Updated at 5:57 p.m. ET
Swing states, and even individual precincts within those states, present a significant point of vulnerability when it comes to the threat of election interference because of their potential to impact the result in a presidential race, the current secretary of the Department of Homeland Security and one of her key predecessors both told senators Wednesday.
Both officials appeared before the Senate intelligence committee to discuss election security, as Congress appeared ready to inject approximately $687 million into helping states improve their voting systems and granting additional funding to the FBI.
The decentralized nature of elections in the U.S. is often talked about as a strength. Because states run their own elections, it's impossible to break into one system and affect nationwide vote tallies or voter registrations.
But that decentralization also means local jurisdictions in places that can have an outsized effect on the outcome of national races — like Wisconsin, Pennsylvania and Michigan — will be forced to defend against cyber-threats posed by entire nation-state adversaries like Russia.
"The reality is: Given our Electoral College and our current politics, national elections are decided in this country in a few precincts, in a few key swing states," former DHS Secretary Jeh Johnson, who served under President Obama during the 2016 presidential election cycle, told members of the Senate intelligence committee. "The outcome, therefore, may dance on the head of a pin."
The current secretary of DHS, Kirstjen Nielsen, echoed those comments. Johnson and Nielsen testified together, in a show of bipartisanship, on Capitol Hill as part of the Senate intelligence committee hearing.
Decentralization "makes it difficult to have a nationwide effect [with election interference] but also makes it perhaps of greater threat at a local level," Nielsen said. "If it's a swing state or swing area, that can, in turn, have a national effect."
Indeed, an indictment of 13 Russian individuals and three Russian entities filed last month by Department of Justice special counsel Robert Mueller alleged that the Russian social media disinformation campaign sought to target "purple states."
Sen. Marco Rubio, R-Fla., also touched on the idea.
During his line of questioning for Nielsen and Johnson, Rubio painted a harrowing hypothetical picture of a foreign leader who wants to "create chaos" in American democracy by spreading misinformation online, then hacking into voter registration data in "strategically located counties or states" to change voters' polling places and maybe delete some info from the voter rolls, which, in turn, sows public doubt and uncertainty about the validity of election results, causing mass protests and a lack of clarity over who wins a presidential election in the hypothetical.
"Come January, we don't even know if we can swear in a president; the military doesn't know who the commander in chief is. We're in an all-out constitutional crisis," Rubio said. "That sounds like something from a novel, or a dramatic presentation in the movies. How far-fetched is this given the capabilities of foreign adversaries?"
Both Nielsen and Johnson agreed the hypothetical threat posited by Rubio was real.
Wednesday's Senate intelligence committee hearing came a day after the panel released a list of recommendations to enhance election security, including improving communication between the Department of Homeland Security and state officials, "rapidly" replacing aging voting machines across the country and passing legislation in Congress to get states more money to improve cybersecurity.
That last recommendation looks to be getting some help as part of the congressional omnibus spending bill, which faces a Friday deadline for passage to avoid another temporary lapse in appropriations for the government. According to a source familiar with negotiations, Congress is set to approve $380 million for election technology grants that states can apply for to improve their voting systems, and another $307 million to help the FBI fight Russian cyberattacks. The funding development follows on the heels of the top Democrats on Capitol Hill asking last month for a boost in funding for the FBI and DHS in the midterms season.
While it's unclear where the election technology grant money will be allocated, Larry Norden, an elections expert at the Brennan Center for Justice in New York, told NPR last summer that it would cost about that much money — a maximum of $400 million — to replace electronic voting machines in more than a dozen states that have no paper backup systems. Replacing those machines has long been a priority for cybersecurity experts who warn that they could theoretically be hacked without detection.
Wednesday's hearing was the latest chapter in the committee's ongoing investigation into Russian interference in the 2016 election. Russian operatives targeted the voting systems of at least 21 states leading up to Election Day in 2016, according to DHS, and were able to successfully hack into at least one. There is no evidence, however, that any vote tallies were changed.
But DHS was slow in relaying all that information to the state and local election officials who needed it. It took the department almost a year after the 2016 election to notify the correct parties, a delay senators voiced frustration with on Wednesday, as local officials say they needed threat information as soon as possible to prepare for this year's midterm elections.
"The threat of interference remains, and we recognize that the 2018 midterm and future elections are clearly potential targets of Russian hacking attempts," said Secretary Nielsen. "To be clear, there has been a learning curve on the sharing of information."
Since that information sharing snafu, DHS has gone out of its way to try to bring state and local officials into the fold. The department began the process to get "secret" security clearances for three officials in every state, so the officials can view classified information, although, upon questioning by Sen. Susan Collins, R-Maine, Nielsen said only about 20 officials of the eligible 150 have received such clearances so far.
But, Nielsen added that if DHS is aware of a threat it needs a local jurisdiction to know about, it will offer officials from that jurisdiction a one-day clearance to be able to receive the relevant information. DHS offered a one-day clearance briefing last month, however, and many officials came away feeling less than satisfied with that briefing's depth.
The hearing spoke to the often tense and under-defined relationship between the federal government and the states when it comes to improving election security. States report security breaches to the federal government voluntarily, so DHS says it can't share that information with the public, or even with lawmakers, if it wants to encourage those states to continue sharing which, in turn, allows DHS to continue to help defend against threats and intrusions.
"Americans don't expect states, much less county officials, to fight America's wars," said Sen. Ron Wyden, D-Ore. "The Russians have attacked our election infrastructure. Leaving our defense to states and local entities in my view is not an adequate response."
NPR Congressional Reporter Kelsey Snell contributed to this report.