WASHINGTON — Government efforts to protect state and local elections from cyberattacks in 2016 didn’t go far enough, leaders of the Senate Intelligence Committee said Tuesday as the panel released its recommendations for protection from foreign interference in the 2018 primary season that’s already underway.
Federal warnings last time did not provide enough information or go to the right people in state and local governments, the committee’s leaders said, though they reiterated that there was no evidence votes were changed.
Committee Chairman Richard Burr, R-N.C., and Virginia Sen. Mark Warner, the top Democrat on the panel, released a preview of committee recommendations ahead of a Wednesday hearing examining attempted hacks on state election systems in 2016 and the federal and state response.
Overall, Burr said, “we need to be more effective at deterring our adversaries.”
The bipartisan recommendations, in large part, echo those made by cybersecurity experts and address concerns raised by state and local officials.
The recommendations include an emphasis on information-sharing among the various U.S. intelligence agencies and federal, state and local governments. Senators are also urging state and local election officials to take advantage of resources provided by U.S. Department of Homeland Security, such as comprehensive risk assessments and remote cyberscanning of their networks to spot vulnerabilities.
As of last month, just 14 states had requested risk assessments and 30 had asked for remote cyberscans of their networks, according to Homeland Security officials. But even that was straining resources, since many of those risk assessments have not been completed.
Illinois, which is holding the second-in-the-nation primary on Tuesday, requested the assessment in late January but it’s not scheduled to be completed until after the primary.
The committee has prepared a larger report on the issue, one of what could be several reports to come out of the committee’s investigation into Russian meddling in the 2016 election. Burr and Warner have said this report is the most urgent because of the threat that it could happen again in 2018. It’s unclear when the full report will be released, but it is expected to include recommendations for elections officials around the country and also proposals for legislation to help ward off the hacking.
Overall, experts say far too little has been done to shore up vulnerabilities in 10,000 U.S. voting jurisdictions that mostly run on obsolete and imperfectly secured technology. Russian agents targeted election systems in 21 states ahead of the 2016 general election, the Homeland Security Department has said, and separately launched a social media blitz aimed at inflaming social tensions and sowing confusion. Top U.S. intelligence officials have said they’ve seen indications Russian agents are preparing a new round of election subterfuge this year.
There’s no evidence that any hack in the November 2016 election affected election results, but the attempts scared state election officials who sought answers about how their systems had been potentially compromised. DHS took nearly a year to inform the affected states of hacking attempts, blaming it in part on a lack of security clearances. Lawmakers in both parties have pressed the department on why it took so long.
Warner has said he thinks the process to prevent such hacking needs to be more robust, especially since President Donald Trump has not addressed the matter as an urgent problem.
“We’ve got bipartisan agreement we have to do something on this,” Warner said earlier this year.
At the hearing Wednesday, former Homeland Security Secretary Jeh Johnson and current Homeland Security Secretary Kirstjen Nielsen will both testify.
The Senate intelligence panel has put off making any assessments about whether Trump’s 2016 campaign in any way coordinated with Russia. Though that is one part of the panel’s investigation, Burr and Warner have decided to focus on less controversial issues where all members agree.
Associated Press writer Chad Day contributed to this report.