WASHINGTON — Senators are expected to press Homeland Security Secretary Kirstjen Nielsen on the department's efforts to secure state election systems as the Senate Intelligence Committee launches an effort to safeguard against foreign meddling in this year's elections.
Nielsen will testify Wednesday along with Jeh Johnson, who was President Barack Obama's head of Homeland Security when Russian agents targeted election systems in 21 states ahead of the 2016 general election. Senators on the panel have criticized both administrations for not moving quickly enough to stem the Russian threat.
The hearing follows a Tuesday news conference in which committee members from both parties said government efforts to protect state and local elections from Russian cyberattacks haven't gone far enough. Federal warnings last time did not provide enough information or in some cases go to the right people, the senators said, though they reiterated that there was no evidence votes were changed.
Top U.S. intelligence officials have said they've seen indications Russian agents are preparing a new round of election interference this year.
The committee is recommending that states make sure voting machines have paper audit trails and aren't capable of being connected to the internet. Senators also are pushing for better communication among the various U.S. intelligence agencies and federal, state and local governments about cyber threats and vulnerabilities in computer systems.
The committee's recommendations preview an election security report expected to be released in full in the coming weeks. It is the first of four reports planned as part of the panel's wide-ranging investigation into Russian meddling in the 2016 election.
Committee Chairman Richard Burr, R-N.C., and Virginia Sen. Mark Warner, the top Democrat on the panel, released the recommendations ahead of Wednesday's hearing. They come as Congress is eyeing increased funding for election security in a wide-ranging spending bill that could make its way through the House and Senate this week.
Burr said the committee's investigation revealed that the Russian cyber effort exposed “some of the key gaps” in the security of the nation's election infrastructure. He said the committee wants to maintain state control of elections, but the federal government should be doing more to help.
“Clearly we've got to get some standards in place that assure every state that at the end of the day they can certify their vote totals,” he said.
Senators are also urging state and local election officials to take advantage of resources provided by the Homeland Security Department, such as comprehensive risk assessments and remote cyberscanning of their networks to spot vulnerabilities. Overall, experts say far too little has been done to shore up those vulnerabilities in 10,000 U.S. voting jurisdictions that mostly run on obsolete and imperfectly secured technology.
As of last month, just 14 states had requested risk assessments and 30 had asked for remote cyberscans of their networks, according to Homeland Security officials. But even that was straining resources, since many of those risk assessments have not been completed.
Illinois, which held the second-in-the-nation primary on Tuesday, requested the assessment in late January but it was not completed in time for the primary.
The senators are also recommending that states consider implementing “more widespread, statistically sound audits of election results.” Currently, 32 states and the District of Columbia require postelection audits, with three others conducting such audits under some circumstances.
Cybersecurity experts say the best approach would be for states to require risk-limiting audits, a type of an audit that uses statistical methods and is considered a more rigorous process. So far, three states — Colorado, Rhode Island and Virginia — have passed legislation to require them. Other states, including Georgia, are weighing legislation this year that would implement risk-limiting audits.
There's no evidence that any hack in the November 2016 election affected election results, but the attempts scared state election officials. DHS took nearly a year to inform the affected states of hacking attempts or suspicious cyberactivity, blaming it in part on a lack of security clearances. Lawmakers in both parties have pressed the department on why it took so long.
Warner has said he thinks the process to prevent any compromise of election systems needs to be more robust, especially since President Donald Trump has not addressed the matter as an urgent problem.
“Every one of Mr. Trump's appointees in law enforcement and national security acknowledge what an ongoing threat Russia is,” Warner said Tuesday. “It's pretty amazing to me we've had the director of the FBI, the director of national intelligence and the head of the NSA say in public testimony within the last month that they've received no direction from the White House to make election security a priority.”