Russian hackers targeted election systems in 21 states during the last presidential election, an official from the Department of Homeland Security publicly confirmed Wednesday to the Senate panel investigating Russian election interference.
At a public hearing on the issue, DHS cybersecurity official Jeanette Manfra told the Senate Intelligence committee that, "as of right now," the department has "evidence of election-related systems in 21 states that were targeted" by the Russians.
But, Manfra and other witnesses from the DHS and FBI said, there is no evidence the votes themselves were changed.
In a prepared statement, Manfra and fellow DHS witness Samuel Liles said the department found in early October "that Internet-connected election-related networks, including websites, in 21 states were potentially targeted by Russian government cyber actors."
"Although we’ve refined our understanding of individual targeted networks, supported by classified reporting," the statement says, "the scale and scope noted in that October 2016 report still generally characterizes our observations: a small number of networks were successfully compromised, there were a larger number of states where attempts to compromise networks were unsuccessful, and there were an even greater number of states where only preparatory activity like scanning was observed."
Media reports, citing unnamed officials, have previously stated hackers targeted more than 20 states during the election. But Manfra's testimony before the Senate Intelligence committee on Wednesday appears to be the first public disclosure of the scope of hackers' attempts to infiltrate election systems during the last election.
Arizona and Illinois have already declared that their voter registration systems were targeted by hackers during the election. Manfra would not reveal the names of the other affected states, however. "We believe it is important to protect the confidentiality that we have and the trust that we have" with the states, she said.
Manfra said the owners — whether the states themselves or third-party vendors — of the targeted election systems were informed.
“Twenty-one states is almost half the country,” committee Vice Chair Mark Warner said. He urged DHS to publicly release the names of all the states, and committee Chair Richard Burr asked if he and Warner could send a classified letter to the 19 other affected states asking them to go public. Bill Priestap, assistant director of the FBI's counterintelligence division, told the senators he would bring the request to his superiors.
Manfra also refused to publicly expand on exactly how successful hackers were in exfiltrating data, such as voter registration lists, from election systems. But, she said, the states that have had their data stolen are aware. She also said DHS is involved in a coordinated response for preventing such hacks from happening in the future.
Later in the hearing, election officials on a second panel expressed frustration that DHS didn't warn them sooner about the hacks and said that they have been unable to access classified information about cyberthreats from US intelligence agencies.
"Secretaries of state have serious concerns about the lack of federal government
information-sharing regarding documented threats against election systems," Connie Lawson, the incoming president of the National Association of Secretaries of State, wrote in her prepared statement. Lawson, who is also the Indiana secretary of state, said that "in spite of comments by DHS that they are rushing to establish their elections subsector [team], no Secretary of State is currently authorized to receive classified threat information from our intelligence agencies."