The Department of Homeland Security (DHS) has not yet notified all states whose systems it knows Russian hackers breached during the 2016 elections that they were victims.
“You’re absolutely never going to learn it, because we don’t even know it,” Judd Choate, state election director for Colorado and president of the National Association of State Election Directors, told Reuters.
Elections are run by states and not the federal government, and all aspects of the election are primarily handled at the state level. But DHS has said that they have evidence that at least 20 states had elections systems targeted by Russian hackers.
These systems handled voter registrations, said DHS, and were not used in casting or counting votes.
Both Illinois and Arizona have independently announced their voter registration databases were breached.
DHS policy is to notify the direct victim of an attack. In many instances, this is a contractor handling the elections system and not the state.
A DHS official said the agency was working on a mechanism to relay classified information about digital threats so that states can be made aware of them.
The 2018 Intelligence Authorization, which the Senate Intelligence Committee released last Friday, would require the director of National Intelligence to sponsor an elections official in each state for Top Secret clearance. It also contained other provisions for the director of National Intelligence, DHS and other law enforcement and intelligence agencies to develop strategies to further protect voting systems.
After the 2016 elections, DHS declared elections "critical infrastructure," a designation that allows the agency to provide additional, voluntary help to states.