Homeland security jay johnson. Mr. Johnson, thank you very much for being here this morning. As a reminder to our members, we are and will remain in opposition. This hearing will address only unclassified matters. To our guests in the audience, welcome. We appreciate the public and media interest in the committees important work. We would expect proper decorum will be observed at all times and disrussians to todays proceedings will not be tolerated. At this point in time, mr. John be so, will you please rise and take an oath. Do you swear that the testimony will be the truth so hen you god . Thank you. Thank you, secretary johnson, for being here today. This committees charged with getting to the bottom of the facts regarding russias involvement in the 2016 elections and what if not steps were taken by the u. S. Government to prevent such interference in our election. While our investigation seeks to get to the truth of what happened during last years elections, it also seeks to provide recommendations for improvement. One focus is the u. S. Governments reto russian cyber activities during the 16 election. According to the intelligence communities, unclassified january 17 assessment russian intelligence accessed elements of multiple state or local electoral boards. Dhs also assessed that thankfully the systems russian actor actors saw were not involved. A corner stone of our democracy and the foundation of our selfgoverning republic. In actions by a foreign adversary to access electoral system also threatens our basic free many dos. As secretary of d is, you were at the helm when your agency became aware. And you made the decision to designate elections infrastructure as Critical Infrastructure in january 17. I hope this will provide a better understanding of what happened and what more could have been done if anything. And while i commend your efforts to address the cyber threat emanating from moscow. Its troubling that dhs and other agencies did not respond more quickly. Why did our election systems remain so vulnerable . What more can be done to address these vulnerabilities . I hope youll discuss these challenges and assist the committee in identifying solutions. Three months ago, during the committees first open hearing, former fbi director james comey revealed for the first time that hed opened counterintelligence investigation last july to to determine whether any u. S. Persons associated with the Trump Campaign had coordinated or colluded with the russian efforts to interfere in our election. Last month we heard from former cia director john brennan who helped us to understand what the russian government did, how they did it and what motivated them. He testified that information he was seeing concerned him so greatly that he feared some americaned could be americans could be suborned to the russian cause and began sending intelligence leads to the fbi for investigation. Today well hear testimony from former secretary of Homeland Security jeh johnson about how the u. S. Government responded to this unprecedented interference in our political affairs, what steps we took to protect our institutions, to inform the public was what happening and to deter the russians from further meddling. By the middle of last summer it was apparent the russians were not merely gathering information for intelligence purposes but were intent on weaponizing it in a way to damage the campaign of hillary clinton. As a Ranking Member of the house Intelligence Committee, i had been made aware of information concerning the russian hack. My counterpart in the Senate Diane Feinstein and other senior leadership. What we saw alarmed us and we believed it was incumbent on the information to inform the American People what was going on. On the same day donald trump was urging people to hack Hillary Clintons emails the senator and i wrote to president obama urging the committee release any assessments related to the dnc hack and develop a swift and powerful response. Over a month later when the administration had still made no Public Statement informing americans about what the russians were doing, senator feinstein and i took the extraordinary step of issuing our own Public Statement, vetted by the Intelligence Community attributing the hack to russia and senior levels of the kremlin. It would be yet another month before the u. S. Government would publicly declare russia behind the interference in our election. It wouldnt be until well after the election that the administration would take steps to signal how truly significant an action the russians had taken. When it opposed sanctions on russia over the hack, expelled russian spies and closed facilities used by the russians for espionage against america. I hope secretary johnson that youll be able to share with us and the American People a sense of the debate that was ongoing in the executive branch as evidence of the russian involvement and hacked emails piled up through the late summer and early fall. What led to such a long day in making attribution and why would the most significant step of imposing costs on russia for its interference come only after the election, and what are the Lessons Learned. At its heart, our democracy relies on the trust of the American People in their institutions. The events of last year and the potential for worse in the future are stark warning to all of us that we must guard our democracy jealously and there are powerful adversaries that wish to tear down liberal democracy and americas role as its champion. We have our work cut out for us but the world is counting on us to be up to the challenge. I thank you for your Extraordinary Service once again and your testimony today and i yield back. Thank you. Secretary johnson, would you like to make an Opening Statement . If so, please proceed. Mr. Chairman, you have my prepared opening remarks. Just briefly in the time permitted me, representative conway, representative shiff, members of this committee, you have my prepared statement. I will not repeat it here. In three years as secretary of Homeland Security i had the privilege of testifying before congress 26 times. Though it is no longer part of my Job Description i voluntarily accepted the invitation to be here today as a concerned private citizen. In 2016 the russian government at the direction of Vladimir Putin himself orchestrated Cyber Attacks on our nation for the purpose of influencing our election. That is a fact, plain and simple. Now the key question for the president and the congress is, what are we going to do to protect the American People and their democracy from this kind of thing in the future. Im pleased that this committee has undertaken this investigation. I welcome it. My sincere hope is that in bipartisan fashion you find answers. Last years very troubling experience highlights cyber vulnerabilities in our political process and in our election infrastructure itself. With that experience fresh in our minds and clear in the rearview mirror, we must resolve to further strengthen our Cyber Security generally and the Cyber Security around our democratic process specifically. I am prepared to discuss my own views and recommendations on this topic and i look forward to your questions. Thank you. Thank you, mr. Secretary. Recognize for seven minutes. Again, thank you for being here this morning. A lot of questions will be asked. A lot of details. Toplevel conversation about dhss mission with respect to cyber, particularly given how intertwined it is with respect to Voter Registration, voting vote tallying and also if you wouldnt mind fold into that what appears to be a delay between when the fbi became aware of things that were going on and when it seems that dhs was informed what was going on. Hows the relationship with fbi relative to this particular infrastructure either at the time and then maybe Going Forward. So if youll weigh in on that, id appreciate it. Couple of things, sir. First, i think the roles of the federal agencies in Cyber Security spelled out pretty clearly last year in ppd 41. Basically Law Enforcement, the fbi is responsible for threat response, dhs is responsible for asset response. So the crime, Law Enforcement, fbi. Patching vulnerabilities, detecting bad actors in the system, dhs. The way i explain it is jim comey is the cop. Im the fireman. On a personal level with jim we worked very well together. Ive known him for 28 years from the days we were assistant United States attorneys together in manhattan and on a personal level at the top of both agencies we worked well together. Can i say that down to the field Office Working level we were always fully coordinated . No. But i was impressed that day to day the process seemed to be working well. Every morning in my intelligence briefing there would be an fbi briefer there who was with me to give his assessment, to tell me what the fbi feedback on something was. So there is that. I spelled out in my Opening Statement, my prepared statement, the first time i recall hearing about the hack into the dnc. And i recalled that it had been some months before i was learning of this that the fbi and the dnc had been in contact with each other about this. And i was not very happy to be learning about it several months later, very clearly. Theres two things going on. Dnc hack was at some point in time what was the delay between the hacks that the fbi was aware of or who found the hacks to the scanning of the various Voter Registration systems . Who discovered that . If it was the fbi, how long was there a delay between that and because using your analogy of the cop and the firearm, if the flames are going up, we need the fireman there first. How was that delay between the infrastructure were concerned my recollection is that the fbi first discovered the intrusion thats my recollection. Intrusion of the state systems . Into the dnc. Okay. And i recall very clearly that there was a delay between initial contact with the dnc and when the report got to me as secretary of dhs. It may have been that there were others at the staff level in dhs who were privy to this before it filtered up to me in an intelligence report. But thats my recollection. But i was asking lets ignore the dnc for the moment. Lets talk about attempts at scanning or whatever the russians did with respect to the election systems. Voter registrationings. When was that discovered and who discovered it . And if it wasnt dhs my recollection is that the initial scanning and probing around Voter Registration systems was discovered in late august. Could have been july. Late august in my mind. And my recollection is that once it was discovered, that information came to me and other senior people pretty quickly. Okay. Is there enough its one thing for the director and the secretaries to have good personal working relationships. Institutionalizing that is what were about. That ebbs and frlows depending n whos in those jobs. Is the system of notification between fbi and dhs and that working, is there any impediments to that not working on its own without the Good Relationship that you and mr. Comey had at the time . In my observation, it worked pretty well but could stand improvement. Very definitely. And i think its incumbent on the leaders to instill that in their work forces. I think it worked pretty well together in my three years but there were glitches. There were instances where we did not communicate as effectively as we could have. One of our purposes this morning was to reassure the American Public with respect to the 16 election and also secondly look at what we do in future elections Going Forward. You said in your Opening Statement, in your prepared remarks that to your knowledge there was no vote tallying changes, that no ones vote was they voted one way and it recorded some other way. Is that still your opinion with respect to the 16 election, that the intrusions, whatever it is the russians did, did not affect the actual voting itself . Based on everything i know, that is correct. I know of no evidence that through cyber intrusions, votes were altered or suppressed in some way. Okay. Lessons learned in moving forward, youve designated the Voting System as Critical Infrastructure. In the remaining time, can you give us kind of a quick snap as to why that was important in your mind . It was important in my mind because Critical Infrastructure receives a priority in terms of the assistance we give on Cyber Security. Thats number one. Theres a certain level of confidentiality that goes into the communications between Critical Infrastructure and the department that are guaranteed. And number three when youre part of Critical Infrastructure, you get the protection of the International Cyber norms. Thou shalt not attack Critical Infrastructure in another country. And so those were the principal reasons to do this. There are 16 sectors already that are considered Critical Infrastructure. In my view, this was something that was sort of a nobrainer and in fact probably should have been done years before. Im pleased secretary kelly has reaffirmed it. Does that include the parties and infrastructure around candidates . Or is that just the mechanics of voting itself . If you read the way i wrote the statement on january 6th, its pretty much confined to the election process itself, election infrastructure itself, not the politicians, not the Political Parties. Thank you. Time expired. Recognize the Ranking Member. Adam . Thank you, mr. Chairman. Mr. Secretary, in the late summer of last year it became apparent that the russians were doing more than gathering foreign intelligence, that they were the in fact dumping it in a way designed to potentially influence outcomes, not by affecting the vote machines necessarily but by affecting American Public opinion with the dumping of these emails. So thats happening in late summer, mid to late summer. Why did it take the administration so long to make a Public Statement that a foreign adversary was trying to influence the American Election . The statement didnt come until october. Why did we wait from july until october to make that statement . Well, congressman, im going to disagree with your premise that there was some type of delay. This was a big decision and there were a lot of considerations that went into it. This was an unprecedented step. First, we have to carefully consider whether declassifying the information compromises sources and methods. Second, there was an ongoing election. And many would criticize us for perhaps taking sides in the election. So that had to be carefully considered. One of the candidates, as youll recall, was predicting that the election was going to be rigged in some way. So we were concerned that by making the statement, we might e might in and of itself be challenging the integrity of the election process itself. This was this was a very difficult decision but in my personal view its something we had to do. It got careful consideration, a lot of discussion. My view is that we needed to do it and we needed to do it well before the election to inform the American Voters of what we knew and what we saw and that it would be unforgivable if we did not preelection and im glad we did it. Every congressman, every big National Security, Homeland Security decision ive made in my time, somebody always criticizes you for doing it and somebody else criticizes you for not doing it sooner. Jim clapper and i made the statement on october 7th and im glad we did, frankly. I think the larger issue is it did not get the public attention that it shouldve frankly, pause the same day the press was focused on the release of the access hollywood video. Thats what made our news below the followed news that day. I want to ask you about that as well. Couple things. There were certain allegations by one of the campaigns, the Trump Campaign that the process was rigged. Yes. But the allegation wasnt being rigged by a foreign power. Why wasnt it more important to tell the American People the length and breadth of what the russians were doing to interfere in an election than any risk that it might be seen as putting your hand on the scale . Didnt the public have a compelling need to know, notwithstanding the claims made by a campaign about a different kind of rigging, and the need to rebutt the idea that this was being presented to the public deliberately to influence the outcome . Yes, yes and where he which is why we did tell the American Public everything we were in a position to tell them on that date. Youll note from my statement that we attributed the hacking directly to the russian government. We were not then in a position to attribute the scanning and probing to the russian government. We did say it was coming from a russian based platform at that point but at that point we told the public everything we believed we could tell them and im glad we did, so the priority of informing the American Public did override all of those other considerations which is why we did what we did. You mentioned the statement you issued didnt get much attention because of the timing of access hollywood. When it didnt get that much attention, where didnt the administration go further, why didnt the president for example, speak about this . It was left to yourself and director clapper to issue written statement without any further elaboration. There were no steps taken for example, to impose sanctions on russia. Why werent those additional steps taken when the first notice really was essentially overlooked by the public . Well, you shouldnt view the october 7th statement in isolation, sir. First, i had been engaging state Election Officials since august and i had issued a Public Statement on august 15th. I issued a Public Statement on september 16th informing the public and state officials what we knew at the time. I issued another Public Statement on october 1st. Theres the october 7th statement then i issued another statement on october 10th. So this was an ongoing effort to inform the public about everything we were in a position then to tell the public. It wasnt just the october 7th statement. Now that october 7th statement was notable in another way in that it didnt include james comeys signature as thing agency that would be foremost had the foremost responsibility for the forensics of attribution. Why wasnt his signature on that statement . Well, the thinking was that a statement should come from the Intelligence Community and jim clapper then sat atop the Intelligence Community as the dni. Separately we wanted to put out a statement from dhs about what state Election Officials can do about this and again encourage them to come to us. At some point in the discussion, jim and i decided to just make it a joint statement and thats what happened. There have been public reports in the last week or two that the russian probing of our elections infrastructure was far more widespread than has been publicly knowledged and may have effected dozens of states. What can you tell us about what was known at the time and what you know now in terms of the length and breadth of russian probing of our elections infrastructure, how widespread was it and did it go beyond penetration of voter databases or manipulation of data in any way . It was very definitely in the fall a growing list of states where we saw scanning and probing around voter rej station databases which concerned us greatly. As i think i stated in one of my Public Statements, probably the october 1st statement, in at least one or two instances the effort was successful at an intrusion. There was a growing list and we saw the scope of this activity expanding as time progressed and then eventually in january were in a position to say that this activity itself was also the russian government. Now, i too have seen the more recent reports. I have not had access to classified information for five months so im not in a position to tell you whether its right or wrong but very definitely as fall progressed we saw a progression of scanning and probing activities around Voter Registration databases which concern me, which is why i kept encouraging state officials to come and seek our help. Did that involve a majority of the states . Yes. And i was very pleased about that. Eventually im sorry. I dont mean that they took you up on the help but did the russians probe a majority of the states voter databases . I dont know the final count because i havent had access to the intel for the last five months. I know what i see open source and im not in a position to agree or disagree. Ive seen open source in 39 states and im not in a position to agree or disagree. Five minutes. Good morning, mr. Johnson. Morning, sir. I want to start by thanking you for your service to our country which includes a very successful stint as a ausa so you will recognize some of my questions as being leading questions, they are not leading from the standpoint im trying to trick you, its more in the interest of time. If you Say Something you disagree with me, interrupt me, stop me. Its just in the interest of time i want to see if we can get some things out of the way that we all agree on. Russia has a history of cyberattacks against our country, is that true . Yes. And are the parlance of our former jobs russia would be considered a career offender as it comes to seeking to undermine the foundations of our republic. They are constantly trying to attack us, is that fair . I think thats a fair statement. Theyre a career offender. They have a history of cyberattacks on our country. We suspected before as do others, by the way. As do others, by the way. Yes, sir. Its not just them, but for purposes of this morning i want to focus on russia. We suspected before the november 11 elections that they might attack our voting infrastructure, is that fair to say . Yes. In fact, you warned that they were going to do so. I was very concerned that they would do so which is why i kept issuing all these Public Statements, yes, sir. All right. At the time you separated from service in january of 2017, you have seen no evidence that the russians were successful at changing voter tallies or voter totals. Correct. At the time you separated from service in january of 2017, had you seen any evidence that donald trump or any member of his campaign colluded, consapphired or coordinated with the russians or anyone else to infiltrate or impact our voter infrastructure . Not beyond what has been out there open source and not beyond anything that im sure this committee has already seen and heard before directly from the Intelligence Community. So the only thing id have on that is derivative of the agency economy. Speaking of the Intelligence Community it strikes me that most of the information currently available was available in the fall of 2016, most of the intelligence products that are relied upon to form certain assessments, that underlying data was available in 2016, some of it before the election . Im not in a position to agree or disagree with that, because i dont have access any more to intelligence over the last five months. Well, looking at this a different way, before the election in november of 2016, you had already seen evidence of russian efforts to impact our election, in fact, you testified. Yes. They had a preference for a candidate, they were aggressive and i think you used the phrase plain and simple. With respect to efforts to hack into the dnc and other political organizations, yes, very clearly. All right. Correct. This is i guess what im getting at. There are career offender when it comes to attacking the foundations of our republic, they have a history of cyberattacks on our country. You warned before the elections that they may attack our voting infrastructure. After the election, president obama took steps to target russia and you took steps to consider our voting apparatus to be Critical Infrastructure. Given what we knew before the election, what more could we have done and should we have done we werent surprised that russia was doing this to us, they always do it to us. So what more could we have done, should we have done before the election . Well, hindsight is brilliant. Hindsight is 20 20. Ill preface my answer by saying, i think it was unprecedented the scale and the scope of what we saw them doing and there had very clearly been intrusions before by a number of state actors as im sure youre aware. In retrospect it would be easy for me to say that i shouldve bought a sleeping bag and camped out in front of the dnc in late summer with the benefit of hindsight. I can tell you for certain that in the late summer fall i was very concerned about what i was seeing and this was on my front burner all throughout the preelection period in august, september, october and early november to encourage the states to come in and seek our assistance and im glad that most of them red and blue did. Hindsight is perfect, 20 20 but im satisfied that this had my attention, it had the attention of my people, because i pushed them at every step of the way to make sure we were doing everything we could do, but obviously there are Lessons Learned from this experience and for the future, theres probably more we can and should do. For the states if i remember correctly you had a Conference Call or otherwise communicated with the states to offer them your assistance prior to the election. Correct. If i remember your testimony correctly, their response vas lated between neutral and opposed. Correct. It was to the issue of designating them as Critical Infrastructure, correct. Okay. Do you know without naming the states whether any of the states most vocally opposed to that designation were, in fact, impacted by russian efforts . Id have to look at both lists. If youre saying impacted, were those States States that had their Voter Registration databases scanned and perhaps infiltrated. Id have to look at both lists. I dont have that information off the top of my head. Im wondering, if any, of the states most vocal in needing your help actually needed it the most. They didnt reject our help. 36 of them accepted our help, but they were resisting the idea of a designation to be Critical Infrastructure, which i went ahead and did any way. What would that designation have done in november or nokt, what would that designation have accomplished had you done it in the fall of 2016 instead of january . As i outlined the earlier the advantages of that declaration but in the shortterm my assessment was that we needed to get them in, we needed to bring the horses to water to seek our cybersecurity help and so making the designation would have in my assessment driven them in the opposite direction and my number one priority preelection was to get them to seek our cybersecurity help and for the most part they did. Thank you, mr. Secretary. Mr. Heinz, seven minutes. Thank you. Ill begin by yielding a moment to the Ranking Member. Thank you. Just a quick followup. Youve been asked, mr. Secretary, about whether the vote tallies were impacted. Some have suggested that because the actual counting of the votes by the machines wasnt impacted that therefore youre testifying and others have testified there was no effect on the election. These are two quite different things. In your written statement you state im not in a position to know whether the successful russian government directed hacks of the dnc and elsewhere did, in fact, alter Public Opinion and thereby alter the outcome of the president ial election. Correct. Do you stand by that . Yes, and thank you for that clafgs. Its not really the job of the Intelligence Agency to determine if the information that was dumped had an effect on the outcome only whether machines were impacted, not people. Youd need a social scientist or a pollster to do that. I want to ask you about the information concerning potential coordination with the russians. Are you aware of the basis because weve heard testimony that the fbi investigation was somewhat compartmentalized and even director clapper wasnt fully aware of what we went into the investigation, are you aware of the information that formed the basis for director comey opening a counterintelligence investigation as you testified in july of last year . No, not as i sit here and if i did, im not sure i could talk about it in open session but i do not. Im not going to ask you to. Do you believe that director comey would have opened a counterintelligence investigation on a president ial election lightly on on mere hunch . No. He would need evidentiary information to do so. Based on everything i know about james comey and fbi, yes. I yield back. Thank you and good morning mr. Johnson. I want to start by asking you, mr. Gowdys questions and your responses established this is not a new thing. I want to come back to that. Weve heard from others that the meddling in the 2016 election was unprecedented in its scope and reach, so i wonder if you might take a minute or two and help us better understand why it was unprecedented . What was different about this particular array of meddling versus what weve seen in the past . Weve seen a history of various different types of bad cyber actors intruding into infiltrating political organizations, Political Campaigns and thats what i was referring to. When i say that this effort was unprecedented, what i mean is, that we not only saw infiltrations but we saw efforts to dump information into the public space for the purpose of influencing the ongoing Political Campaign and it was widespread. In that respect and we knew it was happening, so in that respect it was very much unprecedented. Can i just instill with your testimony we had seen scanning queries what we might consider he is pea naj, trying to gather information but we had never seen what the russians called active measures, actually the insertion of information designed to alter and outcome, thats what makes this unprecedenced . Yes. Thank you. Lets step back away from this a little bit. We have seen this before, 2008, chinese hackers targeted then candidate barack obama, john mccain, we saw it in again in 2012. My question is as you assumed your duties at Homeland Security, how were they thinking about this . Were we thinking about this issue in a constructive way prior to the last election . Good question. It became a front burner item for me in summer 2016 and i began discussions with my staff about what should we be pro actively doing to help state Election Officials prepare. I was surprised to know that there was an Election Assistance Commission and that dhs had collaborated with that and that there had been an ongoing dialogue through the eac, through state secretaries of state, going back to election cycles past, but this this was now becoming a matter for me as the secretary of Homeland Security. It was becoming front burner for me in the summer of 2016 but there had been that ongoing dialogue. So summer 2016 this becomes front burner implying that this had been back burner. What was the catalyzing event that moved it from back burner to front burner. It was the reports we were receiving about efforts to intrude into the dnc and the emerging intelligence picture. Okay. Lets get a little more granular here. It becomes a front burner issue. Were there certain parts of the process at the time the Voting Machines, the Political Party databases, the politically associated organizations that we understand may have been probed that you thought were particularly vulnerable at the time . Voter registration databases. In the course of learning about this issue, myself, i took a look along with my staff at the practices in the different states. They tend to vary but for the most part there are redundancies in the system and most of it exists off the internet in terms of collecting votes, reporting votes. There are a few states where it does not, but the states with some doj Election Assistance Commission help have been engaging in some best practices but they tend to vary all over the lot, but what we were most concerned about, what we were seeing were efforts at compromising Voter Registration databases. Okay. You said something that in my very limited time, you said that you thought there is more that we could and should do to address this issue. Can you just elaborate . If you were still secretary of Homeland Security, what would your recommendations be . A number of things. One, i would as a congress think about whether i would think about grants to state Election Officials to help them harden their cybersecurity. I would raise Awareness Among state Election Officials as well as, you know, public in general employees of state governments raise awareness about the evils and the hazards of spear phishing. I think at a National Level there should be in this Current Administration somebody who really does take the mantle of cybersecurity on full time to highlight this issue, to lead the charge on this issue. My preference would be its somebody within dhs but we really need a National Leader to take charge of this issue but first and foremost on the ground we need to encourage state governments, state Election Officials to engage in best practices when it comes to vote tallies and so forth. And through grants, we ought to consider grants. I hear that from state Election Officials themselves. Thank you. Mr. King, seven minutes. Thank you, mr. Chairman. Secretary, its good to see you. I commend you for your service. Truly outstanding job. And now as a successfully lawyer im sure. Just a few points before i yield to mr. Gowdy. Can you elaborate more on what the dhss connection with the dnc was or consultation with the dnc after it became aware of the hacking as to what was offered them, what they accepted . Was there any level of cooperation at all . To my disappointment, not to my knowledge, sir. And this is a question i asked repeatedly when i first learned of it, what are we doing . Are we in there . Are we helping them discover the vulnerabilities . Because this is fresh off the experience and there was a point at which dhs cybersecurity experts did get in to opm and help them discover the bad actors and patch some of the exfiltrations or at least minimize some of the damage so i was anxious to know whether our folks were in there and the response i got was, fbi had spoken to them, they dont want our help, they have crowd strike, the Cybersecurity Firm and that was the answer i got after i asked the question a number of times over the progression of time. That was i assume totally different from the reaction you got from opm. The opm effort we were in there on site helping them find the bad actors. Do you know who it was at the dnc to made that decision . I dont, no. Do you know if the fbi continued to try to help, try to assist . Ive read in the the New York Times about those efforts, sometime earlier this year. I moved to strike all references to the the New York Times. I would just say, maybe its editorializing my part, its an unusual response of the dnc. If youre talking about a president ial election, you have an unprecedented matter of cyber hacking, an adversary from my point of view, and they would not accept all the help they could be given especially it sounds as if not that you would be part it sounds like a Republican Administration trying to intrude into the dnc, this is an impartial governmental entity of the fbi, dhs and they didnt accept it. I find that very hard to comprehend. My interest in helping them was definitely a nonpartisan interest. I know that, yeah. And i recall very clearly that i was not pleased that we were not in there helping them patch this vulnerability. The nature the nature when youre dealing with private actors and even political organizations, we dhs does not have the power to issue a search warrant and go in and patch their vulnerabilities over their objections. I understand that. Moving ahead, was there any significant intelligence or information that came about after the election that was not available before the election . In other words, if there was so much out there, if the administration was so concerned, was it that suddenly after the election seemed so much serious action was taken, the sanctions, the sanctions in particular and also the Public Statements by the president , by the Intelligence Community coming out really coming on strong and yet i didnt see what was present after the election that wasnt there before the election . Im going to disagree with your premise sir, we did before the election, one month before the election formally and very publicly accuse the russian government of doing this in pretty blunt terms uncommon for the Intelligence Committee. That statement was pretty blunt in saying we know the russian government is doing this based on the picture we saw at the time. The picture continued to build upon itself as time progressed. There was more we knew about the russian governments efforts at scanning Voter Registration databases, youll recall the october 7th statement says we were not then in a position to attribute that to the russian government but the picture got clearer, but on october 7th we issue aid very clear declaration based upon what we knew at the time that the russian government was behind the hacks at the dnc. I wasnt critical of you. It just didnt get the attention that i would have preferred it get because were in the midst of a campaign, the press and voters are focused on lots of other things like videos. With all the power they have, in december we had this drum beat of stories one after the other, sanctions being issued, all the power of the mobilization of the administration to get that story out came after the election into december and early january and between october 7th and election day there was very little and it was overshadowed by the other stories of the time. Im just so concerned not concerned the october 7th statement was an administration statement. That was the result of an Intelligence Community assessment, the president approved the statement. I know he wanted us to make the statement. So that was very definitely a statement by the United States government, not just jim clapper and me. And the reality, though, most the American People were not fully aworry of it. I just would have thought during that 32 days, from october 7th to november 8th as they did in december and january, i think the American People would have been lot better informed when they went to the polls. Well, i can tell you, i issued statement on september 16th, october 1, october 7th, october 10 about what we saw. You did your job. Im not questioning you any way about that. 30 seconds. Just real quickly if i can get you to put on your old hat for a second. Hacking into someones server strikes me as a crime. Yes. So the dnc was the victim of a crime. Im trying to understand why the victim of a crime would not turn over evidence to you and james comey who were both apolitical and come from apolitical backgrounds. Im quite sure that at some point in the time line they did do that. My point earlier was that in the initial period i was not satisfied that we were able to get in there ourselves dhs to help them identify the bad actor and patch the vulnerabilities. Im quite sure at some point the fbi and the dnc had a dialogue but youd have to ask them. Thank you, mr. Chairman. Id like a yield a minute to the Ranking Member to ask a question. I thank the gentleman. I want to followup on kings comments and questions, i agree quite completely with mr. King. And im not saying this as a matter of hindsight, senator feinstein and i were saying this in realtime as it was going on, why didnt the president of the United States and secretary you did what you could do, but why didnt the president of the United States at the time you were making your attribution or thereafter speak to the American People and say a foreign power is interfering in our affairs. This isnt a democratic thing or republican thing, this is an american thing and they need to be rejected and they need to stop. Why wasnt that done . Was their thought given to that . Why was that course rejected . Again, we did make the statement and we were very concerned that we not be perceived as taking sides in the election, injecting ourself into a very Heated Campaign and so or taking steps to themselves delegitimize the election process and undermine the integrity of the election process and so we considered all those things and the decision was made that the director of National Intelligence and the secretary of Homeland Security should together make this statement and there were Public Statements made by various Administration Officials including myself all through the Campaign Season preelection to the same effect. Yield back to ms. Sewell. Secretary johnson, welcome. Thank you for your years of service to this great nation. Id like to talk about attribution and by now its wellknown that the russians hacked, stole and then strategically dumped emails from the dnc in order to affect the outcome of the 2016 election. What id like to understand better is how the United States government came to reach that conclusion and how dhs and the rest of the government were able to attribute it directly to the russians . So according to the declassified Intelligence Committee assessment released in january 2017 we noted that russian intelligence assessed, quote assessed elements of multiple state and local electoral boards. And that seems pretty clear. How do you how does one go about attributing that to the russians . What kinds of information signatures or cyber activity would you be looking for in order to make that abtri bugs and how do you go about validating that information . Congresswoman, youd have to have that discussion in closed session because its sources and methods and its probably better to have that discussion with someone in the Intelligence Community. I do recall that looking at the intelligence, it was a pretty clear case, perhaps beyond a reasonable doubt, mr. Gowdy, that the russian government was behind the hacks into the dnc based on everything i was seeing. In terms of attribution, there are normal considerations about when one makes public attribution to a state actor whose engaged in some type of cyberattack. My personal opinion was that and is that those normal considerations were out the window and that we had an independent overriding need to inform the voting public of what we saw going on and the way i looked at it as a corporate lawyer was if im the issuer of a public stock and i see a very power of actor in the market trying to manipulate the price of my public stock, i have a duty to tell the investing public what i know. How did you go about alerting the states, dhs go about alerting the states and local communities about what was going on . I know that you did designation for Critical Infrastructure, my what im trying to get at is given your background and your recommendation that we do something more now to really alert the state and local governments, how do we do it now and what would you suggest would be a better way to go about alerting them of we did have an ongoing dialogue all throughout the fall at the Law Enforcement level, with dhs there was of course the public october 7th statement but the conversation didnt stop there. I continued to issue Public Statements and we continued to have a dialogue with state officials as they came in to seek our cyber assistance at the staff level. In answer but only if they came to get your assistance with dhs be more help of in that sense, you really left it up to the states and the local governments to actually request i think its a case that we had a dialogue with just about every single of the 50 states. Eventually ultimately we had a dialogue with i think all but maybe one or two of the states and they actually signed up for our cybersecurity assistance. There were 36 along with a whole lot of counties and cities that actually signed up for our assistance but we were pushing information out the door to everybody as often as we could. But in answer to your question, i think that the states are the one thing i discovered in this conversation, state Election Officials are very sensitive about what they perceived to be federal intrusion into their process. I heard that first hand over and over. This is our process. Its our sovereign responsibility. Were not interested in the federal takeover and they were doesnt the federal government have an interest in the integrity of these elections . I think the American Public, the nation has an interest in the integrity of the election and i think you federally elected officials have an interest in the elections that result in you sitting here, yes. I think that we need to continue now that the campaigns over, maybe in odd years, if we could find a way to raise awareness when the temperatures down, maybe through grants, encourage best practices at the state level and maybe encourage a uniform set of minimum standards for cybersecurity when it comes to state election systems and Voter Registration databases. Thank you. Mr. Lobiondo. Mr. Secretary, thank you for being here, thank you for your service. Some of this may be a little bit redundant but im trying to better understand how all the different entities come together. Can you briefly summarize dhs role in Cyber Defense . To summarize it, we are the agency of the u. S. Government responsible for asset response, so responsible for working with other federal agencies and the private sectors in identifying vulnerabilities, patching vulnerabilities, raising awareness and because of the help we got from congress, we are the principal portal through which information from the private sector should pass to the u. S. Government. So thats thats it in a summary. And with that in mind, can you briefly tell us dhss role in sharing cyber threat indicators, how that works . On my watch, it was the and this is an acronym, the n kick, the National CyberCommunications Integration center is the place designated to receive cyber threat indicators and report them. Okay. Switching gears a little bit. Based on what you know now, what would you have done more or differently in response to the russian cyberattack of the 2016 election . Well, with the benefit of hindsight, there is always more things you can say to yourself i should have done, like i said earlier, with the benefit of hindsight perhaps i shouldve camped out at the front door of the headquarters of the dnc, but at the time knowing what we knew and wrestling with all the considerations we had, i can tell you that this was a very much a top priority for me, because none of us knew how this was going to come out and how far the russians were going to go in their efforts. So i can tell you, with the benefit of behind site that this was a top priority for me and virtually every day during the Campaign Season, i was questioning my own staff about are we mobilized, are we energized enough to do what we need to do, have we set up a Crisis Response center on Election Night, which we did. At one point i said this in my prepared statement, i picked up the phone and called the ceo of Associated Press that has had for years the responsibility for Election Night reporting to make sure that their systems were satisfactory and i was satisfied that they have enough redundancies in their system as well. This was very much upper most in our minds in the runup to the election. Okay. So thinking ahead to 2018 and 2020, what scenarios twopart question, what scenarios most concern you and what recommendations do you have for us that we should that we should do that maybe is something thats not in place now . Well, the scenarios that most concern me about the integrity of elections are not necessarily cybersecurity related, but in the cybersecurity realm what i do worry about are the vulnerabilities around state Voter Registration databases and we saw those vulnerabilities last fall and so i think there needs to be more done to secure Voter Registration databases so that information doesnt get out in the open. So from a congressional approach, somehow grants to states for databases or anything specific you recommend . I know that the states state Election Officials are very sensitive to and would oppose likely federal standards for how they should run their elections. It was very hard to bring about i remember the debate about hava in 2002. So i would i would, you know i would use the carrot approach instead of the stick approach and encourage them through grants to bolster their own cybersecurity. What specific policy changes, if any, would you recommend to your successor, secretary kelly . In addition to all the things weve just discussed, i think its important that secretary kelly or the under secretary for mppd really take this on as a front burner issue. When i came into office in 2013, i viewed counterterrorism as the Corner Stone Mission of dhs and after a time, when i got a sense of a threat environment, i realized that cybersecurity needed to be the other cornerstone, needed to be the other top priority of our departments mission. Its going to get worse before it gets better and bad cyber actors all the time are more and more ingenious, more tenacious and more aggressive and so i would urge secretary kelly to make this one of his top one or two priorities. Thank you. I yield the balance of my time to mr. Gowdy. Ill thank the gentleman. Dr. Johnson, i dont want to beat a dead horse but i do think its important, the last time you and i talked i wasnt a 100 sure but i since had it confirmed, the dnc never turbed the server over to Law Enforcement, so twice now you have said that you couldve camped out in front of the dnc and i would say in defense of you it wouldnt have made any difference if you had because they werent going to give you the server. So if youre investigating either from a Law Enforcement or from an intelligence standpoint the hacking by foreign hostile government, wouldnt you want the server . Wouldnt that help you, number one, identify who the attacker was and if memory serves me, this was early in the summer of 2016 when we learned of the dnc hack. So if they had turned the server over to either you or director comey, maybe we wouldve known more and maybe there would have been more for you to report. So i guess what im asking you is, why would the victim of a crime not turn over a server to the Intelligence Community or to Law Enforcement . Im not going to argue with you, sir. That was a leading question and ill agree to be led. The times expired. Mr. Carson, seven minutes hang on. My general counsel is informed me that our unanimous Consent Order to extend the conversation for seven minutes per member is only good for an hour. So i ask for unanimous consent that each member has seven minutes to question the witness and having no objections well continue down that past. Thank you, mr. Johnson for your service to our country. Weve heard since last year about russian bots that were released on the internet generating and disseminating fake news on social media platforms. As far as you understand, sir, how do these bots work and how did we come to discover them and how effective were they in shaping opinions and how did they react with social media to make their campaigns most effective . Congressman, youre really testing me here. Youre a brilliant man. A technical level there are others who could sit here and zbif you a much better answer. Sure. Its hard to know the activity youve cited i know is prevalent. Sure. It is hard to know to what extent it influences Public Opinion like i said earlier about the election result. It is hard it is not for me to know to what extent the russian hacks influenced Public Opinion and thereby influence the outcome of the election. Sir, do you think as i do that the kremlin on some level managed to stoke uncertainty about our electoral institutions and thus their operation was successful and secondly, do you think with the russian influence or interference operation all of which americans were victims, even if their votes werent effective offers us any hard Lessons Learned as we prepare for 2018 . Well, certainly, if the russian aim of what they did was to distract us and divert us from the business of government, whether its health care or something else, yes. I mean as evidenced by what were doing here today. Again, i think the answer has to be greater workforce Awareness Among those who use whether its the dnc or house. Gov or the private sector, rauzing Awareness Among those who use the system about unrecognizable emails and attachments, this apparently started with an email somebody shouldnt have opened and i can tell you from experience, the most devastating attacks and forget the russians for a moment, the most devastating attacks by the most sophisticated actors very often start simply because somebody opens an email they shouldnt open so raising awareness about spear phish can go a long way and as i said earlier, encouraging those who are who are responsible for our democracy in insuring that their cybersecurity is protected and theyve done what they need to do. Thank you, sir. Keep up the great work. I yield back, mr. Chairman. I yeed to the Ranking Member at this time. I thank the gentleman. I know my colleague, ms. Spear will have some questions about that too but i take it whatever criticism you might have of the dnc for how they responded or whether theyre willing to turn over the server or not youre not maintaining that that justifies the russian hacking of our institutions . Of course not, no. Because i think theres a tendency as in many cases to blame the victim over their victimization, the dnc were a victim here were they not . Correct. And theres a lot were going to have to probe in terms of the government response as well as the dncs. The primary actor that interfaced with the dnc would have been dhs or fbi . In a Perfect World it would be both of us. It would be Law Enforcement and asset response so dhs, Law Enforcement and when necessary the Intelligence Community and there have been cases where we have worked well hand in hand together, Law Enforcement and Homeland Security addressing a situation. One of the reasons i raise this issue is and one of the reasons i think are the public nature of these hearings is so important is the russians are among the most capable cyber adversaries in the world, are they not . Yes. And for the most part if the russians want to get into the dnc or the rnc, theyre going to find a way to get in, would you agree with that . I tend to be not that fatalistic especially in my old role, but its, you know its like its like saying sooner or later theres going to be another act of violence in this country, but you can minimize the vulnerabilities and the opportunities through a number of steps that can be taken. Without question, but nonetheless it is a fairly asymmetric battlefield in which its much harder to defend than it is to be on offense. I think i said that in my Opening Statement, yes. Would you agree, for that reason, among the most important things we can do in addition to improving whatever our Cyber Defenses are or how we respond to an intrusion is to inform the public to inof course late ourselves against foreign interference by developing a consensus by whoever it helps, or whoever it hurts, we will all reject it, isnt that ultimately the best defense . That is certainly a critical part of a needed response which is one of the reasons why i felt strongly we should issue the october 7 statement. I think this was something that president obama alluded to when he did speak to this after the election that what, in fact, made this hack so successful was they were able to play on the deep divisions within our own politics and exploit that division to sew disorder within the United States, would you agree . I would i dont disagree with that statement. Certainly the rhetoric of the campaign contributed to that as well. I yield back. Seven minutes. Thank you, mr. Johnson for being here. Good morning. Were here to get some Lessons Learned and a path forward and hopefully we can do that on a united front and i appreciate your incites here today. When you came in in 2013, its obviously after an election, were you given information on previous attempts and previous elections say in 12 or 08 or 04, russia has been trying to do this type of stuff since the soviet union. So were you given any kind of background to maybe help you i was certainly aware not just from my experience at dhs but from my experience as the general counsel of the Defense Department that there had been nation state efforts at espionage for the most part into various political organizations and campaigns. Im pleased to see that you have agreed with secretary kelly to make cyber a top priority and thats probably very good advice. During this process, was it ever reported, were there attempts on the rnc, for example, with phishing expeditions . Was any of that reported anywhere else or any other agencies that are involved with elections . Yeah. So i remember there was a lot of back and forth around the rnc. Sitting here now, my head hasnt been in this for a while, but sitting here now i remember there was something about the rnc. Somebody could zbif you chapter and verse on that. Something around the rnc too but im not sure what it was. Some attempts is what my recollection here is going to be faulty and so i just dont its a knowable question. Thank you. So, you know, were talking about hacking from an external foreign source and clearly an illegal activity. Youll look at something in trying to influence an election and you look at Something Like access hollywood, i assume that was legally obtained, but trying to influence an election. Im not trying to compare the two, as we talk about russia, were talking about russia today but were also talking about other countries as you mentioned before. They are not alone in this process, but do we have domestic concerns as well. Were talking about foreign entities trying to influence our elections through nefarious behavior, do we have concerns domestically as well that we should be alerted too . Absolutely. Domestically there are bad cyber actors that would probably have a motive in trying to affect the outcome of an election as well as, you know, theft, ransomware host of other things that we know about. Have we seen any of that on the domestic front . I know were talking about foreign entities today, have we seen attempts, any successful attempts domestically to try and invade Cyber Attacks for a political motive, i would have to say yes. I cant list them. I dont want you to list them. You may all have been the victim of such things. Im sure theres been attempts. Thats all i have. I thank you for being today. Ms. Spear, seven minutes. Thank you, mr. Chairman. Mr. Johnson, thank you so much for your extraordinary dedication to Public Service for many, many decades. So anything that i ask you now is not an effort to undermine that by the way, im billing this by the hour. Just kidding. One thing we do know is that hindsight is 20 20 and when we look back we say i wouldve done things slightly differently. Back on august 15, 2016, this is a year later from the dnc hack, you had a call with state officials about cybersecurity and elections infrastructure in which you said you were quote, not aware of any specific or credible cybersecurity threats relating to the upcoming general election systems, unquote. And then offered support by dhs. Why didnt you at that time say to the state elections officials, russia is intent on hacking into our systems . Because i was not in a position to say that at that poi point. The state of my and our awareness was was progressing and i was not in a position to reveal or know exactly what we you know, what we saw the russian government doing at that point. So it was an emerging picture and so but within a very short period of time and it could have been before, right around that time, we began to see these intrusions scanning and probing into Voter Registration databases and if you look at my Public Statements youll see that i informed state Election Officials of what we saw at the time. So but two months later is when you said to them, along with James Clapper that the russian government was, in fact, attempting to. But back in october, you encouraged jurisdictions to seek assistance. So two months had past, early voting had already begun and theres a part of me that feels that we should have been able to have sounded the alarm earlier but at the time on october 10th you encouraged jurisdictions to seek assistance, 33 states used dhs tools, 17 did not. Now, if we know that theres something vicious, a viral attack is happening, why would we not want to inof courselate everyone and in this situation because its being left up to the states, 17 states didnt even take you up on it. Did you have a concern about that . Did you reach out to them again encouraging them to use the tools . We had an ongoing dialogue and we have seen suspicious cyber intrusions involving Political Institutions. We have also seen some efforts at cyber intrusions of Voter Registration data maintains in state election systems. On october 1 i said recent months malicious cyber actors had been scanning a large number of states systems which could be a preamble to attempted intrusions. In a few cases we have determined that malicious actors gained access to state voting related systems, six days later i said the same thing again. Okay. Were not in a position to attribute it to the russian government at that time. And then three days later i made another statement. So i was beating this drum constantly. I guess what i want to ask you is, if in my mind, this cyberattack on our country was an act of war. It was unprecedented. The russian intentions were not just to hack into a couple of party servers, but to do a full on effort to undermine our election. So do you believe looking back at it that we should have or should in the future standardize election systems . We have so many different systems around the country, some have paper trail, some do not. Is there value in going back to paper well, i would say to this congress if you want to try to federalize elections in this country, good luck. I think you probably all know better than i do the reaction youll get from your state election official constituents. How about the equipment though . Again, there was an effort at this with hava after the 2000 election. We made some progress, but this is something where i think a carrot over stick approach is best warranted so through grants and other means you might have at your disposal i would encourage some of the Election Officials to adopt certain Cyber Security standards. Voter registration lists were infiltrated. We have heard over and over again that we dont believe any of the votes were altered. I want to know how we can be confident that none of the votes were altered . First of all. The second question is, having if in fact thats the case, i dont think any of us should be sanguine they wont attempt to alter votes in future elections. I said based upon what i know i know of no evidence that votes were altered as a result of Cyber Attacks. But again, i have not had access to classified information in five months. And at this point you all are in a better position to know the answer than i am. So during after the election did dhs take any steps to determine whether or not the vote had been impacted by russians . What kind of steps could or would have been taken. No. Im not sure i have the authority to do that. I dont the department of Homeland Security does not engage in vote recounts, election recounts. There are others that have that responsibility. So what message would you like to send to state and local Election Officials regarding how vulnerable their systems are to compromise . I would say that your Voter Registration data bases are very vulnerable to exfiltration, exposure, and that all state Election Officials, local Election Officials, should undertake an effort to harden their Cyber Security, minimize the exposure of the process to the internet. And that this is serious and were not this is not just an academic exercise. Its a real threat because of what happened last year. Thank you. Mr. Stewart. Thank you, mr. Chairman and mr. Secretary. Thank you. I join with others in thanking you for your service. We had a chance to sit down last week at a dinner and i enjoyed that and walked away impressed as i think many people obviously would be. Im going to ask you a series of questions if i could. I got to tell you, i dont think youre going to like them. And i think they are going to be difficult to answer. But before i get to them i want to set the table if i could. I was in moscow last summer, came home from russia and i said they are going to mess with our elections. It wasnt based on any specific piece of intelligence, just on common sense and history and the things that we know. Some of them weve been discussing here today. I think we have to agree that this mission, they were overwhelmingly successful. Some kgb captain just got promoted to fourstar general. It was a resounding success from their point of view and they have to be thrilled with the outcome. If success breeds success and it does. Then we have to anticipate they are going to try to do it again. Not just here but as weve seen throughout other western democracies because democracies are vulnerable. I think i want to emphasize this point politically divided democracies are particularly vulnerable. I think thats where we find ourselves. We ask what do we do . Thats what weve again discussing. Thats the point of this hearing, the primary point of is what do we now do . Some of thats been diverted from i think our primary goal and some diverted unfortunately by what i think is political grandstanding. So i want to com back to it what do we do . Mr. Secretary, leads me to my questions yes, we can defend against email hacks. Its an obvious thing to do. I think we could train people not to be victims of phishing which is some of the dnc officials were. You can protect Voter Registration machines, but this is the difficult part. How do you protect against propaganda . How do you protect against false news stories . How do you protect against internet trolls we know are paid russian employees . And the last question, this is tough, how do you encourage a gullible press to be more a mature in their judgment, rather than playing to russian hands . I think those are the real challenges we have, and if you have hues on that i would love to hear them. Thats where were going cross ways in the future. All i can say is wow. Where do i begin . I appreciate that response, that indicates your agreement that this is a real challenge for us, is that true . I i would encourage you to look at a speech i delivered at Westminster College in missouri in september 2015. Where i said that i believed it was the responsibility of those who hold Public Office and seek Public Office to be responsible in their rhetoric. Those who command a microphone. Thats for starters. Because overheated rhetoric can hurt innocent people. God bless the First Amendment. You know, anybody with a keyboard now and access to the internet can say virtually anything they want about any public official in this room and you have little or no recourse because of the First Amendment and the way it is interpreted. Thats the age in which weve evolved. I grew up when we had gatekeepers to news. And i suspect you did too. Walter cronkite and others, in the 1970s if a big event happened in the course of the day, in my house it didnt really happen until Walter Cronkite told me it happened at 7 00 thats when i in my mind accepted it. Now with the 24 7 news cycle and the internet, and so many people out there who call themselves journalists, who can say virtually anything without fact checking, make virtually any accusation and there are a lot of people who rely on that information, its a new frontier. If i could sir, interject quickly, its not just who call themselves journalists, in too many cases they are journalists and some of the institutions and i wont name them but some of these reliable or formerly reliable Media Outlets that we know now have just as i said have completely played into russian hands in some of the reporting they provided. Yes, thats a whole separate subject. And i interrupted you. I dont know if no. I think my views on this subject are probably shared by lots of members of the committee. Thank you. Again, ill just to conclude, democracies are vulnerable, and its easy or at least easier to protect your email account, its achievable we can protect Voting Machines, but russian active measures are relentless, they are pervasive and we dont recognize it or as weve said, too often we play into their hands and make it altogether too easy for them. And we do that to ourselves. I think we have to have a conversation with our fellow americans about how do we discern whats real and not real and what is manipulated and whats not manipulated. It will be interesting to see what happens in some european democracies as their Elections Come up and in our own over the next few years the were better dealing with this. Finally again thank you for your many years of service. We are grateful for that. Let me just add to that in the time remaining. Every time i have an opportunity to sit down with a group of young people, like the interns here, i always ask the same question. How do you get your news . Im interested to know how young people receive news. And its not the way you and i grew up receiving news. When i do my daily commute in to new york city im probably the only person in the train in that car with a hard copy of a newspaper anymore. Thats how i still get my news or at least you know, im the second or third pass anyway. When i was at dhs i got my news through the daily intelligence briefing and then read the newspaper to see how they were covering the news. Its fascinating to me that more and more people are getting their news in more and more different ways. Less discerning ways. The americans are so if i receive it in the news unless its a sports score im not sure i believe it and even the sports scores im going to check twice. I yield back. I yield one minute to the Ranking Member. Secretary, i want to follow up on one of jackies questions. You mentioned that a message you would have for the states would be that their Voter Registration databases are vulnerable to exfiltration. If they are vulnerable are they also vulnerable to the manipulation of data within the Voter Registration database such that there could be uncertainty created if someone is eligible to vote and even more if there wasnt evidence of tampering with the vote counting machines, if those machines are wifi compatible, if they are thumb drives or through wifi accessibility, are the machines themselves potentially vulnerable next time . Yes and yes. To both your questions. Thank you. I yield. Thank you. Thanks again for your service sir. Thanks for being here. Help me understand last august to the question that miss spear touched upon. Dhs prided last august a readout after call with the National Associations of secretaries of state and other Election Officials. And quote, you were not aware of specific or credible Cyber Security threats related to the upcoming general election system. At the almost exact same time the state of illinois board of elections announced it had been hacked or some variation there of. Was this one of the reasons for your calls . What prompted the call if you believed what they said. They are not aware of any specific threats . The state of my awareness was evolving constantly. And the statement i made on august 15th im sure was a very careful statement based on what i knew at the time. What prompted the call was the general increasing threat environment that we were concerned about, and so i wanted to engage state Election Officials to encourage them to seek our Cyber Security help and to raise this issue of designating them Critical Infrastructure. I wasnt going to do that without engaging them first. Let me reference vice chairman senator warners letter to mr. Kelly. He references we know that dhs and fbi confirmed two intrusions into Voter Registration databases in arizona and illinois by foreign based hackers. There was suspicious activity at the election, databases of multiple other states. He references as have others. Could you comment on his request and what your reaction would be . He urges them to work closely with state and local elected officials to disclose which states were targeted, that they are aware of the threat and their Cyber Defenses are able to neutralize this danger. We are not made safer by keeping the scope and breadth of these attacks secret. Ive seen that letter, i dont have it in front of me. I think that what senator warner requested is probably a good request. Im not sure whether dhs itself could provide all of the information, but more awareness around this to raise concern about it i definitely endorse. I guess the question is why would you not want to make that public . We are briefed constantly on public Cyber Attacks. One of the things thats generally known is most of the time, on either sector, the entity doesnt know its been hacked. Is that correct . That is very often true. But any time somebody else finds out for them, is that correct . Any time you ask somebody to make a Public Disclosure you have to balance against that are you revealing a vulnerability. I think that is running around the farm right now. There may be others how many states would be left given the numbers you talked about earlier . Well, the number we talked about earlier is 39 but that was based on open source reporting. I dont know the exact number. In general im agreeing with what youre asking, whether there should be more Public Awareness and in general i dont have an issue. To finish the thought most know they have been hacked, for a long time before they are made aware and made away by someone else. True. That can be true, yes. What is your knowledge of how long it takes before they find out they have been hacked . It carries. Could be a long time. The actor can get into the system, be latent, lie in wait, given how some of these groups function. So weve been informed that i think they said Something Like 9,000 entities run a federal election. The degrees of sophistication obviously vary widely. I think the point youre agreeing to is they need Additional Resources but if they dont even know that they have been hacked, how can they know they need to come to you for assistance . All the more reason why and i preach this now in my private life, a preincident examination of your Cyber Security is definitely worthwhile. Because often you have been hacked and dont even know. I know what youre thinking this is a guy from chicago talking to me about election reform. We have a long and colorful history there but we sure dont want the russians playing the role. So we appreciate Cyber Security is just one aspect of election integrity, clearly. Obviously this is the one that worked, my time is about up but i thank you again for your service. Mr. Crawford. Thank you, mr. Chairman. Thank you mr. Johnson for being here. So designated our voting network, network is not the proper term but Critical Infrastructure . Yes. 50 states that all have that many different versions, variations and methods of voting. So that must be very difficult to be able to synchronize that and to implement comprehensive type of a security strategy, correct . Well, thats not quite the nature of a Critical Infrastructure designation. It prioritizes our assistance when they ask. It guarantees confidentiality and gives the protection of domestic and International Cyber norms. So, in your not a federal takeover. I understand. I wouldnt want that to be the case. But to your knowledge are there any states who have their actual voting terminals are they on line . There are states that have aspects of their systems on line. There are states for example i believe that use the internet or absentee voting. That could be compromised. Is that possible . It is a potential vulnerability, yes. But the actual when you walk in to vote whether it be early voting or on election day, you walk in there and either youve got a paper ballot or screen much like you see. Thats not online. Would not be subject correct. In just about every state as far as i know, yes. Following on what mr. Schiff said, if there was an attempt made to compromise that, to affect the tally of the vote count there would have to be a human component there, correct . Well, there is a human component behind every tiber cyber attack. Im speaking about somebody within the realm of that election and that state and that precinct or whatever to be able to affect the outcome of that tally from that place. You follow my question . I think i do. So for example if there was a malware placed on a computer in the county courthouse or whatever, and they took a thumb drive, inserted that into a terminal again, you cant directly hack into this. If your question is, is it impossible for somebody off offshore to manipulate an election result im not sure i would say agree with you. Tell me why. First of all, i give, i mean, you never know im not disagreeing. Never know the limits of human ingenuity. To the extent any part of this system or the reporting of a result exists on the internet we have to be concerned about the vulnerability of that, whether its from an actor domestic or international. And i think it was congressman schiff who talked about a ways in which malware can be implanted. So malware is generally affected by unwitting actors that may open up an email that could subject them to the malware. If what you are asking me is whether it can only be the case that somebody could affect an election if they are domestic based. Im not sure i would agree with that. Thats kind of the gist of where im going here is all of the offshore stuff, we have hackers around the world, russia in the context of what were talking about but there are others that played a role in trying to take active measures. My point is tor them to fully affect the outcome, would they not need to have some sort of complicit individual physically present to affect that . I dont think im prepared to agree with that. Just because cyber bad actors are extraordinarily clever, aggressive, so i dont think i could categorically agree. Without having access to this terminal through a network, and only being able to update that software on this terminal through a thumb drive, somebody would have to connect it to do that. Is what im saying. Im not a cyber expert. I learned lot about this topic the last three years. Thats a conversation you should have with people who understand these capabilities. Im going to yield to mr. Gowdy. Talking about free markets. Probably the last time i get to talk with you so im going to finish the way i started to thank you for your service to our country, do, judge, dod, and dhs. Our committee has been asked to do four things, what did the russians do with whom with who did they do it, what was the government response and then the issue of leaks. Youre a member of the Intelligence Community, a former federal prosecutor, can you speak to what a negative impact let me rephrase it. How important are our surveillance programs and to the extent that the felonious dissemination of classified material endangers the reauthorization of those surveillance programs how important and critical are they to our National Security . Based on my experience, reading intelligence every working day, in the front of my working day, i would say that intelligence, our intelligence collection capabilities are vital to the ability of National Security officials to do their job, to keep the American Public safe. I agree with your question in that the compromise of that type of intelligence endangers our ability to endangers our ability to continue this activity, compromising foreign partnerships, endangers those foreign partnerships. I cannot overstate for you how important it is that we have good intel, access to good sources, to do our jobs. Otherwise youre flying blind. Thank you, director. Five minutes. Seven. Thank you, chair. May i yield to the Ranking Member. I will be quick. Just on the point that my colleague mr. Gowdy raised. I fully concur with mr. Secretary these intelligence programs like 702 are critically important. There have been a number of leaks, we dont know where they have come from. Some may have come from agencies, some maybe from the president s own staff. I want to make sure that we dont jeopardize these programs by attributing leaks to sources when we dont know what the sources of those leaks are. We would ill serve the country if we do away with vital tools as a part of a political tact rather than based on the merits of those programs and any forms that are necessary. Thats just some commentary rather than asking for response. But ill yield back. Thank you to the Ranking Member. Mr. Secretary, was our democracy attacked this past election . Yes. By who . The russian government. And it sounds like based on your experience this attack that occurred could have easily been carried out not just by russia but other foreign adversaries, is that right . Yes. There are certain nation state actors, several that have those kinds of capabilities. Also could have been carried out by nonnation state actors like terrorist group, is that right . The level of sophistication that we saw last year im not sure the terrorist organizations that im familiar with would have that level of sophistication and capability but its an emerging threat. Certainly by cyber criminals . Yes. And youve described that the cost of this attack is the chaos that we find ourselves here today, that were Holding Hearings and as you describe were not working on issues like health care. The peoples business, correct. I think thats one of them, yes. And would you agree the first step to solving a problem, have you heard of this quote or idea, is to acknowledge that a problem exists . Sure. Yes. Why do you think that President Trump will not state that russia meddled in our elections . You would have to ask him, sir. Mr. Secretary ive seen various different statements from him on this topic. Does that concern you . Well, i think that a president , a secretary of defense, a secretary of Homeland Security, a secretary of state, depends upon the Intelligence Community and otherwise if you dont, you cant effectively do your job. Youre flying blind. Your Intelligence Community is what are your eyes and ears to do your job. Mr. Secretary, youve talked about what we need to do Going Forward and im glad you brought that up because this committee as mr. Gowdy referenced we had one of our duties is to get to the bottom of whether u. S. Persons worked with russia and its the fbi and department of justices job if they did to hold them accountable. I think we all agree that if we are back here in 2019 or 2021 after the midterm and the next president ial election, talking about a new hack and a new meddling, we have failed the people that we represent and you talked about in your statement that you came to the determination that election infrastructure should be designated as Critical Infrastructure subsection. Can you explain what this designation means legally and practically . Essentially three things. One, it means that when the sector seeks our Cyber Security assistance we prioritize providing it. Two, it means that the Certain Communications that we have with Critical Infrastructure are confidential and protected from Public Disclosure so as to avoid discussion about vulnerabilities and three, if youre Critical Infrastructure you have the protection of the International Cyber norm that says nation states should not attack Critical Infrastructure of other nation states. Would you agree conducting stress tests as we now due post 2008 on voter information and voter balloting systems would be helpful . Yes. Mr. Secretary, in addition to Structural Reforms to our election systems do you agree that just a general broader awareness would benefit the American People as far as social media trolls, fake news t dissemination of hacked information and how that can affect outcomes . Yes. Mr. Secretary. You said that in january you designated our election systems as Critical Infrastructure and i want you to comment on a claim that candidate trump made during the Campaign Season. He said remember we are competing in a rigged election to a wisconsin rally. They want to try and rig the elect at the polling booths or so many cities are corrupt and voter fraud is all too common. Did you find any polling booths were rigged . Well, as i said, i know of no evidence that as a result of any cyber attack ballots were altered or reporting was altered. That comment goes to Cyber Attacks. I cannot comment on the integrity of every voting machine in chicago or San Francisco or south carolina. After the election president elect trump said 3 to 5 Million People cast illegal votes. In your position as Homeland Security secretary did you find that that occurred . Im not in a position to comment on that. I heard the same claim. Im just not in a position to comment on that. And can you judge the credibility based on your experience and interaction with james comey . Do you find him to be a highly credible individual . Yes. Do you find john brennan to be a highly credible individual . Yes. And mr. Secretary, can you just talk a little about you talked about the importance of a carrot than a stick with our local election systems, i dont think any of us want to see a federal takeover but we dont want to find ourselves in a position like this again. What can we walk away from today and tell our local Election Officials that we could do together to make sure that they are better prepared the next time americans go to the polls . The process is vulnerable to future Cyber Attacks by those who are becoming increasingly aggressive ingenious and capable. So thats one. Number two, its in everyones interest at the local, state and National Level to ensure the Cyber Security integrity of the process, which is vulnerable and exposed in certain respects. We had the experience we had last year and from that we have to learn. If we do not grapple with this were failing as a democracy. And those of us in Public Office are failing the people we serve. Thank you, mr. Secretary, for your service and wish you well in the private sector. Seven memberships. Thank you, mr. Chairman. My line of questioning will focus on the january 6 Community Intelligence assessment. According to the unclassified assessment released on january 6th, quote, dhs assesses that the types of systems we observed russian actors targeting are compromising are not involved in vote tallying. Can you outline what are the key factors that allowed dhs to make this assessment that we successfully protected the integrity of our vote tallying system . It was the result of spending a lot of time examining state by state what the practices are and were. And that assertion was based upon our best available intel we had at the time. Can you speak more about the process of evaluating state by state i assume that began after the election, how long did that take . Well, after and before. After and before. And when i got into this myself in the summer of 2016, i was pleased to see that a lot of that analysis had already been done within dhs and in the interagency, so it didnt begin postelection. And one of the takeaways was that the Voter Registration databases are vulnerable because they can be infiltrated online but the way the tallying and voting and process works, it is largely offline and it is redundant in many ways. So if one avenue fails, theres another avenue. But that some of it does exist over the internet by way of absentee ballots, absentee voting and the like. And so that was the basis for that statement at the time. Thank you the absence of anything to suggest the tallying had been compromised. Thank you for that clarification. Other than providing an assessment regarding vote tallying systems, what was dhss role in any, if any, in preparing the Intelligence Community assessment . There were a number of recommendations that we made that i believe are in a nonpublic document, and in terms of the actual intelligence assessment, i believe we had a role in what you just stated. We had a role in making that assessment. But for the most part, what the russians were doing, sources and methods was the role of the Intelligence Community, cia, et cetera. Was there a reason why dhss role was so limited . I wouldnt characterize it as limited. You know, going back to october, the statement that was issued in october was a joint statement of dni and dhs. And our people were very definitely involved in the report that was issued on january 6th as well as some of the documentation for the actions we took on december 29th. Let me ask you about the october 2016 joint statement you just referenced. The quote that was included in that statement, it says you are, quote, not in a position to attribute scanning and probing of state election related systems to the russian government. And yet in the january i think i wrote that sentence. You did . Yes. Well, youre the correct person to ask then. Because according to the january 2017 assessment, the quote was russian intelligence accessed elements of multiple state or local electoral boards. What new information enabled attribution of this activity . Couldnt say in this session. Well follow up with you in closed session. Its a it is a documented theres a documented answer to that that will be reflected in intelligence reports im sure. The statement that i made on october 7th was accurate at the time based on the state of awareness at the time. We will follow up in a classified setting. Thank you very much for the answers. I yield back. Gentlelady yields back. Seven minutes. Sfwl thank you, chairman, thank you mr. Secretary for your testimony here today. The American People understandably are very concerned about the integrity of our democratic processes and our Voting Systems. Just so we can frame it very clearly, let me ask you, do you know of any law that requires even minimum basic cybersecurity protections for our Voting Systems . No. Any state law that requires it . Sitting here now, i dont know the answer to that question. There may be. And you described extensive efforts that you and others in the government took to work with the states on protecting the integrity of their Voting Systems and you noted that most states complied and came forward and worked with the federal government. But its also fair to say that some states did not come forward, is that right . Correct. For those states that did come forward and work with the government, the federal government, we dont know what they did with that information that we provided to them or that advice . Well, we do know, there were a number of vulnerables identified and reported to the states and i have to believe that they took steps to but were acted on good faith that they did . Well, it was in their interest to act on what we told them. Sure. But you cant say conclusively that they took the advice we gave them. I cannot say conclusively. There are probably others at the staff level in dhs who can give you more details about what we knew they did do. Okay. Thank you. We talked today about election systems and databases that state and local governments oversee and operate, but i want to ask you about our Major Political parties. The declassified Intelligence Community assessment noted that Russian Intelligence Services conducted Cyber Operations associated with both major u. S. Political parties. Discusses the systemic and relentless cyberattacks the russians perpetrated against the dnc. It does also note the russians collected on republican affiliated targets. Whats interesting is they did not conduct a comparable disclosure or dumping of Campaign Material against the rnc. Just this week, the private Security Firm upguard reported its discovery that an rnc contractor left an immense amount of voter data. In fact, 1. 1 terabytes according to the report. Exposed and unsecured in publicly accessible online databases. The report says the data included information on roughly 200 million americans. Clearly, neither Political Partys immune to the pitfalls of online data vulnerability or invincible to malicious hackers hunting for security lapses to exploit. In light of the proceeding discussion of election systems as Critical Infrastructure, which youve advocated for, do the Political Parties themselves, their networks, databases, financial and donor information, merit inclusion as well . Well, thats an interesting question. The danger with going down that road is you start to lose clarity about whats Critical Infrastructure and whats not. The definition that i wrote on january 6th very clearly was confined to election infrastructure and not political organizations. Because i thought we needed that clarity. So everyone knows what is Critical Infrastructure and what is not. But im not disagreeing with the premise of your question. I think there needs to be greater awareness around the cybersecurity of Political Institutions in general and Political Campaigns. And let me the next few keys are about consultations or how accessible essentially the resources would be to Political Parties. So when you were at dhs, was there any discussion in the government about whether campaigns should receive counterintelligence briefings or briefings about the threats to our elections or Cyber Threats to campaigns and is this something you would think is wise to do . Provided its done so on a bipartisan nonpartisan basis, i think that theyre i think that information sharing of, you know, threats is a good idea. And do Political Campaigns or the Major Political parties have the ability to work or contact dhs to obtain cybersecurity assistance or expertise . Can they go forward to yall and work with yall on this stuff . Yes. Okay. Do you have concerns about the security and integrity of primary election Voting Systems or databases . To the same extent i would for general elections, yes. And how should we approach the security of the primary elections as integral components of our general elections and overall electoral process . I think the same vulnerabilities that exist with respect to general elections exist with primary elections. Because to my knowledge states run primaries mechanically the same way they run general elections, with the same Voting Machines and the same voting mechanisms. All right, thank you. I yield back. Gentleman yields back. To extent questioning to seven minutes is yielded back. Hearing none, i recognize him for seven minutes. Thank you, mr. Chairman. And i would also like to associate myself with all of my colleagues that have thanked secretary johnson for his years of service to our country. Mr. Secretary, i have two sets of questions id love to chat with you about. The first sets are what ifs. And i ask these what ifs under context of were trying to figure out what could we have done differently and what should we do in the future. And i know one of the things that you were trying to do during your time as secretary of department of Homeland Security was the reorganization of the nppd. Right. If the nppd had been reorganized the way you had envisioned it, and lets say that had happened in early 2016, how would that have helped in dealing with this issue that we dealt with in our elections . Well, its difficult to its difficult to say had something been done the outcome would have been different. Ill say two things. One, i do think that there is strong advantage to reorganizing nppd into a lean and meaner organization that focuses solely on Cyber Security and Infrastructure Protection. Because the two are so interrelated that something we would need congress to do. I know that there are a number of people in congress who support that idea. I continue to believe it is a good idea. When it comes to the issues we made to engage state election systems, i was impressed with the apparatus we did have within nppd to do so and to address all of the states that came in and sought our assistance and that mechanism would exist when nppd was in its old form or its new form but in general i think that we need to reorganization nppd into a cyber and Infrastructure Protection agency just simply because there ought to be an agency of the u. S. Government dedicated to cybersecurity. Thank you, sir. And again, the next what if. And i recognize the difficulty of answering what if questions. But the goal is to try and understand how we could do things differently. Had the Electoral Systems or infrastructure been identified as Critical Infrastructure by dhs in early 2016, how would that have impacted the situation we just went through . I cant say. Its something that when i first addressed this issue with my staff and they first suggested it to me, i thought this is something we should have done a long time ago. Why isnt it. And one of the things they said to me was you could view it as already Critical Infrastructure because government infrastructure is already Critical Infrastructure. My view was we needed to publicly declare it to, you know, make a big deal over the fact that were going down this road for the domestic and international audience. And my next set of questions is really just in the interest of standardizing terminology and make sure were all seeing off the same page. Our utility system, our grid, thats identified as a Critical Infrastructure, correct . Correct. Has dhs ever taken over a grid or a utility Municipal Company . Not to my knowledge. Okay. Our telecommunications not sure we have the authority to do that either. Our Telecommunications Infrastructure is considered a Critical Infrastructure, correct . Correct. And has dhs ever taken that system over . No, no. Nor do we have the authority to do so. Good copy. Im just helping to baseline what a designation of Critical Infrastructure actually means. Youve said that many, many times today. Im not going to ask you to do it again. But this is, you know, a conversation ive engaged in many times as well. Scanning and probing. Could you maybe give us a quick explanation what that is . You know, when i started addressing this publicly, somebody said to me well, you know, jim comey made a statement publicly that there was scanning and probing of Voter Registration systems. And i said, thats a good phrase. So im going to lets use that phrase because i thought it captured what we saw and eventually what we saw was success in infiltrating Voter Registration databases, which i reported publicly but scanning and probing is basically looking into a locked box to see whats inside. Or its a passive tool that happens millions and times across the United States every single day. Would you agree with that . It can, yes. I dont know if id describe it as passive but yes. The Voter Registration databases that weve talked about, isnt the information thats contained within Voter Registration databases publicly available information . Not necessarily. It may depend on each state. Because in texas you can go down to the county office and get that information and im curious as to why our hostile actors were i definitely know that the financial systems, you know, whether its on the federal level, that is, through fec websites, every state has this information made available. Why would you think a hostile actor like the russians would be trying to hack systems the way the information is publicly available through a portal available to the public . Well, i dont know that in every case, in every state, the information that was examined was publicly available. My concern was that if a bad actor is doing this, it might be a prelude to wiping out or eliminating voter rolls or altering them in some way. Copy. I yield back the time. Begin by yielding a minute to the Ranking Member. I thank the gentleman for yielding. Mr. Secretary, i just want to thank you as we come towards the end of the hearing for your testimony today and for your profound service to the country. And i also wanted to acknowledge and thank my colleagues for the aid they gave to our colleague who was injured during the shooting last week and were glad that theyre safe and with us. And grateful to have them and thinking about our colleague and wishing him a very speedy recovery. I yield back. Mr. Secretary, thanks for being here. I want to talk to you about the future. The ic has assessed and we regularly hear it from both former and current government officials that the russians will be back. Theyll be back to disseminate fake news. Theyll be back to hack and steal and dump this information intended to harm good people. Theyll be back to find their way into the very infrastructure we trust to help us choose our elected officials. The very infrastructure we choose or trust to uphold our democracy. I think more than anything that puts this entire question into very vivid and stark relief and it is namely as follows. Im from the school that says america is exceptional. Were going on nearly a quarter millennium of the longest running democracy in the history of our planet. But its not just the longevity that distinguishes us. Its our rule by law. Its our free fair open elections conducted with integrity. And most importantly, quintessentially, it is the peaceful transfer of power. Nobody else has ever managed this. Regularly transfer power in a peaceful manner. And the winners and the losers accept the outcomes. Why . Because we are ruled by law. Because we do have free fair open elections. And that is what is at stake here. That which defines us. This goes to the very core of who we are. But my question for you, sir, just to be abundantly clear, will the russians be back . I think we have to assume for all the reasons that have been discussed here that the russians will be back and possibly other state actors and possibly other bad cyber actors. Fair to assume you are concerned if not worried about 16 and 18 elections and all others Going Forward . Yes. So you did an excellent job in the proceeding two hours of highlighting what you consider to be the greatest vulnerability, namely, the Voter Registration database. I just want to make sure that people understand that the harm here, the risk here, can be insidious. Because i think when people hear that, their reaction is, oh, the addition or deletion of names. But its more than that, is it not, sir . Could it not, as an example, include changing the spelling wholesale of a bunch of names such that when those voters showed up at the polling places, they were turned away or denied . Is that not yet one of many examples of how infiltration and manipulation of Voter Registration databases could wreak considerable harm . Yes, i think thats a fair question and i think thats a fair comment. One thing i do want to emphasize, though, we talked a lot about Voter Registration databases. When i was at dhs, i always encouraged my people, dont respond to the last attack, try to anticipate the next attack. So i think its incumbent upon all of those who managed the system to look comprehensively at where there are vulnerabilities. We focused on Voter Registration databases. I focused on them because that is a known exposure that we saw. And mr. Secretary, is it also not is it also true to clarify, this doesnt have to be done wholesale Voter Registration databases. This can be done in select or targeted communities or municipalities. And the undermining of confidence in our system would be, however, wholesale. Correct. Yes. I dont know how many times i lost count of the references to the adage that hindsights 20 20. I dont want to talk about looking back last year. I want to talk about how were going to look back at some point in the future. Ive always believed its easy to judge those who miss the obvious or the dangerous inflection points. Those who miss the chamberlains appeasement at munich would lead to world war. Or those who miss the passage of the gulf of tonkin resolution would lead to a war that arguably was unwinnable in vietnam. But the truth is there were plenty of people at those times who did know and who were raising their voices and who were ringing alarm bells. Its just the warnings werent heeded. My wish, my prayer, literally, is that some day we dont look back on today and this time and deeply regret that we didnt heed the warnings. That we didnt take seriously enough a foreign powers repeated efforts to undermine our democracy and make america weaker and to sew wholesale lack of confidence in our elections such that we do not accept the outcome, such that we do not peaceably and peacefully transfer power as is our nations heritage. And is that which distinguished us in the history of this planet. Because if we do, it will be too late. Thank you, sir, i yield back the balance of my time. Chair yields back. Mr. Rooney, seven minutes. Thank you, mr. Chairman. And i would like to associate myself with what mr. Heck just said. I think that that was very well said and very eloquent and i think that if theres any issue thats surrounding everything going on in washington right now that should unite especially this committee and what were doing, its what were doing here today, secretary johnson talking about the integrity of our elections. Theres one thing that we theres a lot of questions out there that remain unanswered. But theres one thing that i dont think is ambiguous at all. And its that the American People dont have confidence in the way that their vote was cast is actually true and real. Whether our guy won or next time your guy wins. And theres a question out there as to whether or not russia may have been able to mess with the numbers, then we really do see cease being the country that we are. Secretary johnson, ive known you a long time. I think we first met when i first got elected in 08 and we first met when you were i think in the house for five minutes in Patrick Murphys office. I appreciate your work as the attorney at the pentagon and then as secretary of defense. I think that you are a true statesmen and somebody were all very proud of regardless of party and its been an honor to get to know you over the years and to work with you. I do think that it needs to be said that and ive said this before in this committee, that if anybody out there in the countryside believes that russias not trying to influence our electoral process, this is your notice that they are and that they will continue to do so. Whether that is just merely propaganda through things like the rt or whether thats actual cyber intrusion like changing votes or deleting votes, weve seen no evidence in part thanks to you of the latter, but the former and the latter may very well be a real thing moving forward. Certainly think propaganda will continue to do so. I know that i can speak for the rest of the committee when i also say well, im speak for myself saying this. You said earlier designating the election systems as Critical Infrastructure after the election because you are worried it might drive people away, i think youre absolutely right in that assessment. That may be arguable. But, you know, certainly that i think that thats true. I also would say this. I hope that you work with secretary kelly in whatever lessons that youve learned and also sharing with him whatever the key factors were that helped you successfully protect vote tallying. I know that, you know, some staff might still be there or what have you, but for the sake of our country and for the sake of his successes, im sure that you are wishing upon him that we can move forward knowing in the next election cycle that he has every tool that he needs to be able to be successful as well. Being that im the last questioner on my side, my question is going to be specific with regard to florida. Ironically today the county of supervisors of elections is holding a gathering of all Florida State associations of election supervisors. And we called some of them today from my district and asked them about, you know, your designation. And there is a states rights versus federal intrusion issue. That theyre concerned about. But mostly theres a lot of lack of or just yearning for more information of what does that mean, what are we supposed to do, how do we tell the people of okeechobee county and Sarasota County and Charlotte County that your local supervisor of elections is in charge of counting your votes but that this designation that dhs has put out there is somehow this security blanket thats going to make sure that Russia Foreign entity isnt changing your votes . If you were talking to the now, would you tell them that the designation that you made means for them, and how their job and the local votes that are cast, is safe, secure and not being mandated by some federal bureaucrat in washington, and any other way other than protection . By analogy. Financial services, is Critical Infrastructure, which includes all the big banks and i do not run those banks. The ceos of each of them are responsible for their own networks, their own systems and what it means, most fundamentally is that we prioritize helping them when they ask. If they ask. And thats what the designation means. It doesnt mean that i get to regulate, i dont have the authority to regulate standards for Voting Rights and for reporting mechanisms. But there are lots of other Critical Infrastructure sectors where everybody is responsible for running their own business, not me. Its a matter of providing assistance to them when they ask. Its simply that. If there is a Palm Beach County situation, where i grew up. Is there some kind of a failsafe mechanism that would come in because that was the Palm Beach County butterfly ballot thing i dont even remember the year that was. But 2000. Now that this designation has been made, would there be some kind of a automatic trigger that would happen if a situation like that would happen where we felt like it was not because of a faulty ballot but because of actual intrusion by a foreign entity . Well the secretary of Homeland Security would not have the authority to go in over the objection of a local official and do a ballot recount. But the nature of it is that when states ask, when counties ask, we will come and provide whatever cyberassistance they ask. Assuming we have the resources and the capability, well do whatever we can with their Cyber Security, thats it. I appreciate your time and your service. And thank you, mr. Chairman. I yield back. If i could say, congressman, says the day we first met, i have very much been impressed with your service in congress. Thank you, did everybody get that . Thank you. Some of the things youve pushed through as legislation, im very much appreciated them. Hes a congress, not a banker. Since adam did, i want to thank you. But we also cant leave not acknowledging officers greiner and bailey. The Capitol Hill Police officers, professionals and heroic. And i was right beside them watching them work to do what they said they would do best and that was to get between a really bad person and the rest of us. I cant thank them enough for what they did. Heroes to absolute best tradition of what that really means. Appreciate the nations prayers for steve and matt micah. Rhinert was wounds as well, bailey. With respect to todays hearing, thank you very much for doing it and we appreciate that. Cyber threat is ongoing and will get tougher and harder. Weve got maybe lucky this time that it was not successful in causing any more problems for our systems than we have. I would hope that National Association of state secretaries and state would take to heart your message this morning and they would form a working group or task force to build that best practice, build that system on their own that would allow themselves to police it and create it. Theres to one better at doing that than the folks responsible for doing that. I would hope if they dont have that in place that theres, an Aggressive Campaign to to build that best practices and or standards by which they would hold themselves to that would give all of us a lot more comfort in making that happen. Again secretary johnson, thank you very much for being here this morning, were adjourned. Thank you. Announcer after the hearing, reporters had a chance to question house Intelligence CommitteeRanking Member adam schiff and former homeland secretary jeh johnson. Heres some of that exchange the hearing room. So youve had just about every to have official from the Obama Administration come by so far. How much longer can we expect this process to take . I think one critical part of this as we did today is the open component of our investigation. Most of our hearings are going to be in closed session. But as much as we can share with the public, i think its very important. One key element of our investigation is the one we really discussed today. And that is what have we learned from this. What was the u. S. Government response. How can we make sure that in the future we respond with greater alacrity. That we provide some deterrent to a foreign interference, but also that we make sure that the federal government and the state and local governments are working hand in hand to make sure we protect our elections infrastructure. So thats a key part of our investigation. That is looking at our response and figuring out what can we learn from this and what do we need to do to protect ourselves in the future. When you met with the counsel last night, was he concerned that hearings like this one are going to overlap or interfere with his outside investigation . I would say we discussed how we can coordinate both of our efforts as well as the effort in the senate to make sure that we can give them a heads up in terms of the course of our investigation that we dont intrude on the potential prosecutorial equities. He wants to make sure that what hes doing isnt going to impede what were doing, either. Its a good discussion, it wont be the last discussion. Well need to continue to be talking with each other as we go forward. Have you guys heard from the white house in your request for any copies of tapes of comey especially Going Forward . We have not heard anything more than what the white house has been saying publicly. Which is of course has been very ambiguous. But we would hope and expect that the white house would comply with our bipartisan request and we will know by the end of the week. Do tapes exist . If they do, theyll need to be preserved and theyll need to be provided to our committee. Well our Committee Practice has been we begin by asking for voluntary compliance with our requests. If those voluntary requests arent met we follow up with a compulsory process and i would assume that would be the practice here as well. Thank you. Good afternoon, i just completed two hours of testimony before the house Intelligence Committee. As i said in there, during my time as secretary of Homeland Security, i testified 26 times. Its no longer part of the Job Description. But when i was invited to come here, i came here because i thought it was important. Im glad that this committee has undertaken an investigation of this very important matter. Last years intrusion into our political process by the russian government, i think its important that the committee come to answers about how we can prevent this in the future. I was happy to be part of that process today. I was impressed by the nonpartisan tone of the hearing. And i hope that both intel committees in congress continue to conduct themselves in this fashion. I think its important to the American People that we arrive at solutions to preventing this type of cyberattack from happening in the future. And its important to the American People that we harden our Cyber Security around our democracy. So i was glad to be here. Though im a private citizen, i came here in my capacity as a concerned private citizen. To try to help the committee. Struggle through this very big and difficult issue. So thats it. Can you talk a little bit about are you disappointed in the dnc for not doing more to try to protect themselves . Ill let my statements in the hearing and my prepared statements stand for themselves. Do you believe that President Trump takes the threat from russian interference in our election seriously enough . Youd have to ask him. Youd have to ask him. As a private citizen, when youre watching the congressional response to the Russian Election meddling, do you think that theyre doing enough . Do you think that theyre doing too much based on what you know . I want, the committees are focused on a lot of different things. I think the overarching issue, the big issue, and lets not lose sight of the big issue, the big issue here is the cyberintrusions on our democracy last year and how to prevent that from happening in the future. For the sake of our democracy, so thats the overarching, overriding issue. And i hope that people in congress, in government do not lose sight of that picture. All right. Do you think that people have been losing sight of it based on the daily confusion . Well todays hearing was about that overarping, overriding issue. And i hope that congress and people in the executive branch stay focused on that bigpicture issue. Thanks a lot. Got to go. Got to go. Thanks. That hearing with former Homeland Security secretary jeh johnson is available in its entirety online at krnspan. Org. It will air later this evening in a primetime schedule. Can you find that Information Online as well. Now we take you to another hearing this is with acting fbi director andrew mccabe. Hes testifying on the president s 2018 budget request for the agency. It should be getting under way shortly this is live coverage on cspan 3