By Patrick Marley
The federal Department of Homeland Security reversed itself Tuesday and told Wisconsin officials that the Russian government had not tried to hack the state's voter registration system last year.
Instead, Homeland Security said, the Russians had attempted to access a computer system controlled by another state agency.
The development _ disclosed during a meeting of the Wisconsin Elections Commission _ came four days after federal officials told the state that Russians had tried to hack systems in Wisconsin and 20 other states.
Juan Figueroa, a member of Homeland Security's election infrastructure team, on Tuesday told state officials by email that Wisconsin's voter registration system had not been targeted in a hacking attempt after all. He said Russians had tried to access a computer system run by the state Department of Workforce Development.
"One additional follow-up from our analysis team before this is shared publicly, based on our external analysis, the WI IP address affected belongs to the WI Department of Workforce Development, not the Elections Commission," Figueroa wrote in his email.
He did not explain why inaccurate information had been provided to the state on Friday. He did not respond to questions from the Milwaukee Journal Sentinel.
"Either someone was right on Friday and this memo today is a coverup or they were wrong on Friday and we deserve an apology," said Mark Thomsen, chairman of the Wisconsin Elections Commission.
Someone tried to access Department of Workforce Development system on July 30 and 31, 2016, according to a timeline released Tuesday by David Cagigal, the state's chief information officer. He compared the attempts to a burglar checking the locks on a door to see if they were secure.
On Aug. 2, 2016, Wisconsin blocked the computer addresses that had been used to try to get into the Department of Workforce Development system.
In October 2016, the Department of Homeland Security notified officials that hackers had probed election systems in some states. At the time, the federal agency said the computers being used to try to get into the systems were from a Russian company but that the agency was "not now in a position to attribute this activity to the Russian government."
Wisconsin had already blocked the computer addresses in question after the July 2016 attempts to gain access to the Department of Workforce Development system, according to the timeline.
On Friday, Homeland Security officials told Wisconsin Elections Commission Administrator Michael Haas that hackers working on behalf of the Russian government had attempted to get into Wisconsin's voter registration system.
Those officials told him to follow up with Figueroa. Haas spent the following days seeking more information and on Tuesday was told the computers the Russians had tried to attack belonged to the Department of Workforce Development, not the Elections Commission.
Haas said it is possible Homeland Security officials initially assumed the Russians had tried to get into Wisconsin's voter registration system because their computers had been used to try to break into other states' elections systems.
Kevin Kennedy, a longtime head of Wisconsin elections efforts who is now retired, said federal officials haven't been forthcoming with states over the past year about what happened.
"Part of the decision last fall was they made a choice they weren't going to tell everybody," he said.
The commission is considering new security measures, such as encrypting WisVote, the voter registration system used by local clerks, and requiring two-factor authentication for clerks and state workers signing into that system.
A two-factor system requires a typical password and then a second code that is sent as an email or text message to the user. Such a security feature could be challenging to implement because elections are run at the municipal level and officials in some small communities don't have email accounts, said Meagan McCord Wolfe, an assistant administrator at the Elections Commission.
A draft of the new security plan will likely be presented to the commission in December, Wolfe said.
The elections systems in Wisconsin has come under scrutiny because the state, along with Pennsylvania and Michigan, helped deliver an Electoral College victory to President Donald Trump over Hillary Clinton.
There have been no reports of hackers attempting to gain access to voting machines or other devices used to tabulate results. Wisconsin conducted a statewide recount following last year's vote, with some ballots being recounted by hand and some by machine.
Until Tuesday, Wisconsin officials believed hackers had targeted Wisconsin's voter registration system, which can be accessed online by about 3,000 local and county clerks and state workers. Local workers can only make changes in their jurisdiction. Voters can register online with WisVote.
Cybersecurity experts raised alarms after the election that Wisconsin was vulnerable to attacks, prompting Green Party presidential candidate Jill Stein to fund a statewide recount. The effort ultimately confirmed Trump as the winner in Wisconsin.
Monthly cybersecurity reports produced by Gov. Scott Walker's administration show that two days before the state's April 5 presidential primary last year, security analysts logged more than 150,000 alerts in a single day. On a typical day over the past two years, the state has logged fewer than 60,000 of these alerts, which attempt to find holes in state systems.
(Jason Stein Milwaukee Journal Sentinel contributed to this report.)
(c)2017 Milwaukee Journal Sentinel