TALLAHASSEE, Fla. – After an FBI briefing, Florida Gov. Ron DeSantis says Russian hackers gained access to voter databases in two Florida counties ahead of the 2016 presidential election.
DeSantis said Tuesday the hackers didn't manipulate any data and the election results weren't compromised.
The governor said he signed an agreement with the FBI not to disclose the names of the counties, but elections officials in those counties are aware of the intrusions.
He said the hackers gained access through a spearfishing email after a worker clicked a link.
"This was something where they had efficient spearfishing, someone clicked on it and someone was able to get access," DeSantis said. "This is something the counties knew about before the 2016 elections."
Republican U.S. Sen. Marco Rubio has previously said at least one Florida county had an intrusion. Special counsel Robert Mueller's report on Russian interference in the 2016 election also said hackers gained access to the network of at least one Florida county.
News 6 contacted local supervisor of elections offices for comment on the announcement. Their unedited responses are below:
"Supervisor Scott has not had any discussions with Governor DeSantis regarding this matter. The Brevard County Supervisor of Elections office never received the phishing emails referenced in the article. Cybersecurity has always been a critical internal process. This office, as well as other Florida Supervisor of Elections, has worked directly with the DHS, FBI, FDLE, National Guard, U.S. Elections Assistance Commission and MS-ISAC (Multi-State Information Sharing & Analysis Center) to implement protocols to protect the physical and cybersecurity of our country’s electoral process. For security reasons, we do not disclose the details of our cybersecurity protocols."
"In short, No, we have not been notified that our system was compromised in any way. According to the items I’ve read, the Governor did say after his FBI briefing, those counties whose systems were compromised have been notified. After spending considerable time with our IT Security people at the county level as well as our in-house security team, I know that we have a series of security measures that consists of multiple levels to prevent and/or identify any efforts to penetrate our systems. We also have in place constant monitoring devices around the clock and we receive frequent reports of all activity.
"As of this moment, I can say without hesitation that 1. We are doing everything we know of to protect the integrity of our systems, 2. To my knowledge we have not been penetrated, and 3. No one has given me any indication they have knowledge of such penetration."
"I have not seen the exact words the Governor spoke. Within the CyberSecurity community, exact words matter greatly.
"I reference a letter sent to Secretary Detzner in August of 2018, signed by both the Director of the FBI and the Secretary of DHS.
"'Although we have not seen new or ongoing compromises of state or local election infrastructure in Florida, Russian government actors have previously demonstrated both the intent and capability to conduct malicious cyber operations. DHS and the FBI will continue to notify any victim of a successful cyber intrusion into their election network in any jurisdiction nationwide.'
"That being said, I have NOT been notified or contacted by either organization.
"And to speak to what we have done, due to security concerns, I will be fairly generic. We (all) in the Elections Community understand that the threat is VERY real, and ever changing. And the defenses we put in place today, will not be good enough for the challenges we face tomorrow. Therefore, we are constantly updating those defenses. We are in close contact with our peers both within the State and across the Nation, updating those “Best Practices."
"We have had no discussion with the Governor. We were not a customer of the outside vendor referenced in the 2016 phishing campaign and are unaware of efforts that specifically targeted Orange County.
"The specifics of our efforts in securing our infrastructure for the next election cycle are confidential. We were able to utilize funding under the previous Cybersecurity grant to enhance an already secure environment. We will use the additional funds to continue enhancing our environment.
"Cybersecurity continues to be a top priority for our office."
"1. We have had no discussions with the Governor's Office.
"2. We were not targeted and did not receive the email in question.
"3. We have had our systems reviewed by the FBI and are scheduling a cyber security a review by Homeland Security. We are not discussing any specific actions we have taken."