Feds can’t get story straight: Was Wisconsin’s elections system targeted by Russian hackers?
On Sept. 22, the U.S. Department of Homeland Security told state elections officials that Wisconsin was one of 21 states targeted by Russian hackers, raising concerns about the safety and security of the state’s elections systems.
DHS maintained that no data had been compromised.
But four days later, DHS reversed course and told Wisconsin officials the Russian government did not scan the state’s voter-registration system. Still, the agency believed Wisconsin was one of the states targeted by Russian hackers during last year’s election cycle.
“Either they were right on Sept. 22 and this is a cover-up, or they were wrong on Sept. 22, and we deserve an apology,” Mark Thomsen, the Wisconsin Elections Commission’s chairman, said in light of the new email. He’d previously directed staff to investigate why state election officials were not notified sooner.
The DHS stands by its assessment that internet-connected networks in 21 states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. elections infrastructure, DHS spokesman Scott McConnell said.
‘TRYING TO UNDERSTAND WHAT HAPPENED’
The DHS initially told the Elections Commission that the Russians scanned the state’s internet-connected elections infrastructure, likely seeking specific vulnerabilities to access voter registration databases.
Wisconsin’s chief elections administrator, Michael Haas, had repeatedly said DHS assured the state it had not been targeted.
“Wisconsin was not provided any information that indicated before the November election that Russian government actors were targeting election systems,” Haas said.
He said one theory is DHS saw suspicious activity from IP addresses targeting state elections systems in other states and assumed that was the intent in Wisconsin.
“It’s been a difficult process trying to piece all of this together,” said Wisconsin Elections Commission spokesman Reid Magney. “We’re trying to understand what happened.”
The Elections Commission has established a cyber security team that is working on a new plan to improve security before the 2018 elections.
Security enhancements being considered include encrypting the entire voter registration database to protect the information and make it unusable to anyone who may be able to steal it, and requiring two-factor authentication for the roughly 3,000 local and state officials who have access to the WisVote system.
Louis Weisberg contributed to this story.
The Associated Press