The Homeland Security Department didn’t go high enough up the chain when it notified state officials about Russian attempts to penetrate election systems during the 2016 campaign, the Homeland Security Department’s top official told lawmakers Wednesday.
“We notified the states back when the intrusion occurred,” acting Homeland Security Secretary Elaine Duke said. “What we learned from that and what we’re correcting is we notified the systems' owners and didn’t necessarily notify the right senior officials that need to take action.”
The department won’t make the same mistake during the 2018 election cycle, Duke told members of the Senate Homeland Security Committee.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Russian government-linked hackers attempted to penetrate election systems in either 20 or 21 states during the 2016 campaign, according to Homeland Security officials. Investigators have found no evidence that those hackers were able to actually change vote tallies or voter information, officials have said.
DHS shared details with affected states about that hacking campaign for the first time last week.
Homeland Security has the resources to help protect voting systems from digital meddling during the 2018 election cycle, but some states are refusing federal aid, said Duke who became acting secretary when her predecessor John Kelly left to become President Donald Trump’s chief of staff.
State election officials have been broadly wary of federal attempts to assist with or monitor election security in the wake of Russia’s 2016 digital meddling campaign. The National Association of Secretaries of State, the officials who run state elections, severely criticized a late-Obama administration decision by Homeland Security to designate election systems as critical infrastructure.
That designation effectively helps the federal government devote resources to election security.
The association also criticized the Homeland Security Department Monday for waiting nearly a year to share information about Russian efforts to penetrate their voting systems.
Duke is also concerned that some states aren’t taking digital threats to their election systems seriously enough.
“I’d like to see more sense of urgency,” she told committee members.
Also during Wednesday’s hearing:
- Cyberattacks against energy plants and other critical infrastructure represent both the greatest cyber threat to the U.S. and the place where Homeland Security has the most room for improvement, Duke said.
- Asked to grade cooperation on cybersecurity issues between executive branch agencies, Duke gave the government a B. FBI Director Christopher Wray gave the government a B or B minus.
- Duke urged Senators to pass a Homeland Security Department reauthorization bill that passed the House in July.
- Wray renewed his predecessor James Comey’s call for a compromise between the tech industry and law enforcement on warrant-proof encryption systems that law enforcement leaders say allow criminals and terrorists to “go dark” in recruiting and communication. Tech leaders say any compromise on encryption would make ordinary citizens’ information less secure.