Russia sought to interfere with US election systems during the 2018 midterm elections, a US official told CNN Wednesday.
The revelation comes on the heels of testimony earlier in the day from Army Gen. Paul Nakasone, chief of the US Cyber Command, who had alluded to a potential incident in testimony earlier in the day.
“US Cyber Command, working in partnership with the National Security Agency, provided indicators of compromise to the Federal Bureau of Investigation and the Department of Homeland Security,” Nakasone told lawmakers on the House Armed Services Committee’s Subcommittee on Cybersecurity in testimony Wednesday.
Nakasone also said Cyber Command moved “defensive teams” last November to three countries in Europe. The US official said the teams were sent to three Eastern European countries but declined to say which ones.
In December 2018, Director of National Intelligence Dan Coats said Russia, China and Iran sought to influence the midterm elections, but that the US had no intelligence reporting “that indicates any compromise of our nation’s election infrastructure” that would have disrupted voting.
DHS declined to comment when asked about Nakasone’s testimony Wednesday.
Elsewhere on Capitol Hill Wednesday, a top Department of Homeland Security official said he’s worried about foreign attacks on the 2020 election.
Department of Homeland Security Cybersecurity and Infrastructure Security Agency Director Chris Krebs told lawmakers on the House Appropriations Homeland Security Subcommittee that “what keeps him up at night” is thinking about the new ways adversaries will attempt to infiltrate US election systems in 2020.
“I know what they did in ‘16. I know that they tried to do in ‘18. What will they do in 2020?” Krebs asked. “That’s what keeps me up at night.”
Krebs said that the best way to defend against unknown threats is to “make sure we are covering down on the basics” and engaging with the American public.
“We have to let them know there are bad people out there who try to do bad things but we’ve got a system here that works,” he said.
But while Krebs touted the progress of Homeland Security and other agencies in securing the 2018 elections, as compared to 2016, he acknowledged that there is a “significant technology deficit” that must be addressed.
“However, we recognize that there is a significant technology deficit across SLTT governments, and state and local election systems, in particular. It will take significant and continual investment to ensure that election systems across the Nation are upgraded and secure, with vulnerable systems retired,” his prepared testimony read.
“We have to get out of this model where we are paying to patch and paying to modernize,” Krebs said, adding that he is excited about information technology modernization efforts that will allow the government to “design, configure IT securely” rather than add security on top of existing systems.
“We continue to have outdated legacy infrastructure out there,” he added.
Krebs also highlighted the need for some states to transition to election systems that allow for the results to be audited, noting that five states are of particular concern because they don’t have voter paper trails: South Carolina, Georgia, Louisiana, New Jersey and Delaware.
“My primary focus would be get them off of those machines onto something that leads to an auditability outcome,” he said.