The Vermont Secretary of State told On Point that in late August hackers used three different methods to attempt to access Vermont’s online voter registration database. One of the attempts came from Russia.
“We experienced scans,” Vermont Secretary of State Jim Condos said. “Our logs of the system showed where they were coming from. The one that raised our attention, if you want to call it, was the one that said 'Russian Federation,' and we forwarded that on to Department of Homeland Security."
None of the attacks were successful. The attempts were first reported by NBC News. Condos revealed the Russian attempt to On Point. The Department of Homeland Security said in an intelligence assessment obtained by NBC News that it’s aware of growing "cyberactivity targeting election infrastructure in 2018. ... Numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data and undermine confidence in the election."
Publicly, however, federal officials have consistently said they have not seen evidence of foreign adversaries targeting U.S. elections systems in the same way they did in 2016. "We currently have no indication that a foreign adversary intends to disrupt our election infrastructure," Homeland Security Secretary Kirstjen Nielsen said earlier this month at a cybersecurity summit.
Hacking attacks were detected in voter registration databases in 21 states, and 39 states election management systems in 2016.
"We’re never going to get the risk of a cyberattack down to zero," said Marian Schneider, president of Verified Voting, a non-partisan advocacy group calling for greater transparency and verifiability in elections. She told On Point that all computers are vulnerable, "and 99 percent of votes in this country are counted by computers, which is why we need to give election officials the tools they need to demonstrate that the software reported the results accurately."
Condos, the Vermont Secretary of State, called into the On Point hour on election security Monday to outline what steps the Green Mountain State has taken.
"We feel that we're in pretty good shape," Condos, also the president of the National Association of Secretaries of State, told On Point's Meghna Chakrabarti. "We actually started working on cybersecurity and our election systems back in 2013. At that time, we did a full-blown risk and vulnerability assessment. We had any recommendations put into high, medium and low priority. We've consistently worked to get all of those recommendations in place."
Condos says Vermont also regularly tests the state’s computer systems to identify vulnerable spots that could be targeted. "Our systems are getting pinged thousands of times per day, thousands of times per hour. The question is, have you put the systems in place to defend against that?"
Nationwide, the voting system remains vulnerable, Schneider says. "We have a patchwork of regulations. It doesn’t allow us to be nimble enough." Her group advocates national adoption of voter-marked paper ballots, and routine, manual post-election audits of results.
Congress is currently considering a bill that would address some of these issues. The Secure Elections Act has bipartisan co-sponsorship from Sen. James Lankford, R-Okla., and Sen. Amy Klobuchar, D-Minn. However, various parts of the bill met with resistance from both state officials and election security advocacy groups. Various secretaries of state objected to what they saw as unfunded federal mandates in the bill. Election security advocates worried the bill was being watered down.
The Secure Elections Act is not expected to move through the Senate Rules Committee before the midterm elections.