Georgia’s voting systems were not affected by the hacking attempts detailed in a top-secret government report about Russia’s meddling in the 2016 presidential election, state officials said Tuesday.
A 25-year-old federal contractor in Augusta has been charged with leaking the report to the news media. Her arrest Monday coincided with the publication of a story by The Intercept after it said it had obtained a top-secret National Security Agency report about Russia’s interference. The NSA report, according to The Intercept, says Russian military intelligence officials executed a cyberattack on a U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials days before last November’s presidential election.
The effort detailed in the report came after the Federal Bureau of Investigation in August warned states it was investigating incidents related to elections data systems in two states believed to be Arizona and Illinois. The U.S. Homeland Security Department in late September said it believed unidentified hackers had targeted the voter registration systems of more than 20 states prior to the presidential election, although Georgia was not believed to be one of them.
Georgia election officials, meanwhile, have repeatedly sought to assure voters about measures they have taken to minimize those threats.
The Georgia Secretary of State’s Office conducts its own testing and scanning of access points such as the state’s election results website using both in-house staff and private vendors. It also works with the state-run Georgia Technology Authority on potential threats passed along by federal agencies and periodically conducts security assessments to review existing infrastructure and systems.
The state contracts with a security vendor to monitor network traffic attempting to connect with the system, with the idea being to block and report threats. A backup of the statewide voter registration system is updated every few seconds. Officials have said the back-up is stored at a secure, off-site location. In the event of a breach or crash, officials believe the database would be back up and running at full capacity in as little as 30 minutes.