Russian entities attempted to hack into California election systems last year, the U.S. Department of Homeland Security told state officials Friday, prompting Secretary of State Alex Padilla to complain that officials had not shared the information earlier.
“Today, my office was informed for the first time by the U.S. Department of Homeland Security (DHS) that `Russian cyber actors’ `scanned’ California’s Internet-facing systems in 2016,” Padilla said in a statement. “Our office actively monitors scanning activity as part of our routine cyber security protocols. We have no information or evidence that our systems have been breached in any way or that any voter information was compromised.
“It is completely unacceptable that it has taken DHS over a year to inform our office of Russian scanning of our systems, despite our repeated requests for information,” Padilla added. “The practice of withholding critical information from elections officials is a detriment to the security of our elections and our democracy.”
California is among at least 21 states that received phone calls from the Department of Homeland Security on Friday notifying them that Russians attempted to break into state, county, or local election networks. Until Friday, the department had alerted only the owners of targeted election systems.
In a statement, a homeland security spokesman said Friday that the department does not “publicly disclose cybersecurity information shared between the department and its partners.
“However, recognizing that state and local officials should be kept informed about cybersecurity risks to election infrastructure, we are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners,” spokesman Scott McConnell said. “We will continue to keep this information confidential and defer to each state whether it wishes to make it public or not.”
A Homeland Security official, who spoke on condition of anonymity because the agency’s election security efforts are confidential, said that in the majority of the 21 states, the Russians engaged only in “preparatory activity” such as by scanning the cyber defenses surrounding each system. While attempts to compromise some state networks were unsuccessful, the official said, “a small number of networks were successfully compromised. In no case, were the targeted systems involved in the tallying of votes.”
In June, citing a top-secret National Security Agency review, The Intercept reported that Russian military intelligence launched a cyberattack on one U.S. voting software vendor and sent phishing emails to more than 100 local election officials before the November 2016 election.