DHS Waited Until Now To Tell State Election Officials That Russians Tried To Hack Their Systems

DHS declines to make public the names of all 21 states, citing its privacy policy of not naming victims of cybercrime.

State election officials are demanding to know why it took the Department of Homeland Security a year to inform them that their state’s voter registration systems had been probed by Russian hackers ahead of the 2016 election.

On Friday, DHS notified the chief election officer or secretary of state of 21 states that Russian hackers had tried to probe their voter registration systems. That was nearly a full year after ABC News first reported that "more than 20" states' systems had been targeted.

The department, however, left it up to the individual states to announce whether they were among those targeted. Wisconsin, Connecticut, and Washington state quickly announced that they had been. The Associated Press later tweeted that a survey of all states revealed that the list also included Alabama, Arizona, Colorado, Illinois, Iowa, Maryland, Minnesota, Ohio, Oklahoma, Pennsylvania, and Virginia. The Los Angeles Times reported that California also was among the states DHS notified. The names of the others remained unknown.

AP contacted every state election office. Those that said they were targeted so far: AL, AZ, CO, CT, IL, IA, MD, MN, OH, OK, PA, VA, WA & WI

@MCJalonick / Twitter / Via Twitter: @MCJalonick

Sen. Mark Warner, the Democratic vice chair of the Senate Intelligence Committee, which is probing Russian meddling in the 2016 election, blasted the delay, saying it was "unacceptable that it took almost a year after the election to notify states that their elections systems were targeted.”

Warner has clashed with DHS before over the department's refusal to divulge what it knows of Russian efforts to penetrate US election systems ahead of last year's presidential election. In June, he pressed DHS official Jeanette Manfra for more information after she told the intelligence committee that "as of right now" the number of targeted states stood at 21.

Manfra testified again to that number on Friday, but once again did not divulge which states were targeted. In a prepared statement, she and fellow DHS witness Samuel Liles said the department had determined in early October "that Internet-connected election-related networks, including websites, in 21 states were potentially targeted by Russian government cyber actors."

The late notification angered state officials.

“My boss, Michael Haas, testified on June 21 at that Senate Intelligence Committee hearing. At that hearing, somebody from DHS went before him and mentioned 21 states,” Wisconsin Election Commission Public Information Officer Reid Magney told BuzzFeed News, referring to Manfra’s June testimony. Yet neither Manfra nor anyone else told anyone at the Wisconsin Election Commission the department was aware the state had been targeted until Friday.

DHS didn’t respond to questions about why it took a full year to notify affected states. It did, however, cite its policy of not sharing cybersecurity victims’ information for why it still hasn’t, and will not, list each of the 21 states.

“We will continue to keep this information confidential and defer to each state whether it wishes to make it public or not,” DHS spokesperson Scott McConnell said.

DHS officials have said repeatedly that none of the Russian efforts affected actual vote totals. But for many analysts of last year's election, knowing which states were targeted could help determine if the Russians were targeting specific states. The revelation that Wisconsin and Pennsylvania were on the list, where Donald Trump narrowly defeated Hillary Clinton where she was expected to win, will renew questions about whether anyone in the United States helped the Russians pick hacking targets.

The delay also revealed friction between federal and state officials over what information can be shared on Russian hacking.

An election official in one affected state, who requested anonymity to speak more freely, expressed frustration that federal officials classify information about attempted breaches when local officials don’t have security clearances to receive classified information.

“We’ve been working collaboratively with DHS for years, sharing information back and forth,” the official told BuzzFeed News. “It’s my understanding this information was classified and therefore only certain individuals approved to have classified information can be made aware of it.”

“I have no idea who in our state fits that bill,” the official said.

Warner said that among the reforms that the Senate Intelligence Committee has included in a DHS funding bill is a requirement that DHS "grant appropriate clearances to state elections officials so that they can receive timely and specific threat information." Warner said that information was particularly important as the states tried to figure out how to protect their systems ahead of the 2018 elections.

Emma Loop contributed reporting to this story.

Topics in this article

Skip to footer