States move to protect voting systems from Russia with little help from Congress

Show Caption Hide Caption Russian hackers are targeting the Senate and other countries The Russian group that hacked the DNC have repeatedly attempted to hack the US senate system - according to the cybersecurity firm tracking their movements.

WASHINGTON — With the first congressional primary less than three weeks away, state election officials are ramping up efforts to protect their voting systems from cyber attacks as the nation's intelligence officials warn that Russia will once again try to meddle in U.S. elections.

Some states are moving to protect election data by encrypting their systems to thwart hackers, while others are asking the Department of Homeland Security to check their systems for vulnerabilities.

Their actions come in the wake of revelations by homeland security officials last year that Russian hackers tried to break into the election systems of 21 states in 2016. Although no actual votes were changed, hackers did breach Illinois' voter registration database.

On Friday, special counsel Robert Mueller filed his first criminal charges against Russian citizens and businesses for what he called a wide-ranging effort to undermine the 2016 presidential election.

"The threat is real and the response needs to be robust and coordinated," said Matthew Masterson, chairman of the Election Assistance Commission, an independent agency of the U.S. government that provides information about how to administer elections. "Folks in the election community are taking the threats very seriously and taking whatever steps they can to address it."

So far, Congress has done little to help.

A bipartisan Senate bill to provide $386 million in federal grants to states to help them improve their election systems hasn't received a hearing or vote in the Senate Rules and Administration Committee. And there are no immediate plans by Senate leaders to bring the Secure Elections Act to the floor for a vote.

Sen. Amy Klobuchar, D-Minn., who introduced the bill with Sens. James Lankford, R-Okla., Lindsey Graham, R-S.C., and Kamala Harris, D-Calif., said she will try to attach it to a must-pass government-funding bill in March. She said more than 40 states rely on electronic voting systems that are at least 10 years old.

"Two-hundred-and-sixty six. That's the number of days left before the 2018 (general) election ... a little more than 9 months and we still cannot assure Americans that our elections are secure," Klobuchar said Monday during a speech at the Center for American Progress. "It is unacceptable and, at this point now, it's on us."

Sen. Susan Collins, R-Maine, who is co-sponsoring Klobuchar's bill, said Congress needs to act soon to do states any good.

"This is an election year in our country, and it's frankly frustrating to me that we haven't passed legislation to help states strengthen the security of their voting systems," Collins said Tuesday at a hearing where the heads of the FBI, CIA and National Security Agency warned the Senate Intelligence Committee that Russian hackers will target the 2018 congressional elections.

The committee plans to release a plan soon to help give states recommendations on ways to protect their voting systems. The first primary is set for March 6 in Texas, followed by one on March 20 in Illinois. There is also a special election for a western Pennsylvania congressional district March 13.

The Center for American Progress, a liberal think tank, released a report this week evaluating state election systems. Not a single state received an "A" rating. Eleven states received a B, 23 states received a C, 12 states received a D, and five states received an F.

Masterson said financially strapped state election agencies could use more funds to safeguard against cyber attacks.

"Whether it’s at the congressional level, state level or the local level there’s a big need for resources for elections officials," he said.

Meanwhile, states are doing what they can.

In Mississippi, Secretary of State Delbert Hosemann said his agency just finished encrypting its system, including its voter database, and recently paid $27,750 for a company to try to hack its election system. The hackers could not penetrate the system.

"That doesn’t mean it’s not hackable," Hosemann said. "I guess everything is in some form or fashion. We continue to be vigilant about that. We have all kinds of firewalls."

Other states have set up task forces and hired cyber security experts. Election officials also created the Government Coordinating Council last fall to improve communication between federal agencies and state and local officials.

The Department of Homeland Security came under fire last year for taking so long to tell states about Russia's hacking attempts.

"They have not been as helpful as they could have been. That’s probably an understatement,’’ said Alabama Secretary of State John Merrill, who complained to federal officials. "We were not pleased with the communication that we received. Because if you’re not helping us by informing us about what we can do to be better prepared, then why are you even talking?"

Merrill, a Republican, said there has been a lack of communication under both the Obama and Trump administrations.

"This is not new,’" he said. "It’s something that has to receive attention."

Jeanette Manfra, the chief cybersecurity official for the Department of Homeland Security, said in a statement Monday that "there's no question" that state, local and federal officials are "making real and meaningful progress together."

"States will do their part in how they responsibly manage and implement secure voting processes," she said. "For our part, we’re going to continue to support with risk and vulnerability assessments, offer cyber hygiene scans, provide real-time threat intel feeds, issue security clearances to state officials, partner on incident response planning, and deliver cybersecurity training."

Manfra said DHS "will stand by our partners to protect our nation’s election infrastructure and ensure that all Americans can have confidence in our democratic elections."

Louisiana Secretary of State Tom Schedler said DHS officials are visiting his office next week to review any vulnerabilities in his system and offer advice.

“I’m going to let them do as much as they can — as long as it’s free," he said.

Schedler said the state also has taken steps to secure its equipment, including updating its laptops, and is staying in contact with federal security officials.

“We are as comfortable as you can be comfortable in this day and age," Schedler said.. "I don’t know if you ever can go to sleep and say nothing could ever happen, when I see the Department of Defense being hacked … I don’t want to be brash and say, ‘Oh it’s impossible.’ But we’ve always felt that we’ve done as good a job as you can do."

Schedler, Hosemann, Merrill and other state election officials are in Washington, D.C. this weekend for the winter conference of the National Association of Secretaries of State and have have been invited by the Department of Homeland Security to a meeting to discuss election security.

U.S. intelligence agency officials also will meet with election officials to discuss cyber threats and preventative steps that states can take, according to the office of the director of national intelligence.

Schedler, a Republican, said he has little faith in federal officials or Congress.

"For the federal government to be telling me how to do it — and they get hacked every other week, I don’t have a lot of confidence in the folks telling me what I’m supposed to do," he said.

