Cyber Risk

U.S. state election officials still in the dark on Russian hacking

ANAHEIM, Calif. (Reuters) - The federal government has not notified U.S. state election officials if their voting systems were targeted by suspected Russian hackers during the 2016 presidential campaign, and the information will likely never be made public, a top state election chief told Reuters.

FILE PHOTO: Voters cast their votes during the U.S. presidential election in Elyria, Ohio, U.S. November 8, 2016. REUTERS/Aaron Josefczyk/File Photo

“You’re absolutely never going to learn it, because we don’t even know it,” Judd Choate, state election director for Colorado and president of the National Association of State Election Directors, said in an interview on Thursday during the group’s summer conference.

Nearly 10 months after Republican Donald Trump’s upset presidential victory over Democrat Hillary Clinton, Choate said he had not spoken to a single state election director who had been told by the U.S. Department of Homeland Security if their state was among those attacked.

The lack of information-sharing on the election breaches reflects the difficulty state and federal officials have had in working together to protect U.S. voting from cyber threats. All U.S. elections are run by state and local governments, which have varying degrees of technical competence.

DHS told Congress in June that 21 states were targeted during the 2016 presidential race, and that while a small number were breached, there was no evidence any votes were manipulated.

Other reports have said 39 states were targeted. Choate said he had heard both numbers mentioned.

Several lawmakers, including Senator Mark Warner, the top Democrat on the U.S. Senate Intelligence Committee, have expressed frustration at DHS’ refusal to identify which states had been targeted. Arizona and Illinois confirmed last year that hackers had targeted their voter registration systems.

In a statement, the DHS did not refute that states had not been notified if they were targeted, adding the agency informed the owners or operators of systems potentially victimized “who may not necessarily” be state election officials.

DHS was working with senior state election officials “to determine how best to share this information while protecting the integrity of investigations and the confidentiality of system owners,” the agency said.

U.S. intelligence agencies have concluded that the Kremlin orchestrated an operation that included hacking and online propaganda intended to tilt the November election in Trump’s favor.

Several congressional committees are investigating and Special Counsel Robert Mueller is leading a separate probe into the Russia matter, including whether Moscow colluded with the Trump campaign. Russia has denied election meddling and Trump has denied any collusion.


The four-day conference of election directors was originally supposed to be about issues like voter registration, but took a sharp turn following the election hacking.

“After the 2000 election, we all had to be lawyers,” Choate said. “And now after the 2016 election, we all have to be cyber security experts.”

DHS representatives at the event fended off questions about whether the federal government would be prepared to mobilize sufficient support for the states in the event of a catastrophic cyber attack near or during the 2018 elections.

“We want to make sure we learn from the missteps that may have happened in 2016 and we want to make sure we continue building on the things we did that were right,” Robert Gatlin, a DHS cyber official, said during a panel discussion.

Gatlin said the agency was working with U.S. intelligence agencies to “downgrade” more classified information so it could be shared with the states. Information about cyber attacks is typically guarded by a high classification because it may involve nation-state involvement or contain sensitive sources and methods, he said.

Legislation recently approved by the Senate Intelligence Committee would require the director of national intelligence to sponsor top-secret security clearance for eligible election officials in each state, something the National Association of Secretaries of State has advocated.

The bill would also require DHS to submit a report to Congress detailing cyber attacks and attempted cyber attacks by foreign governments on U.S. election infrastructure during the 2016 election.

Choate said communication about cyber threats had improved with federal agencies since the election and the decision by the outgoing Obama administration in January to elevate voting systems to a “critical infrastructure designation.”

Prior to the election, some state officials worried that closer oversight of election systems represented a dangerous federal intrusion into local affairs.

Reporting by Dustin Volz; Editing by Jonathan Weber and Peter Cooney