A charming bit of news to warm your soul three days into the week: The Department of Homeland Security’s cybersecurity chief, Jeanette Manfra, confirmed to NBC News on Wednesday that the Russian government successfully accessed the voter registration rolls of a handful of states shortly before the 2016 presidential election.
“We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated,” Manfra told NBC. In response, U.S. officials told the news network that there’s no evidence any of them were actually altered.
To be clear, the systems accessed were offline databases and were not the machines used to actually cast ballots or tabulate votes. But that doesn’t make the news any less sinister: One DHS official told NBC in the fall of 2016 that the activity was akin to “people poking at the systems to see if they are vulnerable.” It appears that the systems are, and that there hasn’t been a robust effort to strengthen them.
And that brings us to the most chilling part of NBC’s report. When NBC contacted election officials from each of the 21 states targeted, many said they have attempted to dissect the specifics of the security threat, but that the government has declined to provide them with details of how the cyber attacks happened. And Jeh Johnson, a former DHS secretary, told NBC that he’s concerned that states have done zilch in response to “harden their cybersecurity.” From NBC:
Many of the states complained the federal government did not provide specific threat details, saying that information was classified and state officials did not have proper clearances. Manfra told us those clearances are now being processed.
Other states that NBC contacted said they were still waiting for cybersecurity help from the federal government. Manfra said there was no waiting list and that DHS will get to everyone.
To recap: A year and a half after the presidential election, some states still don’t know exactly how their voter systems were targeted. Arizona, Illinois, Alabama, California, Colorado, Wisconsin, and Florida are among the states whose systems were accessed by the Russian government.