Written byPatrick Howell O'Neill
Nearly a year after the end of the 2016 campaign, the Department of Homeland Security on Friday night notified 21 states of attempted Russian hacking against their election systems.
A small number of networks were compromised, CyberScoop has learned, but none of the targeted systems involved the tallying of votes.
For the majority of the states targeted, only early-stage activity like scanning was seen. A minority of targeted states saw serious attempts to compromise networks, some of which were successful.
Alabama, Colorado, Illinois, Minnesota, Maryland, Virginia, Wisconsin and Washington are among the states that have acknowledged receiving a notification. The remaining states are publicly unknown.
News of the targeting first came to light in June when Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at the DHS’s National Protection and Programs Directorate, testified during a hearing held by the Senate Select Committee on Intelligence that focused on Russian interference in the U.S. election.
The attempts by “Russian government cyber actors” were unsuccessful, according to Michael Haas, director of the Wisconsin Elections Commission.
“This scanning had no impact on Wisconsin’s systems or the election,” Haas said in a statement after the DHS notification. “Internet security provided by the state successfully protected our systems. Homeland Security specifically confirmed there was no breach or compromise of our data.”
At least some of the states were already aware of the attempted hacks.
“As we’ve stated before, we continue to work cooperatively with DHS including during the election last year,” Washington Secretary of State Kim Wyman said in a statement. “The security protocols we already have in place made us aware of these attempted intrusions by Russian IP addresses throughout the course of the 2016 election. There was no successful intrusion and we immediately alerted the Federal Bureau of Investigation of the activities.”
In a public statement posted Friday, Sen. Mark Warner, D-Va., called the gap between intrusion attempts and notification “unacceptable,” but was “relieved” that DHS finally informed the targeted states.
“We have to do better in the future. Our elections are the bedrock of our democracy, and DHS needs to notify states and localities in real-time when their systems are targeted,” Warner, vice chairman of the Senate Intelligence Committee, said in the release. “While I understand that DHS detects thousands of attempted cyber attacks daily, I expect the top election officials of each state to be made aware of all such attempted intrusions, successful or not, so that they can strengthen their defenses — just as any homeowner would expect the alarm company to inform them of all break-in attempts, even if the burglar doesn’t actually get inside the house.”
DHS would not make public a full list of states targeted but did say it was working with the 21 impacted states and “will continue to keep this information confidential and defer to each state whether it wishes to make it public or not.”
Previous news reports have included Arizona and Illinois among the states that hackers targeted.