WASHINGTON — The FBI will now notify state election officials about cyber breaches to election systems in their jurisdictions, even those that only affect a single county, FBI and Justice Department officials said Thursday.
The change stems from a belief that the "traditional policy did not work in the election context," an FBI official told reporters in a background call.
Typically, the FBI notifies only the victim of a cyber intrusion. When it comes to election systems, the victim is often a county.
But if the FBI only notifies local officials, "it may leave the state officials with incomplete knowledge of the threats," the official said.
The policy shift comes after a 2018 episode in Florida in which Democratic Sen. Bill Nelson said he had been told that Russian hackers gained access to some voting systems in his state, only to be accused of making that up by then-Gov. Rick Scott, the Republican running to unseat Nelson in that year's election. Scott said state officials had not been notified of any such breach.
As NBC News reported at the time, Nelson was basing his warning on classified intelligence.
Scott defeated Nelson. A few months later, special counsel Robert Mueller's report disclosed that Russian hackers did gain access to a voter registration network in a Florida county.
Sen. Marco Rubio, R-Fla., said in 2019 that intelligence officials, seeking to protect sources and methods, had issued only broad warnings to Florida's 67 election offices instead of informing the state of the specific breach. Gov. Ron DeSantis, elected in 2018, complained after taking office in 2019 that the FBI would not tell him which county's system had been breached.
FBI officials would not say whether this episode specifically prompted the policy change.
"We learned from a number of different experiences," the official said. "In looking at our experience over the past couple of years, we see that we can't treat every state the way we treat a large company."