Election Targeting Disclosure Won’t Impact Alabama Primary, State Official Says

Alabama’s top election official said the U.S. Department of Homeland Security’s notification that the Yellowhammer State was among 21 states targeted by hackers in the months leading up to the 2016 presidential election would not impact Tuesday’s closely watched Senate primary runoff.

Alabama Secretary of State John Merrill (R) said the information did not lead to any election hacking concerns regarding the Republican primary runoff, where appointed Sen. Luther Strange will face off against former Alabama Chief Justice Roy Moore for the GOP nod to fill Attorney General Jeff Sessions’ former Senate seat.

“We don’t have any concerns about anything related to [election interference],” Merrill said in a Monday phone interview.

Merrill said DHS made a formal overture to his office on Friday “and indicated that there were potential system compromises that had been introduced by the Russians.”

“But, over the course of the election system, our network identified those and prevented [hacking] from occurring in our system,” Merrill added. “Those attempts were thwarted. And we spoke to DHS about the suspicious traffic that had been viewed, and basically with those attempts, we just wanted our people to know that we were diligent in trying to review the things that would be introduced, and try to ensure to them that we were going to be on top of it and do everything we could to prevent it from violating our process.”

Merrill’s office released a statement following the notification from DHS, saying the agency “observed suspicious traffic from IP addresses connected to election-related activity.”

DHS on Friday notified state election officials in 21 states that hackers had targeted their election systems leading up to the 2016 election. In addition to Alabama, other states reportedly targeted include North Dakota, Texas, Florida, Ohio, Wisconsin, Minnesota and Pennsylvania, according to a tally by The Associated Press. DHS has not released a full list of which states were notified.

During a Senate Intelligence Committee hearing on June 21, a DHS official first reported that foreign hackers targeted 21 election systems, but said that the efforts largely entailed scanning and so-called probing of election systems for vulnerabilities. At the time, DHS would not comment on the states that were targeted, citing the privacy of cyber victims.

Merrill, who previously expressed frustration about Homeland Security’s lack of engagement with secretaries of state regarding election hacking, said he was thankful the agency finally reached out to state officials.

“We were happy that we finally got the word from them so that we would know what occurred, and then if there was any other activity that we needed to be aware of that we could take care of, we certainly wanted to do that,” Merrill said. “But that was a benefit. The way that they went about it, the length of time that it took, obviously you wish it could have occurred a lot sooner than it did, but we are thankful that it did occur.”

In a statement emailed to Morning Consult on Monday, North Dakota Secretary of State Al Jaeger (R) said that DHS also notified his office that the state’s “election systems were targeted, but not breached, in the summer of 2016.”

“Security measures in place to protect these systems have proven to be effective, and we continue to update cybersecurity protections as new potential means of targeting are identified,” Jaeger said. “For security purposes and confidentiality requirements, our office is unable to comment on the nature of the attempt or the specific systems targeted.”

David Becker, founder and executive director of the Center for Election Innovation & Research, said in a Monday phone interview that it wasn’t too surprising that outside actors were probing election systems, but added that “this confirms the threat is real and it’s substantial.”

“There is some degree of looking back, because we want to look back at what happened,” Becker added. “But so far the news is that despite this relatively unprecedented threat, the system held, but we also know this threat isn’t going away, and so it’s going to be important to be as resilient as the attackers to ensure that any future threats don’t affect any future elections.”

DHS said in a statement that the department originally notified the owners or operators of the state election systems — who were not necessarily affiliated with a secretary of state’s office — regarding hacking concerns.

An official said that DHS then determined the state’s top officials would also benefit from the information.

“State and local officials should be kept informed about cybersecurity risks to election infrastructure, and we are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners,” DHS spokesman Scott McConnell said in a Monday email. “As part of these efforts, it became clear that state chief election officials could benefit from this information in their responsibilities overseeing their election infrastructure.”