DHS: No Evidence of Russia Targeting 2018 Elections Yet

The Homeland Security Department has seen no evidence so far this year that Russian intelligence agencies are trying to hack into voting systems to undermine the 2018 midterm elections, the department’s cyber lead told Congress Tuesday.

Government officials have consistently warned that Russia or another U.S. cyber adversary is likely to attempt to sow doubts about the 2018 results after Russia used hacking and influence operations to undermine confidence in the 2016 election.

As recently as last week’s RSA Cybersecurity conference, however, Homeland Security officials declined to say whether they’d witnessed any attempts to meddle in voting systems in advance of this year’s contest.

While there’s no evidence Russian hackers changed any votes or penetrated voting systems during the 2016 contest, they did scan systems in at least 21 states and attempted to penetrate a much smaller number of voter rolls, Homeland Security has said.

Russia Probably Scanned Lots of Election Systems

That figure of 21 scanned states only includes instances where the state or Homeland Security could explicitly verify Russian scanning, the department’s cyber lead Jeanette Manfra told the Senate Homeland Security Committee, adding “we can assume that the majority of states were probably a target.”

She stressed, however, that scanning is a “common activity on the internet” that can happen hundreds or thousands of times each day to a single website. In the case of the voter rolls scanning, it was the origin of the scan that set off alarm bells, she said.

Russia Couldn’t Change Votes Undetected

Manfra stressed during the hearing that, while public fears of Russia successfully changing votes in a future election aren’t baseless, it would be “nearly impossible” for them to do so undetected.

“There are so many observers in the process that someone would know. There would be an indicator if something was wrong,” Manfra said.  

Lawmakers did not press Manfra, however, on whether hackers might attempt to change votes despite being observed in the process.

Not 100 Percent Visibility

Manfra also tried to clarify remarks from Homeland Security Secretary Kirstjen Nielsen at last week’s RSA Cybersecurity Conference during which the secretary declined to say she was confident state and local election systems will be fully secured before the 2018 elections.

Because Homeland Security cannot vet a state’s election systems without the state’s request, the department does not have full visibility into how secure all state and local election systems are, she said. That visibility, however, is far greater than it was in advance of the 2016 contest, she said.

“In no sector would I ever say I have complete confidence that nothing will ever happen because that would be a foolhardy statement,” Manfra added.

So far, 17 states have requested Homeland Security’s help assessing the security of their election infrastructure and those assessments are all complete or scheduled, a department official told Nextgov.