Did the Russian government attempt to hack into voting systems in the last election? “No doubt,” Jeanette Manfra tells NBC’s Cynthia McFadden, warning that some information in the probe remains classified. However, the targeted systems did not have anything to do with ballots or counting, and the success was “exceptionally small,” the DHS cybersecurity chief says:

The U.S. official in charge of protecting American elections from hacking says the Russians successfully penetrated the voter registration rolls of several U.S. states prior to the 2016 presidential election.

In an exclusive interview with NBC News, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, said she couldn’t talk about classified information publicly, but in 2016, “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated.” …

“We were able to determine that the scanning and probing of voter registration databases was coming from the Russian government.”

That’s bad enough, but it doesn’t suggest that the hacking had much direct impact on the election. States have centralized voter registration systems, but the process for casting and counting ballots is widely dispersed and usually controlled by counties and cities, and takes place in precincts. The voter registration system controls access to the ballot system, but there has been no evidence of the kind of widespread fraud it would take to impact a presidential election. We haven’t had millions of people claim to have been denied a chance to cast a vote, for instance, because of missing registrations, nor have we seen allegations of the hundreds of thousands of extra votes it would take to sway a 50-state election. The Electoral College’s separation of risk on a state-by-state basis makes that a difficult operation to accomplish, if not completely impossible.

However, that doesn’t mean that we should shrug our shoulders at the risk entirely, either. Any kind of penetration into voting systems undermines confidence in the results, which seems to have been the point of this operation and others conducted by Russia in the 2016 cycle. We should take voter registration security issues seriously, which is one reason why conservatives have long argued that voter-ID laws are needed to ensure that those registrations don’t get hijacked at the ballot box — which might be one way in which a hack of registration systems could be used to impact elections.

Of course, states should also take steps to harden their databases against intrusion. Have they made much progress on that? So far, they seem to be waiting on DHS:

Many of the states complained the federal government did not provide specific threat details, saying that information was classified and state officials did not have proper clearances. Manfra told us those clearances are now being processed

Other states that NBC contacted said they were still waiting for cybersecurity help from the federal government. Manfra said there was no waiting list and that DHS will get to everyone.

DHS has an obvious role to play, but … cybersecurity isn’t sooo esoteric that DHS is the only resource for improving it. Voting systems belong under the jurisdiction of the states, and officials at that level are ultimately responsible for security. We do not need to federalize voting systems to make them secure, and in fact centralizing such systems might make them even more vulnerable to manipulation. After all, the federal government doesn’t have such a hot record at securing their own critical systems, as the year-long hack of the Office of Personnel Management demonstrated, among other notable failures.

States can — and should — have begun work on their own to harden their systems against intrusions by now. Any failure to move ahead belongs on their shoulders.