A top state election official expressed alarm Wednesday that the federal government withheld information about cyberattacks against the U.S. election infrastructure from state-level governments that actually run the polling systems.
Connie Lawson, the Indiana secretary of state and president-elect of the National Association for Secretaries of State, said that last summer intelligence agencies found that some 20 state networks had been probed by Russian hackers. Yet, she said, the Department of Homeland Security repeatedly assured her that no “specific or credible threats” existed to the 2016 election. Lawson said the FBI had warned state officials about attempts to infiltrate some election systems, but the federal government hadn’t expressed the full scope of the attacks.
“In more recent days, we’ve learned from a top-secret NSA report that the identity of a company providing voter registration support services in several states was compromised,” Lawson said. She was referencing a report from The Intercept on a National Security Agency document that claims Russian hackers launched a cyberattack against a U.S. voting software supplier and more than 100 election officials just days before the election.
“It is gravely concerning,” Lawson went on, “that election officials have only recently learned about the threats outlined in the leaked NSA report, especially given the fact that the former DHS Secretary Jeh Johsnon repeatedly told my colleagues and I that no specific or credible threats existed in the fall of ’16.”
Lawson questioned why the intelligence community held back on notifying state officials. “It is unclear why our intelligence agencies would withhold timely and specific threat information from election officials,” she said.
She told the committee that in order for state election officials to credibly run their own elections, they had to fully understand the threat from nation-state hacking. “No secretary of state is currently authorized to receive classified threat information from our intelligence agencies,” she said, adding that the dynamic “threatens to erode public confidence in the election process as much as any foreign cyber threat.”
Jeh Johnson, the Obama administration Homeland Security chief, could not be reached for comment in time for publication. This story will be updated if he responds.
Under the Constitution, states take the lead on running their own elections. But the specter of nation-state hacking has lead the federal government to offer increased technical assistance to the states.
In January, the Department of Homeland Security under then-President Barack Obama designated election equipment as “critical infrastructure” — a move that was supposed to help the Department prioritize requests for cybersecurity assistance from state election officials. The Trump administration has publicly stated that they support the designation.
Lawson, however, told the Intelligence Committee that the Obama administration never provided clarity on what the designation meant: “At no time between August of 2016 and January of 2017 did NASS members” — those in the National Association for Secretaries of State — “ever have a thorough discussion with DHS on what the designation means.”
Prior to Lawson’s testimony, the committee questioned multiple high-level officials from the Department of Homeland Security. Each repeatedly testified that they had a high confidence that Russian hackers did not tamper with vote totals in the election.