There is no evidence that Russian interference in the 2016 presidential election affected the actual vote count, according to the first installment of the Senate Intelligence Committee's Russia report, released Tuesday.
"The Committee has not seen any evidence that vote tallies were manipulated or that voter registration information was deleted or modified," the report said, confirming a January 2017 assessment by U.S. intelligence agencies.
However, the committee concluded that hackers affiliated with the Russian Government "conducted an unprecedented, coordinated cyber campaign against state election infrastructure."
"Russian actors scanned databases for vulnerabilities, attempted intrusions, and in a small number of cases successfully penetrated a voter registration database," the panel found. "This activity was part of a larger campaign to prepare to undermine confidence in the voting process."
The unclassified summary of election security issues released late Tuesday is the first chapter in the committee's overall Russia report, which will ultimately include chapters on Russia's use of social media to influence the election and on possible collusion between the Trump campaign and the Kremlin. The committee has been investigating Russian election meddling for about 16 months.
"We are working tirelessly to give Americans a complete accounting of what happened in 2016 and to prevent any future interference with our democratic process," said Chairman Richard Burr, R-N.C.
Sen. Mark Warner of Virginia, the committee's senior Democrat, said he's "concerned that we as a country are still not fully prepared for the 2018 midterm elections."
"That’s one reason why we, as a Committee, have decided that it is important to get out as much information as possible about the threat, so that governments at every level take it seriously and take the necessary steps to defend ourselves," Warner said.
Among the report's findings:
• At least 18 states, and possibly 21, had election systems targeted by Russian-affiliated hackers in some way. Other states saw "suspicious or malicious behavior" that the U.S. Intelligence Community was not able to definitively tie to Russia.
• In a small number of states, the hackers were in a position to change or delete voter registration data, but they did not appear to have the power to manipulate individual votes or vote totals.
• The diversity of state election systems is a strength. "Because of the variety of systems and equipment, changing votes on a large scale would require an extensive, complex, and state or country-level campaign." Still, the committee noted that a few districts in each state "can have a significant impact in a national election."
The Department of Homeland Security's initial response to the cybersecurity threat by the Russians was inadequate, the report concludes.
"Although DHS provided warning to IT staff in the fall of 2016, notifications to state elections officials were delayed by nearly a year," the committee said. "Therefore, states understood that there was a cyber threat, but did not appreciate the scope, seriousness, or implications of the particular threat they were facing."
The department is doing a much better job of working with states now, the report says.
"Although early interactions between state election officials and DHS were strained, states now largely give DHS credit for making tremendous progress over the last six months," the committee concludes.
However, the nation's aging voting system remain vulnerable to attack, the report says.
"Voting systems across the United States are outdated, and many do not have a paper record of votes as a backup counting system that can be reliably audited, should there be allegations of machine manipulation," the committee concluded. "In addition, the number of vendors selling machines is shrinking, raising concerns about supply chain vulnerability."
The committee also updated election security recommendations that it first released in March. Among them:
• The federal government should make it clear to adversaries that an attack on U.S. election systems is a hostile act "and we will respond accordingly."
• Intelligence agencies should work to declassify information about cyberattacks more quickly so they can warn state and local officials. The agencies also need to speed up the process for those officials to get security clearances so they can be told what's happening.
• States should rapidly replace old voting systems. At a minimum, any new machine should have a voter-verified paper trail and no WiFi capability that can be hacked.e