With the 2018 elections already underway, senators chided the current and former secretaries of Homeland Security on Wednesday for not more strongly warning the American public about past Russian intrusions in state election systems and for a lack of urgency to protect balloting this year.
Kirstjen Nielsen, President Donald Trump's secretary of Homeland Security, testified alongside Jeh Johnson, secretary under former President Barack Obama, as the Senate intelligence committee launched an effort to protect the country's election security after Russian agents targeted election systems in 21 states ahead of the 2016 general election. There's no evidence that any hack in the November 2016 election affected election results, but the attempts rattled state election officials and prompted the federal government and states to examine the way votes are counted.
Senators on the panel have criticized both administrations for not moving quickly enough to stem the Russian threat, and continued to do so at the hearing. Maine Sen. Susan Collins, a Republican, critiqued Nielsen's opening statement, which described a series of efforts the department had already announced.
Nielsen stressed that the threat against U.S. election systems remains high and vigilance is important ahead of the midterm elections.
"I hear no sense of urgency to really get on top of this issue," Collins argued however, noting that "we are already in an election year."
Collins noted that many state election officials have remained without security clearances, making it harder for the department to share information with them.
To speed up communications and intelligence sharing, the department has been working to grant security clearances to up to three election officials in each state. Nielsen said Wednesday that just 20 of those officials have been granted full clearances.
"We are doing our best to speed up the process," Nielsen said.
Communication and intelligence sharing by the federal government has been a key concern among state and local election officials. Those officials complained that it took the federal government nearly a year to inform them whether their states had been targeted by Russian hackers.
Nielsen noted however, that an issue at the state level is when victims stop reporting of any issues in their election systems, DHS is then not aware of potential attacks.
"We got to find a way to encourage reporting and cooperation while also making it transparent," said Nielsen.
Nielsen also stressed the need to have a way to physically verify the integrity of the vote by way of a paper audit which would act as a receipt of one's vote for personal records that could later be used as a check by state and federal officials.
"If there is no way to audit the election that is absolutely a national security concern. So we're working with states, there is a variety of ways to do that," said Nielsen.
She added, "We do recommend it, you must have a way to audit and verify election results."
Collins, who has introduced legislation with other members of the committee to improve election cybersecurity, also pressed Johnson, asking if he should have issued stronger warnings in 2016 as it became clear that Russians were trying to intrude into the systems.
Johnson defended the way he alerted state and local election officials, noting that in the late summer and fall of 2016 he was repeatedly issuing public warnings for those officials to get cybersecurity assistance from the department.
"We were beating the drum pretty hard," Johnson said.
California Sen. Dianne Feinstein, a Democrat, also lambasted the Obama administration's response, saying it was not sufficient to warn the public "in any way, shape or form."
Senators are now urging state and local election officials to take advantage of resources provided by the Homeland Security Department, such as comprehensive risk assessments and remote cyberscanning of their networks to spot vulnerabilities. Overall, experts say far too little has been done to shore up those vulnerabilities in 10,000 U.S. voting jurisdictions that mostly run on obsolete and imperfectly secured technology.
As of last month, just 14 states had requested risk assessments and 30 had asked for remote cyberscans of their networks, according to Homeland Security officials. But even that was straining resources, since many of those risk assessments have not been completed.
Warner has said he thinks the process to prevent any compromise of election systems needs to be more robust, especially since President Donald Trump has not addressed the matter as an urgent problem.
"Every one of Mr. Trump's appointees in law enforcement and national security acknowledge what an ongoing threat Russia is," Warner said Tuesday. "It's pretty amazing to me we've had the director of the FBI, the director of national intelligence and the head of the NSA say in public testimony within the last month that they've received no direction from the White House to make election security a priority."
Nielsen defended Trump at the hearing, saying, "the line he is drawing is that no votes were changed. That doesn't mean there's not a threat."
She added: "We think the threat remains high."