Are Elections Safe? Obama Officials Warn Democratic Process Is Vulnerable to More Cyberattacks

06_21_jeh_05
Former U.S. Secretary of Homeland Security Jeh Johnson testifies about Russian meddling in the 2016 election before the House Intelligence Committee on Capitol Hill, on June 21. Aaron P. Bernstein/Reuters

Russia and other adversaries will continue to attack the American election infrastructure, and U.S. states need to do more to protect their systems, former Obama officials said Wednesday.

“I do believe that the Russians will continue their activities,” says Michael Daniel, former cybersecurity coordinator for the Obama administration, referring to hacking attacks by Russian intelligence during the 2016 presidential election.

Daniel, who now works in the private sector as president of the Cyber Threat Alliance, says he expects “we will see copy cats as well” because the Russians have “demonstrated to everybody and their cousin that these activities can produce benefits.”

American intelligence agencies concluded that Russia interfered in the U.S. election through a series of hacks and a misinformation campaign.

In early June, a top secret NSA document leaked to The Intercept showed that Russia’s hacking efforts were broader than the intelligence agencies reported. The document showed they had targeted state election infrastructure—particularly companies that provided state election software.

Investigators also found evidence this month that cyber intruders tried to delete or alter voter data in Illinois. Last year 33 states sought help from the Department of Homeland Security to buttress their voting infrastructure against cyberattacks, the agency reports.

Related: Putin is ‘lying’ about Russian meddling, says Obama’s national security adviser Susan Rice

On Wednesday, former Homeland Security Secretary Jeh Johnson questioned what President Donald Trump and Congress are doing about Russia’s interference in the 2016 election during testimony before the House intelligence committee.

“The key question for the president and Congress is, What are we going to do to protect the American people and their democracy from this kind of thing in the future?” Johnson wrote in a statement published ahead of his testimony.

“We must resolve to further strengthen our cybersecurity generally, and the cybersecurity around our political/election process specifically,” Johnson wrote. “There is more to do.”

The Department of Homeland Security (DHS) issued warnings about Russian hacking, Johnson testified, but they didn’t get enough attention, he said. Also, the administration was “very concerned that we would not be perceived as taking sides in the election.”

Daniel, who served in his role during Obama’s second term in office, said that while the administration made great strides in cybersecurity, “the threat continued to evolve” and he “would not argue that our work was done when the administration left.”

As the administration wound down in early January, Obama designated America’s election systems “critical infrastructure,” guaranteeing them protection.

While the Trump administration has continued in Obama’s cybersecurity footsteps, Daniel said, “The election assistance commission should be beefed up and given a mandate to help the states.”

“I think at its root,” Daniel said, “what Jeh [Johnson] is talking about is the fact that states need to invest more in their systems—everything from the security of the voting machines themselves to the security of the voter registration rolls to the reporting system.”

Some of that can be done with federal assistance. “We’re not talking about gigantic sums of dollars on new technology,” he said. “It’s investments in the basics.”

Before Johnson’s testimony, on Tuesday it was revealed that the Department of Homeland Security didn’t run an audit across the state electoral systems to see if any vote tallies were changed.

The key thing is that states have to want and seek help, Daniel said.

“DHS has offered to make itself available to the states at their request,” he said, “to assist them in looking at their systems and providing information and assistance in what they can do to improve the security of those systems.”