The Senate Intelligence Committee on Tuesday released the unclassified version of its investigation into Russian cyberattacks. The probe focused on Russia’s impact on digital U.S. voting systems used in the 2016 presidential election.
The report indicates that Moscow conducted an “unprecedented, coordinated cyber campaign” against the nation’s voting infrastructure. The investigation found that Russia-linked hackers were able to “alter or delete voter registration data” in a small number of states. This took place before the 2016 vote.
This security report affirms the intelligence community’s assessment that hackers associated with the Russian government targeted state election infrastructure.
Homeland Security: 21 States Targeted
Homeland Security officials revealed last year that Russia targeted election-related systems in 21 states. In several of those states, there were cases of breached state systems.
The report states that intelligence officials have “varying levels of confidence” that 21 states were targeted by Russia. In 18 of them, officials have definitive evidence showing targeting efforts. The lawmakers discovered that some states witnessed “suspicious or malicious behavior” the intelligence community could not trace back to Moscow.
Most of the attempts were hackers scanning a state’s secretary of State website. They looked at voter registration infrastructure for vulnerabilities. But they did not amount to successful breaches. However, in at least six states, Russia-linked hackers “conducted malicious access attempts on voting-related websites.”
“In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure,” the report states. “In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.”
The committee found Homeland Security’s response to Russia’s hacking efforts to be “inadequate to counter the threat.” A number of state election officials complained that the department was slow to share threat information. Federal officials have defended their actions, saying that they did not understand the full scope of Russia’s efforts until after the election.
The Intelligence Committee’s report also promotes a series of recommendations for securing the nation’s voting infrastructure against future attacks.
New “Internal Cyber Norms”
The lawmakers recommend that the federal government establish new “international cyber norms.” This would increase information sharing with state and local officials. They also instruct states to implement two-factor authentication and install sensors on state systems to monitor potentially nefarious activity. Finally, states should replace paperless voting systems with those that provide a paper backup.
“The Committee saw no evidence that votes were changed and found that, on balance, the diversity of our voting infrastructure is a strength,” the report says. “However, the Committee notes that a small number of districts in key states can have a significant impact in a national election.”