in part for the lack of a proper response to Russian hacking.
He said that in August 2016, he told the state election officials that he wanted to offer DHS assistance in securing their election infrastructure, and he wanted to designate election systems as “critical infrastructure” for the federal government.
But he said the state reaction on a conference call with state officials “was neutral to negative.”
“Those who expressed negative views stated that running elections in this country was the sovereign and exclusive responsibility of the states, and they did not want federal intrusion, a federal takeover, or federal regulation of that process,” Johnson said in his opening statement. “This was a profound misunderstanding of what a critical infrastructure designation would mean, which I tried to clarify for them.”
As a result, Johnson said, the federal government did not move forward with the critical infrastructure plan until after the election. In January 2017, Homeland Security did make the critical infrastructure designation as the intelligence community concluded that Russia was behind the election hacking.
In an indirect response to criticism that the department did not do enough to help states during the election, Johnson ticked off measures that the federal government did take. He noted that in August, the FBI “issued an alert to the states” about reports of scanning and probing activities surrounding various state election databases.
“Both publicly and privately, my staff and I repeatedly encouraged state and local election officials to seek our cybersecurity assistance,” Johnson said.