Including Building Infrastructure security and foreign attempts to shape public debate through disinformation and online commentary. This is an hour in 10 minutes. Like many other think tanks we are doing more and more work in this space, information particular and just this month we published a giving some policy recommendations on how they can counter russian Information Operations so if you havent seen that please take a look, it is available on our website. Last month we rolled out a cyber , the websiteacker you might have seen when you walked in. It is a list of publicly reviewed cyber operations, it goes, dock thing back to 2005. We have approximately 200 known to addts in the plan is more as they happen and as they become more known to us. Please check that out, it is updated every quarter. If you have an incident we dont know about please let us know. Find me today if you have ideas and suggestions about how we can be helpful in this space, what we should be doing, if we are doing things we shouldnt be doing. Thanks for spending the day with us today. Good morning, everybody. Im sam price from cnn and we are going to have a conversation this morning on hacking into our election systems. The next panel, the 10 00 a. M. Panel, will focus on attackers and how other mischief makers are trying to influence Public Opinion and influencing the public and how that might change votes, but this panel will focus on how mischief makers might try to change votes. We will talk about the security of our election system, Voter Registration, tabulation, and if you think back, hacking here or hacking there but can they really impact an election, just look at the election that happened last night in atlanta. If you are not familiar with what happened, it is yet undecided. The democrat is ahead at this moment by 729 votes in one of americas largest cities. Any mischief could affect any election. Who happensanelists to be the secretary of state of indiana told me about your race this morning in her state that was decided by just one vote. Id like to start by introducing our panel, Connie Lawson is the secretary of state in indiana right currently to her is an associate professor of computer and Information Science that recently helped organize the desk on machine hacking experience to test the vulnerability of election Voting Systems. To my right is the director of the Cyber Security project at the harvard belford center. Michael previously worked at the director of plans and operations for cyber policy in the office of secretary of defense. Thank you for joining us. We will spend about a halfhour having a conversation, and at about 9 15 we will open it up and have you all ask questions for our panel and will continue the conversation until nine clues 45. Until about 9 45. Connie is responsible for the Voting System at the state of indiana, and works across the country. So would you describe our Voting System, in your opinion, as currently safe from hackers and mischief makers, or are you particularly concerned . Where do you fall . I know, first of all, people in the audience have heard this before, there is no evidence that any votes were tampered with in the 2016 election. Security hasion always been priority of secretaries of state, and i that everythe emails chief election official received in august or september changed the way we do business. We are making Cyber Security a priority and we have done a number of things working with the department of Homeland Security and the fbi to make sure that we get the information we need. The number one activity since for the election secretaries of state have been to improve the communication between the intelligence agencies of the United States and we as chief Election Officials can get the information we need in order to prevent and or react quickly if there should be a cyber attack. Im going to put you on the spot. Are you comfortable at this point knowing that no system is perfect, but are you comfortable knowing that we have done as much as we can do . Are you comfortable that if there were an election tomorrow in indiana, it would be safe . If you say you are comfortable, you should be worried. I will never say i am comfortable, but i am always going to say i will be vigilant. I do to leave we are doing everything we possibly can in indiana to make sure elections are safe. I am very fortunate, not every state has the support of the General Assembly. My assembly appropriated 1. 4 million to make sure our system is secure. We migrated our data, we have done a number of things to secure outward facing websites, we certify our Voting Machines for use, we have what we call the Voting System technical oversight program. We know where every machine, every type of machine, every serial number, every tabulating machine, we know where it is. I feel good about what we are doing. We have been told by dhs and analyses centers that we have been doing the right thing. Matt, do you feel good . Isi feel good that connie doing the best that can be done,. What i worry is that the best that can be done is almost certainly not good enough today, or the honeymoon is going to end very very quickly,. A little bit of background from my perspective. I am a computer scientist, a technologist. Teams i lead teams contracted by the states of california and ohio to do a top to bottom review of their system technology, including the Voting Systems and backend systems from the vendors used in those states, which turned out to be the same vendors used in the other 49 states. 2007we discovered int is that these systems were riddled from top to bottom with exploitable security vulnerabilities in virtually every component of the system. Some of those vulnerabilities were coding errors, bugs in programs that can be fixed, some were more architectural, particularly in the socalled e touchscreenth Voting Machines that record voter selections electronically in their internal memory and the systems that process those. That thisgly, we know can be exploited and in many cases they can be exploited with no more physical assets that you would need as a voter or poll worker at a precinct, but there has been no evidence that they have actually been exploited in any election. We have to walk a fine line between saying, look, this technology very desperately falsely be improved and telling people that our elections are illegitimate. I dont want to say that our elections are illegitimate, but i dont want to prove that they arent, because in some of the cases the technology we are using doesnt really tell us, and that concerns me greatly. Michael, what do you think is the biggest vulnerability of the Current System . First, thanks to the council for putting this on and for having us here. I was at dod, so i never feel good about anything. I never feel comfortable. The challenge that strikes me is risk reduction, not elimination. You have to set your standard in some way that is reasonable. You are always going to have some level of uncertainty here. The challenge and the opportunity is to reduce that risk as much as possible. It is nice to hear the General Assembly wants to help you do that with some appropriation. The challenge that i see is that it doesnt take much to have an effect on the vote count. We dont need to have National Wide intrusions. Reducing the risk of gaining unauthorized access, that is the risk return, gaining unauthorized access. You do that in a couple key jurisdictions and get the timing right, you can change accounts. You can make things more difficult for the folks who are trying to make sure that our elections are conducted in a way that is High Integrity as possible. You can really complicate that effort in just a couple key ways. That is my perspective on it from my experience, it doesnt take much but we have to reduce the risk. Make sure thatto everybody understands that the last election we questioned was when we were virtually using paper and punch cards. If you think about the way we do elections today, i have been a county clerk, and i have been on the ground and run elections, and i will tell you that there are security measures that are local Election Administrators taking that make it very impractical for someone to get to our voting shoes. These machines are kept under lock and key, and most of them of. Theisual scanning facility we know who comes and goes they use logins, so we know who comes and goes. We do public tests, and once the public tests are run before an election, and we know votes are recording properly, and that there are no votes that will be present on election day before someone comes to vote, those machines are sealed. When a Bipartisan Team arrives on election morning, they cut the seal from the machine and a record the number. One of the first things the Election Administrators do at night when they get the results from the precinct level is they look to make sure that the serial number on the law that was cut off the machine is the serial number that was placed on the machine after the public test. Team a bipartisan delivering these results is it possible . Yes. Is it practical . I would say no. Aspectse many physical of these Voting Machines in tabulation machines that have ween place for years dont put them out in the middle of the courthouse and say have added. Election,ed the 2000 35 days i will never get back. As a result of the florida recount, the federal and State Government spent billions of dollars to help replace many of our election machines. The florida system used punch cards and paper ballots, which are not always easy to read. Largelacing them to a extent these electronic touchscreen ballots that didnt have paper records at all, they were completely electronic. In indiana, what percentage are those machines . We have 92 counties, and there are 50 plus that use the dres, but the ones we used to have a paper audit trail inside the machine, a mere image of the ballot. It is not voter verifiable paper trail, but there is a paper trail. Debacle makeorida things worse . It made them different. Us from aally shifted system in which you could have very vulnerable to smallscale which mishaps to one in smallscale retail mishaps probably have become less critical since help america vote paid for that by exposing ourselves to catastrophic failure in ways that we previously werent. Our elections are far more dependent on the integrity of software, and that is something that we simply dont know how to do. So if we had all the money in the world to design our system today, what sort of equipment, machines, system if you were in charge of voting in the United States of america, how when you have americans vote to get us the safest possible outcome so that at the end of the day, the day after or week after election, the losing candidate or anybody else cant come in and question it . I would hire matt. [laughter] thats a fine idea. [laughter] things, you have got to have paper to have an audit trail on every machine, and you have to have a way to turn off the wifi. Im with you one physical access. Aboutt have concerns anybody rolling into the courthouse and having adequate, but wireless it, networks are a problem. Some of the machines we looked at we found couldnt even turn off the wireless, it was not possible. That is a security problem. Connie, if the legislature gave you 20 million, 200 million, what would you buy . I have no idea. I need the experts. But i would certainly be doing a lot of research. I would say the most important thing is education. A number of states, our governors have set up Cyber Security councils, and we have one indiana. We are working with local elected officials, running fishing email campaigns to educate them on what to notice, what not to notice, what to click on. We are working on multifactor access so passwords are stronger. Those are the things that we are doing in the state of indiana, and i think most secretaries are doing that as well. Id say that the very first election i ran as an election ministered or was in 1989 in hendricks county, indiana, and we use lever machines, which there might be one in the state museum now in indiana, but i itl tell you that wanted to make you feel very well if you saw the way those results were taken in. Wed get a written total from the precinct, and you have a tally sheet. I remember sitting on the floor with this huge tally sheet, and numbers get transposed, you are adding all this up it was a disaster. It really was. I think we finally ended up with a result that was fair and correct, but 2 00, 3 00 in the morning you are still working on these paper tallies. People are not that patient today. The worst thing we could do would go back to all paper. What we need to do is think about how we can make our Technology Work the way we needed to work. If you had billions of dollars what would you do, . In the oneny, im branch of Computer Science that has most of my time spent posting out how terrible Computer Science is at building reliable things, and we really are truly terrible at building Reliable Software systems. It is literally the first problem of Computer Science, we dont know how to build programs that dont have bugs in them. That may at some point in the future have a breakthrough that makes that less of a problem, but it has not yet happened. This problem is getting worse rather than better as we build larger and more complex systems. So what is the solution . That anyoneution has come up with for elections is a concept invented by a professor of m. I. T. Called Software Independence. That is to say, we are going to use software, it has all sorts of benefits to add computerized election systems, but we dont want the integrity of the election to depend on the integrity of the software, because that is simply a herculean task. So the technology that exists today, that has this property of Software Independence, is a combination of two existing things that we can do today. One is whats called precinct counted optical scan ballots, ballots where the voter marks a ballot, or maybe uses a ballot marking device, to create a paper optical scan ballot set into a reader at the polling place that records the selections and keep the tally and then captures the physical ballot and stores it in a locked box. That technology has the advantage that it maintains an artifact of the voters choice, that the voter actually marked. The second thing you need to do is make sure the software doing the tallying has not been tampered with or doesnt have bugs in it. That can be an issued with risk limiting audit, where you do a statistical sample of the polling places, do a menu will count of the paper ballot, and ensure that matches the electronically recorded results. If it matches, great, if it doesnt, you have a problem and you have to do more of the recounts. The issue of doing those things properly, this Software Independence property, it eliminates a wide swath of potential vulnerabilities that are really hard to counter and any other way. Britishched the election this summer, reasonably well developed nation, the united kingdom, held an election for parliament the summer. They used paper ballots, they are tabulated at each constituency, the people who voted for candidate x, a pile there, kouachi who were checking, they count and recount and write them all down, then someone stands at a microphone and reads off the results, never touching a computer. The only one who seems to add them up, they literally do the arithmetic but that is it. What is wrong with that . Isnt that foolproof . Why do we have to get fancy . Theres nothing wrong with that, but the United States are we just impatient . We are impatient, we are americans, we are an impatient people. But the more serious problem is mostu. S. Elections are the just a quick complex in the world. We vote on more contests on a single ballot, we have more different ballots, we have School Board Elections and the dogcatcher election and referenda, bond issues, and so one. In england, they are voting for a parliamentary democracy, a single representative in general, or may be one or two issues. Here, i vote on about 20 Different Things in philadelphia. Michael, you work for the department of defense. The word we have not said, russia. But that is the backdrop for this, at least right now. Do you believe that russians or any other bad actors, but we will use the russians, tried to hack our election, want to hack our elections, or are actively trying to break through all of matts fancy systems, or is this really something a problem we are overstating . Do i believe that a Foreign Intelligence Service would love to gain unauthorized access into systems that would reveal information . Absolutely. Would Foreign Intelligence Services love to be able to gain access to systems to try to change tallies . In their dreams, they would love that ability. Its hard for me to see a proposal being discussed in the kremlin and the Security Services and they say, no, lets let it go. We are not trying to hack their elections, are we . Who knows. [laughter] they may wants, to be able to achieve these outcomes, predictable and understandable. Being able to see the causation from intent to actually being able to realize an objective, that is the tricky part. It is not always that there is a dr. Evil plan hatched, and then everything falls perfectly into place. It is usually, lets see what happens if we try moving some pieces around the chessboard, see a bunch send a bunch of emails and see who clicks. Once you gain authorization to one system, what does that open up . It doesnt always work according to a playbook. Machines we have so far been talking about the Voting Machines, but connie, if you can walk through for those of us who dont count of votes at a local and state el, just walk me through if i am voting in indianapolis, i go into a polling station, i push my vote on the machine. What happens between the time i vote in the time the secretary of states website reports the total . Nalk me through the who is i control of those numbers and how does the vote the information about that vote move from my finger up the line. Once the vote is cast, obviously it is up to the Election Officials, of Bipartisan Team of Election Officials at the precinct level in indianapolis, to bring the results back to the county level. And in the county how do they do that . It depends on the type of machine. Dre, it would be a recording device. On the optical scan, it is as well. They bring those results back. Is it on a key fob, or do they write a number down . It is some sort of Electronic Device they bring back. Its run through a tabulation machine, theres a machine that reads the device, and the precincts are told together, and then the counties call the results, we call the county its not connected to the state in any way. One million, 200,000 votes in this county thats a lot. [laughter] someone calls your office on a landline . Yes. But the results are not final for 10 days. Are able to cast provisional ballots. They got to the polling place and forgot their photo id, we have a photo id requirement in indiana. They have 10 days to go to the Clerks Office on the county level, take their id, and a provisional ballot has been counted. And somebody on the telephone in your office heres the number, types it into a computer, and it gets published on the website. And that is how the world knows. That is how the world knows. But again, the counties have the opportunity to do their audit. They make sure the results are final, and they dont actually certify the results to the state for 10 days. If michaels friends in these Foreign Intelligence Services are trying to make mischief, what are the points of failure . We talked about the electronic Voting Machines, but what are the points of failure in in the secretary of states system from vote to report . I worry less about the secretary of statewide system, i worry about the counties. There are 3000 counties in the United States, roughly, about 2500 have responsibilities for running elections, which means we have somewhere in the neighborhood of 25003000 different local Election Administrators. Some of them are quite good at protecting their systems, some of them are less good. There is a pretty wide variance among them. And this has nothing to do with intentions or goodwill. This is simply a matter of widely different capabilities. To the extent that our Voting Systems have been secured, and we have seen horrible when we look, we see horrible, exploitable folder abilities. To the extent that they have been designed against the threat, it is a threat of conventional corruption, someone trying to get themselves elected mayor or sell votes or what have you. Nation state adversaries were not even in the threat model. When you think about the capabilities of a national Intelligence Service like the country,eally any they have capabilities that certainly include everything that a corrupt candidate may want to do, but also they are going to have additional capabilities. They will potentially do supply chain attacks, where the equipment that gets shipped may be tempered with before it is received. They may do attacks against infrastructure. May have Additional Resources and capabilities, but that is not the most serious problem. For most serious problem is they have an easier problem to solve than someone who wants the results to go one particular way. The state may be satisfied with disrupting an election, casting doubt on the legitimacy of the results, causing chaos on election day. And that is significantly easier than causing a determined result. They both have more capability and a wider range of things that may satisfy their goals. Michael, elections are run by states, they are run by counties, they are run in towns. Is this a policy issue for the federal government in the same way after the 2000 recount mess the congress got involved and we had billions of dollars appropriated for new election machines that are now causing another problem . Is this a federal issue, and if so, what should the federal government be doing to address this before the next president ial election . The federalism questions here are thorny, no doubt. I think that for the federal government to say federalism is too difficult so we are out, good luck, i dont think the federal government can take that path. What i would like to see is some sort of a playbook that the federal government could together for best practices and counsel. My colleagues at harvard put together a playbook for campaigns. I see no reason why federal governments couldnt provide an updated playbook for states and local authorities on these issues as well. So we saw at the end of the 6 election, the Department President obamas department of Homeland Security got involved in a different way. Do you feel like the current President Trump department of Homeland Security is interested in this issue, as interested in this issue, taking a leadership role, continuing how do you see them playing . Well, they are playing a huge role. The department of Homeland Security is working with the secretaries of state and other chief Election Officials on a number of items. First of all, every chief state election official is going through getting their security clearance, so that we can get up to secret, not topsecret, that secret information. I just received my interim clearance. In the next year will be the staff that needs that information. Amber two, we created government coordinated council so we could determine what level of what the definition of the Critical Infrastructure means for state. We had a government coordinating council, which is a large group of National Association of fatal action directors, the secretaries of state, Election Officials, dhs, all of those agencies involved. We are talking about all sorts of things, for example, communication. ,here are seven pilot states multistate information sharing and Analysis Center out of albany, new york, giving these states monitors so they can be monitoring Internet Activity on our election systems. Not all election systems are on the state system. It becomes little more complicated than what you might think. So we are doing the seven pilot states, and hopefully by the primary of 2018, every state will have a monitor on their Internet Activity so we can be informed. Do you have a sense that the Trump Administration is making this a priority . Are they doing what they need to do . How would you grade their efforts so far, knowing that we are still three years away from the president ial election . Its hard to tell on an administration level. We are just hearing some of the specific dhs people talk about how they want to be helpful. I think those folks who were in the specific offices they certainly see it as a priority. The question about how fast they can push through clearances, i would rather they be able to do a drug deal with the rest of the Intelligence Community to just declassify certain information rather than work through an entire government processed clear everybody. What do you think . How would you grade the federal efforts, and what should the federal government be doing well we have time . For civil, we are threeyear first of all, we are three years away, but 11 months away from the midterm, so there isnt a lot of time. There are extremely capable people in dhs, and obviously i cant speak to the administrations posture on this, but certainly there are very capable people who need to be empowered to to assist. Do you think they are empowered . I have no opinion. Ok. On that note, i want to open it up to questions from everybody here. Raise your hand and wait for a microphone. It will come your way, and also say your name and affiliation. Hi, the hoover institution. I have a policy question that is probably better for the later panel, but since we have everyone appear, i am curious. Given the ubiquitous nature of vulnerabilities, it seems to be that determines is not seem feasible. This question is probably more likely for you, michael. What is a good policy that says to adversaries, u. S. Elections are sacrosanct, and the risk is too high for other nationstates to get involved . If you arelenge is going to leave bags of money on the lawn overnight, and then try to deter and talk tough about dont come take that money, and then you were stunned when the money is gone, deterrence is not quite the model there. Theres a lot we can do across the board to bring the money inside, forget locking the door. No defense is perfect. I completely agree. But before you talk about deterring and imposing costs, you have to look at, are we really just talking about not wanting to put more resources into our architecture, a very unsexy thing, that would make it much harder to hack . Yes, maam . Thank you. Im the ceo of Foreign Policy interrupted. We havent talked about we have been talking about the actual voting, but we havent talked about what happened before the voting, and particularly facebook and social media and how people are influenced i am going to push pause, only because that is the next panel. This panel is really focused on voting, Voting Systems, and such but i do have a question for connie, because i think that this is something, not only on a facebook level or social media level, but what are states doing . Are they looking at this . Is this is something states are getting involved in . In looking at the influence of how elections are being influenced. No. I dont think the states are involved in that. Obviously we have known for years that foreign nations have tried to influence peoples opinion here in the United States regarding candidates and how they should vote. Obviously, we do voter outreach. We encourage the accessibility of our Voter Registration, our accessibility i think indiana may be the only state in the country that has an app called wayo, who are your elected officials . Everything we possibly can for people to get the correct information, but i dont have control over facebook or twitter or someplace like that that puts out the wrong information. Yes, sir, in the third row. Security, the to other election issue going on at the moment is suppression. Does the risk of technology impose risk in terms of wiping people off registration rolls and some of these other things that seem to be going on at the moment . Before people even get to the voting booth. Wehavent talked about talked about the Voting Systems but havent talked about the Voter Registration rolls. Lets talk about that for just a moment. Go ahead. And how safe connies systems are you happen to be here so you are the example how safe the systems are so that when someone walks into the voting booth, their name is on the role and they are allowed to vote, that a mischief maker hasnt erased my name before i get there. I have no idea whats going on in indiana. Is seen great and im sure your systems are terrific. This is definitely a point of vulnerability, particularly for nationstates interested in disruption. In many states and many jurisdictions, the poll book at the polling place is an Electronic Device. They are often security weaknesses, you are at best going to be casting a provisional ballot. How often are either of you how often is there a paper backup . If i walk in, even though the doesworker uses an ipad, he or she have a book under the table in case something goes haywire . There are 2500 different answers to that. Welet me just say that when were notified last fall before the election that there were two ip addresses that had been responsible for getting into the illinois Voter Registration system and getting into a small county in arizona that had allowed that ip address to have access to the Arizona StateVoter Registration system. We checked. Our photo registration system. From january 1 until that day. Havena has 92 counties, we 6. 7 million residents in the state of indiana, 4. 8 million registered voters. Million into 15 the system. The reason we had to check that many is because that is how busy the counties where. They were looking at petition signatures. They were registering voters. Candidates were filing their declarations. Declarations. All these absentee ballots, everything was going on. Thats how busy the systems are and thats why states are looking at things like multi factor access into the statewide Voter Registration system. We are implementing a timeline. After midnight, maybe it is just a supervisor of the election that has access to the statewide for registration. All those things were looking at. If i were to push that button in indianapolis, if i walked up and ipads quit working, is there a paper book i keep going back to paper. They would have a pull list. I would like to add one thing to that. Data breaches on the large scale our daily events. They dont get reported unless they are on the scale of equifax or the office of Personnel Management. Seennly reason we have not if we have not seen a largescale data breach , it is because know it has tried. Individual states and counties, whatever their best efforts are, are going to be no better than what the office of Personnel Management and equifax or any of the long list of equivalently complex systems that have been catastrophically breached our. We may be in a honeymoon where it has not happened yet but its only a matter of time. On that comforting note, lets take another question. Please. The microphone state your name and affiliation. Can you tell me how many commendablethat independent system you talked about . Or how many are working on it. Which state in your experience are the most honorable . Vulnerable . There are a few states that are using optical scans plus risk limiting audits. Virginia just decertified all of their dre machines. They have risk limiting audits. I learned recently they happened after the certification period rather than before so there are adjustments that need to be made. Colorado is a significant headway. There are a few states that are starting to pick up on this. They are the exception rather than the rule. The National Association of have aries of state winter meeting and we will be talking about risk limiting audits. We got the bell for center coming to talk about tabletop exercises and incidents response and all of those things are on the table. Its not like anybody is ignoring this. Those had been a definite priority of chief Election Officials prior to 2016. Its been a heightened priority since that time. When you go to an event like what is thet most important thing you are telling the secretaries of state . What are you saying that you have to do or trying to scare the daylights out of them, what is the message . Forear is a great motivator pretty much anything. In this case theres enough Awareness Among secretaries of state. Youve got to get new as you can use. Everybody now is geared up to the reality of what is at stake. The most helpful thing ive seen my colleagues bring to the table, Something Like a playbook. And actionable best practice that the secretaries and other colleagues can use. Name and affiliation please. Adam getty with ionic security. I spent the better part of the last six years of my life doing nothing but Data Security and data integrity for some highly targeted clients including the federal government. Beenhing weve discussing all morning is the security of the voting process. The intent should be that the constituencies of our democracy trust the results. Ultimately, that is the goal. While there is a lot that can be done and is being done to ensure the security of the system, security of the process, what i have not heard discussed is is there a way to have a common, private, only voter verifiable and reconstruct double audit overlay on top of the results that can ensure the trust and integrity of the outcome of all the lackings such that of integrity and the rest of it may not necessarily cause the a nationstate adversary might be seeking. Voter disruption or changing of the candidate. The audit is verifiable. Matt, i did not hear you mentioned computational overlays , random function overlays to do some of these things. Im interested as to why. Do it in english. [laughter] the basic problem is the systems that do that are extraordinarily complex. Our essentially make elections more dependent on the integrity of Underlying Software systems, particularly as part of the vote casting process. When you look at the overall usability of decreasing the confidence in our elections rather than increasing them. Its a really heavily over constrained problem. We want elections to have transparency, and we also want them to be to have a secret ballot. We wanted to be impossible to learn how someone is voting. We also wanted to be impossible to prove how we voted. We dont want people to be coerced into revealing that. Thats a difficult set of things to achieve. I think we have to rely on andng systems simple publicly auditable with processes that include the chain of custody of the ballot, a public Virtual World redo the risk limiting audits and so forth. In practice, that is likely to do much better than any fancy cryptography and i say that as a fancy cryptographer. You used the term risk limiting audit for a few times. For those of us who dont live and breathe this stuff, explain that a bit. The basic idea, once you have captured the paper ballot and electronically counted them, you want to make sure the software that counted those ballots has not been tampered with or does not have bugs in it, reporting an incorrect result. You sample the precincts from the various races, do a manual recount in every race of a statistically significant sample , and verify that what you hand count matches what you electronically reported. And you do it every time before the votes are certified by the secretary of state. And if you discover a discrepancy you have to do more hand counts. Is this happening in indiana . How does it happen and what triggers it . We dont do risk limiting audits right now but we have our working onem that. Weve had conversations with colorado. I heard on a called this week that new mexico is working on that as well. Were going to be doing that. Something i definitely support. I will say that after the 2016 elections, we had a Congressional District and a state senate race, both in a recount. We recounted an entire Congressional District. Were the same. People in atlanta maybe you for advice may be calling you for advice. Yes, maam in the back. When you talk about the federal policy and responses do you think the United States is doing enough to train the workforce of the future to design on the systems that will be the most secure . What can the u. S. Government do to get the workforce to do this . Your mr. Policy guy. Great question. I dontent is not think the government is doing enough. Its not that there is ignorance about it. The biggest problem is, there is no singular set of skills that will solve everything or equip everyone to do everything technical. As a lot of this kind of information that you can learn factually. Dare i say youtube videos to learn about how different systems work. You said that for her. Youtube. Exactly. Are some types of skills that require a large federal investment to steer people toward. That actually does not need to be the way to solve the stem crisis as a whole. Question . A comment on the question of federalism as a possible constraint on the federal government passed responsibility. Governments responsibility. Ofa full dish article for the constitution guarantees a republican form of government each state. Concerns,on the discussion has centered around whether there is evidence of impact on u. S. Elections in terms of hacking the voting, or the results. What do we see internationally . There are a lot of other elections held and presumably subject to electronic procedures as well. The nationstate adversarys might have an interest in chaos and maybe in installing particular candidates anothers countries. Do we see evidence around the world that is relevant to us . Probably the largest country that uses electronic Voting Systems is india. They have a customdesigned voting machine. Question to been raised about the security and integrity of the design they are using. System. Paperless dre to a large extent, the u. S. Has been on the leading and bleeding edge of rolling out computerized. Technology i think we are seeing, we have to look inward as well as outward to see whats going on. I will also say the situation reminds me of Internet Security in the 1990s. Technologists were warning these systems that we have on the internet in general are going to be are insecure and going to be attacked. For a while people were saying you are just chicken little saying the sky is falling. Sure enough, the sky fell. We really have not been the same sense. The situation with electronic Voting Systems is similar to the situation of general Internet Security in the 1990s. The example you mentioned, there were issues in illinois and arizona in the last election. Did we ever actually learn who the hackers were . Who was trying to penetrate the systems . Has that been discovered and announced . I have information on that but i dont think i can say. I dont have my clearance. Just kidding. Whoever is watching in russia. I cannot say. Its a great question. You had me at article four of the constitution. , you canof where else look at where things are vulnerable and you can look at where is an attractive target for people who want to be in this business. This is eastern europe. The russians have an interest. Not surprising that they would be poking around. I think if there are aspiring grad students were watching, a good masters thesis could be trying to do comparative studies in the baltics, looking at ukraine, recent elections to get some travel support money and investigate. We are not done yet but i have yet to be convinced that any of these systems are superior to paper so far. As we have been talking for the last 45 minutes, paper sounds better and better. The idea that many or all of the systems in india are dre systems in the Worlds Largest democracy i have trouble by it. Yes, sir in the middle. Solutions. Ilient i would like to ask the panel questions. If there are similarities from the Financial Markets cyber precautions we take there, or the coming transportation markets will be looking at. Are there Lessons Learned from those that could be applied to the voting cyber issues . For my money, the Financial Sector has invested the most for the longest amount of time because they realized they had money to lose. Toy took it upon themselves defend themselves. I think the federal government is at the best type of relationship with an Information Sharing Analysis Organization managed by the Financial Sector. Theres some good lessons to be learned. You started getting across different industries. What has been the governments role in requiring different kinds of transparency . Reporting about intrusions. Some Defense Authorization language requiring defense contractors to report to the military when there have been certain intrusions. We can start to think about how transparency and reporting can lead to better practices going forward. I would also point out in the anancial industry, there is straightforward Feedback Mechanism that tells you how much you should be spending. We know how much you stand to lose and if you can do straightforward risk calculations that tell you what your budget or given exposure is , in the case of integrity of elections, that Feedback System does not really exist. Moretunately, we spend far on election campaigns that we spend running elections themselves. Operations are within counties. The budget for Voting Machines and running elections competes with budget for fixing roads and building fire stations. Probably the most important lesson we can take from this is we need to think about how much we value the integrity of election systems, understanding how much work to put into this. You mentioned indiana has invested some money recently, which is i presume a good thing. Do you sense the other 49 secretaries of state are in a similar situation or are more of them underfunded or not funded either at the state or county level . Is this where the rubber meets the road . I would say im very fortunate as the secretary of state of indiana to have support of the General Assembly. I dont know that its common practice across the state to get the appropriation i was able to get to modernize the system. As attention continues to be drawn to these issues, the states will step up and fund. There are some folks who would like to see the federal government step up as far as. Unding goes as well i guess this is really a question format. To what extent would we know if these things have occurred . There are cases of system inclusions intrusions hiding out for days in the corporate sector. In all the various things with and talking about, are you convinced that would secure against this sort of thing . The answer to the first question is, it depends. And a lot of the systems the audit trails are just as benerable so there may not in other cases there may be signs. We saw in 2016 there were indications of attempts. Say with the current design we cannot be universally confident that it has not happened. Its probably only a matter of time before it will. The combination of risk limiting audits and optical scan paper recordt of the voters gives us a pretty good assurance within a statistical certainty that the count of votes cast is accurate. It does not help us with the other piece of that, the disruption piece. Voter registration system. The same hard thing we do with any other online system. Training, put resources into it. The microphone is right beside you. Tim white, spectrum group. Is there a Critical Mass of public concern about the issues that you have been explaining this morning . Or in fact does the public not care or believe that the tradition of Electoral Systems in this country have always been nibbled around the edges. Ofhout that Critical Mass public orders, not press , but people really cant have much. No. I wish there was a broader mass. Its stunning to most at harvard. I guess the rest of the world is not my cambridge, massachusetts. , everyone is focused on it. Im concerned about a leadership deficit on this topic. Known wins political points by talking about it. You need a leadership level to generate that mass. It can be bottomup. It could also be topdown. To talk about how election is rigged before the election is difficult. When youre trying to actually improve peoples confidence and get the truth on this. You need to come to the indiana secretary of state office and answer the telephone and you would understand that people are concerned. Everyday. Ls about it whats going on, i just read in the paper about the russians hacking the state of illinois. His indiana good . Is their registration fraud in indiana . I get a report every week on the types of calls that come into an awfule and this is electionyear and i will say i have had just as manywillay i have had just as many calls regarding the security of our elections this year as i have ever had. Ive had more. I think the public does care. Following up on the question, is there not a sense that there is a politicization of this issue where some people feel concern about election reflects . Particular type of election how can we truly remove this from the partisanship and polarization that we have domestically . Moment wherea rare its more bipartisan than it has been in the past. The risk ison it looks like the people complaining about it are simply upset about the candidate losing. , we sawe 2000 election bipartisan interest that led to the passage of the help america arguably hadh significant problems and lead to bad technology. It was at least a bipartisan effort. Optimistic,e i am which is rare for me, were at another one of those moments. Approaching another one of those moments. You have somebody over here who has been raising his hand for a long time. I just want to go back to the comment that was made. Information theft issues . Is the risk just a risk of loss does in the data breach to you get ability to manipulate or disrupt . The goal of a nationstate adversary who attempts to breach a back end system would be disruption. Ensure likely to want to their future in continued access to the system. They may want to delete legitimate records, add spurious records to make it appear there has been widespread registration fraud, disenfranchised voters in some way that advantages them. Or simply cause havoc and delete everything. Caused systems not to be ready on election day. Particularly, when we look at ais from the perspective of rival Intelligence Service attempting information operation. We have to look at a Broad Spectrum of beyond merely leaking data. I would like to add that in june at a u. S. Senate intelligence committee, one of that was atary surprise to all 50 states because we had not been told we had been targeted. The language that we use is so important because what does targeted mean. , dhs said just because someone targeted or tried to get into a state cost data does not mean there was an actual breach and when we use the word targeting it meant they were scanning, trying to get in. It made us all very concerned. Indiana was not a state that was targeted. It took three or four months after that to find out the 21 states that had been targeted or scanned. Know of no additional states beside illinois and arizona who davidthe breach martinez, state department. I agree with the moderator that i failed to be convinced the us far that the safest and most secure way of guaranteeing the integrity of results would be returned to paper ballots. I also worked really and State Government in my home state of new mexico was able to observe polling in practice and saw that also present vulnerabilities. I was wondering if connie might be able to expand on what some of the cost, political, logistical and financial, a return to paper ballots would be. Image important point. We simply dont have the patience. There may be a political cost. Would be some of the other costs of a return to such a model . I think its a balancing act. We need the technology but we also need to verify what we are doing. The exactnswer question regarding you on the financial impact. One. Uld be a large i know the hours it took me and that first account election that i ever administered in hendricks county, indiana area that was a small special election. I cant imagine what it would be. In a canty in a county like marion county, i cant imagine what it would be. They count absentee ballots 300rally and they have over teams of people who count just the absentee ballots. Can you imagine what it would take in addition to that account the actual paper ballots . Day, papernd of the ballots may make it more complicated for the russians but they dont necessarily lead to a more accurate count, or do they . When you say paper ballots, going back to the stone age you are talking about the. Ritish system i think everybody in elections uniform world is pretty ballots. Ting paper optical scan has the benefit you get some assurance that your in the system and record is being made as you submit it. Thats an increase in integrity. The problem is we are also now dependent on software. Thats why you need risk limiting audit backup behind that. We are at the council of Foreign Relations where we always end on time. I want to try and end with a simple question as close to a oneword answer as possible. I will even give you choices. 2020,g ahead to 2018 and are you optimistic or pessimistic that the system will be materially safer than it was in 2016 . Im convinced that the threat actors will be emboldened. I am optimistic. Pessimistic. Perfect. Thank you very much for coming today. [applause] the next panel starts at 10 00. Thanks very much. Cspans washington journal, live every day with news and policy issues that impact you. Tuesday morning, minnesota republican congressman erik paulsen will join us to talk about tax Reform Efforts at upcoming fiscal deadline. Rhode island democratic congressman david cicilline. Cspanso watch washington journal live at 7 00 eastern this morning. Join the discussion. This morning , a hearing on the permitting process for Energy Infrastructure projects. The Senate Energy and Natural Resources community have years from representatives at the interior department and federal Energy Regulatory commission live starting at 10 00 a. M. Eastern on cspan3. Alabama voters go to the polls today in a special election to fill the u. S. Senate seat vacated by jeff sessions. Doug jones is running against roy moore. We have live coverage as the results come in starting at nine 9 30 p. M. Eastern. Watched cspan as Congress Continues work to finalize the republicans tax reform bill. A housesenate conference policy. E to work on live coverage wednesday at 2 00 p. M. Eastern on cspan3. President trump speaks at the Treasury Department on tax reform. Watch live coverage on the cspan networks and cspan. Org. Listen live with the free cspan radio app. Watch cspan3 thursday at 10 30 a. M. Eastern for live coverage of the fcc vote on net neutrality. The vote was to roll back at neutrality rules passed during the obama administration. 10 00 a. M. Ay at eastern best