Senate Intel releases summary of election security report

by Katie Bo Williams and Morgan Chalfant - 03/20/18 11:47 AM ET

The Senate Intelligence Committee on Tuesday released a summary of its election security report, the first report the panel has issued in its yearlong investigation into Russian interference in the 2016 election.

The committee affirmed that U.S. election infrastructure is “fundamentally resilient,” but nevertheless put forth a slate of six recommendations, the bulk of which are tailored to the principle of state-level responsibility for running elections.

“States should remain firmly in the lead on running elections, and the federal government should ensure they receive the necessary resources and information,” reads the first recommendation — an apparent nod to state-level pushback to a 2016 decision by former Department of Homeland Security (DHS) Secretary Jeh Johnson to designate election systems “critical infrastructure.” {mosads}

Among the more concrete proposals in the summary is a call for Congress to “urgently” pass legislation that would increase federal assistance for states and provide a voluntary grant program to help states boost cybersecurity and conduct audits of their systems.

The panel, led by Sens. Richard Burr (R-N.C.) and Mark Warner (D-Va.), does urge the federal government to establish more effective deterrence for future vote-based attacks, calling for it to “clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly.”

It also calls for a perennial wish of cyber-minded legislators: the establishment of international cyber norms. Foreign policy and cybersecurity experts — including lawmakers — have long expressed frustration that there is no clear definition of what constitutes an act of war in cyberspace.

Lawmakers have been grappling with how to boost the cybersecurity of election infrastructure ever since officials at the Department of Homeland Security (DHS) disclosed that Moscow tried to hack into voting infrastructure in 21 states as part of a broader effort to interfere in the 2016 election.

While officials say most of the efforts involved preparations for hacking and did not result in successful breaches, the revelation has triggered concern about the vulnerability of U.S. voter registration databases and other digital systems involved in elections. Illinois has confirmed that hackers breached the state voter registration database.

“It is clear the Russian government was looking for the vulnerabilities in our election system and highlighted the key gaps,” Burr said Tuesday alongside a bipartisan cadre of committee lawmakers. He emphasized, however, “There’s no evidence any vote was changed.”

“We very much support state control of the election process,” Burr said. “We think there are ways the federal government can support those states, but we clearly have to get standards in place.”

Sen. James Lankford (R-Okla.) — a member of the Senate Intelligence Committee — and a bipartisan group of senators have introduced a bill called the “Secure Elections Act” that would, among other things, authorize block grants to help states upgrade outdated voting technology and expedite the process by which state election officials receive security clearances to view sensitive threat information.

Despite lawmakers’ concerns, Congress has yet to pass legislation specifically addressing the cybersecurity of voting infrastructure, partly because some state officials have resisted the efforts, fearing an overreach by the federal government.

Meanwhile, Homeland Security has been providing election security assistance to states as part of the new designation of election systems as critical infrastructure, a decision made in the waning days of the Obama administration following Russian interference.

Officials have been providing cyber hygiene scans and rigorous risk and vulnerability assessments to states that request them, as well as briefing election officials on any threat activity.

The senators on Tuesday acknowledged that Homeland Security has taken steps to secure voting infrastructure, though they said more needs to be done.

Warner gave voice to states’ frustrations that Homeland Security took until this past September to notify state election officials that their systems had been targeted.

“We were all disappointed that states, the federal [government], the Department of Homeland Security, were not more on their game in advance of the 2016 election,” Warner said.

“In the ensuing months, I think DHS has picked up its game, but there’s more to do.”

The election security report is the first public documentation of the Senate intel panel’s inquiry into Russian interference in the election, a mainly closed-door investigation that has stood in stark contrast to its more raucous counterpart in the House.

Both panels probed both the issue of the Russian active measures campaign and the question of whether or not the Trump campaign colluded with Moscow to swing the election.

The Senate summary released on Tuesday does not address the issue of alleged coordination or collusion and focuses solely on recommendations to shore up election infrastructure.

The lawmakers unveiled the findings one day before a scheduled open hearing on election security. The committee is due to hear testimony from Homeland Security officials, including Secretary Kirstjen Nielsen, as well as state election officials and cybersecurity experts.

Nielsen will appear before the committee’s first panel alongside Jeh Johnson, who served as homeland security secretary under the Obama administration at the time Russia targeted U.S. voting infrastructure.

The revelation of Russia’s targeting effort has also triggered debate over the vulnerability of actual voting machines to cyberattack, though Homeland Security has said none of the systems targeted were involved in vote counting.

Many say the decentralized nature of the voting system and the fact that voting machines are not connected to the internet make it highly unlikely that hackers could have a meaningful effect on an election outcome.

But experts have increasingly called for states to replace outdated paperless voting systems with those that provide a paper backup in case a digital result is called into question. Currently, five states still rely entirely on digital paperless voting machines.

On Tuesday, the senators on the Intelligence Committee agreed states should have a paper trail of vote counts that can be audited, and that the federal government should help states make that transition.

“This is about maintaining the confidence that people have in their vote,” said Sen. Martin Heinrich (D-N.M.).

Updated at 1:18 p.m.