In my initial post on the US being in a cyberwar with Russia, on 26 July 2016, I wrote (emphasis mine):
One of the real concerns going forward, apart from embarrassing email chains with personally identifying information (PII) being posted on Wikileaks, is not just that Russian Intelligence can get in and look around and take information out of these systems in the US, but what happens if they decide to mess with what’s there? Voter registration information, voter donation information, electoral results, and more are all stored electronically. The next attack may not be interested in embarrassing staffers and causing a few days of reporting about what they wrote. Rather it might seek to remove voters from the rolls or change the reported results of an election in specific locations before they can be reported. And since our system is decentralized, securing all of it is going to be difficult and expensive.
Well what do you know?
— The Hill (@thehill) May 9, 2018
From The Hill (emphasis also mine):
The Senate Intelligence Committee on Tuesday released the unclassified version of its investigation into Russian cyberattacks on digital U.S. voting systems ahead of the 2016 presidential election.
The report finds that Moscow conducted an “unprecedented, coordinated cyber campaign” against the nation’s voting infrastructure. Through its investigation, the committee found that Russia-linked hackers were in a position to “alter or delete voter registration data” in a small number of states before the 2016 vote.
“In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure,” the report states. “In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.”
“The Committee saw no evidence that votes were changed and found that, on balance, the diversity of our voting infrastructure is a strength,” the report says. “However, the Committee notes that a small number of districts in key states can have a significant impact in a national election.”
Going forward all US election systems – voter registrations, voter rolls, recording of the actual vote, etc – must all be air gapped. They have to be either set up or backed up in such a way that the master information is only accessible via a secured or classified network – not the every day unclassified Internet. Additionally, every vote cast should be pen and paper. And non-partisan observers should be present during all voting and tallying and reporting of the vote totals. And all three of these activities should also be filmed so there is a record of voting, tallying, and reporting. Finally, there should be secured paper backups of everything. If we do these simple things we can safeguard and protect the integrity of our election systems and have faith in the outcome of our elections. Or we can have more 2016s.
Update at 11:30 PM EDT
Here’s the link to the Senate Select Committee on Intelligence unclassified report.