Former Department of Homeland Security Secretary Jeh Johnson told a House panel Wednesday that Russian hackers did not change any votes cast in the 2016 U.S. presidential election.
“I know of no evidence that through cyber intrusion, votes were altered or suppressed in some way,” Johnson told the House Intelligence Committee.
The FBI and the House and Senate Intelligence Committees are investigating Russian interference in the election.
Johnson, who said he testified voluntarily, also revealed the Democratic National Committee rejected an offer of help from his department after internal emails were hacked and released on the eve of the party’s presidential nominating convention.
And the former DHS chief was quizzed about the timing of the statement he released in early October, weeks before the election, warning of Russia interference as well as his decision in January 2016 to designate election infrastructure as a subsector of critical infrastructure, which was criticized by some as a step toward a federal takeover of state elections.
No votes changed
While Johnson testified there was no direct interference by Russia in the 2016 voting, he said the United States “can and should do” more to protect its election systems from cyberattacks.
“There are lessons learned from this experience and, in the future, there is probably more we can and should do,” he said.
Johnson said he couldn’t say whether or not Russia influenced public opinion regarding the election.
He said possible protections against hacking include giving state election officials grants to boost security, improving the training of state and local officials and designating a DHS official to oversee improving cybersecurity.
DNC rejected fed’s offer to help
Johnson said he was “not pleased” when the DNC rejected his offer to help with its cyber breach and instead hired a private cybersecurity firm.
“This was a question I asked repeatedly when I learned of [the intrusion] — what are we doing? Are we in there?” he said.
Johnson noted the DNC breach was “fresh off the OPM experience,” referring to the hack of the Office of Personnel Management in which sensitive personal background data was stolen from an estimated 21.5 million people.
“There was a point at which DHS cybersecurity experts did get in to OPM and help them discover the bad actors and patch some of the exfiltrations, or at least minimize some of the damage,” Johnson pointed out.
He said DHS, however, doesn’t have the authority to fix the party committee’s vulnerabilities if it doesn’t want the help.
“My interest in helping them was definitely of nonpartisan interest, and I recall very clearly that I was not pleased that we were not in there helping them patch this vulnerability,” he said.
Johnson said, however, that if he were to do it over again, he would have “camped out” in front of the DNC’s headquarters.
Rep. Adam Schiff, D-Calif., who is leading an investigation of alleged Russian interference as the ranking member of the House Permanent Select Committee on Intelligence, accused Johnson of waiting too long to publicize the seriousness of Russia’s interference in the election.
Johnson, noting public statements were released in September and October, argued the nature of the investigation hindered communication.
“Many would perhaps criticize us for taking sides,” he said, pointing out President Trump had claimed the election would be “rigged.”
Because of Trump’s statement, he said, he and his colleagues were “concerned” that making a statement “would be in and of itself challenging the integrity of the election process.”
Johnson’s October statement did not mention the “intelligence community’s opinion,” released after the election, that the Russians wanted Hillary Clinton to lose.
Regarding his controversial decision in January 2016 to designate election infrastructure as a subsector of critical infrastructure, Johnson argued the move was confined to the election infrastructure and did not affect politicians or political parties.
“There are 16 sectors already that are considered critical infrastructure, and in my view, this is one thing that was sort of a no brainer. In fact, it probably should’ve been done years before,” he said.
Johnson said “critical infrastructure receives a priority in terms of the assistance we give on cybersecurity.”
“There’s a certain level of confidentiality that goes into the communications between critical infrastructure and that department that are guaranteed,” he said.
Johnson said that “when you’re part of critical infrastructure, you get the protection of the international cyber norms — that thou shall not attack the critical infrastructure of another country.”