Experts to lawmakers: U.S. elections vulnerable to evolving cyberattacks

WASHINGTON, Feb. 27 (UPI) — Experts warned lawmakers Wednesday that U.S. elections are still vulnerable to cyberattack, despite efforts that fended off hackers during the midterms last fall.

Illinois Rep. Mike Quigley, chairman of the House Financial Services and General Government subcommittee, said at the start of the hearing that Americans should be prepared for Russia to again meddle in the 2020 vote.

“We can be sure that they intend to interfere in the 2020 Presidential election,” he said. “Yet, many of the vulnerabilities that existed in 2016, continue to persist across the country.”

Quigley has openly criticized President Donald Trump‘s response to evidence indicating Russian interference in 2016. Following Trump’s summit with Russian President Vladimir Putin last summer, Quigley joined then-House Democratic leader Nancy Pelosi‘s rebuke of the president’s “extraordinary performance.”

“When President Trump was given the opportunity to challenge Putin in Helsinki … he instead condemned his own intelligence agencies while praising the Russian President without reservation,” Quigley said during the summit last summer “It was embarrassing, it was un-American, and it was a clear sign from the President that he will continue to stand by as Putin orchestrates additional attacks on our democracy.”

Illinois Board of Elections Chairman Steven Sandvoss told lawmakers the board first reported hacks in June 2016, which compromised the data of possibly 76,000 voters. Soon after, the board increased security measures, including “weekly hygiene scans” by the Department of Homeland Security.

Looking to 2020, Sandvoss said the most important security feature state elections boards can introduce are new voting systems.

“In terms of technology, [old] systems are ancient and need to be replaced,” he said in prepared remarks Wednesday.

Updating the voting machines in Illinois, the elections board estimates, could cost nearly $175 million.

Eric Rosenbach, former chief of staff to Defense Secretary Ash Carter, referred to findings in the 2019 Worldwide Threat Assessment to highlight state actors who could influence U.S. elections. He added that apart from Russia’s well-documented influence, China and Iran also pose serious threats.

“China is consistently improving its cyber capabilities and influence operations in the U.S. Iran has demonstrated its ability to manipulate social media and online content, and may do so around the election to impact voters,” Rosenbach said, noting that one of the most effective security measures is “a clear, public deterrence posture.”

Ranking member Tom Graves, R-Ga., pointedly questioned the panelists whether hacks have affected election results, saying, “there is no evidence that there has been an election changed.”

Rosenbach challenged that assessment, saying “what we know is a very small part of what they did.”

Alex Halderman, a professor of computer science at the University of Michigan, said the damage caused by Russian hackers in 2016 could have been much worse. He said data on thousands of voters could have been destroyed, but “hackers chose not to pull the trigger.”

“If it’s that easy why haven’t they done it?” Rep. Chris Stewart, R-Utah, asked Halderman, who successfully hacked an election simulation.

“I don’t want to give the impression that anyone can do it,” Halderman answered. “It hasn’t been in there interest yet.”

Earlier this month, Democrats on the Senate armed services committee praised the successful efforts of U.S. Cyber Command in defending last November’s midterm elections and challenged leaders to publicly acknowledge victories.

Commanders urged caution, however, warning that each failed attempt might lead to more sophisticated attacks.

National Security Agency Director Paul Nakasone, commander of Cyber Command, told panel members that although they failed to disrupt the midterms, U.S. adversaries are learning from their mistakes.

“It’s only a matter of time before an election is disrupted or stolen in a cyberattack,” Halderman said.