Good morning. Ive asked Rick Crawford to open with a plan. Lord, thank you for the blessing of this nation. I ask that her people would strive to be worthy of that blessing. Prey for humility and temperance and all that we do be pleasing to you. Amen. In consultation with adam, without objection i make a motion to give each member seven minutes to question the witnesses. Is there discussion on the motion . Ask unanimous consent. Everybody would get seven, including adam and i. Thank you. The meet would go come to order. Id like to welcome our witness, former head of National Security, jeh johnson. As a reminder, we are and will remain in open session. This will address only unclassified matters. To our guests, welcome. We appreciate the public and media interest in the committees work. Disruptions to todays proceedings will not be tolerated. At this point in time, mr. Johnson, will you please rise and take an oath . Do you swear or affirm the testimony you will give before this committee will the truth, the whole truth and nothing else . I do. I recognize myself for five minutes. This committee is charged with getting to the bottom of the facts regarding russias involvement in the 2016 election and what, if any, steps were taken by the u. S. Government to prevent such interference in our election. While our investigation seeks to get to the truth of what happened during last years election, it also seeks to provide recommendations for improvement. One focus of the committees investigation is the u. S. Government eaves governments response to russian cyber activity in the election. Dhs also assessed that, thankfully, the systems russias actors targeted with not involved in vote tallying. However, the prospect of any foreign adversary meddling in our election system is disturbing. It is a cornerstone of our democracy and foundation of our selfgoverning republic. Any access threatens our basic freed freedom. You were at the helm and you made the decision to designate election infrastructure as Critical Infrastructure in january 17. I hope your testimonies today will provide this committee and the American Public with a better understanding of what exactly happened and what more could have been done, if anything, to prevent the russians from interfering in our elections. While i commend your efforts to safeguard the integrity of the vote tallying systems, its troubling that dhs and other agencies did not respond more quickly to the russian hacking. Were also here to talk about the future. Given all that we know about the growing threat post by cyber intrusi intrusio intrusions, why did our systems remain so vulnerable. I hope you will discuss these challenges and assist the committee with identifying the solutions. With that i recognize the Ranking Member, mr. Schiff for five minutes for his opening statements. Thank you, mr. Chairman. Former fbi director james comey revealed for the first time that he opened counterintelligence investigation last july to determine whether any u. S. Persons associated with the Trump Campaign had coordinated or colluded with the russians efforts to interfere with our election. We heard last month from john brennan who helped us to understand what the russian government did, how they did it and what motivated them. He testified that information he was seeing concerned him so greatly that he began sending Counter Intelligence leads to the fbi for investigation. Today well hear testimony from former secretary of Homeland Security jeh johnson about how the u. S. Government responded to this unprecedented interference in our political affairs, what threat the russians posed to our elections infrastructure and what steps we took to pro secretary our institution, and deter the russians from further meddling. By the middle of last summer it was clear the russians were determined on weaponizing our system by donald trumping dumping emails and affecting the Hillary Clinton election. What we saw alarmed us and we believe it was incumbent on the administration to inform the American People what was going on. On the same day that donald trump was urging the russians to hack Hillary Clintons emails, the senator and i wrote to then president obama urging the administration declassify and release any Intelligence Community assessments related to the dnc hack and develop a swift and powerful response. Over a month later when the administration had still made no Public Statement informing americans about what the russians were doing, senator feinstein and i took the extraordinary step of issuing our own Public Statement, carefully vetted by the Intelligence Community attributing the hack to russia and senior levels of the kremlin. It would be yet another month before the government would declare the russians behind the election when you issued your october 7 statement and it wouldnt be until well after the election that when it closed assets used by the russians used to hack the election in america. What led to such a long delay in making attribution and why would the most significant step of imposing costs on russia for its interference come only after the election and what other Lessons Learned . At its heart our democracy relies on the trust of the American People in its institutions. The events of last year and of the future are a star warning that we must guard our democracy and we have our work cut out for us but the world is counting on us to be up for the challenge. I thank you for your Extraordinary Service once again and your testimony today and i yield back. Thank you, adam. Secretary johnson, have you got a statement for the record and would you like to make an opening state . If so, please proceed. Mr. Chairman, you have my prepared opening remarks. Just briefly in the time permitted me, representative conway, representative schiff, members of this committee, you have my prepared statement, i will not repeat it here. In three years of secretary of Homeland Security, i had the privilege of testifying before congress 26 times. Though it is no longer part of my job description, i voluntarily accepted the invitation to be here today as concerned private citizen. In 2016 the russian government at the direction of Vladimir Putin himself orchestrated Cyber Attacks on our nation for the purpose of influencing our election. That is a fact, plain and simple. Now the key question for the president and the congress is what are we going to do to protect the American People and their democracy from this kind of thing in the future . Im pleased that this committee has undertaken this investigation. I welcome it. My sincere hope is that in bipartisan fashion you find answers. Last years very troubling experience highlights cyber vulnerabilities in our political process and in our election infrastructure itself. With that experience fresh in our minds and clear in the rear view mirror, we must resolve to further strengthen our Cyber Security generally and the Cyber Security around our democratic process specifically. Im prepared to discuss my own views and recommendations on this topic and i look forward to your questions. Thank you. Thanks, mr. Secretary. I recognize myself for seven minutes. Again, thank you for being here this morning. A lot of questions will be asked about details. We start with a toplevel kind of conversation about dhss mission with respect to cyber, it can particularly given how intertwined it is with Voter Registration, vote tally, all of those good things and if you wouldnt mind folding in what appears to be a delay between when the fbi seems to be aware of things going on and dhs being informed and how is the relationship with fbi relative to this infrastructure at the time and maybe Going Forward. So if youll weigh in on that, id appreciate it. A couple of things, sir. First, i think the roles of the federal agency, in Cyber Security spelled out pretty clearly last year in ppd41. Basically Law Enforcement, the fbi is responsible for threat response, dhs is responsible for asset response. So the crime, Law Enforcement, fbi, patching vulnerabilities, detecting bad acting in the system, dhs. The way i liked to explain it publicly when i was in office is james comey is the cop and im the fireman. On a personal level with jim, we worked very well together. Ive known him for 28 years, from the days we were assistant United States attorney s together in manhattan and at the top of both agencies, we worked well together. Down to the field Office Working level, we were always fully coordinated, no, but i was impressed that day to day the process seemed to be working well. Every morning in my intelligence briefing, there would be an fbi briefer there with me, to give his assessment and tell me what the fbi feedback on something was. So there is that. I spelled out in my opening statement, my prepared statement the first time i recall hearing about the hack into the dnc, and i recalled that it had been some months before i was learning of this that the fbi and the dnc had been in contact with each other about this. And i was not very happy to be learning about it several months later, very clearly. Well, theres two things i guess going on. The dnc hack was at some point in time. What was the delay between the hacks that fbi was aware of or who found the hacks or the scanning, as you call it, of the various Voter Registration systems, the attempted intrusions perhaps into the voting records, who discovered that. If it was the fbi, how long was there a delay between that and your because using your analogy of the cop and fireman, that the flames are going up, we need the fireman there first. What was the delay between the infrastructure my recollection and part of this is from open source reporting ive read more recently is that the fbi first discovered the intrusion. Intrusion of the state systems. Into the dnc. Okay. And i recall very clearly that there was a delay between that initial contact with the dnc and when the report got to me as secretary of dhs. It may have been that there were others at the staff level in dhs who were pretty to this before it filtered up to me in an Intelligence Report but thats my recollection. But i was asking lets ignore the dnc for the moment and talk about the attempts at scanning or whatever the russians did with respect to the election systems, Voter Registration documents. When was that discovered and who discovered it and if it wasnt dhs, then what was the my recollection is that the initial scanning and probing around Voter Registration systems was discovered in late august. Could have been mid, could have been july, but late august in my mind and my recollection is that once it was discovered, that information came senior people pretty quickly. Okay. Is there enough its one thing for the director and the secretaries to have good personal working relationships. Institutionalizing that is what were about. That ebbs and flows depending on whos in those jobs. Is the system of notification between fbi and dhs and that working, is there any impediments to that not working on its own without the Good Relationship that you and mr. Comey had at the time . In my observation, it worked pretty well but could stand improvement. Very definitely. And i think its incumbent on the leaders of both organizations to instill that in their work forces. I think it worked pretty well together in my three years but there were glitches. There were instances where we did not communicate as effectively as we could have. One of our purposes this morning was to reassure the American Public with respect to the 16 election and also secondly look at what we do in future elections Going Forward. You said in your opening statement, in your prepared remarks that to your knowledge there was no vote tallying changes, that no ones vote was they voted one way and it recorded some other way. Is that still your opinion with respect to the 16 election, that the intrusions, whatever it is the russians did, did not affect the actual voting itself . Based on everything i know, that is correct. I know of no evidence that through cyber intrusions, votes were altered or suppressed in some way. Okay. Lessons learned in moving forward, youve designated the Voting System as Critical Infrastructure. In the remaining time, can you give us kind of a quick snap as to why that was important in your mind . It was important in my mind because Critical Infrastructure receives a priority in terms of the assistance we give on Cyber Security. Thats number one. Theres a certain level of confidence, of confidentiality that goes into the communications between Critical Infrastructure and the department that are guaranteed. And number three when youre part of Critical Infrastructure, you get the protection of the International Cyber norms. Thou shalt not attack Critical Infrastructure in another country. And so those were the principal reasons to do this. There are 16 sectors already that are considered Critical Infrastructure. In my view, this was something that was sort of a nobrainer and in fact probably should have been done years before. Im pleased secretary kelly has reaffirmed it. Does that include the parties and infrastructure around candidates . Or is that just the mechanics of voting itself . If you read the way i wrote the statement on january 6th, its pretty much confined to the election process itself, election infrastructure itself, not the politicians, not the Political Parties. Thank you. Time expired. Recognize the Ranking Member. Adam . Thank you, mr. Chairman. Mr. Secretary, in the late summer of last year it became apparent that the russians were doing more than gathering foreign intelligence, that they were the in fact dumping it in a way designed to potentially influence outcomes, not by affecting the vote machines necessarily but by affecting American Public opinion with the dumping of these emails. So thats happening in late summer, mid to late summer. Why did it take the administration so long to make a Public Statement that a foreign adversary was trying to influence the American Election . The statement didnt come until october. Why did we wait from july until october to make that statement . Well, congressman, im going to disagree with your premise that there was some type of delay. This was a big decision and there were a lot of considerations that went into it. This was an unprecedented step. First, as you noel, we have to carefully consider whether declassifying the information compromises sources and methods. Second, there was an ongoing election. And many would criticize us for perhaps taking sides in the election. So that had to be carefully considered. One of the candidates, as youll recall, was predicting that the election was going to be rigged in some way. So we were concerned that by making the statement, we might in and of itself be challenging the integrity of the election process itself. This was a very difficult decision in my personal view. Its something we had to do. It got careful consideration and lot of discussion. My view is that we needed to do it and we needed to do it well before the election to inform the American Voters of what we knew and what we saw and that it would be unforgivable if we did not preelection and im glad we did it. You know, every congressman, every big National Security, Homeland Security decision ive made in my time, somebody always criticizes you for doing it and somebody else criticizes you for not doing it sooner. Jim clapper and i made the statement on october 7th, and im glad we did, frankly. I think the larger issue is it did not get the public attention that it shouldve frankly, because the same day the press was focused on the release of the access hollywood video. Thats what made our news below the followed news that day. I want to ask you about that as well. Couple things. There were certain allegations by one of the campaigns, the Trump Campaign that the process was rigged. Yes. But the allegation wasnt being rigged by a foreign power. Why wasnt it more important to tell the American People the length and breadth of what the russians were doing to interfere in an election than any risk that it might be seen as putting your hand on the scale . Didnt the public have a compelling need to know, notwithstanding the claims made by a campaign about a different kind of rigging, and the need to rebut the idea that this was being presented to the public deliberately to influence the outcome . Yes, yes, and yes, which is why we did tell the American Public everything we were in a position to tell them on that date. Youll note from my statement that we attributed the hacking directly to the russian government. We were not then in a position to attribute the scanning and probing to the russian government. We did say it was coming from a russian based platform at that point but at that point we told the public everything we believed we could tell them and im glad we did, so the priority of informing the American Public did override all of those other considerations which is why we did what we did. Secretary, you mentioned, though, that the statement you issued didnt get much attention because of the timing of access hollywood. When it didnt get that much attention, why didnt the administration go further, why didnt the president for example, speak about this . It was left to yourself and director clapper to issue written statement without any further elaboration. There were no steps taken for example, to impose sanctions on russia. Why werent those additional steps taken when the first notice really was essentially overlooked by the public . Well, you shouldnt view the october 7th statement in isolation, sir. First, i had been engaging state Election Officials since august and i had issued a Public Statement on august 15th. I issued a Public Statement on september 16th informing the public and state officials what we knew at the time. I issued another Public Statement on october 1st. Theres the october 7th statement then i issued another statement on october 10th. So this was an ongoing effort to inform the public about everything we were in a position then to tell the public. It wasnt just the october 7th statement. Now that october 7th statement was notable in another way in that it didnt include james comeys signature as the agency that would be foremost had the foremost responsibility for the forensics of attribution. Why wasnt his signature on that statement . Well, the thinking was that a statement should come from the Intelligence Community and jim clapper then sat atop the Intelligence Community as the dni. Separately, we wanted to put out a statement from dhs about what state Election Officials can do about this and again encourage them to come to us. At some point in the discussion, jim and i decided to just make it a joint statement and thats what happened. There have been public reports in the last week or two that the russian probing of our elections infrastructure was far more widespread than has been publicly acknowledged and may have effected dozens of states. What can you tell us about what was known at the time and what you know now in terms of the length and breadth of russian probing of our elections infrastructure, how widespread was it and did it go beyond penetration of voter databases or manipulation of data in any way . It was very definitely in the fall a growing list of states where we saw scanning and probing around Voter Registration databases which concerned us greatly. As i think i stated in one of my Public Statements, probably the october 1st statement, in at least one or two instances the effort was successful at an intrusion. There was a growing list and we saw the scope of this activity expanding as time progressed and then eventually in january were in a position to say that this activity itself was also the russian government. Now, i too have seen the more recent reports. I have not had access to classified information for five months so im not in a position to tell you whether its right or wrong but very definitely as fall progressed we saw a progression of scanning and probing activities around Voter Registration databases which concern me, which is why i kept encouraging state officials to come and seek our help. Did that involve a majority of the states . Yes. And i was very pleased about that. Eventually im sorry. I dont mean that they took you up on the help but did the russians probe a majority of the states voter databases . I dont know the final count because i havent had access to the intel for the last five months. I know what i see open source and im not in a position to agree or disagree. Ive seen open source in 39 states, and im not in a position to agree or disagree. Five minutes. Good morning, mr. Johnson. Morning, sir. I want to start by thanking you for your service to our country which includes a very successful stint as a ausa so you will recognize some of my questions as being leading questions, they are not leading from the standpoint of im trying to trick you, its more in the interest of time. If you Say Something you disagree with me, interrupt me, stop me. Its just in the interest of time i want to see if we can get some things out of the way that we all agree on. Russia has a history of cyberattacks against our country, is that true . Yes. And are the parlance of our former jobs russia would be considered a career offender as it comes to seeking to undermine the foundations of our republic. They are constantly trying to attack the foundation of our republic. Is that fair . I think thats a fair statement. Theyre a career offender. They have a history of cyberattacks on our country. We suspected before as do others, by the way. Sir . As do others, by the way. Yes, sir. Its not just them, but for purposes of this morning i want to focus on russia. We suspected before the november 11 elections that they might attack our voting infrastructure, is that fair to say . Yes. In fact, you warned that they were going to do so. I was very concerned that they would do so, which is why i kept issuing all these Public Statements, yes, sir. All right. At the time you separated from service in january of 2017, you have seen no evidence that the russians were successful at changing voter tallies or voter totals. Correct. At the time you separated from service in january of 2017, had you seen any evidence that donald trump or any member of his campaign colluded, conspired or coordinated with the russians or anyone else to infiltrate or impact our voter infrastructure . Not beyond what has been out there open source and not beyond anything that im sure this committee has already seen and heard before directly from the Intelligence Community. So the only thing id have on that is derivative of the agency has and the Law Enforcement community. Speaking of the Intelligence Community, it strikes me that most of the information currently available was available in the fall of 2016, most of the intelligence products that are relied upon to form certain assessments, that underlying data was available in 2016, some of it before the election . Im not in a position to agree or disagree with that, because i dont have access any more to intelligence over the last five months. Well, looking at this a different way, before the election in november of 2016, you had already seen evidence of russian efforts to impact our election, in fact, you testified. Yes. They had a preference for a candidate, they were aggressive and i think you used the phrase plain and simple. Yes. With respect to efforts to hack into the dnc and other political organizations, yes, very clearly. All right. Correct. This is i guess what im getting at. They are a career offender when it comes to attacking the foundations of our republic, they have a history of cyberattacks on our country. You warned before the elections that they may attack our voting infrastructure. After the election, president obama took steps to target russia and you took steps to consider our voting apparatus to be Critical Infrastructure. Given what we knew before the election, what more could we have done and should we have done we werent surprised that russia was doing this to us, they always do it to us. So what more could we have done, should we have done before the election . Well, hindsight is brilliant. Hindsight is 20 20. Ill preface my answer by saying, i think it was unprecedented the scale and the scope of what we saw them doing and there had very clearly been intrusions before by a number of state actors as im sure youre aware. In retrospect it would be easy for me to say that i shouldve bought a sleeping bag and camped out in front of the dnc in late summer with the benefit of hindsight. I can tell you for certain that in the late summer fall i was very concerned about what i was seeing and this was on my front burner all throughout the preelection period in august, september, october and early november to encourage the state s to come in and seek our assistance and im glad that most of them red and blue did. Hindsight is perfect, 20 20 but im satisfied that this had my attention, it had the attention of my people, because i pushed them at every step of the way to make sure we were doing everything we could do, but obviously there are Lessons Learned from this experience and for the future, theres probably more we can and should do. For the states if i remember correctly you had a Conference Call or otherwise communicated with the states to offer them your assistance prior to the election. Correct. If i remember your testimony correctly, their response vacillated between neutral and opposed. Correct. It was to the issue of designating them as Critical Infrastructure, correct. Okay. Do you know without naming the states whether any of the states most vocally opposed to that designation were, in fact, impacted by russian efforts . Id have to look at both lists. If youre saying impacted, were those States States that had their Voter Registration databases scanned and perhaps infiltrated. Id have to look at both lists. I dont have that information off the top of my head. Im wondering, if any, of the states most vocal in need ing your help actually needed it the most. They didnt reject our help. 36 of them accepted our help, but they were resisting the idea of a designation to be Critical Infrastructure, which i went ahead and did anyway. What would that designation have done in november or in october, what would that designation have accomplished had you done it in the fall of 2016 instead of january . As i outlined the earlier the advantages of that declaration but in the shortterm my assessment was that we needed to get them in, we needed to bring the horses to water to seek our cybersecurity help and so making the designation would have in my assessment driven them in the opposite direction and my number one priority preelection was to get them to seek our cybersecurity help and for the most part they did. Thank you, mr. Secretary. Time has expired. Mr. Heinz, seven minutes. Thank you. Ill begin by yielding a moment to the Ranking Member. Thank you. Just a quick followup. Youve been asked, mr. Secretary, about whether the vote tallies were impacted. Some have suggested that because the actual counting of the votes by the machines wasnt impacted that therefore youre testifying and others have testified there was no effect on the election. These are two quite different things. In your written statement, you state im not in a position to know whether the successful russian government directed hacks of the dnc and elsewhere did, in fact, alter Public Opinion and thereby alter the outcome of the president ial election. Correct. Do you stand by that . Yes, and thank you for that clarification. Its not really the job of the Intelligence Agency to determine if the information that was dumped had a determinetive effect on the outcome only whether machines were impacted, not people. Youd need a social scientist or a pollster to do that. I want to ask you about the information concerning potential coordination with the russians. Are you aware of the basis because weve heard testimony that the fbi investigation was somewhat compartmentalized and even director clapper wasnt fully aware of what we went into the fbi Counter Intelligence investigation, are you awar of the information that formed the basis for director comey opening a counterintelligence investigation as you testified in july of last year . No, not as i sit here and if i did, im not sure i could talk about it in open session but i do not. Im not going to ask you to. Do you believe that director comey would have opened a counterintelligence investigation on a president ial campaign lightly or on mere hunch . No. He would need evidentiary information basis to do so . Based on everything i know about james comey and fbi, yes. I yield back. Thank you and good morning mr. Johnson. I want to start by asking you, mr. Gowdys questions and your responses established this is not a new thing. This meddling in our election, weve seen it before. I want to come back to that. Weve seen it before and weve heard from others that the meddling in the 2016 election was unprecedented in its scope and reach, so i wonder if you might take a minute or two and help us better understand why it was unprecedented . What was different about this particular array of meddling versus what weve seen in the past . Weve seen a history of various different types of bad cyber actors intruding into infiltrating political organizations, Political Campaigns and thats what i was referring to. When i say that this effort was unprecedented, what i mean is, that we not only saw infiltrations but we saw efforts to dump information into the public space for the purpose of influencing the ongoing Political Campaign and it was widespread. In that respect and we knew it was happening, so in that respect it was very much unprecedented. Can i just instill with your testimony we had seen scanning queries what we might consider espionage, trying to gather information but we had never seen what the russians called active measures. That is to say, the insertion of information designed to alter and outcome, thats what makes this unprecedented . Yes. Thank you. Lets step back away from this a little bit. We have seen this before, 2008, chinese hackers targeted then candidate barack obama, john mccain. We saw it in again in 2012. My question is as you assumed your duties at Homeland Security, how were we thinking about this . Were we thinking about this issue in a constructive way prior to the last election . Good question. It became a front burner item for me in summer 2016 and i began discussions with my staff about what should we be proactively doing to help state Election Officials prepare. I was pleasantly surprised to know that there was an Election Assistance Commission and that dhs had collaborated with that and that there had been an ongoing dialogue through the eac, through state secretaries of state, going back to election cycles past, but this this was now becoming a matter for me as the secretary of Homeland Security. It was becoming front burner for me in the summer of 2016 but there had been that ongoing dialogue. So summer 2016 this becomes front burner implying that this had been back burner. What was the catalyzing event that moved it from back burner to front burner. For me personally, it was the reports we were receiving about efforts to intrude into the dnc and the emerging intelligence picture. Okay. Lets get a little more granular here. It becomes a front burner issue. Were there certain parts of the process at the time the voting machines, the Political Party databases, the politically associated organizations that we understand may have been probed that you thought were particularly vulnerable at the time . Voter registration databases. In the course of learning about this issue, myself, i took a look along with my staff at the practices in the different states. They tend to vary but for the most part there are redundancies in the system and most of it exists off the internet in terms of collecting votes, reporting votes. There are a few states where it does not, but the states with some doj Election Assistance Commission help have been engaging in some best practices but they tend to vary all over the lot, but what we were most concerned about, what we were seeing were efforts at compromising Voter Registration databases. Okay. You said something that in my very limited time, you said that you thought there is more that we could and should do to address this issue. Can you just elaborate . If you were still secretary of Homeland Security, what would your recommendations be . A number of things. One, i would as a congress think about whether i would think about grants to state Election Officials to help them harden their cybersecurity. I would raise Awareness Among state Election Officials as well as, you know, public in general employees of state governments raise awareness about the evils and the hazards of spear phishing. I think at a National Level there should be in this Current Administration somebody who really does take the mantle of cybersecurity on full time to highlight this issue, to lead the charge on this issue. My preference would be its somebody within dhs but we really need a National Leader to take charge of this issue but first and foremost on the ground we need to encourage state governments, state Election Officials to engage in best practices when it comes to vote tallies and so forth. And through grants, we ought to consider grants. I hear that from state Election Officials themselves. Thank you. Mr. King, seven minutes. Thank you, mr. Chairman. Secretary, its good to see you again. I had a privilege of working with you on the Homeland Security committee. I commend you for your service. Truly outstanding job. And now as a successfully lawyer im sure. Just a few points before i yield to mr. Gowdy. Can you elaborate more on what the dhss connection with the dnc was or consultation with the dnc after it became aware of the hacking as to what was offered them, what they accepted . Was there any level of cooperation at all . To my disappointment, not to my knowledge, sir. And this is a question i asked repeatedly when i first learned of it, what are we doing . Are we in there . Are we helping them discover the vulnerabilities . Because this is fresh off the opm experience. And there was a point at which dhs cybersecurity experts did get in to opm and help them discover the bad actors and patch some of the exfiltrations or at least minimize some of the damage so i was anxious to know whether our folks were in there and the response i got was, fbi had spoken to them, they dont want our help, they have crowd strike, the Cybersecurity Firm and that was the answer i got after i asked the question a number of times over the progression of time. That was i assume totally different from the reaction you got from opm. The opm effort we were in there on site helping them find the bad actors. Do you know who it was at the dnc who made that decision . I dont, no. Do you know if the fbi continued to try to help, try to assist . Ive read in the the New York Times about those efforts, sometime earlier this year. I moved to strike all references to the the New York Times. I would just say, maybe its editorializing my part, its an unusual response of the dnc. If youre talking about a president ial election, you have an unprecedented matter of cyber hacking by a foreign power, an adversary from my point of view, and they would not accept all the help they could be given especially it sounds as if not that you would be part it sounds like a Republican Administration trying to intrude into the dnc, this is an impartial governmental entity of the fbi, dhs and they didnt accept it. I find that very hard to comprehend. My interest in helping them was definitely a nonpartisan interest. I know that, yeah. And i recall very clearly that i was not pleased that we were not in there helping them patch this vulnerability. The nature the nature when youre dealing with private actors and even political organizations, we dhs does not have the power to issue a search warrant and go in and patch their vulnerabilities over their objections. I understand that. Moving ahead, was there any significant intelligence or information that came about after the election that was not available before the election . In other words, if there was so much out there, if the administration was so concerned, why was it that suddenly after the election seemed so much serious action was taken, the sanctions, the sanctions in particular and also the Public Statements by the president , by the Intelligence Community coming out really coming on strong and yet i didnt see what was present after the election that wasnt there before the election . Im going to disagree with your premise sir, we did before the election, one month before the election formally and very publicly accuse the russian government of doing this in pretty blunt terms uncommon for the Intelligence Committee. That statement was pretty blunt in saying we know the russian government is doing this based on the picture we saw at the time. The picture continued to build upon itself as time progressed. There was more we knew about the russian governments efforts at scanning Voter Registration databases, youll recall the october 7th statement says we were not then in a position to attribute that to the russian government but the picture got clearer as time progressed. But on october 7th, we issued a very clear declaration based upon what we knew at the time that the russian government was behind the hacks at the dnc. I wasnt critical of you. It just didnt get the attention that i would have preferred it get because were in the midst of a campaign, the press and voters are focused on lots of other things like videos. With all the power they have, in december we had this drum beat of stories one after the other, sanctions being issued, all the power of the mobilization of the administration to get that story out came after the election into december and early january and between october 7th and election day there was very little and it was overshadowed by the other stories of the time. I think you did what you had to do, but im just so concerned not concerned well, definitely because the october 7th statement was an administration statement. That was the result of an Intelligence Community assessment, the president approved the statement. I know he wanted us to make the statement. So that was very definitely a statement by the United States government, not just jim clapper and me. And the reality, though, most the American People were not fully aware of it. I just would have thought during that 32 days, if they had done as much in those days from october 7th to november 8th as they did in december and january, i think the American People would have been lot better informed when they went to the polls. Well, i can tell you, i issued statement on september 16th, october 1, october 7th, october 10 about what we saw. You did your job. Im not questioning you any way about that. Im really asking about the administration overall. 30 seconds. Just real quickly if i can get you to put on your old hat for a second. Hacking into someones server strikes me as a crime. Yes. So the dnc was the victim of a crime. Im trying to understand why the victim of a crime would not turn over evidence to you and james comey who were both apolitical and come from apolitical backgrounds. Im quite sure that at some point in the time line they did do that. My point earlier was that in the initial period i was not satisfied that we were able to get in there ourselves dhs to help them identify the bad actor and patch the vulnerabilities. Im quite sure at some point the fbi and the dnc had a dialogue but youd have to ask them. Thank you, mr. Chairman. Id like a yield a minute to the Ranking Member to ask a question. I thank the gentleman. I want to followup on kings comments and questions, i agree quite completely with mr. King. And im not saying this as a matter of hindsight, senator feinstein and i were saying this in realtime as it was going on, why didnt the president of the United States and secretary you did what you could do, but why didnt the president of the United States at the time you were making your attribution or thereafter speak to the American People and say a foreign power is interfering in our affairs. This isnt a democratic thing or republican thing, this is an american thing and they need to be rejected and they need to stop. Why wasnt that done . Was their thought given to that . Why was that course rejected . Again, congressman, we did make the statement, and we were very concerned that we not be perceived as taking sides in the election, injecting ourself into a very Heated Campaign and so or taking steps to themselves delegitimize the election process and undermine the integrity of the election process and so we considered all those things and the decision was made that the director of National Intelligence and the secretary of Homeland Security should together make this statement and there were Public Statements made by various Administration Officials including myself all through the Campaign Season preelection to the same effect. Yield back to ms. Sewell. Secretary johnson, welcome. Thank you for your years of service to this great nation. Id like to talk about attribution and by now its wellknown that the russians hacked, stole and then strategically dumped emails from the dnc in order to affect the outcome of the 2016 election. What id like to understand better is how the United States government came to reach that conclusion and how dhs and the rest of the government were able to attribute it directly to the russians . So according to the declassified Intelligence Committee assessment released in january 2017 we noted that russian intelligence assessed, quote assessed elements of multiple state and local electoral boards. And that seems pretty clear. How do you how does one go about attributing that to the russians . What kinds of information signatures or cyber activity would you be looking for in order to make that attribution and how do you go about validating that information . Congresswoman, youd have to have that discussion in closed session because its sources and methods and its probably better to have that discussion with someone in the Intelligence Community. I do recall that looking at the intelligence, it was a pretty clear case, perhaps beyond a reasonable doubt, mr. Gowdy, that the russian government was behind the hacks into the dnc based on everything i was seeing. In terms of attribution, there are normal considerations about when one makes public attribution to a state actor whose engaged in some type of cyberattack. My personal opinion was that and is that those normal considerations were out the window and that we had an independent overriding need to inform the voting public of what we saw going on and the way i looked at it as a corporate lawyer was if im the issuer of a public stock and i see a very powerful actor in the market trying to manipulate the price of my public stock, i have a duty to tell the investing public what i know. How did you go about alerting the states, dhs go about alerting the states and local communities about what was going on . I know that you did designation for Critical Infrastructure, my what im trying to get at is given your background and your recommendation that we do something more now to really alert the state and local governments, how do we do it now and what would you suggest would be a better way to go about alerting them of we did have an ongoing dialogue all throughout the fall with state Election Officials at the Law Enforcement level, with dhs there was of course the public october 7th statement but the conversation didnt stop there. I continued to issue Public Statements and we continued to have a dialogue with state officials as they came in to seek our cyber assistance at the staff level. In answer but only if they came to get your assistance with dhs be more helpful in that sense. So you really left it up to the states and the local governments to actually request i think its a case that we had a dialogue with just about every single of the 50 states. Eventually ultimately we had a dialogue with i think all but maybe one or two of the states and they actually signed up for our cybersecurity assistance. There were 36 along with a whole lot of counties and cities that actually signed up for our assistance but we were pushing information out the door to everybody as often as we could. But in answer to your question, i think that the states are the one thing i discovered in this conversation, state Election Officials are very sensitive about what they perceived to be federal intrusion into their process. I heard that first hand over and over. This is our process. Its our sovereign responsibility. Were not interested in the federal takeover and they were doesnt the federal government have an interest in the integrity of these elections . I think the American Public, the nation has an interest in the integrity of the election and i think you federally elected officials have an interest in the elections that result in you sitting here, yes. I think that we need to continue now that the campaigns over, maybe in odd years, if we could find a way to raise awareness when the temperatures down, maybe through grants, encourage best practices at the state level and maybe encourage a uniform set of minimum standards for cybersecurity when it comes to state election systems and Voter Registration databases. Thank you. Mr. Lobiondo. Five minutes. Mr. Secretary, thank you for being here, thank you for your service. Some of this may be a little bit redundant but im trying to better understand how all the different entities come together. Can you briefly summarize dhs role in Cyber Defense . To summarize it, we are the agency of the u. S. Government responsible for asset response, so responsible for working with other federal agencies and the private sectors in identifying vulnerabilities, patching vulnerabilities, raising awareness and because of the help we got from congress, we are the principal portal through which information from the private sector should pass to the u. S. Government. So thats thats it in a summary. And with that in mind, can you briefly tell us dhss role in sharing cyber threat indicators, how that works . On my watch, it was the and this is an acronym, the nccic, the National CyberCommunications Integration center is the place designated to receive cyber threat indicators and report them. Okay. Switching gears a little bit. Based on what you know now, what would you have done more or differently in response to the russian cyberattack of the 2016 election . Well, with the benefit of hindsight, there is always more things you can say to yourself i should have done, like i said earlier, with the benefit of hindsight perhaps i shouldve camped out at the front door of the headquarters of the dnc, but at the time knowing what we knew and wrestling with all the considerations we had, i can tell you that this was a very much a top priority for me, because none of us knew how this was going to come out and how far the russians were going to go in their efforts. So i can tell you, with the benefit of hindsight that this was a top priority for me and virtually every day during the Campaign Season, i was questioning my own staff about are we mobilized, are we energized enough to do what we need to do, have we set up a Crisis Response center on Election Night, which we did. At one point i said this in my prepared statement, i picked up the phone and called the ceo of Associated Press that has had for years the responsibility for Election Night reporting to make sure that their systems were satisfactory and i was satisfied that they have enough redundancies in their system as well. So this was something that was very much uppermost in our minds in the runup to the election. Okay. So thinking ahead to 2018 and 2020, what scenarios twopart question, what scenarios most concern you and what recommendations do you have for us that we should that we should do that maybe is something thats not in place now . Well, the scenarios that most concern me about the integrity of elections are not necessarily cybersecurity related, but in the cybersecurity realm what i do worry about are the vulnerabilities around state Voter Registration databases and we saw those vulnerabilities last fall and so i think there needs to be more done to secure Voter Registration databases so that information doesnt get out in the open. So from a congressional approach, somehow grants to states for databases or anything specific you recommend . I know that the states state Election Officials are very sensitive to and would oppose likely federal standards for how they should run their elections. It was very hard to bring about i remember the debate about hava in 2002. So i would i would, you know i would use the carrot approach instead of the stick approach and encourage them through grants to bolster their own cybersecurity. What specific policy changes, if any, would you recommend to your successor, secretary kelly . In addition to all the things weve just discussed, i think its important that secretary kelly or the under secretary for mppd really take this on as a front burner issue. When i came into office in 2013, i viewed counterterrorism as the Corner Stone Mission of dhs and after a time, when i got a sense of a threat environment, i realized that cybersecurity needed to be the other cornerstone, needed to be the other top priority of our departments mission. Its going to get worse before it gets better and bad cyber actors all the time are more and more ingenious, more tenacious and more aggressive and so i would urge secretary kelly to make this one of his top one or two priorities. Thank you. I yield the balance of my time to mr. Gowdy. Ill thank the gentleman. Dr. Johnson, i dont want to beat a dead horse but i do think its important, the last time you and i talked i wasnt a 100 sure but i since had it confirmed, the dnc never turned the server over to Law Enforcement, so twice now you have said that you couldve camped out in front of the dnc and i would say in defense of you it wouldnt have made any difference if you had because they werent going to give you the server. So if youre investigating either from a Law Enforcement or from an intelligence standpoint the hacking by foreign hostile government, wouldnt you want the server . Wouldnt that help you, number one, identify who the attacker was and if memory serves me, this was early in the summer of 2016 when we learned of the dnc hack. So if they had turned the server over to either you or director comey, maybe we wouldve known more and maybe there would have been more for you to report. So i guess what im asking you is, why would the victim of a crime not turn over a server to the Intelligence Community or to Law Enforcement . Im not going to argue with you, sir. That was a leading question and ill agree to be led. The times expired. Mr. Carson, seven minutes hang on. My general counsel is informed me that our unanimous Consent Order to extend the conversation for seven minutes per member is only good for an hour. So i ask for unanimous consent that each member has seven minutes to question the witness and hearing no objections, well continue down that path. Thank you, mr. Johnson for your service to our country. Weve heard since last year about russian bots that were released on the internet generating and disseminating fake news on social media platforms. As far as you understand, sir, how do these bots work and how did we come to discover them and how effective were they in shaping opinions and how did they react with social media to make their campaigns most effective . Congressman, youre really testing me here. Youre a brilliant man. A technical level there are others who could sit here and give you a much better answer. Sure. Its hard to know the activity youve cited i know is prevalent. Sure. It is hard to know to what extent it influences Public Opinion like i said earlier about the election result. It is hard to know to what it is hard for me to know to what extent the russian hacks influenced Public Opinion and thereby influence the outcome of the election. Sir, do you think as i do that the kremlin on some level managed to stoke uncertainty about our electoral institutions and thus their operation was successful and secondly, do you think with the russian influence or interference operation all of which americans were victims, even if their votes werent effective offers us any hard Lessons Learned, sir, that we should carry on with us for 2018 . Well, certainly, if the russian aim of what they did was to distract us and divert us from the business of government, whether its health care or something else, yes. I mean as evidenced by what were doing here today. Again, i think the answer has to be greater workforce Awareness Among those who use whether its the dnc or house. Gov or the private sector, raising Awareness Among those who use the system about unrecognizable emails and attachments, this apparently started with an email somebody shouldnt have opened and i can tell you from experience, the most devastating attacks and forget the russians for a moment, the most devastating attacks by the most sophisticated actors very often start simply because somebody opens an email they shouldnt open so raising awareness about spear phishing can go a long way and as i said earlier, encouraging those who are who are responsible for our democracy in insuring that their cybersecurity is protected and theyve done what they need to do. Thank you, sir. Keep up the great work. I yield back, mr. Chairman. I yield to the Ranking Member at this time. I thank the gentleman. Just to follow up on the dnc, and i know my colleague, ms. Spear will have some questions about that too but i take it whatever criticism you might have of the dnc for how they responded or whether theyre willing to turn over the server or not youre not maintaining that that somehow justifies the russian hacking of our institutions . Of course not, no. Because i think theres a tendency as in many cases to blame the victim over their victimization, the dnc were a victim here, were they not . Correct. And theres a lot were going to have to probe in terms of the government response as well as the dncs. The primary actor that interfaced with the dnc would have been dhs or fbi . In a Perfect World it would be both of us. It would be Law Enforcement and asset response so dhs, Law Enforcement and when necessary the Intelligence Community and there have been cases where we have worked well hand in hand together, Law Enforcement and Homeland Security addressing a situation. One of the reasons i raise this issue is and one of the reasons i think are the public nature of these hearings is so important is the russians are among the most capable cyber adversaries in the world, are they not . Yes. And for the most part if the russians want to get into the dnc or the rnc, theyre going to find a way to get in, would you agree with that . I tend to be not that fatalistic especially in my old role, but its, you know its like its like saying sooner or later theres going to be another act of violence in this country, but you can minimize the vulnerabilities and the opportunities through a number of steps that can be taken. Without question, but nonetheless it is a fairly asymmetric battlefield in which its much harder to defend than it is to be on offense. I think i said that in my opening statement, yes. Would you agree, for that reason, among the most important things we can do in addition to improving whatever our Cyber Defenses are or how we respond to an intrusion is to inform the public to inoculate ourselves against foreign interference by developing a consensus by whoever it helps, or whoever it hurts, we will all reject it, isnt that ultimately the best defense and better than any Cyber Defense . That is certainly a critical part of a needed response which is one of the reasons why i felt strongly we should issue the october 7 statement. I think this was something that president obama alluded to when he did speak to this after the election that what, in fact, made this hack so successful was the russians were able to play on t deep divisions within our own politics and exploit that division to sew disorder within the United States, would you agree . I would i dont disagree with that statement. Certainly the rhetoric of the campaign contributed to that as well. I yield back. Seven minutes. Thank you, mr. Johnson for being here. I appreciate it. Good morning. Were here to get some Lessons Learned and a path forward and hopefully we can do that on a united front and i appreciate your incites here today. When you came in in 2013, its obviously after an election, were you given information on previous attempts and previous elections say in 12 or 08 or 04, russia has been trying to do this type of stuff since the soviet union. So were you given any kind of background to maybe help you i was certainly aware not just from my experience at dhs but from my experience as the general counsel of the Defense Department that there had been nation state efforts at espionage for the most part into various political organizations and campaigns. Im pleased to see that you have agreed with secretary kelly to make cyber a top priority and thats probably very good advice. During this process, was it ever reported, were there attempts on the rnc, for example, with phishing expeditions . Was any of that reported anywhere else or any other agencies that are involved with elections . Yeah. So i remember there was a lot of back and forth around the rnc. Sitting here now, my head hasnt been in this for a while, but sitting here now i remember there was something about the rnc. Somebody could give you chapter and verse on that. Something around the rnc too but im not sure what it was. Some attempts, at least . My recollection here is going to be faulty and so i just dont its a knowable question. Thank you. So, you know, were talking about hacking from an external foreign source and clearly an illegal activity. Youll look at something in trying to influence an election and you look at Something Like access hollywood, i assume that was legally obtained, but trying to influence an election. Im not trying to compare the two, as we talk about russia, were talking about russia today but were also talking about other countries as you mentioned before. They are not alone in this process, but do we have domestic concerns as well. Were talking about foreign entities trying to influence our elections through nefarious behavior, do we have concerns domestically as well that we should be alerted too . Absolutely. Domestically there are bad cyber actors that would probably have a motive in trying to affect the outcome of an election as well as, you know, theft, ransomware host of other things that we know about. Have we seen any of that on the domestic front . I know were talking about foreign entities today, have we seen attempts, any successful attempts domestically to try and invade Cyber Attacks for a political motive, i would have to say yes. Sitting here, i cant list them, but im sure there have been. I dont want you to list them. You may all have been the victim of such things. Im sure theres been attempts. Thats all i have. I thank you for being today. Ms. Spear, seven minutes. Thank you, mr. Chairman. Mr. Johnson, thank you so much for your extraordinary dedication to Public Service fo dedication to Public Service for many, many decades. So anything that i ask you now is not an effort to undermine that by the way, im billing this by the hour. Just kidding, just kidding. So one thing we do know is that hindsight is 20 20, and when we look back oftentimes we say i would have done things differently. So back on august 16, 2016, this is a year later from the dnc hack, you had a call with state officials about Cyber Security and elections infrastructure in which you said you were quote, not aware of any specific or credible Cyber Security threats relating to the up coming general election systems, unquote. And then offered support by dhs. Why didnt you at that time say to the state Elections Officials russia is intent on hacking into our systems . Because i was not in the passion to say that at that point. The state of my and our awareness was progressing. And i was not in a position to reveal or know exactly what we saw the russian government doing at that point. And so it was an emerging picture. And but within a very short period of time, and it could have been just before, but within a very short period of time, right around that time we began to tee these intrusions scanning and probing into Voter Registration databases. And if you look at my report, youll see i informed state and government officials at the time. But two months later is when you said to them along with James Clapper that the russian government was in fact attempting to. But back in october you encouraged jurisdictions to seek assistance. So two months had passed, early voting had already begun, and theres a part of me that feels that we should have been able to have sounded the alarm earlier. But at the time on october 10th, you encouraged jurisdictions to seek assistance. 33 states used dhs tools. 17 did not. Now, if we know that theres something vicious, a viral attack is happening, why would we not want to inoculate everyone . And in this situation because its being left up to the state, 17 states didnt even take you up on it. Did you have a concern about that . Did you reach out to them again encouraging them to use the tools . We had an ongoing dialogue. And on december 16th, i said publicly in recent months we have seen cyber intrusions and also Voter Registration data on state election systems. In a few cases we have deemed that malicious actors gained access to state voting related systems. Six days later i said the same thing again. We were not in a position to attribute it to the russian government at that time. And then three days later i had another statement. So i was beating this drum constantly. I guess what i want to ask you is in my mind this was the cyber attack on our country was an act of war. It was unprecedented. The russian intentions were not just to hack into a couple of Party Servers but to do a fullon effort to undermine our election. So do you believe looking back at it that we should have or should in the future standardize election systems . We have so many different systems around the country. Some have paper trails, some do not. Is there value in going back to paper voting . Well, i would say to this congress if you want to try to federalize elections in this country, good luck. I think you probably all know better than i do the reaction youll get from your state election official constituents. Well, how about the equipment, though . Again, there was an effort at this with habba, right after the 2,000 election we made some progress, but this is something where i think a carrot over stick approach is best warranted. And so through grants and other means you might have at your disposal i would encourage state Election Officials to adopt certain minimum cybersecurity standards. Let me move on. Voter registration lists were infiltrated. We have heard over and over again we dont believe any of the votes were altered. I want to know how we can be confident none of the votes were altered first of all. And the second question is if in fact thats the case, i dont think any of us should be sanguine in saying the russians wont attempt to alter votes in subsequent elections. Do you afrgree with that . Well, ive said i dont believe any votes were altered as a result of Cyber Attacks. But again, i have not had access to classified information in five months. And at that point you all are in a better position to know the answer to that question than i am. So during after the election did dhs take any steps to determine whether or not the vote had been impacted by russians . What kind of steps could or would have been taken . No, and im not sure i have the authority to do that . The department of Homeland Security does not engage in vote reknts, election recounts. There are others that have that responsibility. So what message would you like to send to state and local Election Officials regarding just how vulnerable their systems are to compromise . I would say that your Voter Registration databases are very vulnerable to exfiltration exposure and that all state Election Officials, local Election Officials should undertake an effort to harden their Cyber Security, minimize the exposure of the process to the internet and that this is serious. And this is not just an academic exercise. Its a very real threat. And we know because of what happened last year. Thank you. I yield back. Thank you, mr. Chairman, and secretary, thank you. I join others and thank you for your service. We had a chance to sit down last week at a dinner. And i enjoyed that, and i walked away impressed as i think many people obviously would be. Im going to ask you a series of questions if i could. Ive got to tell you youre not going to like them, and i think theyre going to be difficult to answer. But i want to set the table if i could. I came home from moskow, and i said theres an mess with our elections. I think we have to agree that this mission, they were overwhelmingly successful. I mean some kgb captain just got promoted to a four star general on mismission because ofs resurrounding success from their point of view. If success breeds success, and it does, were going to have to anticipate theyre going to do it again. Not just here in the United States but through other democracies because democracies are vulnerable. And yptd to emphasize at this point divided democracies are particularly vulnerable. So we ask ourselves this question, what do we do . Frankly, i think thats the primary point of this question is what do we now do . Now, i think some of thats been divided by our primary goal and by political grandstanding. Now, mr. Secretary, it leads me to my questions. So yes, we can defend against email hacks, and thats an obvious thing to do. And we can train people not to be victims of fishing as some of the dnc officials were. You can protect voter machines and registration databases, but this is the difficult part. How do you protect against propaganda . How do you protect against false news stories . How do you protect against internet trolls who we know where russian paid employees . And how do we encourage Russian Press to be more mature in their judgment rather than play into russian hands . If you have views on that, i would love to hear them because i think thats where we would go crossways in the future. All i can say, wow. Where do i begin . That indicates your agreement this is a real challenge for us. Is that true . I would encourage you to look at a speech i delivered at Westminster College in missouri in september 20, 2015, where i said that i believed it was the responsibility of those who hold Public Office and seek Public Office to be responsible in their rhetoric. Those who command a microphone, lets for starters because overheated rhetoric can hurt innocent people. You know, god bless the First Amendment. You know, anybody with a keyboard now and access to the internet can say virtually anything they want about any public official in this room. And you have little or no recourse because of the First Amendment and the way it is interpreted. Thats the age in which weve evolved. I grew up when we had gate keepers to news, and suspect you did, too. Walker chronkite and others. If big news happened in the day, in my house, it didnt really happen until Walter Chronkite told me at 7 00. And now with the 24hours news cycle and the internet and so many people who can call themselves journalists without fact checking, make accusations and theres a whole lot of people who rely on that information. Its a new frontier. And its not just those who call themselves journalists. In too many cases they are journalists. Some of these reliable or formerly reliable Media Outlets that we know now have just as i said completely played into russian hands with some of the reporting theyve provided us. Yeah, thats a whole separate subject. Yeah, and i interpreted you. No, i think my views on this subject are probably shared by lots of members of the committee. All right. Well, thank you. And again just to conclude, democracies are vulnerable. And its at least easier to protect your email account. Its hopefully achievable we can protect voting machines. But russian active measures are relntless. Theyre pervasive, theyre everywhere, and we dont recognize it. Or as we said too often we play into their hands and make it altogether too easy for them. And we do that to ourselves, and i think we have to have a conversation with our fellow person americans about how do we discern whats real and whatnot real, and how do we discern whats manipulated and not manipulated . Itll be interesting to see whats happens in some democracies in dealing with this. And finally, sir, thank you for your years of service. We are grateful for that. Let me just add to that in the time remaining. Every time i have an opportunity to sit down with a group of young people like the interns over here, i always ask the same question. How do you get your news . Because im interested to know how young people receive news. And its not the way you and i grew up receiving news. When i do my daily commute into new york city, im probably the only person in the train, in that car with a hard copy of a newspaper anymore. Thats how i still get my news or at least im the second or third pass anyway. When i was with dhs i got my news through the intelligence briefing. And then id read the newspaper to see how they were covering the news. But its fascinating to me that more and more people are getting their news in more and more different ways. No doubt about it. Less discerning ways. And ununless its a sports score, im not sure i believe it. And even sports scores im going to check twice. Thank you, and mr. Chairman, yield back. I yield one minute to the Ranking Member. Thank you, gentleman. Secretary, and just want to fell follow up on jacky spears questions. You mentioned that the Voter Registration databases are vulnerable to exfiltration. Are they also vulnerable to the manipulation of data such there could be unsrntly created about whether someone was eligible to vote . And whats more even though there wasnt evidence of tampering with the vote counting machines, if those machines are wifi compatible, if those machines are periodically updated in terms of their soft fair by thumb drives or through wifi saes bltd, are the machines themselves potentially vulnerable next time . Yes, and yes to both of your questions. Thank you. And i yield. Thank you. Thanks again for your service, sir. Thanks for being here. Help he understand last august to the question ms. Spear touched upon. Dhs provided last august with readout of a call you had with secretaries of state and other Election Officials. And quote, you were not aware of any specific or Cyber Security threats related to the general and up coming election systems. At almost the exact same time announced it had been hacked or some variation thereof. Was this one of the reasons for your calls . I mean what prompted the call if you believe what you said, youre not aware of any specific or Credible Threats . Well, the state of my awareness was evolving constantly. And the statement i made on august 15th im sure was a very careful statement based upon what i knew at the time. What prompted the call was the general increasing threat environment that we were concerned about. And so i wanted to engage state Election Officials to encourage them to seek our Cyber Security help and to raise this issue of designating them Critical Infrastructure. I wasnt going to do that without engaging them first. Let me reference vicechairman senator warners letter to mr. Kelly. Any references, the we know that dhs and fbi has confirmed two intrusions into Voter Registration databases in arizona and illinois by voter hackers. There was suspicious activity and youve got the election databases of multiple other states he references as have others. Could you comment on his request and what your reaction would be . He urges them to work closely with state and local elected officials to disclose publicly which states were targeted to ensure they were fully aware of the threat and make certain their Cyber Defenses are able to neutralize this danger. We are not made safer by keeping the scope and breadth of these attacks secret. Ive seen that letter. I dont have it in front of me. I think that what senator warner requests is probably a good request. Im not sure weather dhs itself could provide all the information, but more awareness around this to raise concern about it, i definitely endorse. Well, i guess the question is why would you ever not want to make that public . We are briefed constantly on Public Sector and private sector attacks, Cyber Attacks. And one of the things thats generally known is most of the time on either sector the entity doesnt even know its been hack hacked, is that correct . Anytime you ask somebody to make a disclosure of this type, you have to balance against are you revealing a vulnerability . I think that has gotten out of the barn and running around the farm right now. Well, there pay may be others out there how many states would be left given the numbers we talked about earlier . Well, the number we talked about earlier was 39, but that was to open source reporting. I dont know the exact number. But on the question youre asking, in general, i dont have an issue with that. To finish the thought, most inties dont know theyve been hacked. Theyre hacked for a long time before theyre made aware, and they can be made aware by someone else. Whats your knowledge before they find out theyve been hacked . It varies. It can be a long time. The actor can get into the system, be latent, lie in wait given how some of these groups function. I think weve informed like 9,000 entities run the lection. It just reinforces the point i think youre agreeing to here that they need additional resources. But if they dont even know theyve been hacked how could they possible know they need to come to you for assistance . All the more reason why, and i preach this now in my private life, a preincident examination of your Cyber Security is definitely worth when i will. Because youll very often discover you have been hacked but you didnt know it. And i know youre thinking this is the guy from chicago talking about election reform. We have a long colorful history there, but we sure dont want the russians playing a role. Cyber security is just one aspect of election integrity, very clearly. Well, obviously this is the one that worked. Anyway, my time is about up but i thank you again for your service. Thank you. Mr. Crawford. Thank you, mr. Chairman. And thank you, mr. Johnson for being here. So designated our Voting Network network is not the appropriate term, but its Critical Infrastructure. Yes. So theres 50 states and territories included that probably have the different variations and meduds of voting. So that must be very difficult to be able to synchronize that and to be implement a comprehensive Cyber Security strategy, correct . Well, thats not quite the nature of a designation. Thats not what it does. It prioritizes our assistance when they ask. It guarantees a certain level of confide confidentiality and gives them the protections. Sure, i understand that cleaty and wouldnt want that to be the case, but to your knowledge are there any states that actually have the voting terminals, are they online . There are states that have the aspects of their systems online. There are states, for example, i believe, that use the internet for absentee voting. Okay, and that could be compromised. Is that possible . It is a potential vublinability, yes. But the actual when you walk into vote whether that be early voting or on election day, you walk in there and either youve got a paper ballot or screen much like you see in front of me here. Thats not online, would not be subject to correct. In just about every state insofar as i know, yes. And kind of following what mr. Schiff said, if there was an attempt made to compromise that in other words to affect the tally of the vote count, thered have to be a human component there, correct . Well, theres a human component behind every cyber attack. I get that, but what i mean is im talking about somebody within the realm of that election and that particular state and that particular precinct or whatever to be able to affect the outcome of that particular tally from that place. It do you follow my question . I think i do. So if for example if there was a malware or something placed on a computer in the county courthouse or wherever and they took a thumb drive, inserted that into a terminal, again you cant directly hack into this well, if your question is is it impossible for somebody offshore to manipulate an election result, im not sure i would agree with you. Okay, tell me why. Well, first of all i give you never know the limits of the human ingenuity. But to the extent any part of this system or the reporting of a result exists on the internet, we have to be concerned about the vunerability of that whether its domestic or international. And i think it was congressman schiff who talked about ways in which malware can implamt planted. So malware is generally by unwitting actors that could then be subjected into that malware. Well, if youre what youre asking me is whether it can only be the case somebody can affect on election if theyre domesticbased, im not sure what i would agree with that. And thats kind of the gist where im going here is all the offshore stuff, obviously we have hackers around the world, russia obviously in the context what were talking about today, but theres others that have played a whole role in trying to take active measures. But my point is in order to fully effect, would they not need to have some sort of complicit individual physically present to affect that . I dont think im prepared to agree with that just because cyber bad actors are extraordinarily clever, aggressive, tenacious so i dont think i can categorically agree with that. Without having access to this terminal and only being able to update this software through a therminal then somebody would have to physically connect it to do that is what im saying. Im not sure. Im not a cyber expert. I learned a lot about this topic over the last three years. And i think thats a conversation you should have with people who really understand these capabilities. Okay. Im going to yield to balance my time to mr. Gowdy. Thank you. This will probably be the last time i get to talk with you, so im going to finish the same way i started which is to thank you for your service to our country doj, dog and dhs. What was the u. S. Governments response, and in the issue of leaks, do you remember the Intelligence Community, your former federal prosecutor. Can you speak to what a negative impact let me rephrase it. How important are surveillance programs and to the extent that the felonious dissemination of classified material endangers the reauthoritization of those surveillance programs, how important and critical are they to our National Security . Based on my experience, reading intelligence every working day in the front of my working day, i would say that intelligence, our intelligence question capabilities are vital to the ability of National Security officials to do their job, to keep the American Public safe. I agree with your question in that the compromise of that type of intelligence endangers or ability to endangers or ability to continue this activity, comrumizing foreign partnerships, endangering those foreign partnerships. Ip cannot overstate for you how important it is we have good intel, access to good sources to do our job. Otherwise youre flying blind. Thank you. Seven minutes. Ill be very quick just on the point my colleague mr. Gowdy raised. I fully conquer, am secretary, theyre critically important. There have been a number of leaks. We dont know where they come from. I just want to make sure that we dont jepper dies these programs by attributing leaks to sources when we dont know what the sources of those leaks are. We would ilserve the country if we do away with vital tools as a part of a political attack rather than based on theimators of those programs and any forms that are necessary. Thats just some commentary rather than ask you for a response. But i yield back. Thank you, to the Ranking Member. Mr. Secretary, was our democracy attacked this past election . Yes. By who . The russian government. And it sounds like based on your experience this attack that occurred could have easily been carried out not just by russia but other foreign adversaryies, is that right . Yes. And it also could have been carried out by other nonforeign actors like terrorists groups, is that right . The level of sophistication we saw last year, im not sure the terrorist organizations that im familiar with would have that level of sophistication and capability, but its an emerging threat. Andly by cyber criminals . Yes. And you described the chaos of this attack is the chaos we find ourselves in today, holdings hearings the peoples business, correct. I think thats one of them, yes. And would you agree that the first step to solving the problem, is to acknowledge that a problem exists . Yes. Why do you think that President Trump will not state that russia medaled in our elections . You would have to ask him, sir. Mr. Secretary ive seen various different statements from him on this topic. Does that concern you . Well, i think that a president , a secretary of defense, a secretary of Homeland Security, a secretary of state depends upon the Intelligence Community. And otherwise if you dont, you cant effectively do your job, youre flying blind. Your Intelligence Community is what are your eyes and ears to do your job. Now, mr. Secretary youve talked about what we need to do Going Forward. And im glad you brought that up because this committee as mr. Gowdy referenced, one of our duties is to get to it bottom of whether u. S. Persons work would the russia and then its the fbi and department of justs job to hold them accountable. But i think we all agree if were back here talk about a new hack and a new meddling, we have failed the people that we represent. And you talked about in your statement that you came to the determination that election infrastructure should be designated as Critical Infrastructure can you explain what this designation means legally and practically . Essentially three things. One, it means that when the sector seeks our Cyber Security assistance, we prioritize providing it. Thats number one. Number two, it means that the Certain Communications that we have with Critical Infrastructure are confidential and protected from Public Disclosure so as to avoid discussion about vulnerabilities. And number three, if youre a Critical Infrastructure, you have the protection of the International Cyber norm that says nation states should not attack Critical Infrastructure of other nation states. Would you agree that conducting stress tests as we now do post2008 on our Financial Institutions on voter rejivation and voter ballots would be helpful . Yes. Mr. Secretary, in addition to strucktual reforms to our election systems, do you also just agree just a general, broad awareness would benefit the people as far as social media, fake news, hacking and how that can affect outcomes . Yes. Mr. Secretary, you said that in january you designated our election systems as Critical Infrastructure. And i want you to comment on claim that candidate trump made during the Campaign Season. He said rememberb we are competing in a rigged election to a wisconsin rally. They want to try to rig the election at the polling booths where so many cities are corrupt and voter fraud is all too common. Did you find that any polling booths were rigged . Well, as i said, i know of no evidence that as a result of any cyber attack ballots were altered or reporting was altered. That comment goes to Cyber Attacks. I cannot comment on the integrity of every voting machine in chicago or San Francisco or south carolina. After the election, president elect trump said that 3 to 5 million cast illegal votes. A in your position as Homeland Security secretary did you find that occurred . Im not in a position to comment on that. I heard the same claim. Im just not in a position to comment on it. And can you judge the credibility with james comey, do you find him to be a highly credible individual . Yes. Doouftd john brennen to be a highly credible individual . Yes. And mr. Secretary, can you just talk a little bit about you talked about the importance of a carrot rather than a stick with our local election systems. Because i dont think any of us want to see a federal take over, but we dont want to find ourselves in this position again. What could we walk away with today and tell our local Election Officials they can do better . The process is vulnerable to future sieb attacks by those who are becoming increasingly aggressive, ingenious, and capable. So thats number one. Number two, its in everyones interest at the local, state, and National Level to ensure the Cyber Security integrity of the process, which is vulnerable and exposed ipcertain respects. We had the experience idea last year, and from that we have to learn. If we do not grapple with this, were failing as a democracy and those of us in office are failing the people woo serve. Thank you. Thank you, mr. Chairman snch. Thank you, mr. Secretary for voltearily being here today and for your service to our country. My line of question will focus on the january 6, community aassessment. Quote, dhs assesses that the types of systems we observed russian actors targeting are comrumissing are not involved in vote tal yaeg. Can you outline what are the key factors that allow dhs to make assessment that we protected the integrity of our vote tallying system . It was the result of spending a lot of time examining state by state what the practices are and were. And that assertion was based upon our best available intel that we had at the time. Can you speak a bit more about the process of evaluating state by state, that i assume that began after the election, how long did that take . Well, after and before after and before. And when i got into this myself in the summer of 2016, i was pleased to see that a lot of that analysis had already been done within dhs and within the interagency. So it didnt begin postelection. And one of the takeaways was that the Voter Registration databases are vulnerable because they can be infiltrated online. But the way the tallying and voting and reporting of voting process works, it is largely offline, and it is redundant in many ways. So if one avenue fails, theres another avenue. But that some of it does exist over the internet by way of absentee ballots, anacinty voting, and the like. And so that was the base forthality statement at the time. Thank you. At that point, the absence of anything would suggest that the tallying would be compromised. Thank you for that clarification. Authority on providing aassessment for vote tal yaeg systems, what was the dhss role in preparing the Community Intelligence assessment . There were a number of recommendations that we made that i believe are in a nonpublic document. And in terms of the actual intelligence assessment, i believe we had a role in what you just stated, we had a role in making that assessment. But for the most part what the russians were doing, sources and methods, was the role of the Intelligence Community, cia, et cetera. Was there a reason why dhss role was so limited . I wouldnt characterize it as limited. Going back to october, the statement that was issued was a joint statement dni and dhs. And our people were interested in the report we issued on january 6 as well as the actions we took an october 29th. The quote that was included in that statement it says you are quote, not in a position to attribute standing and probing of state election related systems to the russian government. And yet in the january i wrote that sentence. You did . Yes. Then youre the correct person to ask then because according to the january 2016 assessment the quote was the russian intelligence accessed multiple state or elock toral boards. What new information enabled this activity . Couldnt say in this session. Well follow up in closed session. Buts theres a documented answer to that that will be reflected in Intelligence Reports, im sure. But the statement i made on october 7th, was accurate at the time based on the state of awareness at the time. We will follow up in a classified setting. Thank you for the answers. I yield back. She yields back. Thank you, chairman, thank you for your answers today. Let me ask you do you know of any law that requires even minimum basic Cyber Security protections for our Voting Systems . No. Any state law that requires it . Sitting here now, i dont know the answer to that question. There may be. Can you describe extensive efforts that you and others and the government took to work with the states on protecting the integrity of their Voting Systems. And you noted that most states complied and came forward and workinged with the federal government. But its notable to say that some states did not come forward. Correct. For those statements that worked with the federal guchlgt, we dont know what they did with that information. We do know there were a number of vulnerabilities identified and reported to the states. And i have to believe they took steps to but were acting in good faith that they did. Well, it was in their best interest to act on what we told them. But you cant say conclusively they took the advice we gave them . I cant say consclusively. Theres probably staff at the dhs that can give you more details on what we did do. Thank you. We talked today about election systems and databases that state and local governments oversee and operate. It was noted russian intelligence conducted cyber operations. The ica discusses the relentless Cyber Attacks the russians perpetrated against the dnc. But its also important to note the russians collected on other intelligence. Just this week the private Security Firm upguard reported its discovery that an rnc contractor left an immense amount of voter data, in fact 1. 1 tear bites accessible online databases. The report says it included information on roughly 200 americans. Clearly neither american is immune to the pit falls or invisible to malicious hackers. So in light of the proceeding discussion about election systems as Critical Infrastructure, which youve advocated for the Political Parties themselves their networks, databases,imat merit inclusion as well . Well, thats an interesting question. The danger with going down that road is you start to lose clarity about whats Critical Infrastructure and whats not. The definition that i wrote on january 6th very clearly was confined to election infrastructure and not political organizations because i thought we needed that clarity so everyone knows what is Critical Infrastructure and what is not. But im not disgreeing with the premise of your question. I think there needs to be great awareness of Political Institutions in general and Political Campaigns. And the next few questions are about consultations. How accessible essentially the resources would be to Political Parties. So when you were at dhs was there any discussion in the government about whether campaigns should receive Counter Intelligence briefings or briefings about the threats to our elections or Cyber Threats to our campaigns, and do you think this would be something wise to do . Provided its done so on a bipartisan basis. I think the information sharing of the threats is good idea. And do Political Campaigns or the major Political Parties have the ability to work or contact dhs to obtain Cyber Security assistance or expertise . In other words can they go forward to yall and work with you on this stuff . Yes. Okay. Do you have concerns about the security and integrity of primary election systems or databases . To the same extent i would for general elections, yes. And how should we approach the security of general eleck as part of jen primary elections and the general election process . I think the same vulnerables exi exist. To my knowledge the states run primaryies with the same way they do general elections, with the same machines. Thank you, i yield back. The extending of questioning to seven minutes has expired. I would like to associate myself with all of my colleagues that have thanked secretary johnson for his years of service to our country. Mr. Secretary, two sets of question id love to chat with you about. The first sets are whatifsss, and i ask these what ifs in the context of what could we have done about it and what could be do in the future . I know one of things you were trying to do during your time was the reorganization of mppd. Right. If the mppd had been reorganized the way you should invizz envisioned it, and lets say that would have happened in early 2016, how would that have helped in dealing with this issue that we dealt with in our elections . Well, its difficult to its difficult to say had something been done the outcome would have been different. Ill say two things. One, i do think that there is a strong advantage to reorganizing mppd into a leaner and meaner organization that focuses solely on Cyber Security and fruct protection because the two are so interrelated. Thats something we would need congress to do. I know that there are a number of people in congress who support that idea. I continue to believe it is a good idea. When it comes to the efforts weve made to engage state election systems, i was impress would the apparatus we did have within mppd to do so and to address all of the states that came in and sought our assistance. And that mechanism would exist whether mppd was in its old form or its new form. But in general i think we need to reorganize mppd into a cyber and Infrastructure Protection agency just slichly because there ought to be an agency of the u. S. Government dedicated to Cyber Security. Thank you, sir. And again the next what if, and i recognize the difficulty of answering whatif questions, but the goal is to try to understand how we could do things differently. Had the Electoral Systems or infrastructure been identified as Critical Infrastructure by dhs in early 2016, how would that have impacted the situation we just went through . I cant say. Its something that when i first addressed this issue with my sfaf ask they first suggested it to me, i thought this is something that we should have done a long time ago. Why isnt it . And one of the things they said to me was you could view it as already Critical Infrastructure because government instruct is already Critical Infrastructure. My view was we needed to publicly declare it to make a big deal over the fact were going down this road for the domestic and international audience. And my next set of questions is really just in the interest of standardizing terminology and make sure that were all on the same page. And our utility system, our grid, thats identify said as a Critical Infrastructure, correct . Correct. Has dhs ever taken over a grid or a utility Municipal Company . Not to my knowledge. Okay. Are our not sure we have the authority to do that either. Our Telecommunications Infrastructure is considered a Critical Infrastructure, correct . Correct. And has dhs ever taken the system over . No. Nor do we have the authority to do so. Good copy. Im just helping to baseline what a designation of Critical Infrastructure means. You said that many, many times today and im not going to ask you to do it again. But this is conversation ive engaged in many times as well. Scanning and probing, could you maybe give us a quick explanation what that is . You know, when i started addressing this publicly somebody said to me well, you know jim comey made a statement publicly that there was scanning and probing of Voter Registration systems. And i said thats a good phrase so lets use that phrase because i thought it captured what we saw. And eventually what we saw was success in infiltrating Voter Registration databases, which i reported publicly. But scanning and probing is basically looking into a locked box to see whats inside. Roar its a passive tool that happens millions of times across the United States every single day. Would you agree with that . It can, yes. I dont know if id describe it as passive, but yes. And the Voter Registration databases that weve talked about, isnt the information thats contained in Voter Registration databases, publicly available information . Not necessarily. It may depend on each state. Because in texas you can go down to the county office and get that information. And im curious as to why our hostile actors i definitely go that the financial systems, whether its on the federal level that is through fec websites, every state has this information made available. Why would you think that a hostile act like the russians would be trying to hack systems where the information is publicly available through a portal available to the public . Well, i dont know that in every case, in every state the information that was examined was publicly available. My concern was that if a bad actor is doing this, it might be a prelude to wiping out or eliminating voter roles or altering them in some way. Good copy. Mr. Chairman, i yield back. Thank you, mr. Chair, begin by yielding to the Ranking Member. I thank the gentleman for yielding. Mr. Secretary, i want to thank you as we come to end of the hearing for your testimony today and for your profound service to the conflaech and i also wanted to acknowledge and thank my colleagues for the aide they gave to our colleague who was injured during the shooting last week. And were glad that theyre safe and with us and grateful to have them and thinking about our colleague and wishing him a very speedy recovery. I yield back. Mr. Secretary, thanks for being here. I want to talk to you about the future. The ic has assessed and we regularly hear it from both regular and current government officials that the russians will be back. Theyll be back to disseminate fake news, be back to hack and steal and dump disinformation intended to harm good people, be back to find their way into the infrastructure we trust to help our officials, the very infrastructure we choose or trust to up hold our democracy. And i think more than anything that puts this entire question into a very vivid and stark relief and im from the school that says america is exceptional. Were going on a nearly quarter mulinium of the longest running democracy in the history of our planet. But its not just the longevity that distinguishes us. Its our rule by law, our free fair open elections conducted by integrity. And most pornlly, quintessentialliy, it is the peaceful transfer of power. Nobody else has ever managed this. Regularly transferred power in a peaceful manner. And the winners and the losers accept the outcomes. Why . Because we are a rule by law, because we do have free, fair, open elections. And that is whats at stake here, that which defines us. This goes to the very core of who we are. But my question for you sir, just to beabundtally clear, will the russians be back . I think we have to assume for all the reasons that have been discussed here that the russians will be back and possibly other state actors and possibly other bad cyber actors. Fair to assume you were worried about 2016 and 2018 elections and Going Forward . Yes. So you did an excellent job preceding in the two hours highlighting namely the Voter Registrationidate abase. I want to make sure people understand the harm and risk here can be insidious. Peoples reaction is the deletion of names. But could it not for example changing the spelling, whole sale of a bunch of names such that when voters showed up at the polling places they were turned away or denied. Is that not one of the many examples how infiltration and manipulation of voter rej slagz databases could reap considerable harm . Yes, i think thats a fair question and a fair comment. One thing i do want to emphasize, though, weve talked a lot about Voter Registration databases. When i was at dhs i always encouraged my people dont respond to the last attack, look forward to the next attack. So i think its important to look comprehensively do where they are vulnerabilities. Ive focused on them because that is a known exposure that we saw. And mr. Secretary, is it also is it also true to clarify this doesnt have to be wholesale Voter Registration t date bases. And the confidence in our system would be, however, wholesale . Correct. I dont know how many times i lost count to the adage 20 20. I dont want to talk about looking back last year but how were going to look at some point in the future. Ive always believe its easy to judge those that miz miss the obvious or dangerous inflection points, those who miss the chamberlains appeasement at munich would miss a world war or those who missed the passing of a resolution would lead a war that arguably was unwinnable in vietnam. But the truth is there were plenty of people at those times who did know and we were raising their voices and who were ringing alarm bells. Its just that the warnings werent heated. My wish, my prayer literally is that someday we dont look back on today, in this time, and deeply regret that we didnt heed the warnings, that we didnt take seriously enough a foreign powers repeated efforts to undermine our democracy and make america weaker and to sew wholesale lack of confidence in our elections such that we do accept the outcomes, such that we do not peaceably and peacefully transfer power as is our nations heritage. And is that which distinguishes us in the history of this planet. Because if we do, itll be too late. Thank you, sir. I yield back the balance of my that late. You think that was well said and eloquent, if theres anything that should unite this committee and what we are doing is what we are doing today. Theres a lot of questions out there that remain unanswered and theres something that is not ambiguous at all, its that the American People do not have confidence in the way that their vote was true and role. Whether our guy won or next time your defy wins. Thats a question as to whether or not russia may have been able to mess with the numbers, then we really do cease being the country that we are. Secretary johnson, i have known you a long time. I think, we first met when i first got elected in 08. We first met when you were in the house for about five minutes. And in Patrick Murphys office. I appreciate your work as the attorney at the pentagon and as secretary of defense. I think that you are a true statesman and somebody that we are all very proud of regardless of party and its been, its been an honor to get to know you over the years and work with you. I do think that it needs to be said and i said it before in this committee that if anybody out there in the countryside believes that russia is not trying influence our electoral process, this is your notice that they are and that they will continue to do so. Whether that is just merely propaganda, through things like the rt, or whether thats actual cyber intrusion, like changing votes or deleting votes. We have seen no evidence in part thanks to you, of the latter, but the former and the latter may very well be a real thing moving forward. I certainly think that propaganda will continue to do so. I know that, i can speak for the rest of the committee when i also say that well, i will speak for myself in saying this, you said earlier that you are designating the election systems as Critical Infrastructure after the election because you were worried that it may drive people away. I think you are absolutely right in that assessment and that may be arguable but you know, certainly that, i think that, thats true. I would say this. I hope that you work secretary kelly in whatever lessons that you have learned and also sharing with him whatever the key factors were that help you successfully protect vote tallying. I know that you know, some staff might still be there or what have you. For the sake of our country and for the sake of his successes, im sure you are wishing upon him, that we can move forward knowing that, in the next election cycle, that he has every tool that he needs to be able to be successful as well. Being that im the last questioner on our side, my question will be specific with regard to florida. Ironically today, the county of supervisors of elections is holding a gathering of all Florida State associations of election supervisors. And we called some of them today from my district and asked them about you know, your designation and theres a states rights versus federal intrusion issue that they are concerned about, but mostly, theres a lot of lack of, or just yearning for more information of what does that mean, what are we supposed to do, how do we tell the people of the countys that your local supervisor of elections is in charge of counting your votes but that this designation that dhs has put out there is somehow, the security blanket that will make sure that russia, a foreign entity is not changing your votes. What, if you were talking these county supervisor of elections right now, what would you tell them that the designation that you made means for them, and how their, their job and the local votes that are cast is safe, secure, and not being mandated by some federal bureaucrat in washington and in any other way other than protection . By analogy, the financial services, is Critical Infrastructure. Which includes all of the big banks. And i do not run those banks. The ceos of each of them are responsible for their own networks and their own systems. What it means fundamentally is that we prioritize helping them when they ask. If they ask. And thats what the designation means. It does not mean i get to regulate, i dont have the authority to regulate standards for voting booths and for reporting mechanisms. But theres a lot of other Critical Infrastructure sectors where everybody is responsibler for running their own business. Not me, its a matter of providing assistance to them, when they ask. Its simply that. If theres a Palm Beach County situation of which, where i grew up. Is there some kind of a fail safe mechanism that would come in, since, that was, the Palm Beach County butterfly ballot thing. Yrm the year that was, but 2000. 2000. Now, that designation has been made, would there be a kind of, kind of a, you know, an automatic trig that are would happen, if a situation like that would happen where we felt like, it was not because of a faulty ballot, but because of intrusion bay form entity . Well, the secretary of Homeland Security, would not have the authority to go in over the objection of a local official and do a ballot recount. But, the nature of it is that, when states ask, when counties skr ask, we will come and provide whatever cyber assistance they ask for. Assuming we have the resources to do it and the capability, we will do whatever we can to help them with their cybersecurity. Thats it. Okay. I appreciate your time and your service and thank you mr. Chairman, i yield back. And if i could say, congressman, since the day we first met, i have very much been impressed with your service in congress. Thank you. Did everyone get that on the record . Everyone . Thank you. Some of the things you have pushed through as legislation i very much appreciated that. He is a congressman, not a banker, he cannot loan you any money. So, right . I was not going say but since adam did, i want to thank you. But we also cant leave not acknowledging officers griener and bailey that morning the police officers, professionals and heroic, and i was right besides them watching them work to do what they said they would do best and thats get between a really bad person and the rest of us and i cant thank them enough for what they did. Heros to, a best tradition of what that really means. So, thank them for that. And appreciate the nations prayers for steve and mika, griener was wounded as well and bailey and sack. I appreciate that also. With respect to todays hearing, thank you very much for doing that. We appreciate that. The cyber threat is ongoing, and we will get tougher and harder. We got lucky this time, maybe, that it was not successful and causing any more problems for our systems that we have. I would hope that the National Associations of state secretaries of state would take to heart your message and form a working group, a task force to build that best practice, build that system on their own, that would allow themselves then to police it and create it, because theres no one better at doing that then the folks that are responsible for doing it. Im hopeful if they dont already have it in place that theres an Aggressive Campaign to build that best practices and or standards by which they would then holds themselves to that would give all of us a lot more comfort in making it happen. Mr. Secretary johnson, thank you for being hear this morning and we are adjourned. Thank you. Kr spans washington journal, live every day with issues that impact you, and many doing you friday morn, pennsylvania congressman Glenn Thompson will and discuss their job training and Technical Education bill, also, the hills alex bolton will join us to talk about the newly released Senate Healthcare bill, be sure to watch washington journal live at 7 00 a. M. Earn friday morning. Join the discussion. On monday, the Supreme Court ruled unanimously that the governments refusal to register trademarks violates First Amendment free speech, it a win for the Asian American rock band the slants , the name can be seen as a racial slur of people of asian decent. Next the oral arguments in the case. They are about an hour