Senate investigators underscored that Kremlin agents targeted at least 18 states’ election systems in 2016 — and probably more. In at least six of those states, the Russians tried to penetrate voting-related websites, and some of those attempts worked. “In a small number of states, these cyberactors were in a position to, at a minimum, alter or delete voter registration data,” the committee concluded. The panel found no evidence that registration information — or, for that matter, vote tallies — were changed. But the Russians may be more aggressive next time.
The committee emphasized that the decentralized nature of the American voting system — state and local officials run balloting — makes it hard to conduct widespread data manipulation, which would require a county-by-county effort. But it would take meddling in only a few precincts to shift results in close races, and it would take only one instance of tampering to stoke distrust in voting results everywhere.
The investigators concluded that when Obama administration officials got wind of Russian activities, they failed to raise the alarm with states. It took the Department of Homeland Security nearly a year — well into the Trump administration — to properly notify state election officials, many of whom reported hearing about Russian targeting of state systems from media reports or congressional hearings. Communications have improved recently, but DHS still needs to get more state officials security clearances so they can receive classified information.
For their part, many states are very far behind. Voting machines across the country are old, and five states rely exclusively on electronic voting machines, which, though not connected to the Internet, could still be penetrated when they are being programmed by software that has been exposed. States should buy new machines that leave auditable paper trails. They should institute statistically sound post-election audits designed to detect fraud. And they should create paper backup copies of voter registration information and other data.
Yet the most efficient way to combat Kremlin interference is to deter the Russians from trying in the first place. “The U.S. Government should clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly,” the report recommended. Though the Trump administration has slapped some sanctions on Russian individuals and institutions, it took a very long time, and more stringent penalties are needed. The president himself has consistently undercut the message in his hesitancy to criticize Russian President Vladimir Putin. A wide variety of current and former national security officials have warned that the Kremlin has not been deterred. Until that changes, investments in cyberdefense will be only more important.
Read more on this topic: