Election Cyberattacks Could Hurt Public Confidence but not Change Results, Feds Say
Feds have had to grapple with what cyber threats really mean for Election Day.
-- U.S. national security officials have found themselves in a delicate position this election season: How do they warn about possible Election Day cyberthreats that pose a bigger risk to public feelings about the election than to the integrity of the results?
"This is where it gets confusing for the general public," a senior Department of Homeland Security official told reporters Friday. "You have to separate the threat to actually manipulate the official vote count from an attempt to cause confusion and a perception" of a possibly compromised election.
U.S. officials have tried not to fuel any anxiety that voters may have about possible cyberattacks on election systems. Officials have limited the release of certain information on threats and downplayed security breaches.
At the same time, Homeland Security Secretary Jeh Johnson, FBI Director James Comey and other top government officials have publicly stressed how unlikely -- if not impossible -- it would be for hackers to alter actual vote counts in the U.S.
"The vote system in the United States ... is very, very hard for someone to hack into because it's so clunky and dispersed," Comey recently told a House of Representatives panel.
"We don’t have that concern" about hackers changing an election's outcome, the senior Department of Homeland Security official told reporters. "We don’t believe that that is possible," the official said, noting that voting systems are spread among state and local jurisdictions and voting machines are largely disconnected from the internet.
What does concern federal officials is cyberattacks that could hurt faith in the election process or its results.
"We are very concerned about attempts that cause confusion" and undermine confidence in the system, the homeland security official said. Sources of worry include cyberattacks that could potentially alter unofficial election results posted on state websites or could remove names from voting lists, forcing people to cast provisional ballots at the polls, the official said.
"They’ll still be able to vote, but it could cause some confusion," the official said.
Homeland security officials and their counterparts in other U.S. agencies have been tracking potential threats to voter-related systems for months. Their concern has been heightened by Russia’s alleged attempts to influence the U.S. election, including through the online release of private emails stolen from the Democratic National Committee and some of Hillary Clinton’s top aides.
Hackers working on behalf of the Russian government have also targeted voter registration systems in nearly half of U.S. states, and hackers were able to compromise voter-related information in four states, sources have told ABC News.
To help forestall any public anxiety about such attacks, the Department of Homeland Security has taken advantage of a nuance to publicly say that only two states, Illinois and Arizona, had their government systems compromised by hackers.
But, as ABC News first reported last month, voters in Florida and another unidentified state also had their information exposed when hackers broke into computers associated with private contractors hired to handle voter information.
And the Homeland Security Department privately acknowledged the full breadth of successful hacks in an intelligence assessment three weeks ago to law enforcement across the country.
The assessment indicated that hackers were able to breach some level of security and expose data in Illinois and "at least three other states." While they succeeded in exporting data from the Illinois state board of elections website, attempts to take data related to voters in the three other states were "unsuccessful," according to the assessment.
Echoing public statements that the official vote count Tuesday is likely secure, the security assessment nevertheless said that "multiple elements of U.S. election infrastructure are potentially vulnerable to cyberintrusions," and any tampering with "unofficial" counts "could undermine public confidence in the results."
"Politically-motivated criminal hackers could attempt temporary disruptive cyberattacks, such as denial-of-service attacks or web defacements against election-related websites, in the lead-up, to or during the election process," the assessment added. "However, we judge this activity would likely have little impact on the voting process itself."
The assessment, authored by the Homeland Security Office of Intelligence and Analysis and first reported by the website Public Intelligence, also noted that any cyberattacks aiming to change a vote count would likely be detected.
Now, with Election Day almost upon us, officials across the U.S. government insist perspective is key.
"We are worried” about what hackers could bring tomorrow, "but we are as worried about that as we are about anything that touches the internet," the senior homeland security official told reporters Friday.
A few months ago, in the wake of the hack of the Democratic National Committee, the U.S. director of national intelligence, James Clapper, said he was "taken aback a bit by the hyperventilation over this."
"We just need to accept" that the United States will continue to face cyberthreats, and Americans should "not be quite so excitable when we have yet another instance of it," Clapper said.
ABC News' Geneva Sands contributed to this report.