Florida officials struggled to manage their cybersecurity and failed to heed multiple warnings as Russian hackers attacked electoral systems throughout the state and successfully breached two counties in 2016, according to newly unveiled details in a bipartisan Senate report.
The Senate Intelligence Committee’s redacted chapter on election security, released Thursday, concluded that the Russian government “directed extensive activity against US election infrastructure” from 2014 through 2017 and that the Russian efforts “exploited the seams” between the federal authorities and states.
The report also found that all 50 states were likely targeted.
It doesn’t name Florida directly; every state besides Illinois is simply assigned a number to protect its identity. “State 2” in the report is Florida, according to a former senior government official familiar with the matter. Some events that took place in “State 2” are also described in special counsel Robert Mueller’s report as happening in Florida.
The report paints a picture of federal officials repeatedly reaching out to warn Florida state officials and four particular counties that they were targets for Russian hackers, beginning in August 2016, lasting through that presidential election and continuing through the summer leading up to the 2018 elections.
In a conference call, the state’s election director “told the Committee in December 2017 that there was ‘never an attack on our systems.’ ‘We did not see any unusual activities. I would have known about it personally,’ ” the report says.
Florida “did not want to share with the Committee its cybersecurity posture, but state officials communicated that they are highly confident in the security of their systems,” the report says.
But two Florida counties were in fact hacked by Russian intelligence, news that wasn’t publicly acknowledged until Mueller’s report in April made reference to it.
The identities of the two counties are still unknown, though a number of Florida officials, including Gov. Ron DeSantis and some members of Congress, have since received a classified briefing by the FBI on the subject and are aware of which counties they are. There’s no evidence of votes being changed, officials who have received that briefing have said, but the Russians did have access to sensitive systems.
“The Senate Intelligence Committee’s report underscores why voters in Florida and across the country need to be made aware whether they were the victims of an intrusion into their voting data by a foreign adversary and what the federal government is doing to prepare for another attack,” Rep. Stephanie Murphy, a Florida Democrat who received the briefing, told CNN.
The Department of Homeland Security, which partnered with the FBI to try to reach out to state and local officials, has openly acknowledged the difficulty it faced in 2016 in convincing them of the urgency of the threat from Russia. Few county government chiefs have security clearances, and elections weren’t designated as critical infrastructure until January 2017.
Despite repeated warnings and reminders, the four counties took nearly two years to accept DHS’s basic, free cybersecurity services. As of June 11, 2018, none had accepted them.
However, all but one Florida county was using DHS services by the 2018 midterm elections that November, DHS spokesperson Sara Sendeck told CNN, and the final county does now.
DeSantis has since ordered the Florida Department of State to conduct a review of election security.
The office of Florida’s Department of State said Florida’s election security is “a top priority,” spokesperson Sarah Revell said in a statement to CNN.
“We have strong partnerships with DHS, FBI and MS-ISAC which facilitates information sharing on potential threats and best practices,” she said. “Additionally, Florida has invested millions of dollars in election security and we are the only state in the country to have all county election offices using the ALBERT sensor, which can detect and quickly alert officials to cyber threats.”