So its to you every thing were doing and initiative for the launch of this crucially important report, and you know, people standing at the podium safe in my crucially important. It really is. Hacking the election, lessons from the defcon voting village. Here the Atlantic Council we operate under the Enduring Mission of working together to secure the future. This has meant seriously because the founders of Atlantic Council desecration, one of the people who helped found this was dean acheson wrote the book of the International Double order. We see that order is being under threat and we see one of the things exposed that most of tht in the order we created is the advance and the protection and security of democracies. We believe a stable prosperous world depends on building a sustaining democracy, and democracy depends on the sanctity of the boat. In recent years this fundamental quarter to our system of record has come under threat. Unprecedented assault in the United States and europe are bringing scrutiny and uncertainty to once and vibrant electoral processes. We at Atlantic Council have been doing quite a bit of work in countering this information both within our Eurasia Center and in our Digital Forensic research lab, cutting edge work. We havent done yet work in this area so its a particular pleasure and honor to be associated with this event and the work behind it. In the current geoPolitical Climate, preserving or in some cases reinstating public faith in the integrity of security of our elections is more crucial than ever before. This can only be achieved if were able to protect the technologies, to protect the technologies underpinning our democracy. While much of the discussion over the past 12 months has focused on the russian link Information Operations with carefully timed a leaks, fake news, facebook ads recently, recent revelations have made clear how vulnerable the very technologies we use to manage our records can cast a vote in town of results with our, and thats new. We have alarming evidence of russian connected hackers successfully breaching electronic poll books and state and local voter databases in a lease 21 states across the United States this recently released by the department of Homeland Security. You have to understand how careful dhs before puts out this kind of information. The Technical Community including many Atlantic Council experts have attempted to raise alarm about these threats for some years. This some of the experts on todays panel and others concerned about the safety of the vote teamed up with the World Largest hacker conference, defcon, to host the first ever, and id like this, first ever voting machine hacking village. This determined group invited security researchers to probe to dozens electronic Voting Machines to dozens. Many of which are still in use today. The hackers were able to break into and gain Remote Control of the machines in a matter of minutes. These findings from the voting village are incredibly disconcerting. We Atlantic Council applaud the groundbreaking and tireless work of the organizers to shed light on these threads and this unsettling reality. We believe that transparency is about 80 of what is needed because you have to understand to know the threat in order to get the targets and others to take care of defending themselves. This is a this is a simply a cyy issue but one of the most pressing National Security concerns eating at the bedrock of our democracy. The councils own cyber team is proud to support this critical effort by taking representatives james link of an and will las vegas this july, the first sitting congressman to ever attend the conference and witness firsthand this voting village. We are honored to continue this partnership by convening todays discussion and look forward to assisting in the next steps that is crucially important effort. You may have read in usa today that a group is coming together to try to continue to work and continue to work around this and were proud to be part of that. Before i turn over to jeff for his remarks, let me take a moment to introduce our panelists. Jeff is the founder of two of the most influential Information Security conferences in the world, defcon and black cat, and hes a senior fellow with Galactic CouncilsCyber Statecraft Initiative and are Brent Scowcroft said on interNational Security. Ambassador looked luke is a former u. S. Permanent representative of and serving under president obama from 2013 20132017. Prior to this and after retiring from active duty as Lieutenant General after 35 years of service he served as the assistant to the president and Deputy National adviser under president bush as well as under president obama. We had a bipartisan ethos. Youve worked in real handson bipartisan manner. John gilligan is chairman of the board at the center for the Internet Security cookies are just president of the Schafer CorporationSenior Vice President , and chief Information Officer at the u. S. Air force and department of energy. Sherri ramsay is Senior Advisor to the ceo at cyber. International, engaged in Strategy Development and planning. She is the former director of the nsa css threat operations center, thats a pretty big job and pretty significant position where she led discovery and characterization of threats to National Study systems. Harri hursti is a Founding Partner of nordic Innovation Labs in one of the organizers of the defcon voting village. He has fast dating insights. I just took a little bit outside this room on this probably would talk about today. Is one of the world leading authorities in the areas of election voting security and Critical Infrastructure security, and as an ethical hacker famously demonstrated how certain Voting Machines could be hacked, ultimately altering voting results. Our moderate today is jake braun. Jake is a lecturer at the university of chicago and ceo of cambridge global advisors, and coorganizer of the defcon voting village. Jake also serves a Strategic Advisor on cybersecurity to the department of Homeland Security and the pentagon. So this is a heavyweight group, and we are looking forward to your reflections. Huge thanks for all of you joining us today and joining us online, and thank you for everything you contributed to this work. Lastly i encourage anyone in the audience watching online to take part in the conversation by following at ac scowcroft and at voting village of d. C. , but using the Hashtag Hashtag accyber. And now without further delay, let me turn the podium over to jeff. Thank you. Good afternoon, everyone. Im going to start with a little bit of a story to give you some context on how we got here. And then just a couple of thoughts on where i i think wee going. For those of you curious, we had electronic Voting Machines for a long time, and hackers have been talking about them for a long time. I think harri has been poking at them for 14 years. At defcon with one of our first speakers talk about this concept of blackbox Voting Machines more than ten, 12 years ago. So in the hacking world its not new. Whats new dell is the attention on them and the importance that they are now playing in our democracy. So how did we get here . I want to blame this guy, jake, blame him. Jake was this National Security coordinator between the white house and dhs back when i first started at Homeland SecurityAdvisory Council ps as i got to know jake, and he was with a passion about voting protection he was involved in the obama campaign. Maybe last year we were talking and jake still with his Voter Protection hat on is saying i bet these machines are just, theres got to be problems with these machines, right . Oh, yeah, definitely problems with these machines. I just dont know what they are but i can tell you theres got to be problems. So i start looking online and i look for reports and to look for studies and other for security analysts hearing these machines apart, and you cant find any. You can find an adverse report from 2008. You can find some very controlled report with the manufacturers got the researchers to sign in the aas and to limited testing over a couple of days but for hacker like that doesnt count. I want to see the pictures. I want to see like that concentrate relation of attacking these machines. And so i told him i i couldnt find anything but im sure they are just a disaster. And it maybe a couple more weeks with my entity said you know what, you should just get a bunch of hackers and tear these things apart. Thats a great idea. But were not going to be up to get any of these from the manufacturers. They are so highly controlled the first purchase, sales agreements. You were not going to give these machines for the software. What i started looking on ebay and sure enough, thank you, ebay. There were some to be found, right . We have to hear that harri will hack into later. So sure enough okay we get our hands on some machines and they are not that expensive because of these things never get update. Theyve been around for like a decade pixie can get these things fairly inexpensively, and then, and so i allocated some space. We guess and people together. We started ordering machines and a realized im not a voting machine expert. I can tell you about generalized security problems. I can tell you historically what kind of systems have had issues, but i cant tell you the ins and outs specifically. My friend harri, matt blaze, sandy clark and some others have spent more than a decade looking at the set okay, you get the machines and you get as the space and we will run the village. It was really fascinating because if enough in my with the defcon, we have about 25,000 people that show up. That divides into many different topic areas but as soon as we announced the voting village, i got state, local, county Election Officials contacting me desperate for information. I have these machines and have no idea what they do. I have these machines and i dont know if i can trust him at the documentation. Tell me what you find. So well try to get them to come out and theyre like i have no budget. I get travel. Can you just live stream people attacking the machines . I dont know how much this could help you but we will write this report and this will helpfully help you. So this report is a culmination of a lot of things. One, it is the first step in trying to change the narrative. As you will read, these machines were pretty easy to hack. This flies in the face of narrative thats been spun by the manufacturers, which is you have to be an insider, you have to specific knowledge of the technology. Random people are not going to be able to just approach these machines and acting. They will need to spend some time to study them and understand the context. We open the doors and 35 inside one of the machines fell. It turns out that Hacking Technology is pretty much Hacking Technology. If you look at defcon without automobiles, implantable medical devices, airplanes, physical locks, Access Control systems, internet of things devices, adult toys, atm machines. So chances are yes, yes were g to be able to hack your tenyearold election machine. The difference that is that it counts. Now people are paying attention. They were not paying attention ten years ago, and so the other thing is now with not a conversation i think between us and the state and local officials i think this needs to be more of a discussion at a higher, more National Security level here i was struck something the ambassador said which was essentially theres two ways to change a government. The bullet box or the ballot box. And i thought about that for a while and we spend a lot of money on the bullet box. We have nuclear triads. We have oversight. We are testing ranges. We have a large amount of money in technology invested in the bullet box. How much do we have in the ballot box . Pretty much nothing. It was only just recently classified as Critical Infrastructure. So they both are i believe equally important for all of our energy is in the more exciting bullet box. I think part of what were going to say is it really needs to also be the ballot box because this path is not going away. Its only going to accelerate. So three thinks made this possible. The first, we have a an exception. Normally you would be able to reverse engineered these things for copyright violations, and the manufacturers aggressively use the in situ takedown notices to prevent researchers from publishing results are looking into these machines. There was a threeyear exemption because last year was your number two pick next year is your three. It we can get that exemption renewed or in permanent position, researchers will just be able to think about this technology and really provide an independent view of whats going on. That was not ever possible before. Once we removed the fear of litigation and wood lined up an impressive array of lawyers waiting to defend us if anything happened, we felt pretty confident going to the conference if anybody is going to sue us were going to have enough resources to defend ourselves. This time with the dmca outoftheway would be able to defend herself. The second one was a giant storm that collapsed the roof of the building where a title story all the Voting Machines. The Insurance Company total out all the equipment in the facility, including the Voting Machines. And the Insurance Company owned the Voting Machines now. There is no and sale agreement. Theres no sort of ndaa covering this equipment. The Insurance Company didnt want it. They gave it away to a recycler, and electronics recycler, who then, now they have the equipment with no ndaa and no Purchase Agreement signed. So now we got her hands on these machines we can do whatever we want and we are not violating any rules, any civil law. The manufacturer contact them and said hey, can you please disassemble all the machines . Basically take them out of commission. He said sure. How much do you want to pay me per machine . We want to pay you zero. Well, would you like to buy all the machines back . Well, no. Okay, this is my number. Call me back anytime you willing to change your mind and he just started selling them on ebay. Ladies and gentlemen, the voting machine. And last a file agreed that we have this culture of hacking things, and exploring and publishing results. It was these three things, upcoming defcon, the storm, the dmca made this possible for the first time and really, thats totally unacceptable. We been using these machines for more than a decade, and this is the first time we get to actually look under the hood . That doesnt make any sense as a country. Something is wrong therefrom a policy standpoint and we need to really understand whats going on and how do we fix that. We cant run our country like this. When is the next storm going to happen, right . I really want us to think about that. With that said i like to hand it over to jake who is going to go into a moderate q a session within when were done will go to the audience and answer any questions you may have. All right, thank you very much. [applause] im just going to sit for the q a. So first off, harri, you and professor blais where the technical leads running the hacking village vote hacking village. So tell us, what did you find . First of all it was every machine we had is packable. That was not [inaudible] instead this is a learning experience where people can first time sink their teeth into the machines, find the truth themselves. What be like it was how many Election Officials came in and hacked the method to used to rn the elections. They really came, cannot go ahead. The other thing was the speed. A lot of time when we have come one of the of been doing it, these secretary of state commission studies, one has been of course, if you have few weeks you connect. First of all [inaudible] they dont wake up and hangover. They have election, lets do that now. They have time, but as mentioned the dmca, regulation and the rules, those other things like it took long time. Right now we had less than half an hour with the first machine hectic we opened the doors at ten. At 11 already one team came to me, 11 was supposed be the introductory speech. At the time one machine at all refill and at the time they got you did that, he said, well, can we show it . Can you make proof concept . No. I want to listen to the speech but i will come back. He went, listen to the speech for 45 minutes, came back. At the same time he was from denmark, so nonu. S. At the same time during the speech another team who were from Northern California hacked also. At the time when the introductory speech was over, already too machines had fell. This technology is very old. For a lot of people who were there they were not even born when one of these were conceived. One of the things that were immediate, people were asking for a tool in order to do because they were unprepared. A lot of the current tools action are not backwards, that much behind. This tool came to be one of the saving, cost 15 may be new but is enabling you to be burial technology. Some of the findings and theres so many things that want to highlight one thing which is we found vulnerabilities which have not been studied before because of the rules of the road of the previous studies. And those vulnerabilities put an unreasonable stress today nonexistent chain of [inaudible] it can be hacked anytime during its life and what you have acted its a persistent hacked and you cannot clean. The socoms to the [inaudible] we found all around the world, everything from mainland china, philippines, israel, geneva, theres elements and we dont even know the extension of that host country. What is the extension they have participate in the design and building of this . So if the chain of custody when its already been, put in use but how it came to become where came from, how you make certain the machine you get is clean to start . Those are my opening remarks. Thank you. So sherry, after spinning a long time at nsa, what are your thoughts on relevance, specially the supply chain side of this but also many of the other findings they had. Was to follow along on the comments you all have made, the person you want to do when you can look at this problem is figure out what the target . Is a something people would be interested in. And then what is the concept rather target can legitimately be hacked or accessed . Would take a year . Would take 5000 people to do this . Is is something we really should worry about or is this something that they could be done but not likely to be done. And in the last thing we need to talk about is would anybody be interested in doing it. There can be all kinds of photos of the but no one is interested in maybe we dont spend money and we dont spend common effort went about this. Lets answer those three questions when were talking about this. Obviously the specific target, the target my previous democracy but if you look at the focused target it would be the Voting Machines themselves. If you look at the companies, not that many years ago there were 19, 20 more Companies Worldwide who recognized as making Voting Machines, and who were big in that space, and people would buy voting machine something. In the last few years, just by a natural progression of economy of things that happened on the global scale, company submerged, companies are gone out of business. Today theres only three or four big wellknown recognize companies that build these Voting Machines that would be interested in purchasing and using for our elections. So just by that virtue we have really focused the target set. Its no longer hundreds or even tens. Its three 04. That was a very specific limited target set that it adversary would need to go after. The second thing is, lets kind of look at how could this be done. Is there a realistic way to do that . If you look at the Voting Machines as well as, in fact, look at our laptops come look at your cell phones that many of you using now, watches on her arms, childrens toys, our refrigerator, what are all missiles, airplanes we going to you talked about a lot than that bennet defcon. What do they all have in common . They all have in common they are built of hardware kits like this one, and they run with software. I think as you both mentioned, in a lot of ways its not even specific to the voting machine. Its hardware and its software. Theres chips that are manufactured globally because of the global economy, and we dont know where all the chips come from. In fact, that many of them come from the u. S. They, most of them come from outside the u. S. Primarily for cost purposes. So that is kind of this natural approach is to hack the software which is been done for years, but even more so, hackers are turning to look at hardware for a number of reasons. A couple of them are hardware hacks can be more persistent even get a software upgrade, the malware, the firmware will stick to that. Also oftentimes we think things are not connected to the internet are oftentimes when we think they are not they really are by the way. In the off chance they are really not in somebody wanted to get into this device and perhaps take data away from it, eccentric data come back to find a a way to get it out. If they do a hardware hack, a hardware implant, change the firmware, change the chip, now they have created a path for them to put the data out. Ill say more about that in a moment. Because of the global marketplace, because the Voting Machines as well as many, many other things, maybe everything is made of just hardware and software, the concept rather do this is actually pretty wellknown and relatively easy as weve seen. So this kind of come with tweeted this opportunity. So who would want to do this and who has the capability to do this . We can look at a a number of nationstates who have been trying to influence the u. S. Elections for years. They have just been doing it in other ways. Now we have given them in thiso particularly do that. But perhaps theres other elements as well, criminals, terrorists groups. Many of them are generally accepted i believe by the community in the know of having the wherewithal, that is, the sophistication, the money, the wherewithal to actually pull this off. Use okay, still its hard. How would he do that . They would have to do one voting machine at a time. They are spread all over the country. Not really. If you go back to the limited target set, theyre coming frm four different manufacturers and the supply chain is a great kind of infection vector for them to do that. Even within the supply chain there so many opportunities. It could be done with an insider just for money. They could care less about the u. S. We just paid them off. Change the former, change the chip process, change that software. And fighter could affect huge, huge numbers of chips and things which we go into the Voting Machines as well as other appliances as well. Also if you think about it, its just a software hacking, go in and hack the infrastructure, the Software Development infrastructure of the companies that of helping software for the machines. And actually at the very beginning put the malware in so that when that software is downloaded on the machine it already has the malware inside it. These are things that read the newspaper today, were seen this done every single day. As, the fog light is on the Voting Machines special . No. Theyre really not. They are hardware and software and weve demonstrated that this can happen. This kind of come if you follow logically this scenario, each one of us should cause us to pause and be concerned about the elections and a processes and these Voting Machines of the future. Thank you. So, mr. Gilligan, as the entity or the head of the entity that helps enhance the cyber studio scale local governments, you are the ones that administer our elections, what are we going to do about this . Well, jake [inaudible] what id like to do too maybe set the context was it was mentioned that i was chief Information Officer of the air force some time ago, and ill tell a story that to me helps put in context what did we in the center for Internet Security do. And that was in the say used to come in annually and to a penetration analysis of each of the services, the efforts being one, then we would get a debriefing. Im sure are a lot better today. Back then my biggest fear was if anyone was sitting in that room who was on the outside, i would be fired immediately because nsa was very successful in penetrating our systems. So i i went to nsa and i said s is not helpful. I need to know where to start. And so nsa came back after a a month and half and they said nobody had ever asked this question but usually helpful because we got our off into teams and are defensive teams together, and they put together what they thought were these are the areas that we see that are exploited or that we exploit. Now, i only paid attention to the first part of the greek because they said 80 of the attacks have as an origin misconfigured software. The software thats not configured initially properly or hasnt been patched. That was 80 . I said thats what im going to start, and we did. I give this story as a way of getting some context to the center for interesse could is focus on what we call best practices, and configuring software, patching, knowing whats on your network, controlling administrative privilege, auditing, et cetera, are all what we call basic hygiene, good practices. They truly are effective, those types of practices against the majority of the attacks. The philosophy being why do something sophisticated comp some examples were given, if you could just get on the net and go after the misconfigured software . Equifax is a good example. Equifax is a good example as well because the software that was exploited is an open source software. It does not have a supply chain issue and it is often embedded in other products, as sherri mentioned. So this gets to be sort of a complex problem. Anyway, the center for Internet Security focus on best practices. We provide, we take commercial versions of products and we come to a collaborative process we define what should be the secure configuration. We disable those things that have high security risk. We enable control that will ensure we have better security. And we promulgate those. In addition, we have developed what we call the set of controls. Its the basic hygiene activities. There happens to be 20 of them. Our view is if an organization focuses on these, they are addressing the most Common Threat patterns and he will be significantly more secure. So our effort internally is going to be to take the elections ecosystem and to develop a set of best practices, a handbook for best practices for election systems. We were going to do the followg our normal process in sort of a collaborative manner. We have about four or 500 people currently who collaborate with the spirit we will expand that horizon of it because there are a number of those who have specific expertise in election systems and will invite them. Will invite dhs, invite the elections assistant commission which has responsibility for action focusing on the Voting Machines themselves. Were going to invite the National Association of secretaries of state and other Election Officials to participate. And if you being lets get together and very quickly by the end of this comes your produce a set of best practices that ben will be given to the state and local governments. Effort will complement what the elections assistant commission is developing presently with the National Institute of standards and technology they are developing was called voluntary voter systems guidelines, version 2. 0, which is updated version trying to address a number of issues including security. That effort were going to undertake immediately. Obviously aced on the back of the organization focusing on best practices weve got a pretty good handle on foundational efforts for this and we will move forward. The other half past jake mentioned that we where in the center for Internet Security is better dhs oversight and funding, we provide security to state, local, tribal and territorial organizations. We have about 1500 members. We provide education. We provide security monitoring bolded the assessment. We provide Incident Response could capability, alerts and warnings. In addition, as part of her education campaign, were going to increase her emphasis using this handbook on election systems in conjunction with our of the best practices activities to try to see if we cant use the emphasis that when you have on election systems to improve security really across state, local, tribal and territorial organizations. Fantastic. Jeff, can you tell us, what are you guys planning for next year at defcon . Version two, so next year as last year under the dmca. Harri, when we find out if he gets renewed . The first application time is already over. I do not off the top of the head know my schedule. Last year we had, that was in may when we had the last so we might know if its going to be extended or not. We will be able to adjust what we do next to her, but idea is we want to get our hands on, the part that are hard to get her handson is a Backend Software that ties the Voting Machines together to tabulate, to accumulate votes, to provision of voting ballots and to run the elections and to figure out a winner. And boy, we really want to have a complete Voting System to attack the people can attack the network. They can attack the physical machines. They can go after the databases. This is a mindboggling part. Just like this is is the firste this is really been done with no ndaa. Phish have been a test of the complete system. This is mindboggling. Kerry can probably tell you ten different base of all stories while thats been but but i wod love to be able to create any kind of a complete system. It doesnt have to be the most uptodate complete system but thats what were in the corporate we want to have a complete system so its just one less thing people can argue that because we can say see the look, did hear. So everything from the voter walking to check in to the database can hide register the vote. Neglect the attendees want to play, the Register Online Center in the database, do we keep the database online just like a county would in the maybe people attack that before the show and then we would have a poll books and voting and the tabulation and everything. And so were going to with a success, we are going to try to invite some of the manufacturers to see did want to help us out, did want to providing best practices that really its just been crickets in the area. I think scrutiny the manufacturers have read and theyre not quite sure what to do. Thats a pretty routine response to we saw that from the medical device world, our world, Access Control, atm. When these industries first, contact with hackers, and people who are giving an honest opinion of the technology, they pull back and tied for a while. Once they figure out your not going away we are not going away and if you do a good job will tell you that, also. If you do a poor job well say hey, please thickset. The best best part is its free and you getting some of the worlds best hacking doing pro bono work eating away reports for free. Normally its thousands and thousands dollars a day and theyre just doing it because they want to see whats possible. I tell them take advantage of this free resource. Learn what you can. Before let me follow up. I think this is worth repeating. In the studies which have been made by ohio, california, none of the philly have had everything. Nothing for such a they can concentrate on Voting Machines but even if you look at the Voting Machines in defcon felt we look certain part of the voting machine which we had looked in the studies. So these kind of comprehensive, this is the election office, lets take a look for how to do that. That has not been done ever. In 15 years. Yes. Well, longer than that. The other thing what you want to point out, [inaudible] we just got back from it is the defcon of latin america in buenos aires. The same problems we are talking here are right now in argentina, this is an international problem. We have a different flavor of democracy but we have a singular problems with electronic voting. This is really an international movement. That is a great segue to our next speaker. Doug lute. Thanks very much. First to fred kempe Atlantic Council are hosting us today, and it strikes me, read, you done an excellent everything. Youve brought together to communities that reside in the country but especially in washington that dont usually meet for lunch. These are the technical experts, the hacker communities come sometimes you can tell by our dress, and the diplomatic National Security community. We got all in the same room which is really important because that merger of these two communities really highlights my main point today, and that is that the technical vulnerabilities that were just described are really i think given the 2016 experience raise this to a National Security issue. In fact, in my over 40 years of working on National Security issues, i dont believe ive seen a more Severe Threat to american National Security than the Election Hacking experience of 2016. That may sound extreme but when you consider the fundamental connection which could have been compromised, and may have been compromised last year, and this is the fundamental democratic connection between the individual voter and the results of the election, if you can compromise about you dont need to attack america with planes and ships and tanks. You can undermine democracy from the inside. I think thats really the nature of this threat. Todays session is not about the forensics of the 2016 elections. I have confidence. I think we as americans should have confidence that the multiple investigations that are underway will reveal the full impact of what happened in 2016. The forensics will come out. We do know this much we know that russia tried to influence the election outcome last year in the favor of one candidate, and we know at a minimum they tried to discredit the outcome by casting doubt on its legitimacy. Thats enough to get started, okay . Why is it so serious . One the questions that sherri asked was so who cares . Who would want to do this to us . We have a least one answer based on the 2016 experience, and that is Vladimir Putins russia. Let me make five quick points about why the 2016 experience is worth paying attention to. First of all this is a National Security issue because putin has dinesen successfully that he can do this. In military terms a threat is a combination of the capability and the intent to use it. Thats the end of end of the s. He has the capability and he did use. We are both capability and intent. He influenced our political process. He casts doubt on our democracy and, frankly, look at washington today. He added to the gridlock the political gridlock in washington today, all at very low cost to him. In military terms this is a classic definition of a threat. We would never accept, we would never accept this level of vulnerability in any of our traditional National Security systems. Think about the military commandandcontrol system. We would never accept this. The targeting system, our intelligence systems, our weapons control systems, the system the control of nuclear weapons. We would never accept the vulnerabilities that was exposed at defcon this year. Weve got work to do. The second reason this is a National Security issue is that russia is not going away. This wasnt a oneshot deal where they tried something and theyre onto the next target. Vladimir putin can be in office until at least 2029, and even when he is replaced someday any successor russian leader would likely be attracted to similar tactics to inflame russian nationalism and weaken his international opponents at such a low cost. So they are onto a tactic here that a think will stick. Russia learned a lot from what i think were a series of probing attacks in 2016. My guess is they were somewhat surprised at what they learned. Much like some of the participants at defcon. They were somewhat surprised at how out of that the technology is and how vulnerable it is. I think we should expect the next attacks will be more targeted and even more sophisticated. So the russian threat is real. Its here to stay, even beyond putin. Third, this is a National Security issue because others watched. Others were observing what happened in 2016. It russia can attack our elections, so can others. Think about iran, north korea the socalled islamic state, and others. Fourth, this is a National Security issue because time is short. The 2018 and 2020 National Elections are really just around the corner. 2018 elections are 13 months out and were just disclosing today by way that the end of the defcon report just how vulnerable the systems are, and we got essentially 13 months to harden our democracy. Harden the process. And finally this is National Security issue because other democracies are portable. That panel mentioned democracies elsewhere but democracies in europe, democracies in south america are also vulnerable and the same democracies make up our community of our closest allies and our closest international partners. This isnt an america only vulnerability. We know for sure that russia has attempted to penetrate and corrupt other endocrine electo. Think about the French Elections in the spring, but long before that the elections in ukraine, processes and georgia, major attacks on the Baltic States and so forth. So for these reasons, all these reasons, the security of the u. S. Election process should be a top National Security issue. Now look, im not the expert here on the process and voting and the machines and the hardware and the software. Thats not, we have those experts here. Thats not me. The good is about that with these experts assembled we pretty much know what we have to do. Weve got to get that set of best practices that John Gilligan mentioned out to where the rubber meets the road in our voting process. That is literally not only to the 50 states in the union but also thousands of voting jurisdictions across those states. So weve got a lot to do in a short period of time. We agree and we commit to you today that this group, this informal coalition, will convene and within two months come back to this community, this joint community with best practices. This has to be a nonpartisan, bipartisan effort. This is not about party politics. This is about our fundamental rights as american citizens, and about the health of our american democracy. Look, over 40 years as a military officer or as a diplomat, i didnt question the sanctity, the validity of my vote. Like me in military and state department community, the Intelligence Community we often voted by paper ballot because we voted by absentee ballot. I see a lot of heads shaking in the room. You complete your ballot, you sign the back of the envelope and mail that sink in. And, frankly, for 40 some years that was enough for me. I believe that i had then my civic duty and i had confidence that that vote was going to count. Over the last 12 months given the experience of 2016, i dont dont feel that way anymore. And i just challenge all of us to think seriously about the challenges that we now know took place that were attempts to compromise and corrupt our fundamental rights as a voting citizen. So look, its to get this fixed. You got to secure a Voting System as a National Security priority and this report, this report is a first start. So let me turn it back to jake. [applause] thank you. Were going to open up for questions. I want to highlight three points that the panelists and speakers made that i want to make sure everybody takes home within. Ask dougs wife likes is a what if i go to an event i want to either learn, no, reduce on the come out of it. So heres the three things you can either learn, know or do coming out of this. Number one is there were dozens of successful attacks into the machines. They are outlined in the report. The one that we really want to highlight that came out of a lot of research that was done on these machines after defcon was with parchment all over the world and software made from all over the world and usher said theres only three or four manufacturers, the one core. That kind of elections could experts and others have been making about wife are both your seat is the decentralized nature of our Voting System, the thousands and thousands of voting offices around the country that in this election is what kate assay physique is russians we need to have operatives go get physical access to machines, actually infiltrate the election. We now know thats false, and that through a handful of simple attacks into manufacturers not in the United States, the russians could plant malware into thousands of machines all at once and hack the entire u. S. Election without ever leaving the criminal. Thats important finding number one. Number two is i think what jeff said, which is especially if youre an election official think you can do coming out of this is contact the folks at defcon and offer to give out your machines, your databases, give them access to whatever else you want tested and as jeff said this is essentially free testing and training for your staff, and that would normally cost you billions of dollars to purchase on your own. Ensure that state and local governments implement them. With that, i will open it up to at the end. [inaudible conversations] yes. Hello, susan greenwell, ansari, i didnt know if youre pointing at someone else. Verified voting, thank you all so much for this. This is so important and critical and i was so privileged to be able to attend the devcon conference and participated in the lectures and it was amazing on this and i wanted to raise awareness of how important this information was as a translated two states going to secure their Voting System. As some people may know the state of virginia recently transitioned all of their voting equipment to paper ballots and they did so because of some of the vulnerabilities that were disclosed in the def con conference. They reached out to us and we helped get them information and letting them know what was down and they were able to go and provide that information to the state board of elections. The state board of elections was able to take that information and understand the security vulnerabilities and move to transition and paper ballots which is a resilient and transparent second protect us. I wanted to thank you for saying this transition into realworld change. Fantastic. Professor altman, your question . Im alex halderman, professor at the university of michigan and i have been working on the problem of securing election infrastructure for about ten years and i want to offer a couple of reflections on this absolutely fantastic set of achievements that has come out out of the def con. First, this is absolutely a National Security problem and i think that is the biggest thing that has changed when i started working in this field and say. We started in about 2007 thinking it is possible that some people might tamper with a few localized elections systems but statelevel attacks, nationstate attackers, changing a national up result sounds like Science Fiction. It doesnt sound like Science Fiction anymore. The Voting System as we have seen in many, many studies the past ten years is vulnerable throughout the technical infrastructure and the infrastructure is a decades out of date and there are all kinds of ways that a attacker might come from is putting from it. What the def con results do in my mind is an amazing confirmation and extension of all of the different work that has shown the machines to be vulnerable and now even in machines like the accu vote ts x here that we have studied in the past they are yet more vulnerabilities being found by studying at def con two. These machines are broken to the core. In terms of the solution and i think the best practices that will be developed by this new initiative are going to be a plastic step towards helping states secure the input structure but the one other component that is just so critical and part of the center of the solution is low tech and that is to make sure that we are voting using paper as about 70 of the country already does and that we are looking at the paper to know whether the computer results are right through postelection audits. These are two simple and lowtech steps but as President Trump himself said on election day there is Something Really Nice about paper. You dont have to worry about hacking and by taking the simple and low cost steps we can go a long way to protecting against so many different threats in the sphere. Thanks. Yes. I actually have two questions about the technical aspect of the report. The supplychain problems which you brought up, beyond creating chaos in the election can those be used in any way to target a specific election . Well, first of all, the short answer is yes because if you have a persistent hacker out there that is your universal door your only question is what is the common structure and one of the easiest things is actually the name of the candidate on the ballot because you cannot change it. You can use multiple ways of mitigating and using [inaudible] my comment would be just assume all you can do is create chaos. We know theres more than that but just to have even a little chaos would cause such a loss of confidence in the election system thats that would cause people to walk around and say is this legitimate and even if it really was just the fact that people are questioning that is hugely damaging to our National Security and to democracy in general. I thank you dont even have to go past greeting the chaos for this to be a significant problem that we need to Pay Attention to. s are, and it mean to assuming that that either the companies charged with maintaining the systems or states maintaining the systems follow best practices the back doors would still only be accessible via usb attack and mia just trying to get the sense of the let me answer to things. First, i think we have to rethink our model. It has to be [inaudible] the tech model has not been because [inaudible] people are not asking what are all possible reasons. For example, if i know there is no [inaudible] on wednesday there will be a stock Market Reaction and if i can bet on that i can make a huge amount of money so there is a humongous opportunity for a tech causing chaos. Again, the other answer which is those machines do have a usb port and the other thing is the full statement there is wireless. Whatever is the option you have with one of the important pieces of information which came out is that there is a new generation which use wireless modems, connecting to horizon. What could go wrong . [leftsquarebracket the theory is that we have found as a community that this information has been in public documents and never disseminated and its already backing and so you dont need to have a physical usb and district. That was my second question because its a report of the one machine and one brand machine that had the wifi remote we are hoping for another storm that came in and imagine the machines that connect to verizon and. You probably want to [inaudible] there is a scanner machine where one of the wireless capability and you want to come in on that. [inaudible] they were involved more than i was. Right, what we know from studies of different machines, as well as the backend infrastructure, is that there are several ways that they might be remotely attacked. One is through the supply chain as the panelists have emphasized that could be true machines when they are sold or through Software Updates to the machines that are delivered from the manufacturers. Another route is through a stock net style attack as you mentioned for every election there every single voting machine in the country has to to be programmed with the design of the ballot, the races and candidates in the programming is copied into the machine on a removable memory card or usb stick. What we have demonstrated in past studies is that if you can modify that programming you can take control of the voting machine and cause it to miscount the vote and to shift votes to whatever candidate you want. That is a real danger because those files that define the ballot are often created on machines that are connected to the internet. The other thing here is that what has been discovered also is it commonly in the United States and this is really specific issue is that the smallest jurisdictions use the Service Companies to do the performing for them. That means that the actual programming of the machine happens outside of the legal jurisdiction of who is responsible for running the election which, in my opinion, means they have no control over their own election. Let me try to raise the conversation a little bit above the machine themselves. This is a known vulnerability but when you take just approach in the lifecycle and the ecosystem of the auction process there are other equally disturbing vulnerabilities. Think about the Voter Registration database for example. All of the voters here in the audience are on some state Voter Registration database which is developed, sustained, maintained and used to validate your entry to the ballot so if you can corrupt those databases which are all stored on the internet by transposing two digits of your address, street address or changing your middle initial right . The voter, doing his civic duty, shows up at the fire station to vote that day and the id does not meet the database and they never get to the ballot so there are district when you look at the whole lifecycle of the process this gets to just point that this is one known vulnerability but there are likely other vulnerabilities that are equally problematic. Go ahead. I hope the panel can comment. Alex has worked on this issue for a long time and the solution on the voting machine front is the lowtech solution, vote on paper, look at the paper but the problem seems to be political in getting to the solutions and our nato allies have moved to paper, the French Election they used to do internet voting for overseas and military voters and they stopped it in face of the thre threat. The dutch moved to paper in hand counted the paper and the last election and we are struggling at the National Level to get a voluntary grant available to states so that they can maybe switch to paper so they can do postelection audits. If you can talk about how to create a Political Climate of urgency which just doesnt seem to be there. Well, i think that is exactly what were trying to do. This is exactly why we are partnering with the council which is, you know, the preeminent National Security organizations in the country. We think without firmly positioning this is a National Security problem that it is we will never get the urgency that we need and thats exactly why we are here today. Is exactly why we are so excited that the center for security has convened this broad group of stakeholders to come up with these best practices to help with that. Is it sort of a lack of imagination, going from the abstract to the concrete where you silly things to worry about and this is one more but now that it has arrived you have to take steps and that is scary because now you have to face a new problem. There is no 40 years of Nuclear Deterrent thought around this. This is a new issue which brings with it some risks. You have entrenched lobbyist interest and im sure the manufacturers dont like being called out and who what no one would. So, im sure some people stake their reputations and careers on buying this equipment so there is a lot of interest involved and you will have to pull a uturn and that will be a problem. I think that is right. It is fundamentally a mental shift from the presumption that your vote is secure or our votes are secured so now i think the presumption that maybe they are not so secure and that doesnt come overnight but that is why it is like today and the def con experience events like today in this report are so important. The first step your in addressing any problem is there is a problem and what we are trying to do is input by that message nationally so there is a broad recognition that this is a problem and its a National Security problem and that it is a bipartisan or nonpartisan problem. This cuts across all Party Structures and its a problem that we in america have to wake up to. At one time we thought we were invulnerable it turns out, we are vulnerable. Harry. Just go ahead. Dustin with reuters. Related to the last question and on the topic of broader, more systemic abilities, [inaudible] it believes we are pro targeted on some level during the election by russian hackers, however innocence come out since states that is not true and what you told us was not are election systems but our department of labor or something was scammed or targeted, wisconsin, california, one or two others. Im wondering if the issue of how we run elections in america, United States, through this state, federal relationship if that is specific goal vulnerability in this view that makes the United States more difficult to address these problems because there are those tensions and to specifically chs as said that is trying to work more with the state and the states are trying to work with dhs but in the past couple weeks theres tension in the room when they try to discuss these ideas and try to peer out what happened last year and move forward to 2018 and 2020. Are there any specific recreations of that relationship between dhs, federal government and the state can be improved Going Forward. John, do you want to come in on that question you for this needle everyday. Yeah, Going Forward dhs, working with the states has agreed that there will be a much more invigorated process for notification and information sharing and they have agreed that this will create an election information sharing and analysis capability. So, the early result on that collaboration incoordination will go a long way to resolving some of what i thought was the problems in the past and a lot of the problems in the past were, if i could describe, there were technical activities that were recognized and the Technical Community within different organizations were notified. Now, that happens every day and it was the tie to the election and as ambassador pointed out we have woken to theres a new significance now to some of these potential patterns and i think that is what caused the confusion. At the time, it was recognized there was an activity but it was viewed as run of the mill event and it was only in retrospect when it began to be linked to a pattern of activity that it became to rise to the level of fame and its a container has a particular objective. I think all of the Early Communications sort of got lost and so Going Forward there has been a commitment to say that we need to make sure we are engaging with those stakeholders and state and local governments that have election responsibility and not just with the Technical Community. Hopefully that helps a little bit. Great, in the back. Thank you very much. Paul. Thank you def con for the work you have done and all those who have cooperated on this. I have a historical question related to the supply chain. I dont know the exact year but was roughly about eight years ago when an individual with security colleague of mine came after a trip to china and informed me what he thought was election equipment being manufactured at a location in china and i told him to report that to the proper authorities and linked him on that. Im wondering if anyone knows anything about that situation. I think he is on the business now but the idea that equipment is being manufactured at a country like china and if any analysis do we have an analysis of any equipment that was, i would say, doctored specifically for the purpose of exercising and option if they chose to affect an election. So, two things on it. When you look at technologies it is hard to understand if the holes are there intentionally or is it just because it is sloppy. , poor quality. They will make sure that if there is a number of problems that one is [inaudible] and if they get caught they say well look, there is a lot of problems here and its hard to tell if the problem was intentionally prepared to be used or not. Only once you get the high Security System with the vulnerabilities can you tell wait a minute thats a sophisticated back door and you can have this conversation but at this level of technology you know, they probably dont have to install anything specific because its already so full of problems. One of the exceptions prohibits us from sharing and researchers got their hands on the machine and there is the prohibition for copyright where you cant just publish [inaudible] you can look and analyze we cant just go put them for anyone to download. We are little hampered because he pretty much have to get your own machines, analyze your software and tell the world what you found without releasing the software but some people are doing that and theyre going to the code looking for signs of binary has been tampered with or weird functions that dont make sense but it is not as easy as we would like because you cant share to a Larger Community and your widespread analysis. Harry had a really interesting find on yeah, first of all one of the machines which is ultimately from [inaudible] was manufactured in taiwan and when you find that there [inaudible] more to the point that i second in this area for the whole time i have been working this it is almost impossible to make any kind of reasonable educated guess whether you are working and you want to there is so many things where you really stop and say what would be the legal use for this feature . What would be the reason you would do this . The answer is always is a test future. Also i would like to point out by the way, i wasnt planning to do a live demo here because of the short time we have but one more thing i want to point out is that hardware is the new software. Right now we feel mentally that hardware is millions of dollars and production costs and whatnot. This is a whole computer made and its [inaudible] [inaudible] this is a server with wireless capabilities. This is a computer you need. Actually the computer and the [inaudible] this is not anymore or something that is expensive but electronics used to be sold and it was something that you could inspect and understand and it used to be fairly reasonable for people to see what the chip inside was and today that is not anymore. Microchips are not anymore design by humans. The microscopes are designed by computers and you actually [inaudible] it is really today when you have what you [inaudible] you dont know what the chip will do and a very interesting hidden feature we found that intel that had a hidden pressure capability was found that one of the biggest manufacturer for chips for cars has a hidden processor and that first actually controls the memory and so we are in a situation where all the [inaudible] you cannot audit the machine, you can audit the results and the results matter but when we look at the election it is a good thing Voter Registration and also American Election is so complex that you cannot in the key there is [inaudible] make sure the results make sense and even if you think absolutely certain [inaudible] in the next three years there will be no machine where we can say we absolutely guarantee its a machine doing exactly what its supposed to do because we cannot make that promise and you cannot and its unfeasible. You can make a bet but you cannot make the guarantee and election is important. To your basic question we did find that there were parts made in china and most and all of the machines. Do you want to comment but should we care about that . We absolutely should care about that. Even if we didnt care about the nationstate, individuals can be bought and sold and we should absolutely care about that. Even though the manufactured in the us i dont think we could be absolutely sure but today the bulk of the chips are not manufactured in the us and as stated its almost impossible to audit the chip even if you can ever do them all but random selection they are still too complicated and hard to say yes, this chip is built exactly like it was designed and like it was meant and works like it was meant. You would want the machines manufactured by companies with a long track record of secure Software Development lifecycles, hiring security teams and being transparent and open and all of that is lacking. Those are the companies that we rely on for other dimensions of National Security it again, secure communications and we dont just outsource this but this is done through a very strict chain of reliable suppliers and that simply does not apply today to the election process. In fact if you look at the dod as an example they have already started down a path by creating a secure boundary for some of the Weapons Systems and certainly not enough for all of them but to build chips that we have more that will work and the promotion that the way they should. We have a question from twitter. We have been Live Streaming this on the voting village twitter page and therefore is actually downloadable on def con. Org but question from twitter is is securing democracy involved federal bipartisan effort are any of you optimistic it will be found in congress . They said that in 140 characters . [laughter] i learned not to make such predictions but part of the story today and part of the story in this report is it not just a state and local problem or a federal problem but initial security problem and the track record at the federal level on strictly sort of eyeopening National Security issues is that there is bipartisan support. I think there is quite a long track record history of coming together when the nation is at risk and that is fundamentally what we are counting on here. Thanks to the Atlantic Council they brought a Bipartisan Group of members of congress to the voting village and i know representative will heard was a republican from texas to the Facebook Live from the voting village and said this is not a democrat or republican issue but initial security issue and by the way harvey and i after this are going to Homeland Security to brief the findings of this report and obviously they iran by Republican Administration and theyre taking it seriously and at least i have been very impressed with their response to the support. Hello there, rebecca was cbs news. I wanted to know if the results of what you saw on def con cause you to question the sort of widely accepted conclusion by now that no actual votes were tampered with during the 2016 election even though there is admission that some of these databases were voter registries were hacked. That is the 2007 when we [inaudible] back then the secretary asked me well, there have been never a documented into since where its been tampered with the reelection in my answer was please continue using these methods and remain truthful. These machines dont have the capability of providing you forensic evidence to see and they cannot prove they were honest and they cannot prove that they have been hacked but they distinctly dont have this fundamental basic capabilities of providing you with forensic evidence data. The only way you can see that the machine was hacked is if the hacker wanted to be found. Thats the sad truth. Anyone who says i have information one way or another that were not. As i mentioned in my remarks, this effort represented here on the stage is not about the forensic from last year in terms of actually affecting the results. We will let the federal government deal with that problem. We know enough, however at this point to be concerned enough to move forward to best practices because at least 14 states are at least somewhat relied on these kinds of machines and what we know from the dhs published report some 20 states there are at least probes that the registration databases and thats exactly what this group will do. Last one. Go ahead. [inaudible] the library of Congress Works or considers that the mc exemption and are there particular things that you would like them to rewrite and it to give them a broader room and is there concerted effort either commenting or otherwise to do that. Thats a good question. I think that the original dmca there was the state harvard provision for reverse engineering for security purposes. That was never litigated or fully clarified what was a valid security purpose and none of the researchers wanted to be the test case for that. So, a lot of people tiptoed around and if their toe in and several friends who had been intimidated in their research shut down by threats and it is pretty common in the security Commerce World to have your more interesting talks pulled at the last second because the manufacturer threatens them with a lawsuit. I think the specific mention was for voting Electronic Technologies and that was clearly written when they were active in trying to get that wording fixed. I think it should be permanent but that is just one issue, electronic voting. What about automobiles . What about other Life Safety Systems . They shouldnt be in two years i will work on cars and that one ill do automobiles and then ill go back to cars and when that exemption starts again we should have a concerted ability for the nations researchers to search and find without sued and find problems in software that all of us use and theyre not trying to solve the exploits but theyre trying to basically provide a public service. This should be almost like a Public Benefit and a shield for Public Benefit especially if you work with the manufacturers. We dont have a regime and we dont have an act of congress to protect us and we are relying on the library of congress. Okay. Well wrap up after. So, copyright law are tidy and when you design a software usually part of that trade secret is the specification of how the software will work. I would argue that in the election world the specification is the statutes and the laws. So, why we are protecting a software which is supposed to fill the statutes and law from the inspection if they are pulling the statutes and the law. Right now i really want to stress when def con we didnt have that we didnt run election. We effectively had what we had and we went to the basement to see if you turn the lights on and off and we found that we can. The conclusion of that is we could have done a lot of things on the upper layers which is the actual election but we didnt do that because we didnt have the [inaudible]. I come from a different culture in that way but it is the principle for me why it is protected and why there is a barrier for inspection of if the system is filling the law or stopping research to verify that the vendors are selling what they claim to sell. Okay. Thank you all very much. [applause] [background noises] [background noises] [background noises] [background noises] [background noises] coming of life today at 3 30 p. M. Eastern a discussion about the Iran Nuclear Deal which President Trump said he may end. You can watch that streaming live at cspan. Org or listen live using the free cspan radio app. Then the National Security advisor hr mcmaster will talk about the history and impact of the National Security council. He will be joined by some of his predecessors including henry kissinger. Live at 5 30 p. M. The New York Times have been reporting on the epa and rules in dealing with a mission. The trumpet ministration has announced it will take four steps to repeal the clean up our planet was created under the Obama Administration but aim to curb emissions from power plan plants. The time is writing that it exacerbates a bitter fight over future us efforts to tackle global warming. Epa secretary scott pruitt says his predecessors have departed from the norm when they came up with a plan which would have pushed states away from coal in towards other sources of energy that produced fewer carbon emissions. Proposedis signing a rule to rollback that plan. You can read more online at the New York Times and here is a closer look at the future of the clean powerplant from todays washington journal. Joining us now to talk about this action. She serves as their Deputy Editor. Things having. The administrator, epa administrator scott pruitt hinted on this act state. Tell us directly what happened. Yeah, scott pruitt yesterday went to hazard, kentucky, alongside Mitch Mcconnell and announced that today he would be signing a proposed p repeal of e Obama Administrations clean powerplant. This is a surprise, the Trump Administration has been saying it would be doing this from day one basically and trump earlier this year signed an executive order urging or mandating the epa take a look at this role so they are going to officially assign the proposal to undo the obama era and the clean powerplant from the obama and ministration was sort of the obama landmark rule and would cut Carbon Dioxide emissions by about one third below 2005 levels by 2030 so well see today the signing of that rule,. After the signing does that mean it automatically gets pulled back or is there process. This is a very long process just like any federal rulemaking process. This will kickoff the comet. And people on both sides of the issue will be writing in to tell that they want to clean powerplant to stay in place or see it repealed entirely and meanwhile the trumpet epa has said it will be considering whether to replace the rule at all and some Industry Groups want to see a replacement rule and there is some conservative saying we wantt nothing but in its place so meanwhile the trumpet epa will be thinking about what to do with this role and whether to replace it. So the epa administrator specifically talk about the war on call and says its over. What reaction her from the industryat . The coal industry is very excited to see this repealed. There are some people including bob murray, murray ceo he is ant ally of trumpet who would like to see this role replaced with nothing but in its place in the coal industry and many folks in that areof excited to see this obliterated. You talk about some asking for replacement and what would that look like or what is being advocated . It sounds like the Trump Administration preferred option could be a very narrow replacement called they would be looking at energy so the obama estimate stations rule looks at the entire sector and Emission Reductions from the country as a whole where this is saying the term says you did that incorrectly and you should be looking at specific plans to get specific plans and emissions which would be much more lenient on industry which seems to be if they do a replacement that would be what they are putting forward. Talk about the potential lawsuits might come from this decision. Yeah, as soon as they made his announcement yesterday that he would be signing the role even though it was expected several attorney generals from various dates say we will sue when this rule is finalized. Eric schneiderman fromia new yo, california, massachusetts generals are on board and whatever is finalized the trumpet ministration on this will undoubtedly go off when the final which will be sometime next year. With this decision is there any role for congress to at least give input on replacement rule or those advocating for no role. Do they i have rules on this process here on out. They could. Its possible that some people are pushing for congress to rewrite the Clean Air Act and to make it very clear what they are doing, if anything, climate roles and greenhouse glasses and given the polarization of this issue in the state of congress right now it is unlikely that we will see anything on the front and back robin reports with the news and shes the Deputy Editor talking about this is starting today of the reversal of the clean powerplant, thanks for your time. Things very much. All this week, booktv is in prime time on cspan too. Tonight at eight eastern cyber warfare and security with fred kaplan, john you and jeremy reckon with their book striking power wednesday night at 8 00 a look at the 2016 election with Hillary Clinton in her book what happened. Jonathan allen and douglas shown. On thursday night at eight eastern