Former DHS boss says 'no evidence' of tampering in 2016 vote count

At a House hearing, former Homeland Security Secretary Jeh Johnson testified that Russian interference in U.S. elections did not extend to manipulating vote counts, as far as he knows.

"I know of no evidence that through cyber intrusions votes were altered or suppressed in some way," Johnson said at the June 21 hearing of the Permanent Select Committee on Intelligence.

Johnson told lawmakers that the level of Russian state interference with U.S. voting systems was "unprecedented in scale and scope," and said the U.S. government must figure out how to respond in the future because he believes that more attacks on the election systems are coming in 2018 and 2020.

Two things that are likely not going to happen, though, is a centralization of U.S. voting systems or federal standards for voting equipment.

"Well, I would say to this Congress, if you want to try to federalize elections in this country, good luck," Johnson told lawmakers.

He thinks Congress will have better luck encouraging cybersecurity best practices in state and local governments that procure and operate election systems through grants and other incentives.

Johnson also is advocating for an identifiable top federal official to "take the mantle of cybersecurity on full time to highlight this issue," he said.

"My preference would be somebody within DHS, but we really need a national leader to take charge of this issue," he said.

Johnson also sought to sooth those officials who were concerned by his designation of voting systems as "critical infrastructure" in January just before exiting government service. Among the benefits, Johnson said, is that critical infrastructure systems come under the protection of international cyber norms, and that the designation had been extended to 16 sectors already including financial systems and power grids, without any government takeover, new regulation or operational interference.

"This was something that was a no-brainer, and in fact probably should have been done years before."

He added that state and local voter registration databases are vulnerable to exfiltration, exposure and manipulation. Johnson advised all election officials "to undertake an effort to harden their cybersecurity [and] minimize the exposure of the process to the internet."

'We've got Crowdstrike'

Johnson also offered details on the response of Democratic National Committee officials to the Russia-linked hack of their systems that led to the exposure of email accounts from top officials, including those of Hillary Clinton's campaign chairman John Podesta.

DNC officials did not invite DHS cybersecurity experts in to help discover the source of the attacks and minimize the damage.

"This was a question I asked repeatedly," Johnson said. "What are we doing? Are we helping them discover the vulnerabilities?"

The DNC intrusion came about a year after the devastating breach of Office of Personnel Management databases that held information on more than 21 million federal employees and retirees. DHS, according to Johnson, was "anxious" to offer help.

"The response I got was that FBI had spoken to them. They don't want our help. They have Crowdstrike, the cybersecurity firm," Johnson said.