Witnesses testified that Russia was behind the attacks but no votes were changed
States and federal officials are still working out how to best prepare for future attacks
Both sides of the Capitol on Wednesday heard from experts about the extent of Russian meddling in the 2016 election, with officials for the first time revealing how many states’ election-related systems were targeted by Russian hackers.
But though the government disclosed that 21 states were potentially impacted by the targeting, lawmakers were left frustrated that the public still doesn’t have a full picture of what exactly the Russians did during the election and that it’s not fully clear what the US will do to protect itself going forward.
On the House side, the intelligence committee heard from former Homeland Security Secretary Jeh Johnson. On the Senate side, the intelligence committee heard from an array of federal and state officials regarding election infrastructure.
Here are the key takeaways from the hearings.
Where there’s no doubt: It was Russia, and votes were unchanged
It’s been said many times, but witnesses reiterated they have no doubt that Russia itself was behind efforts to intervene in the US election and were also very confident that no votes were changed in the process.
“In 2016 the Russian government, at the direction of Vladimir Putin himself, orchestrated cyberattacks on our nation for the purpose of influencing our election. That is a fact, plain and simple,” Johnson testified in the House.
FBI Counterintelligence Division Assistant Director Bill Priestap laid out in his opening statements what Russia’s end game was: power. He said since Russia lost its standing after the fall of the Soviet Union, Moscow and Putin have been on a mission to restore it, primarily by weakening the US and its allies through “information warfare.”
“I think the primary goal (of the 2016 effort) in my mind was to sow discord, and to try to de-legitimize our free and fair election process,” Priestap said. “I also think another of their goals, which the entire United States intelligence community stands behind, was to denigrate Secretary (Hillary) Clinton and to try to help then, current President (Donald) Trump.”
Almost 50% of states were targeted, but we don’t know which or why
The government concluded by late September that 21 states’ election-related systems “were potentially targeted by Russian government cyber actors,” Samuel Liles, acting director of Homeland Security’s cyberintelligence and analysis division testified.
None of those election-related systems were involved in vote counting, Liles said, and most of the targeting was relatively low-level scans that any hacker might conduct looking for vulnerabilities – like a would-be thief walking down a street to see who is home.
The officials did not name the states, nor did they say how many were actually breached. It has been previously reported that Arizona and Illinois did have voter-related data accessed by hackers.
In fact, some of the states may not even know they were targeted.
Acting Deputy Undersecretary for Cybersecurity and Communications for the National Protection and Programs Directorate within DHS Jeanette Manfra said all “system owners” had been notified if they were impacted, but in some cases that may not be state election officials.
Top Democrat on the panel Sen. Mark Warner was particularly displeased with the secrecy, which DHS said was necessary to preserve trust from its local partners.
“I understand the notion of victimization, but I do not believe our country is made safer by holding this information back from the American public,” Warner said.
There is confidence – mostly – in our election system
DHS officials repeatedly said they do not believe that an attempt by nation-backed hackers to change votes in a national, state or local election would be able to escape notice.
Liles said the agency had “very high” confidence in that assessment.
He noted that give the decentralization of the system, the audits and testing by local election officials, the media attention and the scrutiny of anything that looks amiss, it would be very difficult to do something without it being detected.
“The level of effort and scale required to change the outcome of a national election would make it nearly impossible to avoid detection,” Liles said.
In the second panel, state election officials also indicated that they were working to secure voting systems, with and without federal help.
“I want to assure you and all Americans that election officials across the United States are taking cybersecurity very seriously,” said Indiana Secretary of State Connie Lawson, the president-elect of the National Association of Secretaries of State. “We have seen no evidence that vote casting or counting was subject to manipulation in any state or locality, nor do we have any reason to question results.”
But computer scientist J. Alex Halderman, a professor at the University of Michigan, talked about ways his team has exposed serious vulnerabilities in voting technology. He described proof of concept examples – instances carried out in academic settings that have not been conducted during real elections.
“We’ve studied touchscreen and optical scan systems, and in every single case, we found ways for attackers to sabotage machines and steal votes,” Halderman said. “These capabilities are certainly within reach for America’s enemies.”
Russia is stepping up its game
Priestap said Russia has “for years” conducted influence campaigns “regarding our elections,” but typically with things like half-true stories printed in media outlets. This time, he said, the scale and sophistication were different.
“Yes, absolutely they’ve conducted influence operations in the past, what made this different in many regards is of course the degree and what you can do through electronic systems today,” Priestap said. “The scale and aggressiveness of the effort in my opinion made this one different, and again, it’s because of the electronic infrastructure … that allowed Russia to do things that in the past they were unable to do.”
Priestap said the Russians engaged in a combination of pushing out fake news, using social media to boost its narrative and hacking into emails and selectively releasing damaging information.
He said favoring certain candidates over another has been part of Moscow’s playbook since the Cold War, but on targeting state election infrastructure, he said that was new in the US.
“If they have (before), I am not aware of that,” he said.
Sanctions have had some impact
West Virginia Democrat Sen. Joe Manchin asked Priestap what the US could do to fight back, and Priestap noted that the Obama administration slapped sanctions on Russia for the election hacking.
In December, the US sanctioned four Russian individuals and five Russian entities over the hacking as well as expelled diplomats from the US and closed Russian compounds here.
Manchin asked if there has been any result of US sanctions on Russian activity in this realm.
“Have you seen them subside at all any of their activities since we have taken some actions?” Manchin asked.
“They have less people to carry out their activities, so that has certainly had an impact on the number of people,” Priestap said.
Dissatisfaction with the DNC
The House hearing quickly focused in on an examination of the Democratic Party’s failings during the election.
Rep. Peter King, a New York Republican, pressed Johnson on why the Democratic National Committee rejected the Department of Homeland Security’s efforts to help after Russians hacked them.
“I recall clearly that I was not pleased that we were not in there helping patch this vulnerability,” Johnson said. But he added, “The Department of Homeland Security does not have the power to issue a search warrant to go in over their objections.”
Johnson also took heat from Democrats, angry that former President Barack Obama did not more forcefully announce Russia’s meddling in the election in the midst of the election itself.
“Why wasn’t that done? Was there thought given to that? Why was that course rejected?” asked Rep. Adam Schiff, the top Democrat on the House intelligence committee.
Johnson said that Obama clearly wanted that message out there, but did not want to make it look like he was putting his thumb on the scale for Hillary Clinton.
In a statement, former DNC Chairwoman Debbie Wasserman Schultz saying she personally was never contacted by the FBI or any government official about the breach, which would have allowed her to be briefed on the situation.
CNN’s Tom LoBianco, Wade Payson-Denney and Mary Kay Mallonee contributed to this report.