WASHINGTON (Reuters) - Not having a verifiable way to audit election results in some states represents a “national security concern,” the Trump administration’s homeland security chief said on Wednesday, looking ahead to U.S. midterm elections in November.
The U.S. Department of Homeland Security (DHS) was prioritizing election cyber security above all other critical infrastructure it protects, such as the financial, energy and communications systems, the agency’s chief, Kirstjen Nielsen, told the Senate Intelligence Committee.
The hearing to examine the Trump administration’s efforts to improve election security came following U.S. intelligence officials’ repeated warnings that Russia will attempt to meddle in the 2018 contests after doing so during the 2016 presidential campaign.
It was held on the same day that lawmakers were expected to unveil a federal spending bill that sources familiar with the negotiations said included nearly $400 million for election security.
Nielsen endorsed paper ballot backups for electronic voting systems as an important safeguard in ensuring that tabulated election results are not tampered with.
New Jersey, Delaware, Georgia, Louisiana and South Carolina have no verifiable paper ballot backup across their states, though some are looking to purchase systems that provide such audits. Eight other states, including Pennsylvania, have some electoral districts without paper backups.
Nielsen testified alongside her predecessor, former DHS Secretary Jeh Johnson, as the two sought to defend their work over the past two years overseeing efforts to steer the agency more toward protecting election systems. Under Johnson, the agency designated election systems as critical infrastructure in January 2017, months after President Donald Trump was elected.
Both Johnson and Nielsen said they had “no doubt” that Russian leadership at a very high level was involved in the attempt to interfere in the U.S. election, which U.S. intelligence agencies concluded was done in order to boost Trump’s candidacy.
They also acknowledged challenges the agency had faced but agreed progress had been made to work better with states and more fully understand the threat posed by Russia and others.
“Today I can say with confidence that we know whom to contact in every state to share threat information,” Nielsen said. “That ability did not exist in 2016.”
Nielsen said that more than half of U.S. states have signed up for the agency’s cyber scanning services designed to detect potential weaknesses that could be targeted by hackers. Nielsen repeated the agency’s findings last year that 21 states had experienced initial probing of their systems from Russian hackers in 2016 and that a small number of networks were compromised, but that there remains no evidence any votes were actually altered.
Senator Richard Burr, chairman of the Senate Intelligence Committee, said on Wednesday the need for improvements in election security was “urgent” but it was unclear if fixes would be in place this year or even by the next presidential election in 2020. The committee on Tuesday released draft recommendations to bolster election security.
Senator Ron Wyden, a Democrat on the committee, faulted voting machine vendors for being “accountable to no one” and refusing to answer questions he has repeatedly asked them about their security efforts.
Nielsen said she was unaware of any federal agency, including her own, that had the authority to mandate that vendors comply with security standards.
On a later panel, Wyden asked DHS cyber security official Jeanette Manfra how confident she was that voting machine vendors sold equipment that complied with common best security practices.
“It is hard for me to judge right now,” Manfra responded. “I do not have perfect insight into the machines that the states buy,” adding that some vendors voluntarily submitted machines to the U.S. Election Assistance Commission for security review.
Reporting by Patricia Zengerle and Dustin Volz; editing by Phil Berlowitz and Jonathan Oatis