Csp csp cspspan. Or cspan. Org. Next, a look at hacking attempts by russia which may have targeted as many as 21 u. S. States. We heard yesterday from the person in charge of Cyber Security for the Homeland Security department janet manfra and other intelligence officials. From capitol hill this is a little over three hours. Hearing is in order. Today the committee convenes the sixth open hearing of 2017 to further examine russias interference in the election. This is an opportunity for the committee and the American People to drill down on this vitally important topic. In 2016 a hostile foreign power reached down into the state and local levels to touch voter data. It employed sophisticated cyber tools and capabilities and helped moscow to potentially build detailed knowledge of how our elections work. There was another example of russian efforts to interfere into a democracy with the goal of undermining our system. In 2016 we were woefully unprepared to defend and respond and im hopeful that we will not be caught flat fooded again. Our witnesses will tell us about 2016, what we should expect in 2018 and 2020. Im deeply concerned that if we do not work in lockstep with the states to secure our elections, we could be here if two or four years talking about a much worse crisis. The first panel will include expert witnesses from dhs and fbi to discuss russian intervention in 2016 elections and u. S. Government efforts to mitigate the threat. The second panel will include witnesses from Illinois State board of elections, the National Association of state elections directors, the National Associations of secretary of state, and an expert on Election Security to get us there on the ground on how federal resources might be brought to bear on this very important issue. For our first panel, id like to welcome our witnesses today. Dr. Samuel laos, acting director of Cyber Division within the office of intelligence and analysis at the department of Homeland Security. Jennifer manfra, acting deputy undersecretary, National Protection and programs dick tort, also at dhs. And jeanette, i think i told you next time you came i do not want acting in front of your name so now ive publicly said that to everybody in front of dhs. Hopefully next time that will be removed. And bill the assistant director for Counterintelligence Division at the federal bureau of investigation. Bill, i want to thank you for the help that you have personally provided to the investigative staff of this committee as weve worked through so far over five and a half months into our investigations of the 2016 elections. As youre well aware, the committee is in the midst of the investigation. The extent to which russian government under the direction of president putin conducted intelligence activities also known as russian active measures targeted the u. S. Elections. The Intelligence Community assesses it while russian influence obtain and maintained access to elements of multiple u. S. State and local election boards. Those systems were not involved in vote tally. During the first panel, i would like to address the depth and breadth of russian government cyber activities during 2016 election cycle with the u. S. Government to defend against these intrusions. We must keep the foundation of our democracy free and Fair Elections in 2018 and beyond. I thank all three of our first witnesses, i turn to the vice chairman. Thank you, mr. Chairman, and welcome to the witnesses and thank you for the work youve done with us. We all know that in january the entire Intelligence Community reached the unanimous conclusion thata took extraordinary steps to interfere in our 2016 president ial elections. Russias interference i believe was a watershed moment in our political history. This is one of the most significant events i think any of us on this dais will be asked to address in our time as senators. And woman a robust and comprehensive response we will protect our democratic processes from even more dramatic incursions in the future. Much of what the russians did at this point i think at least in this room was well known. Spreading fake news, flooding social media, hacking personal emails and leaking them for maximum political benefit. Without firing a shot at a minimal cost russia sewed chaos in our political system and undermined faith in our democratic process and as weve heard from earlier witnesses is the Intelligence Communitys conclusion that they also secured and maintained access to elements of multiple u. S. State and local electoral boards. As the chairman said, theres no reason to doubt the validity of the vote totals in the 2016 election. However, dhs and the fbi have confirmed and ill come back to this repeatedly only two intrusions into the Voter Registration databases in both arizona and illinois. Even though no data was modified or threadeleted in those two st. At the same time, weve seen published reports that literally dozens ive seen one report that said 39 states were potentially attacked. Its good news the attempts in 2016 did not change the results of that election but the bad news is this wont be their last attempt and im deeply concerned about the danger posed by future interference in our elections and attempts on russia to undermine confidence in our elections. We saw recently russian attempts to interfere in the elections in france and i thank the chairman that well be having hearings on this. We can be sure Russian Hackers and trolls will continue to refine their tactics in the future, et specially if theres no penalty for these malicious attacks. Thats again one reason i think the senate voted so overwhelmingly last week and i thank my colleagues for that 972 vote to strengthen our sanctions on russia. I hope that action sends a strong message to mr. Putin that there will be a heavy price to pay for attacks against the fundamental core of our democratic system. Make no mistake, its likely well see more attacks not just in america but against our partners. I heard coming in on the radio that the russians are already actively engaged in the german election cycle which takes place this fall. Some might say well, why the urgency. I can assure you, we have elections in 2018 but my home state of virginia we have statewide elections this year so this needs a sense of urgency. The american electoral process, the actual counting and reporting primarily is a local and state responsibility and in many states, including my own, we have a very decentralized approach which can be both the strength and the weakness. In virginia, for instance, the centralization helps deter largescale hacking or manipulation because our system is to diffuse. But virginia localities use more than a dozen different types of Voting Machines. None of which are connected to the internet while in use but we have a number of machine read machines so that the tabulations actually could be broken into on an individual machine basis. All this makes large Cyber Attacks on our electoral system because of the diffusion more difficult. But it also makes maintaining consistent coordinated cyber defenses more challenging as well. I strongly believe the threat requires us to harden our cyber defenses and to thoroughly educate the American Public about the danger. Yesterday i wrote to the secretary of Homeland Security. I urged dhs to work closely with state and local Election Officials to disclose publicly, emphasize publicly which states were targeted, not to embarrass any state. But how to put the American Public on notice when weve only heard two states but weve heard there are reports there are dozen. That makes no sense. I know its the position of dhs is since the states were victims it is their responsibility but i cannot believe that this was an attack on physical infrastructure in a variety of state there is wouldnt be a more coordinated response. We are not making our country safer if we dont make sure all americans realize the breadth and extent of what the russians did in 2016 and, frankly, if we dont get our act together what they will do in an even more dramatic form in 2018 and 2020 and candidly the idea of this bureaucratic its not my responsibility, not my job i dont believe is an acceptable decision. I hope that we hear a plan on how we can get more information into the bloodstream, how we can make sure that we have better best practices so that all states are doing whats needed. Im not urging or suggesting in any way the federal government intervenes in what is a local and state responsibility but to not put all americans on notice. To have the number of states that were hacked into or attempted to be hacked in to kept secret is crazy in my mind so my hope is that we will get some answers. I do want to thank the fact that in january dhs did designate the nations electoral infrastructure as krit sal infrastructure. Thats important. If we call it Critical Infrastructure but dont tell the public how many states were packed or how many could be attacked the the next cycle i dont think we get to where we need to be. So were going to see more of this. This is the new normal. Appreciate the chairman for holding this hearing and ill look forward very much to getting my questions answered. Thank you. Thank you, vice chairman. With that, doctor, i understand youre going to go first, the floor is yours. Chairman burr, Ranking Member warner, distinguished members of the committee, thank you for the invitation to be here. I represent the cyber Analysis Division of the department of Homeland Securities Office of intelligence and analysis. Our submission to produce cyber focus intelligence information and analysis, represent our partners like inkick to the Intelligence Community, coordinate and share intelligence with our customers at the lowest classification possibility. We are a team of dedicated analysts who take threats to the Critical Infrastructure of the United States seriously. Id like to begin by clarifying the threat we observe nod the infrastructure in the 2016 election. Prior to the election we had no indication that criminals were planning Cyber Operations against the u. S. Election infrastructure that would change the outcome of the coming u. S. Election however throughout spring and early summer 2016 we and others in the ic began to find indications that the russian government was responsible for widely reported compromises ableak s and leaks s from u. S. Political figures and institutions. As awareness of these activities grew, dhs began in august, 2016, to receive reports of cyberenabled scanning and probing of electionrelated infrastructure in some states. From that point on, ina began working together, analyze and share Additional Information about the threat. Ina participated in red team events looking at all possible scenarios, collaborated and coauthored production with other Community Members and the National Intelligence council provided direct support to the cyber center, the national Cyber Security and Communications Integration center and worked hand in hand with state and local information. By late september, we determined internetconnected networks in 21 states were potentially targeted by russian government cyber actors its important to note that none of the systems were involved in vote tallying. Our understanding of that tallying augmented by further classified reporting is that still consistent with the scale and scope. This activity is best characterized as hackers attempting to use commonly available cyber tools to exploit known system vulnerabilities. This vast majority of the activity we observed was indicative of simple scanning for vulnerabilities analogous to somebody walking down the street and looking to see if you are home. A small number of systems were unsuccessfully explode d as though somebody rattled the doorknob. Finally a small number of net t networks were exploited. They made it through the door. Based on that activity, we made a series of suspects. We started out with we had no indication prior to the election that adversaries were Planning Operations against the infrastructure that would change the outcome of the 2016 election. We also saw diversity of systems, noninternet connected vote magazines, preelection testing and processes for media, campaign and Election Officials to check, audit and validate the results. All of these made it likely that cyber manipulations of the u. S. Election system would be detected. We also finally assess the types of systems russian actors targeted or compromised were not involved in vote tallying. What we continue to evaluate is any new information, dhs has not altered these prior assessments having characterized the threat as we observed it, ill stop to allow my colleague Jeanette Manfra to talk about how theyre working with election systems to enhance security and resiliency. I look forward to answering your questions. Thank you, ms. Manfra . Thank you, sir, chairman burr, vice chairman warner, thank you for todays opportunity to represent the men and women that serve in the department of Homeland Security. Today im here to discuss the departments mission to reduce and eliminate threats to the nations critical, physical and Cyber Infrastructure, specifically as it relates to our elections. Our nations Cyber Infrastructure is under constant attack. In 2016 we saw Cyber Operations directed against u. S. Election infrastructure and political entities. As awareness of these activities grew, dhs and its partners provided actionable information and capabilities to help Election Officials identify and mitigate vulnerabilities on their networks. Actionable information led to detections of potentially malicious activity affecting internetconnected electionrelated networks, potentially targeted by russian cyber actors in multiple states. When we became aware of detected activity, we worked with the affected entity to understand if a successful intrusion had, in fact, occurred. Many of these detections represented potentially malicious vulnerability scanning activity, not successful intrusions. This activity and partnership with these potential victims and targets enhanced our Situational Awareness of the threat and further informed our engagement with state and local Election Officials across the country. Given the vital role that elections have in a free and democratic society, on january 26 of this year, the former secretary of Homeland Security established election infrastructure as a Critical Infrastructure subsector. As such, dhs is leading federal efforts to partner with state and local Election Officials as well as private sector vendors to formalize the prioritization of voluntary securityrelated assistance and to ensure that we have the Communications Channels and protocols as senator warner discussed to ensure that Election Officials receive information in a timely manner and that we understand how to jointly respond to incidents election infrastructure now receives Cyber Security and Infrastructure Protection assistance similar to what is provided to other Critical Infrastructure such as Financial Institutions and electric utilities. Our election system is run by the state and local governments in thousands of jurisdictions across the country. Importantly state and local officials have already been working individually and collectively to reduce risks and ensure the integrity of their elections. As threat actors become increasingly sophisticated, dhs stands in partnership to support their efforts. Safeguarding and securing cyberspace spais a core mission. Dhs assists state and local customers as part of our daily operations. Such assistance is completely voluntary and does not sbam regulation or federal oversight. Our role is limited to support. In this role we offer three types of assistance assessments, information and Incident Response. For the most part, dhs has offered two kinds of assistance to state and local officials. First, the cyber Hygiene Service for internetfacing systems provides a recurring report identifying vulnerabilities and mitigation recommendations. Second, our Cyber Security experts can go on site to conduct risk and vulnerability assessments and provide recommendations to the owners of those systems for how best to reduce the risk to their network. Dhs continues to share actionable information on Cyber Threats and incidents through multiple means. Weve published best practices for securing databases and addressing potential threats to election systems. We share cyber threat indicators and other Analysis Network defenders can use to secure their systems. We partner with the multistate information sharing and Analysis Center to provide threat and vulnerability information to state and local officials. This organization is partially grant funded by dhs and has representatives that sit on our floor and can interact with our analysts and operators on a 24 7 basis. They can receive information through our fieldbased personnel station throughout the country and in partnership with the fbi. Finally we provide incidence response assistance at request to help state and local officials identify and remediate any possible cyber incidents. In the case of an attempted compromise affecting election infrastructure, we will share that Technical Information with other states to assist their ability to defend their own systems from similar malicious activity. Moving forward, we must recognize the nature of risk facing our election infrastructure will continue to evolve with the establishment of an election infrastructure subsector, dhs is working with the stakeholders to establish these appropriate coordinating councils and our mechanisms to engage with them. These will formalize our mechanism for collaboration and ensures longterm sustainability of this partnership. We will lead the federal efforts to support Election Officials with security and resilience efforts. Before closing, i want to reiterate that we do have confidence in the overall integrity of our electoral system because our voting infrastructure is fundamentally resilient. Its diverse, subject to local control and has many checks and balances built in. As the risk environment evolves, the department will support state and local partners by providing assistance. Thank you very much for the opportunity to testify and i look forward to any questions. Thank you very much. Good morning. Chairman burr, vice chairman warner and mens of the committee, thank you for the opportunity to appear before you today. My statement for the record has been submitted and so rather than restating it, id like to step back and provide you a description of the broader threat as i see it. My understanding begins by asking one question what does russia want . During the cold war, the soviet union was one of the worlds two great powers, however in the early 1990s it collapsed and lost power, stature and much territory. In the 2005 speech, Vladimir Putin referred to this as a major catastrophe. The soviet unions collapse left the u. S. As the sole superpower. Since then, russia has substantially rebuilt but it hasnt been able to fully regain its former status or its former territory. The u. S. Is too strong and has too many alliances for russia to want a military conflict with us. Therefore hoping to regain its prior stature, russia has decided to try to weaken us us our allies. One of the ways russia has sought to do this is by influence rather than brute force. Some people refer to russias activity in this regard as Information Warfare because it is information that russia uses as a weapon. In regards to our most recent president ial election, russia used information to try to undermine the legitimacy of our election process. Russia sought to do this in a simple manner. They collected information via computer intrusions and via their intelligence officers. And they selectively disseminated emails they hoped would disparage certain political figures and shed unflattering light on political processes. They also pushed fake news and propaganda. And they used online amplifiers to spread the information to as many people as possible. One of their primary goals was to sew discord and undermine a key democratic principle. Free and Fair Elections. In summary i greatly appreciate the opportunity to be here today to discuss russias election influence efforts. To restore power and prestige by eroding democratic values. Russia will continue to pose a threat. I look forward to your questions. Thank you. We will proceed for recognition up to five minutes and the chairman will tell you when you have used all your time if you proceed that far. Chair would recognize itself for five minutes. Yes or no to all three of you. Most important question, do you have any evidence that the votes themselves were changed in any way in the 2016 president ial election . No, sir, there was no detected change in the vote. Miss. No, sir. Mr. Epset. No, sir. Theyre getting more sophisticated by the day. The diversity of our election system is a strength, but the intrusions into state systems also show that moscows willing to put considerable resources towards an unclear result. In 2016 we saw voter data stolen. How could moscow potentially use that data . They could use the data in a variety of ways. Unfortunately in this setting i cant go into all of them. I think first of all i think they took the data to understand what it consisted of. Whats there so they can in effect better understand and plan accordingly. When i say plan accordingly, plan accordingly in regards to possibly impacting future elections and or targeting of particular individuals. But also by knowing whats there and studying it they can determine is it something they can manipulate or not possibly Going Forward. Then theres a couple other things that wouldnt be appropriate in this setting as well. To any of you youve heard the vice chairman talk about the frustration of publicly talking about how many states. Can you tell the American People why you cant disclose which states and the numbers . Ill turn to miss manford first. Thank you for the question, sir. Through the long history that the department has in working with private sector and state and local on Critical Infrastructure and Cyber Security issues, we believe it is important to protect the confidentiality that we have and the trust that we have with that community so when an entity is a victim of a cyber incident, we believe very strongly in protecting the information around that victim. That being said, what we can do is take the Technical Information that we learn from the engagement with that victim and anonmiez it so its not identified as to what that entity or individual is, but we can take all the Technical Information and turn that around and share that broadly with whether its an effected sector or broadly across the entire country and we have multiple mechanisms for sharing that. We believe this has been a very important key to our success in developing trusted relationships across all of the 16 Critical Infrastructure sectors. Are we prepared today to say publicly how many states were targeted . As of right now we have evidence of 21 states or electionrelated systems in 21 states that were targeted. But in no case were actual vote tallies altered in any way, shape or form . That is correct. How did the french respond to the russian involvement in the french elections a month ago . Is that something we followed . Sir, from the bureaus standpoint its something we followed from afar. We did have engagement with french officials, but just not at liberty to go into what those consistented consisted of. Okay. Weve talked about last year. Russias intent, their target. Lets talk about next year. Lets talk about the 17 elections in virginia, lets talk about the 18 elections, congressional and gubernatorial elections. What are we doing to prepare ourselves for this november and next november . Miss manfra. Yes, sir, as you noted were taking this threat very seriously. And part of that is identifying this community is Critical Infrastructure sub sector thats allowed us to prioritize and formalize the engagement with them similar to the 2016 elections, we are identifying additional resources, prioritizing our engagement with them through information sharing products, identifying in partnership again with the state and local community those communication protocols, how do we ensure that we can declassify information quickly should we need to and get it to the individuals that need it. Were also have committed to working with state and local officials on Incident Response playbooks. So how do they understand where to engage with us, where do we engage with them and are we able to bring the entire resources of the federal government to bear in helping the state and local officials secure their elections systems. Great. Vice chairman. Thank you for the answer at 21. 21 states is almost half the country. Weve seen reports that were even higher. I concur with the chairman. The vote totals were not changed, but can you explain to me how were made safer by keeping the identity of 19 of those states secret from the public . Since arizona and illinois have acknowledged they were attacked. Sir, id bring it back to the earlier points you made about the future elections. One of the key pieces for us within ina is our ability to work with our partners because of how our collection mechanism works its built on a high level of trust if this was Water Systems or power systems, would it be would the public be safer by not knowing that their water system or power system in their respective state was attacked . Sir, can for other sectors we apply the same principles. When we do have a victim of an incident in the electric sector or water sector, we do keep the name of that entity confidential. Some of these sectors do have breach reporting requirements that requires the victim are all 21 of the states that were attacks, are they aware they were attacked . All of the system owners within those states are aware of the targeting. Yes, sir. So at the state level could have had registrars there may have been attempt to penetrate at the local level and registrars in respective state would not even know their state had been subject of russian activities . Were currently working with state Election Officials to ensure communication between the local and the state but at this moment in time there may be a number of state, local Election Officials that dont know their state were targeted in 2016, is that right . The owners of the systems that were targeted do know that they were targeted. The owners may know, but because we have a decentralized system, many local i understand i understand the notion, but i do not believe our country is made safer by holding this information back from the American Public. I have no interest in trying to embarrass any state, but weve seen this for too long in cyber. Weve seen it in the financial industry and others where people simply try to sweep this under the rug and assume to go along the way. When were talking about, i go back to initial comments, we had no idea, we had no ability to predict this beforehand. We had 21 states that were attacked. Weve got two that have come forward. While no Election Results were changed we do know there were a number of states, perhaps youll answer this, how many states did the russians actually exfiltrate data such as Voter Registration lists . Prefer not to go into those details in this forum, sir. I can tell you we are tracking 21 states that were targeted. The states who had their data exfiltrated by the russians, are they aware of that . Yes, sir. And is there any coordinated response on how were going to prevent this Going Forward . Yes, sir. How do we make sure if states are not willing to acknowledge that they had vulnerabilities, if they were subject to attack again, were in a brave new world here. And i understand your position. Im not trying to im very frustrated, but im not i get this notion, but i think we need a reexamination of this policy. You know, the designation by former secretary johnson as Critical Infrastructure, what does that change in terms of how our operations are Going Forward . By that designation in january, i appreciated it, but what does that really mean in practical terms in terms of assistance or information sharing . What it means for it means three things, sir. The first is a statement that we do recognize that these systems are critical to the functioning of american life. And so that is an important statement. The second is that it formalizes and the and sustains the departments priority saization engagement with this community. The last it provides particular protections for sharing of information from particular with vendors within the Election Community that allows us to have conversations to discuss vulnerabilities with potential systems we would not have to disclose. I talked with secretary kelly last week and i hope youll take this at least the message back to him, i would like us to get more information. What ive heard today is that there were 21 states, i appreciate that information. But within those 21 states i have no guarantee that local Election Officials are aware that their state system may have been attacked. Number one. Number two, we dont know how many states actually had exfiltration. Final question is, have you seen any stoppage of the russian activities after the election, or are they continue to ping and try to feel out our various election systems . On the first two questions, sir, i will be happy to get back to you, i spoke with the secretary this morning and look forward, and third question ill defer to the fbi. Vice chairman, i just cant comment on our pending investigations related to the cyber you cant say whether so should the public take away a sense of confidence that the russians have completely stopped as of november of 2016 trying to interfere or tap into our Electoral Systems . Is that what youre saying . Thats not what im saying, sir. I believe the russians will absolutely continue to try to conduct, influence operations in the u. S. , which will include cyber intrusions. Thank you, mr. Chairman. Thank you, vice chairman. To dhs and to the bureau a quick question. And if you cant answer it, please go back and get us an answer. Would your agency be opposed to the chair and vice chair sending a letter to the 19 states that have not been publicly disclosed a classified letter asking them if they would consider publicly disclosing that they were a target in the last election . Sir, id be happy to take that question back to my organization. I would just add that the role your committee is playing in regards to highlighting the russians aims and activities, i think, is critically important for this country. The bureau is just trying to balance what ill call it the messaging end of that with doing things that hopefully dont impact what we can learn through our investigations. I know its a fine balance, but the bottom line is you play a key role in raising awareness of that. And i thank you. Fair concern and if both of you would just go back and then get back with us well proceed from there. Senator ray. Thank you very much. So that the American People can have solid confidence in what youve done and thank you for what youve done. Could you give the American People an idea if you feel numbers are classified and that sort of thing, you dont have to go into it, but the number of people that were involved on dhs and fbi in this investigation, can you give us a general idea whichever one of you want to take that question. Miss manfra. From a dhs perspective we did mass quite a few resources both from our intelligence and analysis and our operations analysis. To put a number on it is somewhat challenging. Would you say it was substantial . It was a substantial level of effort, yes, sir. Confident you got where you wanted to go when you set out to make this investigation . Yes, sir. One of our key priorities was developing relationships with that community and getting information out whether it was to specific victims or broader indicators we could share. We accomplished that. We have multiple sessions. We sent over 800 indicators to the community. So we do believe we accomplished that. We dont want to let that down at all. We want to continue that level of effort. And we intend to continue. And im focusing on not what you did after you got the information but how you got the information. Youre confident you got what you needed to appropriately advise everyone as to what was going on . Yes, sir. Yes, we did. Mr. Preseit, to you. The fbi considered this a very grave threat, and so we dedicated substantial resources to this effort as well. Okay. Thank you. To both of you, both agencies, again, everyone in this committee knows the specificity and identity of the russian agencies involved. Are you comfortable in identifying them here today, or do you still feel thats classified . Yeah, other than what was mentioned in the unclassified version of the Intelligence Community assessment, id rather not go into any of those details. Were there any of those agencies identified . Any of the russian intelligence agencies identified in that . Its my understanding that giu was identified. Homeland security, same answer . Yes, sir. Okay. Thank you much. Let me ask this question and i come at this from a little different perspective and i think the American People have the right to know this. From all the work that either of your agencies did, all the people involved, all the digging you did through what the russians had done and their attempts, did you find any evidence, direct or circumstantial, to any degree down to scintilla of evidence that any u. S. Person colluded with, assisted or communicated with the russians in their efforts . Sir, i just cant comment on that today. That falls under the special councils purview. Have to defer to him. Are you aware of any such evidence . And im sorry, sir, i just cant comment on that. Miss manfra . Im sorry, sir, i cannot also comment on that. Thank you. Thank you, mr. Chairman. Senator feinstein. Thanks very much, mr. Chairman. Candidly im very disappointed by the testimony. I mean, we have learned a great deal and the public has learned a great deal of what weve learned. Youve said and i think quite pointedly that russia has decided to weaken us through covert influence rather than brute force. And i think thats a correct assessment. And i thank you for having the courage to make it. Heres a question, to the best of the fbis knowledge, have they conducted covert influence in prior election campaigns in the United States . If so, when, what and how . Yes, absolutely theyve conducted influence operations in the past. What made this one different many regards was of course the degree and then with what you can do through Electronic Systems today. When they did it in the past, it was doing things like trying to put in biased or halftrue stories, getting stories like that into the press or pamphlets that people would read, so on and so forth. The internet is just allowed russia to do so much more today than theyve ever been able to do in the past. So youre saying prior campaigns were essentially developed to influence one campaign above another . To denigrate a candidate if she was elected and to support another candidate subtly . Im saying that russia for years has conducted influence operations targeting our elections, yes. Equal to this one . Not equal to this one, no, maam. Okay. Here we go. What made this one different . Again, i think the scale and the aggressiveness of the effort in my opinion made this one different. Again, its because of the electronic infrastructure, the internet, what have you today that it allowed russia to do things that in the past they werent able to do. Would you say that this effort was tailored to achieve certain goals . Absolutely. And what would those goals have been . I think the primary goal in my mind was to sew discord. And to try to delegitimize our Fair Election process. I think another of their goals which the entire United StatesIntelligence Community stands behind was to denigrate secretary clinton and to try to help then current President Trump. Have they done this in prior elections in which theyve been involved . Have they denigrated a specific candidate and or tried to help another candidate . Yes, maam, they have. And which elections were those . Oh, im sorry, i know im sorry, i cant think of an example off the top of my head, but all the way through the cold war up to our most recent election, in my opinion, they have tried to influence all of our elections since then. This is a common practice. Have they ever targeted what is admitted here today to be 21 states . If they have, i am not aware of that. That scale is different than what im aware of what theyve tried to do in the past. So, again, the scale and aggressiveness here separates this from their previous activities. Has the fbi looked at how those states were targeted . Absolutely, maam. And what is your finding . We have a number of investigations open in regards to that. In this setting actually, i guess because theyre all still pending investigations, id rather not go into those details. The other thing id ask you to keep in mind is that we continue to learn things. So there was some activity, we were looking at prior to the election, its not like when the election was finished our investigations stopped. So as we learn more, we share more. Do you know if its the intent of the fbi to make this information public at some point . I think this gets back to an issue the vice chairman raised. I guess i want to be clear on my position on it. I think it is critically important to raise awareness about russias aims to undermine our democracy and then their trade craft in how they do it. My organization though part of understanding that trade craft is conducting our investigations where we learn more and more about trade craft. So we try to balance what do we need to provide to partners so they can best protect themselves versus not interrupting our investigations if the information were to be made public. Thank you very much, my time is up. Thank you. Thank you, senator feinstein. The vice chairman and i have already decided were going to invite the bureau in for classified briefing to update all members on the open investigations and any that we see that might warrant on their minds an opening of a new investigation. In addition, let me remind members that one of the mandates of our investigation is that we will at the end of this work with the bureau and other appropriate agencies to make a public report in as great public detail as we can our findings on russias involvement in our election. So it is the intent of the chair at least to make sure that as much as we can declassify, its done in the public gets a true understanding when we put out a final report. Senator rubio. Thank you, mr. Chairman. And i think thats critically important. I think the most important thing were going to do in this report is tell the American People how this happened so were prepared for the next time. It begins, i think, by outlining what their goals were, what they tried to do in this regard and we know what theyve tried to do because theyve done it in other countries around the world for an extensive period of time. The first is undermine the credibility of the electoral process to be able to say its not a real democracy, its filled with all kinds of problems. The second is to undermine the credibility of our leaders, including the person who may win. They want that person to go into office hobbled by scandal and all sorts of questions about them. And the third ideally in their minds, i imagine, is to be able to control the outcome in some specific instance. If they think they could either through public messaging or even in the worst Case Scenario by being able to manipulate the vote, which i know now has been repeatedly testified did not happen here. By the way, these are not mutually exclusive. You can do all three, you can only take one, they all work in conjunction. I think you could argue that theyve achieved quite a bit if you think about the amount of time that we have been consumed in this country on this important topic and that political fissures its developed. The way i point to it and if anyone disagrees i want you to tell me, but we have something in american politics, its legitimate, both sides do it, its called Opposition Research. Find out about your opponent, hopefully its embarrassing or disqualifying information if youre the Opposition Research person, you package it, link it to me, they report it, you run ads on it. Now, imagine being able to do that with the power of a nation state, illegally acquiring things like emails and being able to weaponize that by leaking it to somebody who will post that and create all sorts of noise. I think thats certainly one of the capabilities. The other is just straight out misinformation. Right . The ability to find a site that looks like a real news place, have them run a story that isnt true, have your trolls begin to click on that story, it rises on facebook as a trending topic, people start to read it. By the time they figure out it isnt true, a lot of people think it is. I remember seeing one in early fall that president obama had outlawed the pledge of allegiance and i had people texting me about it. I knew that wasnt true, but my point is we had people texting about it asking if it was. Just tells you i dont know if that was part of that effort, just somebody with too much time on their hands. And then the third of course is the access to our Voting Systems. And obviously people talk about affecting the tallies, but just think about this. Even the news that a hacker from a Foreign Government could have potentially gotten into the Computer System is enough to create the speck tor of a losing candidate arguing the election was rigged, the election was rigged. And because most americans, including myself, dont fully understand all of technology that surrounds Voting Systems per se, you give that election as rigged kind of narrative to a troll and a fake news site and that stuff starts to spread and before you know it you have the specter of a political leader in america being sworn in under the cloud of whether or not their election was stolen because vote tallies were actually changed. So i dont know why they were probing these different systems, because obviously a lot of information they were looking at was publicly available. You can buy voter rolls. Campaigns do it all the time. But i would speculate that one of the reasons potentially is because they wanted these stories to be out there, that someone had pinged into these systems creating the specter of being able to argue at some point that the election was invalid because hackers had touched election systems in key states. And that is why i really truly believe, mr. Chairman, it is so important to the extent possible that part of it, the systems part as much of it be available to the public as possible. Because the only way to combat misinformation is with truth and with facts and explain to people, and i know some of it is proprietary, i know some of it were trying to protect methods and so forth, but it is really critical that people have confidence when they go vote that vote is going to count and someones not going to come in electronically a electronically and change it. I really hope we err on the side of disclosure about our system so people have full confidence that when they go vote because i can tell you i was on the ballot in november. And i remember people asking me repeatedly is my vote going to count. I was almost afraid people wouldnt vote because they thought their vote wouldnt count. So i just hope as we move forward, i know thats not your decisions to make in terms of declassifications and the like, but it is really, really, really important that americans understand how our Voting Systems work, what happened, what didnt and that we be able to communicate that in realtime in the midst of an election so that in 2018 these reports start to emerge about our Voting Systems being pinged again people arent we can put out enough information in early october or november so people dont have doubts. I think its critical for our future. Senator wyden. Thank you, mr. Chairman. Let me say to the three of you and i say it respectfully that on the big issue, which is which states were affected by russian hacking in 2016 the American People dont seem to be getting more information than what they already had before they showed up. We want to be sensitive to security concerns, but that question has to be answered sooner rather than later. I want to send that message in the strongest possible way. We obviously need to know about vulnerables so that we can find solutions. And we need better Cyber Security to protect elections from being hacked in the first place. And that means Solutions Like oregons vote by mail system that has a strong paper trail, air gapped computers and enough time to fix the problems if they pop up. So now to my question. You all mentioned the january intelligence assessment saying that the types of systems we observe russian actors targeting or compromising are not involved in vote tallying. Your prepared system your prepared testimony today makes another point that i think is important. You say it is likely that cyber manipulation of u. S. Election systems intended to change the outcome of a National Election would be detected. So that is different than we have heard thus far. So i have two questions for you, miss manfra, and you, dr. Lisles. What level of confidence does the department have in its assessment that 2016 vote tallying was not targeted or compromised. And second, does that assessment apply to state and local election . Thank you, sir, for the question. So the level and effort and scale required to change the outcome of a National Election would make it nearly impossible to avoid detection. This assessments based on the diversity of systems, the need for physical access to compromise Voting Machines themselves, the security of preelection testing employed by the state and local officials, theres a level a number of standards and security protocols that are put in place. Theres addition the vast majority of localities engage in logic and accuracy testing which worked ensure Voting Machines operate and tabulate before, during and after the election theres been an immense amount of Media Attention applied to this, which also brings an idea of people actually watching and making sure that the Election Results represent what they see. And plus theres just this statistical ano, mamalies thatd be detected. So we have high confidence in our system. What about state and local election sns do you have the same level of confidence . So from the standpoint of a nation state actor operating against state and local election system we would have the same for an internet connected system we would have the same level of confidence. Okay. Miss manfra. Yes, sir. And i think this also gets to senator rubios point about the difficulty in the general public understanding the variety of systems that are used in our election process. And so we broke our level of engagement and concern down a couple of different areas. The Voter Registration systems which are often can be usually connected to the internet, we also are looking at the Voting Machines themselves which by best practice and by the voluntary voting standards and guidelines that the department of commerce works with the Election Assistance Commission on is by best practice those are not connected to the internet. So can Homeland Security assure the public that the department would be able to detect an attempted attack on vote tallying . What i would suggest, sir, is that the ability as has been demonstrated by security researchers to assess remotely a voting machine to manipulate that vote and then to be able to scale that across multiple different Voting Machines made by different vendors would be virtually impossible to occur in undetected way within our current election systems. Has the department conducted any kind of post election for instance on the Voting Machines that were used in 2016 . We are currently engaged with many vendors of those systems to look into conducting some joint forensics with them. The Vendor Community is very interested in engaging with us theres been no analysis yet . We have not our department has not conducted forensics on specific Voting Machines. Do you believe its important to do that in terms of being able to reassure americans that there was no attack on vote tallying . Sir, i would say that we do currently have voluntary standards in place that vendors are enabled and in approximately 35 states they actually require some level of certification of those Voting Machines that they are complying with those standards. We absolutely would be interested in working with vendors to conduct that level of analysis. Let me ask one last question. Obviously the integrity of elections depends on a lot of people, state and local, election officers, equipment vendors, third party contractors. Are you all at Homeland Security and the fbi confident that the federal government has now identified all of the potential government and private sector targets . Yes, sir, im confident that weve identified the potential targets. Okay. Thank you. Mr. Chairman. Senator collins. Mr. Preiset, let me say its great pleasure to see you here again. I remember back in 2003 you were detailed to the Homeland Security committee when i was the chairman and how helpful you were in our drafting the intelligence reform and terrorism prevention act. So thank you for your continued public service. You testified this morning and answered the question of what does russia want. And you said that the russians want to undermine the legitimacy of our elections and sow the seeds of doubt among the American Public. Despite the exposure and the publicity given to the russians efforts in this regard, do you have any doubt at all that the russians will continue their activities in subsequent elections . I have no doubt. I just dont know, you know, the scale and aggressiveness whether theyll repeat that, if it will be less or if it will be more. But i have no doubt they will continue. Is there any evidence that the russians havent planted malware or back doors or other computer techniques to allow them easier access next time to our election systems . Im sorry, senator, i just cant comment on that because of our pending investigations. Secretary manfra, the secretaries of state who are responsible for the election systems have a pretty blistering attack on the department of Homeland Security in the testimony that will be given later this morning. And i want to read you part of it and have you respond. They say yet nearly six months after the designation and they mean the designation of election systems as Critical Infrastructure and in spite of comments by dhs that theyre rushing to establish election protections, no secretary of state is currently authorized to receive classified threat information that would help them to protect their election systems. Why not . Thank you, maam, for that question. I would note that this community, the secretaries of state and for those states where they have a state election director is not one that the department has historically engaged with. And what we have done in the process of building the trust and learning about how they do their work and how we can assist, we have identified the need to provide clearances to that community. And so we have committed to them to work through that process between our department and the fbi. Let me ask you about your own agency, which is the agency that focuses on Critical Infrastructure including our election systems. Now, nppd is not an official element of the Intelligence Community that would have routine access to especially sensitive classified information, so how do you know with any certainty whether you and others in the agency are read into all the relevant classified information that may exist regarding foreign threats to our critical information including our election systems. I would say despite is Network Defense and operations in partnership with the Critical Infrastructure and the federal government. We feel very confident that with the partnership with our own intelligence Analysis Division that serves as an advocate for us within the Intelligence Community as well as our direct relationships with many of those individuals in organizations sump as the fbi, nsa and others that we receive information quickly. And when we ask to declassify that, they are responsive and we work through our partners at the Intelligence Analysis Office to ensure that happens quickly. So it there room for improvement . Absolutely, of course. But we have the full commitment of the Intelligence Community to support us and get us the information we need and our stakeholders need. And finally, how many states have implemented all the best practices recommended in the document developed by dhs regarding the protection of election systems . Maam, id have to get back to you on a specific number of states. I dont have that with me. Do you think most states have informal engagement many of them noted that they had already adopted some of these. And to the extent that they werent, they were incorporating them. I would ask for a response for the record. Yes, maam. Thats a really important point. Senator heinrich. Mr. Preistep, i want to thank you for your testimony this morning. I think you hit the nail on the head when you said we need to step back and ask the fundamental question, what do the russians want. And by outlining that they want to undermine legitimacy in our system, that they want to sow discord, they want to undermine our free and Fair Elections, we really have a better lens with which to understand the specifics of what happened in 2016. In your view, were the russians successful in reaching their goals in the 2016 elections . I dont know for certain whether the russians would consider themselves successful. In many ways they might argue that because of the time and energy were spending on this topic, maybe its distracting us from other things. But on the other hand exactly what this committee is doing as far as raising awareness of their activities, their aims for their American People in my opinion theyve done the American Public a service in that regard. So i guess i dont know but could argue either way. Yeah, i think the jurys certainly out for the future, but when you look at the amount of discord that was sown and the impact on 2016 i hope that the outcome of what were doing here is to make sure in 2018 and 2020 and 2022 that by no metric will they have been successful. Mr. Priestap, you stated very quickly that one of their primary goals was to delegitimize our democracy. Are you familiar with the term unwitting agent . Yes, i am. Can you kind of summarize what that is for us . In an intelligence context it would be where an Intelligence Service is trying to advance certain names and they reach out to a variety of people, some of which they might try to convince to do certain things and the people, person or persons they contact might actually carry those out but for Different Reasons than the Intelligence Service had actually wanted them to carry it out. In other words they do it unwittingly. By effectively reinforcing the russian narrative and publicly saying that our system is rigged, did thencandidate trump, nowPresident Trump become what intelligence officials call an unwitting agent . I dont blame you for not answering that question. Weve got about 1 46 left. Can you talk about the relationship between the election penetration that we saw and the coincident russian use of what senator rubio very aptly described of trolls, of bots, of social media, all designed to manipulate the American Media cycle and how those two things fit together. Im sorry to clarify, fit together the intrusions with the whats the relationship between what they were doing in our elections from a technical point of view and what they were seeking to do in our media cycle by using trolls and bots and manipulation of the media cycle. Sure. I mean, i guess the best way i can describe it is this was a my opinion a wellplanned, wellcoordinated multifaceted attack on our election process and democracy. And, while that might sound complicated, but it was actually really straightforward. They want to collect intelligence from a variety of sources in human and cyber means. They want to evaluate that intelligence. They might selectively disseminate some of it, might use more for more strategic discussions. But at the end of the day its about collecting intelligence that would give them some type of advantage over the United States and or attempt to influence things and then coordinated well coordinated, wellfunded, diverse ways to disseminate things to hopefully influence american opinion. This was a very sophisticated highly resourced effort. Absolutely. Thank you. Thank the chairman. Lets start about lets start with the comment that dhs made in its written comment which says accesses systems russian targeters accessed or compromised were not involved in vote tallying. Is that because the vote tallying systems are a whole lot harder to get into than the Voter Registration systems . I cant make a statement as to why different systems were targeted. What we can assess is that those vote tallying systems whether it was the machines, a kiosk that a voter uses at the polling station, or the systems that are used to tally votes were very difficult to access and particularly to access them remotely and then given the level of observation for vote tallying at every level of the process that adds into, you know, that we would have identified issues there. And there were no identified issues. So those two okay. I would think that if you could get into the vote tallying system and you did want to impact the outcome of an election, obviously the vote tallying system is the place to do that. And i would also suggest that all of your efforts are a lot of your efforts should be to continue to do whatever dhs thinks they need to advise. I dont think we should centralize this system, to give advice to state and local elected officials to be sure that that vote tallying system is protected at a level above other systems. You know, the Voter Registration system is Public Information. It is generally accessible in lots of ways. Its not nearly as protected for that reason. You have lots of input from lots of sources into that system. And i think, miss manfra, you made the point that you said in the best practice would be to not have the vote tallying system connected in any unnecessary way to the internet. Is that right . Both the kiosks themselves and vote tallying systems to not connect them to the internet and to also have ideally paper auditing trail as well. Well, i certainly agree with that. The paper trail is significant. And i think more prevalent as people are looking at new systems. But also i think any kind of third party monitoring, the first two parties would be the voter and the counting system, just creates another way into the system. So my advice would be that dhs doesnt want to be in a situation where somehow youre connected to all the Voting Systems in the country. Mr. Louz, i think you said the diversity of our Voting System is a great strength of the system. Do you want to comment on that any more . Yes, sir. When we were setting as part of red teaming activities we look at the diversity of the Voting System a great strength. The fact they were not connected in any kind of centralized way, so we evaluated that when looking at Risk Assessment with the cia and office of Cyber Intelligence analysis, we looked at that as one of the great strengths. And our experts at the i. C. Worked with also said the same thing. Well, i would hope you continue to think about that as one of the great strengths as you look at this Critical Infrastructure because every avenue for federal monitoring is just one more avenue for somebody else to figure out how to get into that system. And, again, the Voter Registration system dramatically different in what it does. All Public Information accessible printed out, given to people to use though you are careful of what information you give. But almost all Election Officials that have this system now have some way to share that with the public as a system. There is no reason to share the security of the vote counting system with the public or to have it available or accessible. And i would hope that the dhs or nobody else decides that youre going to save this system by having more avenues and more avenues into the system. Absolutely not, sir, were fully supportive of the voluntary standards process. And we are engaging with that process with our experts. And we continue again with the voluntary partnership with the state and locals. And we intend to continue that. Thank you. Thank you, mr. Chairman. Senator cain. Thank you, mr. Chairman. Starting with a couple questions, mr. Priestap, you indicated this was a very real threat of russia to probe and intercept our election system. Any doubt that it was the russians . No, sir. Any doubt that theyll be back . No, sir. To our dhs witnesses, have the 21 states that youve mentioned that we know where had this happened been notified officially . Sir, the owners of the systems within those 21 states have been notified. How about the Election Officials in those states . We are working to ensure that Election Officials as well understand. Ill have to get back to you on whether all 21 states have you had a conference of all state Election Officials, secretaries of state here in washington on this issue . I have had at least two teleconferences and inperson conferences we will be engaging with them in july, i believe. Well, i would urge you to put some urgency on this. We got another election coming in 18 months and if were talking about systems and registration rolls, time is going by. So i believe this is as weve already heard characterized a very grave threat. Its going to be back and shame on us if were not prepared. Yes, sir. We have biweekly or every other week we hold a tmpb conference with all relevant Election Officials, the National Associations that represent those individuals have nominated bipartisan individuals to engage with us on a regular basis. This is of the utmost urgency for the department in this government to ensure that we have better protections Going Forward, but the community, the Election Community is similarly committed and has been so for years. Just to be clear, nobodys talking about a federal takeover of local election systems. Absolutely. Or federal rules. What were talking about is Technical Assistance and information and perhaps some funding at some point. Sir, this is similar to our engagement with all Critical Infrastructure sectors, whether its the electrical sector, nuclear sector, financial sector. Its completely voluntary and it is about this department providing information both to potential victims but to all Network Defenders to ensure that they have access to what we have access to and can better defend themselves. Thank you. Ill take issue with something that you said, we have a National Election and its too large, too diverse to really crack. We dont have a National Election. What we have are 50 state elections. And each election in the states can depend upon a certain number of counties. There are probably 500 people within the sound of my voice who could tell you which ten counties in the United States will determine the next president ial election. And so you really a sophisticated actor could hack a president ial election simply by focusing on particular counties. Senator rubio im sure remembers dade county in the year 2000 and the significance that had to determining who the next president of the United States was. I dont think it works to just say, oh, its a big system and the very diversity will protect us because it really is county by county, city by city, state by state. And a sophisticated actor, which the russians are, could easily determine where to direct their attack. So i dont want to rely on the diversity. Second, a separate point is, what do we recommend . And weve talked about paper backups. The dutch just had an election where they just decided to make it all paper and count the ballots by hand. For this very reason. So what would you tell my elections clerk in brunswick, maine, miss manfra would be the top three things he or she would protect themselves in this situation . Sir, i would say to first as previous senators mentioned prioritize the security of your Voting Machines and the vote tallying systems, ensure that they are not connected to the internet even if that is enabled on those particular devices. Second, ensure that you have an auditing process in place where you can identify anomalies throughout the process. Educate polling workers to look for suspicious activity, for example. But does auditing mean a paper trail, a paper backup . Yes, sir. I would recommend a paper backup. And one of the worrisome things again on the issue of the national, we talk about how diverse it is, but arent we seeing a consolidation in terms of the vendor who is are producing these machines . Yes, sir, it is my understanding that we are seeing some consolidation in the Vendor Community. Again, many of them are committed and have engaged on the voluntary voting standards and guidelines which partly include security. We will be updating those security guidelines in 2018. And, yes, while theres some concern about consolidation, we do look forward to engaging with them. And as of now theyre very engaged community. I think this aspect of this question that this committee is looking at is one of the most important and frankly one of the most daunting because weve pretty well determined that they werent successful in changing tallies and changing votes, but they werent doing what they did in at least 21 states for fun. And they are going to be back and theyre going to be back with knowledge and information that they didnt have before. So i commend you for your attention to this and certainly hope that this is treated with the absolute utmost urgency. Thank you, mr. Chairman. Senator lankford. Thanks, mr. Chairman. Thanks all of you for being here as well today. To senator king, just as a heads up, there are some states that are like that. For 25 years the oklahoma election system has had a paper ballot and an optical scan. And its been a very good backup for us. We quickly count because of the optical scan, but were able to go back and verify because of paper. This is such a big deal and such an ongoing conversation that im actually in two simultaneous hearings today im running back and forth with. In the department of Homeland Security what were dealing with with state elections and with state systems is also happening in the hearing im also at including my own oklahoma cio thats there testifying today on this same issue. How are we protecting state systems, state elections and whats happening. I brought this with me today. Yall probably this groups very, very familiar with this email. This is the famous email that Billy Rhinehart got from the dnc while he happened to be on vacation. He was out in hawaii enjoying some quality time away from his work at the dnc and he gets an email from google it appears that says someone has used your password, someone just tried to sign into your google account, sent it to him and told him someone tried to do it from the ukraine and recommended that he go in and change his password immediately. Which as the New York Times reported he groggily at 4 00 a. M. When he saw that email was frustrated by it, went in, clicked on the link, changed his password and went back to bed. But what he actually did was just gave the russian government access to the dnc. And then it took off from there. Multiple other Staff Members of the dnc got an email that looked just like this. Now, for everyone who has a google account will note, that really looks like a google account warning. It looked like the real thing when you hovered over the change pass wod it showed a google account connection where it was going to, but it wasnt. It was going to the russians. About 91 , my understanding is, about 1 of the hacks that come into different systems, start with a spearphish attack that looks just like this. First for you, mr. Perstaff, how does russia identify a potential target . Because this is not just a random email that came to him this was targeted directly at him to his address, it looked very real. Because they knew who he was, and where he works. So how are the russians that savvy to be able to track that person . And how does this work in the future for an elections system for a state . So i cant go into great detail in this forum, but i would say what Intelligence Services do, not just russia there is theyre looking for vulnerabilities. And that would begin in the cyber sense, with computer vulnerabilities. As far as targeting specific individuals, i dont know all of the facts surrounding that email and all the emails that were sent. But my guess is they didnt just send it to one person. Sent an email like that to a whole variety of just hoping that one would click on it. Right, but how are they getting that information . They go into their website and gathering all the emails for it . Trying to figure out are they tracking individuals to get more einformation so they can get something that looks like something they would click on . Youve hit on it, but a whole variety of ways. They might get it through reviewing opensource material. Either online or otherwise. But they also collect a lot of information through their, through human means, as well. So miss manfred, let me did you, what someone at any information clicks on an email like this, what information do they get . It depends on the system itself. I imagine thats a frustrating response. But given the and i think this is important for the public to understand, is as the threat evolves, theyre going to continue as we educate the public, dont click on certain things, make sure you know the sender before you click on it. As our defense gets better, the offense is going to look for other means. So we look you know in this case, ideally we want people to look and see what is it that theyre actually clicking on before they click it. Some organizations choose to say when an individual clicks on that link, they choose to not allow that to go to that destination. Because they know its suspicion. Or they have some mechanisms in place to put that into a container and look at it. Other organizations dont take those steps. And it really depends on your Risk Management and the technical controls you put in place. Who has primary responsibility for federal Election Integrity . Which agency is the prime mover in that . Obviously states oversee their own. Which federal entity is working with the state to say theyre the prime person or the prime agency to do it . For election cybersecurity, our department in coordination with the fbi and others is leading the partnership with state and locals. Great, thank you. Senator manchin . I thank you all for your appearance here today and your testimony. Being a former secretary of state, of my great state of West Virginia and also being a former governor, my most concern was voter fraud. Every time that we would have a report of fraud, we would see the election participation increase the next election cycle, thinking their vote didnt count. Is there any reason at all that any person that has the knowledge that you all have or anyone that you on our committee here, from the Intelligence Community, would give you any doubt that russia was involved and russia was very much involved with the intent of doing harm to our election process, as far as the confidence level that voters would have . Do you have any concerns whatsoever, any doubts that russians were behind this and involved at a higher level than ever . All three of you. No, no doubt from the fbis end as far as the, as far as russias involvement. You all have been interactive with the Intelligence Community, right . Yes, sir. Similar story, i have no doubt. No doubt, sir. So nobody, theres not an american right now should have a reasonable doubt whatsoever that russians were involved. Were all 50 states notified on russias intention activities during the election cycle . Had you all put an alert out, if i had been secretary of state, would you have notified me to be on the lookout . Sir, i can discuss our products that we put out. And ill defer to the fbi on what they put out. We did put out products, not public products, but we did put out products primarily leveraging our multistate information sharing Analysis Center, which has connections to all 50 states. Cios and we engaged with the Election Assistance Commission and other National Associations that represent those individuals, to insure that we were able to reach fwan this was a community that we had not historically engaged with. So we relied on those that we did put out multiple products. Youre not sure of the National Association and secretary of states dispersed that information and put everybody on high alert. I believe that they did, sir. We also held Conference Calls where all 50 secretaries of state or election director if the secretary of state didnt have that responsibility, in august and september and again in october, both highlevel engagement and Network Defense products. If i could ask this question to whoever maybe mr. Prestep. What was russias intention and do you think they were successful in what they desired to do, even though they didnt alter as you all have said, you can see no alterations of the Election Results. Do you believe that it had an effect in this election and the outcome of this 2016 election . As far as russias intention in the broader vein to undermine democracy, one of the ways they sought to do this here was to undermine the legitimacy of our free and Fair Election. Do you believe they were successful in the outcome . The fbi doesnt look at that as far as did russia achieve its aims in that regards. Let me ask this question, are there counter actions the u. S. Could take to subvert or punish the russians in what they have done and their intention to continue . And whats your opinion of the sanctions that we have placed on russia . So sure. As you know, the fbi doesnt do policy, here today to provide you an overview of the threat picture as i understand and see it. But obviously the u. S. Government did take action, post election. In regards to making a number of russian officials. Have you seen them decide any of their activities since we have taken actions . They have less people to carry out their activities. Thats certainly had a impact on the number of people. Have we shared this with our european allies who are going through election processes . And have they seen the same intervention, in their election process, that we have seen from the russians in ours . I cant speak for dhs, but the fbi is sharing this information with our allies, absolutely. How about dhs. We are sharing information with our allies. Are they seeing an overaggressive high activity from the russians that we havent seen at this level before. Such as we did during the 2016 election. There is media reporting that suggests that, we dont have direct governmenttogovernment relationships with dhs perspective. There is definitely media reporting that theyre seeing increased activity. Mr. Prestep, thank you for your appearance today. Enter inn response to mr. Hinrichs question about whether donald trump had become an unwitting agent for russia in their efforts to sow discord and discontent with our election. You said you declined to answer which is understandable. Since her election defeat, Hillary Clinton has blamed her loss on the russians, Vladimir Putin, the fbi, jim comey, fake news, wikileaks, facebook and content farms in macedonia. In her blaming her loss on these actors, has Hillary Clinton become an unwitting agent of russians goals in the United States . Im sorry, sir, but i would rather not comment, its just something i understand any thoughts. Lets turn to other matters then. Which would you advise states and localities in the conduct of their elections, or more broadly in their government services, not to use or not to do business with kes bersky lapse or companies that use cakaspersky products in their systems . I cant comment on that in this setting. Ms. Manfred, would you advise them not to use kaspersky products . I can also not comment on that in this forum, sir. I dont have to ask dr. Lyle youre reaching for your microphone. I cant comment, either. Senator risch says hell answer but ill let him speak for himself at a later time. Mr. Prestep, we talked about russias intent and activities in our election. I think its important that the American People realize it goes farther than the elections and the 2016 campaign as well. Isnt it true that russian actors have been probing u. S. Critical infrastructure for years . Yes, sir, i cant go into specifics, but they probe a lot of things of critical importance to this country. And is the head of counterintelligence, you right in your statement that quote russias 2016 president ial election influencing effort was the boldest to date in the United States which implies there have been previous efforts. You also say that the fbi should strengthen the Intelligence Community assessment because of our history investigating russias intelligence operations within the United States. Both of which suggest this keeps you busy in your portfolio of counterintelligence, right . Thats correct. And this is, this russian intelligence threat is not just a cyber threat. Its a threat from traditional human intelligence or what a layman might call spies, is that right . Yes, sir. Do socalled diplomats who work out of the Russian Embassy in washington, d. C. Have a requirement to notify our state department in advance if they plan to travel more than 25 miles and give that notification 48 hours in advance . They do. And that state department is supposed to notify the fbi in advance of those travel arrangements, correct . Is it true that the russian nationals often fail to give that notification at all or they give it at 4 55 on a friday afternoon before a weekend trip . I would prefer not to go into those details here. Ill leave it at that. Does it complicate you and your agents efforts to conduct your Counterintelligence Mission to have russian nationals wandering around the country, more than 25 miles outside their duty assignment . Sure, if that were to happen that would complicate our efforts. The secretary of defense recently indicated at an Armed ServicesCommittee Hearing that russia is in violation of something called the open skies treaty. A treaty we have with russia and other nations that allows us to overfly their territory and take pictures and they do the same here. Do we see socalled Russian Diplomats traveling to places that are in conjunction with open skies flights that russia is conducting in this country . I cant comment on that here. So last summer an american diplomat in moscow was brutally assaulted on the doorstep of our embassy in moscow. Did we take any steps to retaliate against russia for that assault in moscow . Did we declare persona nongrata any of their socalled diplomats in the United States . If i recall correctly, we didnt immediately do anything in that regard. This committee passed unanimously in Committee Last year something that just passed as part of the omnibus Committee Bill in april a provision to require one the state department to notify the fbi of any requests for Russian Diplomats to travel more than 25 miles outside their embassy. And to report violations to you. It further requires the state department to report those violations regularly to this committee. Whats the status of that provision now that its been in law for about two months. Is the state department cooperating more fully with you . I guess i would rather not comment on that here. Were still working through the implementation of that. Well i certainly hope they start. Thank you. Senator harris . Ms. Manfred, you mentioned that you notified the owners. Im not clear on who the owners are, are they the vendors . What i meant to clarify is in some case it may not be the secretary of state or the state election director who owns that particular system. So in some cases it could be a locality or a vendor. So is there a policy of who should be notified when you suspect that theres a threat . We are working through that policy with the secretaries of state, thats one of the commitments that we made to them. And election directors in order to insure that they have appropriate information while preserving the confidentiality of the victim publicly. Can you tell us in which states you notified the vendor instead of notifying the secretary of state . We keep the Vendor Information confidential as well. Are there states that you notified where you did not notify the person who was elected by the people of that state to oversee elections . I dont believe thats the case, but ill get back to you. How specific was the warning that you sent . What exactly is it that you notified the states or the vendors of. Depending on the scenario and the information that we had, and more generally, what we do is when we get classified information we look to declassify as much as possible lets talk for this particular, this particular one, what we took was Technical Information that we had, that we believe was suspicious and that was emanating from russia and was targeting their system. We asked them to look at their system, we asked and this was part of the broader dissemination as well, we asked all states to look at their system to identify whether they had an intrusion or whether they blocked it. In most cases, they blocked it. Do you have a copy with you of the notification that you sent to the various vendors or states . I do not, maam, but we can get one. Will you provide the committee of the copy of the notification you sent to states . Many of them were done in person. What i can share with you is the Technical Information that we published in december. I can show you what we provided to the states and localities. And did you notify each of them the same way . Or did you tailor the notification to each state . We tailor the notification. Its a process for all victim or potential victim notification, us and the fbi. So sometimes it may be an fbi field agent that goes out there. Sometimes it may be a Department Official that goes out there. In your followup to the committee please provide us who notified each state and who in that state was notified, the vendor or the state Elections Official and what specifically they were notified of. Yes. I have in 2007, california worked with leading security researchers, the secretary of state at the time was Deborah Bowen and they instituted some of the best practices we believe for Election Security. My understanding is that it is considered a gold standard. My question is does dhs have the Technical Capability and authority to coordinate a study like that for all the states . We do have the Technical Capability and authority to conduct those sorts of studies, maam, yes. Have you pursued that as a viable option to help the states do everything they can to secure their systems . That is one of the areas that were considering, yes, maam. Have you taken a look at that study that was commissioned in california in 2007 . I have not personally, but i will read it, maam. Im concerned that the federal government does not have all the information it needs in the situations where theres been a breach. Is there any requirement that a state notify the federal government when they suspect theres been a breach . No, maam. And in terms of the American Public and voters in each of these states, can you tell me is there any requirement that the state notify its residents when the state suspects there may be a breach . I cannot comment, i know that multiple states have different sunshine laws, et cetera, that apply to data breaches within the state so i couldnt make a general statement about what their requirements are at the state level. Do any of you have any thoughts about whether there should be such requirements both in terms of states reporting to the federal government and also states reporting to their own residents and citizens about any breaches of their election systems . Required data breach reporting is a complicated area. We prefer and weve had a fair amount of success with voluntary reporting and partnerships. But wed be happy to work with your staff and further understanding how that might apply here. Any other thoughts as we think about how we can improve notification and sharing of information . No. Okay, thank you. Ill move to senator reed. Let me just say that a number of members have questioned the agencies, especially those that are here and sharing with congress of the investigation. Ill just say that the chair and the vice chair were briefed at the earliest possible time, and continue to be briefed throughout the process and then it was opened up to all the members of the committee. Im not sure that i had ever shared that with everybody. I just wanted to make sure that everybody was aware of that. Senator reid. Thank you very much, ladies and gentlemen, aside with mr. Prestep. Are you aware of any direction or guidance from President Trump to conduct this investigation about russian intrusion in our elections . Sir, i cant comment on that, it could be potentially related to things under the special counsels purview. Ms. Manfred in terms of security, are you aware of any direction by the president to conduct these types of operations . Or your investigations . Sir, to clarify the question, direction from the president to president. United states as directed that we, that the department of Homeland Security and other federal agencies conduct the activities that youre conducting, essentially investigation into russian hacking and the election. I cant comment on the president s direction specifically, but the secretary is committed to, understanding what happened and insuring that we are better protected in the future. So our activities are fully supported. He has not communicated that this is at the direction of the president of the United States . No. Sir. Dr. Giles . Sir this comes directly down from the i krrics that have be working on it for a while but nothing from the president. I thought senator king raised some interesting issues in terms of most National Elections, theres much you would like to think about, particularly from rhode island are not decided in certain states, but decided in certain cities and counties which raised an interesting question. You were very assertive that you would be able to diagnose an intrusion that was altering loader votes, literally. When could you do that, within weeks of the election, on election day, after election day . Sir, from an ic perspective, the way we would do that is by looking at the threats themselves targeting different entities. The other element is as the reporting was coming in, if there were any statistical anomalies. And i would point out were talking about internetconnected systems here and not all of the key counties that you represent would be those internetconnected systems. But effectively, i think what youve said is you would have to wait for confirmation until the results started coming in on election day. Which raises the issue of even if you detected an election day, what do we do . The votes have already been cast. Is anyone planning on whats the, whats the reaction we take . How do we notify people . What steps we take . Id have to defer to other yes, sir. I did want to clarify when we say that activity would be difficult to detect it would be difficult to go on undetected. That were discussing both at the polling station or the jurisdiction that it would be hard for somebody to do that without anybody. Not necessarily that the department would have that immediate insight. And to answer your questions, yes, that is absolutely something that is a part of our planning and what we would look forward to partnering with the state and local officials on understanding. So were about 18 months away from election. We have to be able to develop not a technical infrastructure, but an organizational infrastructure that could react, maybe on very short notice to the discovery that actual votes had been tampered with. Is that accurate . Absolutely. It is both technical and organizational. Do you think theres enough emphasis in terms of the resources and support to do that the collaboration . Youve got 50 states and among those states, many of the voting jurisdictions are not at the state level, the city or township. Are we taking a serious issue . Absolutely. Its one of our highest priorities and i would note were not just looking ahead to 2018 as Election Officials remind me routinely that elections are conducted on a regular basis. Let me ask mr. Prestep if ive pronounced it correctly. You testified today and your colleagues that information was taken by the russians what type of information was taken and what could it be used for . Yes, i dont want to get into the details of what victim information was taken. And weve got a variety of pending investigations. But again it could be used for a variety of purposes. It could have been taken to understand whats in those systems. It could have been taken to use to try to target, learn more about individuals so they could be targeted. It could have been taken in a way to publicize just to send a message that for an adversary has the ability to take things and to sow doubt in our voters minds. Let me ask you this question, judgment. Given the activities that the russians have deployed, significant resources, constant effort over as you, the Intelligence Community probably a decade, do you think they have a better grasp of the vulnerabilities of the american Voting System than you have . I hope not. I think its, i think its an excellent question and i can, well first of all, i hope not and i dont think so, but if they did, i dont think they do any more. Thank you very much. Thank you senator reed, before we move to the second panel. One last question, mr. Prestep, for you. Is there any evidence that the attempt to penetrate the dnc was for the purposes of launching this Election Year intrusion process that they went on or was this at the time, one of multiple fishing expeditions that existed by russian actors in the United States . In my opinion, it was one of many efforts you call it a fishing expedition. But to determine what is out there. What intelligence can they collect so they dont go after one place, they go after lots of places and then tens, hundreds . Hundreds. At least hundreds. Okay. I want to wrap up the first panel with just a slight recap. I think you have thoroughly covered that theres no question that russia carried out attacks on state election systems. No vote tallies were, were affected or affected the outcome of the elections. Russia continues to engage in exploitation of the u. S. Elections process. And elections are now consider ed a Critical Infrastructure which is extremely important and does bring some interesting potential new guidelines that might apply to other areas of Critical Infrastructure that we have not thought of because of the autonomy of each individual state and the control within their state of their election systems. So im sure this will be further discussed as the appropriate committees talk about federal jurisdictions. Where that extends to and clearly i think its, this committees responsibility as we wrap up our investigation to hand off to that committee somewhat of a road map from what weve learned are areas we need to address and we will work very closely with dhs and with the bureau as we do that. With that, i will dismiss the first panel and call up the second panel. I call the second panel to order. Ask those visitors to please take their seats. As we move into our second panel this morning, our hearing is shifting from a federal government focus, to a state level focus. During the second panel well again, well gain insight into the experiences of the states in 2016, as well as hear about efforts to maintain Election Security moving forward. For our second panel id like to welcome our witnesses, the honorable connie lawson, president elect of the National Association of secretaries of state and the secretary of state of indiana. Michael haas, the midwest Regional Representative to the National Association of state election directors. And the administrator of the wisconsin election commission. Steve sandvass, executive director of the Illinois State board of elections. And dr. J. Alex halderman, professor of Computer Science and engineering, university of michigan. Thank you all for being here. Collectively, you bring a wealth of knowledge and a depth of understanding of our state election systems, potential vulnerabilities of our voting processes and procedures and the mitigation measures we need to take at the state level to protect the foundation of american democracy in january of of this year, then secretary of state, secretary of Homeland Security jeh johnson designated the post election as a critical opponent of u. S. Infrastructure. The dhs stated that the designated the election infrastructure as a priority within the national Infrastructure Protection plan. It enabled the department to prioritize our cybersecurity assistance to state and local Election Officials, for those who requested it. And made it publicly known that the election infrastructure enjoys all the benefits and protections of Critical Infrastructure that the u. S. Government has to offer. Some of your colleagues objected to this designation. Seeing it as federal government interference. Today id like to hear your views on this specifically. But more broadly how the states and the federal government can best work together. Im a proud defender of states rights, but this could easily be a moment of divided we fall. We must set aside our suspicions and see this for what it is. An opportunity to unite against a common threat. Together we can bring considerable resources to bear, and keep the election system safe. Again id like to thank our witnesses for being here and at that time i would turn to the vice chairman for any comments he might make. Vice chairman doesnt have any, i will assume, mr. Haas, is that by some process you have been elected to go first. Unless there is an agreement, where are we going to start . I think we were going to defer to secretary lawson to start. If thats okay with the chair. Madam secretary, you are recognized. Good morning chairman burr and vice chairman warner and distinguished members of the committee. I want to thank you for the chance to appear before you today. Its an honor to represent the nations secretaries of state. 40 of whom serve as chief state Election Officials. I am connie lawson, indiana secretary of state, and im also president elect of the bipartisan National Association of secretaries of state. Im here to discuss our capacity to secure state and locally run elections from very significant and persistent nationstate cyberthreats. With statewide elections in new jersey and virginia this year and many more contests to follow in 18, i want to assure you and all americans that Election Officials across the United States are taking cybersecurity very seriously. First and foremost. This hearing offer as chance to separate facts from fiction regarding the 16 president ial election. We have seen no evidence that vote casting or counting was subject to manipulation in any state or locality. Nor do we have any reason to question the results. Just a quick summary of what we know about documented foreign targets of state and local election systems. In the 2016 election cycle as confirmed by the department of Homeland Security no major cybersecurity issues were reported op election day november 8th. Last summer our intelligence agencies found up to 20 state networks had been probed by entities essentially rattling the doorknobs to check for unlocked doors. Foreignbased hackers were able to gain access to Voter Registration systems in arizona and illinois. Prompting the fbi to warn state election offices to increase their Election Security measures for the november election. And more recent days weve learned from a topsecret nsa report that the identity of a Company ProvidingVoter Registration support services in several states was compromised. Of course its gravely concerning that Election Officials have only recently learned about the threats outlined in the leaked nsa report. Especially given the fact that the former dhs secretary jeh johnson repeatedly told my colleagues and i that no specific or Credible Threats existed in the fall of 16. Its unclear why our intelligence agencies would with hold timely and specific threat information from Election Officials. I have every confidence that other panelists will address voting equipment risks and conceptual attack skep yoes for you today. But i want to emphasize some systemic safeguards that we have against cyber attackers. Our system is complex and decentralized with a grat deal of agility and low levels of connectivity. Even within states much diversity can exist from one locality to the next. This autonomy serves a as a check on the capabilities of nefarious actors. I also want to mention the recent designation of election systems as Critical Infrastructure. Real issues exist with a designation. Including a lack of clear parameters around the order, which currently provides dhs and other federal agencies with a large amount of unchecked executive authority over our elections process. At no time between august of 16 and january of 17 did nas and its members ever are a thorough discussion with dhs on what the designation means. Threatsharing has been touted as a key justification for the designation. Yet nearly six months later, no secretary of state is currently authorized to receive classified threat information from our intelligence agencies. From information gaps to knowledge gaps that arent being addressed, the this process threatens to erode Public Confidence in the election process. Its also unable to determine their own election procedures, such to designation reduces diversity and autonomy in our voting process. The potential for adverse effects from perceived or real cyberattacks will likely be much greater and not the other way around. Looking ahead, the National Association, the nas Election Security task force was created to insure that state Election Officials are working together to combat threats and foster effective partnerships with the federal government and other publicprivate stakeholders, the trend line is positive but more can be done. Most notably many states and localities are looking to replace or update their voting equipment. If i have one major request for you today, other than rescinding the Critical Infrastructure designation for election, it is to help Election Officials get access to classified information sharing. We need this information to defend state elections from foreign interference and respond to threats. Thank you and i look forward to answering your questions. Who would like mr. Haas . Thank you, good morning. Chairman burr, vice chairman warner and committee members, on behalf of the National Association of state election directors, thank you for this opportunity to share what states learned from the 2016 elections and some steps that we are taking to further secure our election systems. I serve as wisconsins chief election official and im a member of na ss executive board. We do not have a stateelected official who oversees elections in wisconsin. Many of our state election directors across the country are housed in the secretary of states office, but some are not. 2016 president ial election reinforced several basic lessons. Although sometimes in a new context. For instance, all of us understand the importance of constant and Effective Communication to insure that all actors have the tools they need. The new twist in 2016 of course involved communicating about the security of election systems with the department of Homeland Security as well as the state staff who provide cybersecurity protection to our Voter Registration databases. As we have heard this morning, some states have expressed concerns about the timeliness and the details of communications from Homeland Security regarding potential threats, security threats to state election systems. The recent reports about attempted attacks on state Voter Registration systems which occurred last fall, caught many states by surprise. We look forward to working with the dhs and other federal officials to develop protocols, and expectations for communicating similar information Going Forward. State Election Officials believe that its important that we be in the loop regarding contacts that dhs has with local Election Officials regarding security threats, such as a spearphishing attempts that were recently publicized. States should be aware of this information to protect their systems, so we can provide additional training and guidance to local Election Officials. I appreciate the concern that was expressed this morning that this is a twoway street and we at the state level also need to think carefully how to most effectively communicate with our local Election Officials if and when there is an incident that we are aware of at the state level. As part of the dhs designation of election systems as Critical Infrastructure, bodies such as coordinating councils can help to facilitate, decisions regarding the proper balance between notifying state and local officials, and protecting confidential or sensitive information. Nas believes that those coordinating bodies should consist of a broad representation of stakeholders and we have expressed strong interest to dhs in participating on those bodies. I would also note that the executive board of nased supports the request of the u. S. Elections commission that it serve as the cosector specific agency as a logical federal agency to partner with dhs to provide subject matter expertise and assistance in communicating with local Election Officials as the a. C. Has that communication structure already in place. And the 2016 elections reinforce the need to constantly enhancing the security of Voter Registration databases as we have heard this morning. While hacking into a Voter Registration system, as has no effect on tabulating Election Results, intrukss could result in unauthorized parties getting access to data, regarding voters, candidates and polling places. I would note that while much of the information public upon request, there may be some confidential data held in those databases such as a voters date of birth, the drivers license number, the last four digits of the Social Security number. Different states have different laws about what pieces of that data is confidential. The 2016 elections demonstrated that state and local Election Officials can implement steps to improve the voter data and many of these steps are not complicated. In addition, to the cyber hygiene scams and Risk Assessments, states are implementing greater use of multifactor authentication for users of our systems. Updating firewalls, the use of white lists to block unauthorized users and completely block access from any foreign ip address. The final lesson of 2016 i would like to address relates to voting equipment. To be clear as it has been said many it thims morning there is no evidence that shoeting machines have been altered in the u. S. Elections. I appreciate the committee ts emphasis on that. I think for the public that cannot be stated strongly enough. We as Election Administrators must exercise vigilance to assure that such theoretical attacks do not become a reality. We must also continue to educate the public about safeguards in the system. Those safeguards include the decentralized structure of elections that weve heard about this morning and the diversity of voting equipment. In most cases voting equipment is not connected to the internet. And therefore cannot be attacked through cyberspace, its important to keep in mind that three out of four ballots cast in american elections are on paper ballots. Most ballots on touch screen equipment have a paper trail and that Election Officials can use for audits and recounts there are also several redundancies in the testing and certification of voting equipment. Its important to realize that voting equipment is not only used on election day, its functionality is tested several times during the process in short the 2016 elections taught us that the potential for disresulting the elections process is by technology, is a serious and increasing concern. We have state election directors believe that continued cooperation and more Effective Communication, along with continued vigilance and innovation will insure the integrity of our voting process, and Election Results, we look forward to working with our federal partners as we plan for elections Going Forward. Thank you for the opportunity to share these thoughts, and id be happy to answer any questions. Mr. Sandvass . Good morning. Thank you chairman burr, vice chairman warner and distinguished members of the committee. As director of the state board of elections, i would like to briefly describe what our agency does, we are an independent bipartisan agency created by the 1970 illinois constitution, charged with general supervision over the election and registration laws in the state of illinois. As all of you seem to be aware, almost a year ago today, on june 23rd, the Illinois State boards of elections was the victim of a malicious cyberattack of unknown origin against the illinoiss Voter Registration system database. Because of the initial lowvolume nature of the attack, the state board of elections staff did not become aware of it at first. Almost three weeks later on july 12th, the state board of elections i. T. Staff was made aware of performance issues with the ivrs database server. The processors usage had spiked to 100 with no explanation. Analysis of the service logs, showed that the heavy load was due to the application queries of our paperless online voter application website. Additionally the server log showed the database queries were malicious in nature. It was a form of cyberattack known as sql, structured query language injection. Sql injections are unauthorized malicious database queries entered into a data field we determined that these sqls originated from several foreignbased ip addresses, programmers introduced code changes to eliminate this particular vulnerability in our website. The following day on july 13th, the sbeit made the decision to take the website and the database offline to investigate the severity of the attack. Sbe staff map taned the ability to log and view all site attempts, malicious ips from the addresses continued. Firewall monitoring indicated that the attackers were hitting sbe ip addresses five times per second, 24 hours a day. These attacks continued until august 12 when they abruptly ceased. Sbe staff began working to evaluate the extent of the breach and introducing security enhancements to the web servers and database. A week later on july 19th, we notified the illinois General Assembly of the security breach. In addition, we notified the Attorney Generals Office. On july 21st, the state board of elections, time staff completed security enhancements and began to bring the ivrs system back online. On july 28th, both the illinois Registration System and the paperless online voting application became fully functional again. Since the attack occurred, the dhs scans the state board of elections for systems for vulnerabilities on a weekly basis. The Illinois Department of innovation and technology, an entity that coordinate the i. T. Systems of many Illinois State agencies, continuously monitors activities on the illinois central network. The network that provide the firewall protections. This department of innovation and technology also called do it, provider spr Security Awareness training for all state employees. We continue to monitor web service and firewall logs on a daily basis. And a virus Security Software is downloaded on a daily basis. The state board of elections by the federal bureau of investigation. We have fully cooperated with the fbi in their ongoing investigation. The fbi advised that we work with the department of homeland securities, United States computer readiness team. To insure that there is no ongoing malicious activity to any of the sbe sxs. The department of Homeland Security occurring in sbe Computer Systems. To comply with the personal information protection act, 76,000 registered voters were contacted as potential victims of the data breach. The sbe provided information to these individuals, on steps to take if they felt they were the victims of identity theft. Additionally the sbe developed an online pool to inform affected individuals of the specific information that was included in their voter record that may have been compromised. As far as looking for future concerns. One of the concerns facing our state and many others i believe is aging voting equipment. The help america vote act, establish requirements for voting equipment. While never funding was made available to replace the old punch card equipment, Additional Funding has not been further appropriated. If Additional Fund something not available, we would like to receive permission to use the states existing funds. The ivrs database is a federal mandate through the help america vote act. Cyberattacks targeting end users are also of particular concern. Security training funded and provided by a federal entity such as the eac, or dhs would also be beneficial in our view. Any guide answer is to protect Voting Systems from cyberinstrugss are always welcome. Thank you for the time and im happy to answer any questions. Dr. Halderman . Chairman burr, vice chairman warner and members of the kmity, thank you for inviting me po speak with you today about the security of u. S. Elections. Im a professor of Computer Science and have spent the last ten years studying the electronic Voting Systems that our nation relies on. My conclusion from that work is our highly computerized election infrastructure is vulnerable to sabotage and even to cyberattacks that could change votes. These realities risk making our Election Results more difficult for the American People to trust. I know americas Voting Machines are vulnerable. Because my colleagues and i have hacked them repeatedly. As part of a decade of research studying the technology that operates elections how to make it stronger. Weve created a tax that can spread from machine to machine, like a computer vice and silently affect the outcomes. Weve studied touchscreens and optical scanning systems, we found cases for hackers to sabotage machines and steal votes, these capabilities are certainly within reach for americas enemies. As you know states choose their own Voting Technology and while some states are doing well with security, others are alarmingly vulnerable. This puts the entire nation at risk. In close elections, an attacker can probe the most important swing states or swing counties, find areas with the weakest protection and strike there in a close Election Year, changing a few votes in key localities could be enough to tip national results. The key lesson from 2016 is that these threats are real. Weve heard that russian efforts to target Voter Registration systems struck 21 states and weve seen reports detailing efforts to spread an attack from an Election Technology vendor to local election offices. Attacking vendors and municipalities could have put russia in an position to sabotage causing long lines or disruptions, we could have engineered this chaos to have a partisan effect by Striking Places that lean heavily towards one candidate. Some say the fact that Voting Machines rent directly connected to the internet makes them secure. But unfortunately this is not true. Voting machines are not as distant from the internet as they may seem. Before every election they need to be programmed with races and candidates. That programming is created on a desk top computer. Then transferred to Voting Machines. If russia infiltrated these election Management Computers it could have spread a vote stealing attack to vast numbers of machines. I dont know how far russia got, or whether they managed to interfere with equipment on election day. But theres no doubt that russia has the technical ability to commit widespread attacks against our Voting System. Ing james comey, when he warned here two weeks ago we know theyre coming after america. And theyll be back. We must start preparing now. Fortunately theres a broad consensus among cyberSecurity Experts about measures that would make americas election infrastructure much harder to attack. Ive cosigned a letter that ive entered into the record from over 100 leading computer scientists Security Experts and Election Officials, that recommends three essential steps. We need to upgrade technology that 36 states already use. Paper provides a physical record of the vote. That simply hacked. President trump made this point well on fox news the morning after, the morning of the election. He said Something Really Nice about the old paper ballot system. You dont worry about hacking. Second, we need to use the paper to make sure that the computer results are right. This is a commonsense Quality Control and it should be routine. Using whats known as a risk limiting audit. Officials can check a small random sample of the ballots to quickly and affordably provide high assurance that the election outcome was correct. Only two states, colorado and new mexico, currently conduct audits that are robust enough to reliably detect hacking attacks. We need to conduct comprehensive threat assessments and applying cybersecurity best practices to the design of voting equipment and the management of elections. These are affordable fixes. Replacing insecure paperless Voting Systems wide would cost 130 million to 140 million. Risklimiting audits for federal elections would cost less than 20 million a year. These amounts are vanishingly small compared to the National Security improvement they buy. State and local Election Officials have an extremely difficult job. Even without having to worry about cyberattacks by hostile governments, but the federal government can make prudent investments an uphold voters confidence, we all want Election Results that we can trust if Congress Works closely with the states, we can upgrade our election infrastructure in time for 2018 and 2020. But if we fail to act i think its only a matter of time. Until a major election is disrupted or stolen in a cyberattack. Thank you for the opportunity to testify today. And for your leadership on this critical matter, i look forward to answering any questions. Dr. Halderman, thank you. The chair would recognize himself for five minutes, members will be recognized by seniority. Secretary lawson, how many states is a secretary of state in charge of the elections process . Do you know . Yes, sir, its 40. Would you be specific . What do the secretary of states do . What is it they do not like about elections being designated Critical Infrastructure . The most important issue, sir, is that there have been no clear parameters set. And even after the three calls that we had with secretary jeh johnson before the designation was made, we consistently asked for what would be different if the designation was made. And how we would communicate. Would it be any difference nothing has negatively happened, except you dont have the guidance to know what to do . Nothing has negatively happened to this date. But also nothing positive has happened. Got it. Mr. Sandvos. Illinois is one of the few states that have publicly been identified, i guess thats in part because you took the initiative to do it. You gave a good chronology, 23 june, first signed 12 july, state i. T. Staff, took action, 12 august. The attack stopped. At what point was the state of illinois contacted by any federal entity about their system having been attacked. Or was it the state of illinois that contacted the federal government . We were contacted by the fbi, i dont have the exact date. But it was after after we had rd the matter to the Attorney Generals Office. My guess would be probably a week after. After the a. G. Was notified by us of this breach. And the a. G. Was notified approximately when . On july 19th. July 19th, okay. At what point did the state of illinois know that it was the russians . Actually to this day we dont know with certainty that it was the russians. Weve never been told by any official entity, and the only one that were aware of that was investigating was the fbi, and they have not told us definitively that it was the russians. Our i. T. Staff was able to identify i think it was seven i. P. Addresses from foreign location, i believe it was the netherlands. That doesnt mean the attack originated in the netherlands. We have no idea where it originated from. Did your i. T. Staff have some initial assessments on their own . No, because i think anything of that nature would have been speculative and we didnt want to do that. I think we wanted to leave that to the professional investigators. You gave an update on what youre currently doing to enhance the security, dhs weekly security checks. In your estimation, has the federal government responded appropriately today . I believe they have, yes. Ive heard nothing from our i. T. Division and theyd be the persons that would know. Ive heard nothing from them that dhss work in that matter has been less than satisfactory. Let me ask all of you, except you, mr. Sandvoss, do you believe the threat of Cyber Threats to the election cycle be made public . Should we identify those assassinates. I think were certainly sensitive to the balance that Homeland Security and others need to make. I think so far as weve gone, we want to know as the victims or potential victims and then i think as part of the coordinating council and the designation of Critical Infrastructure, there has to be a conversation amongst the is there a right of the public in your state to know . Yes, i believe there is. If there was a hack into our system, i think we would certainly want to consult our statutes and so forth. But we would we believe in transparency. We would want to let the public know. Dr. Halderman. I think the public needs details about these attacks and the vulnerability of the system in order to make informed decisions about how we can make the system better and provide the resources that Election Officials need. So yes. Secretary lawson . I lay awake at night wondering about confidence in our public election systems. I think we need to be very careful and balance the information because the worst thing that we can do is make people think that their vote doesnt count or it can be san se cancelled out. So telling the public that these systems are out there, it doesnt undermine confidence, it makes them know we are doing everything we can to stop the attacks, i would be in favor in it. I teak fake for granted that of you have evidence that vote tallies were altered in the 2016 elections . Correct. When you and your colleagues hacked the system, did you get caught . We hacked the systems as part of our i get that. Did you get caught . Did they see the intrusion into your system . The one instance was invited to hack a real Voting System was in washington, d. C. In 2010. In that instance it took less than 48 hours for us to change all the votes and we were not caught. Vice chairman. Id like to thank all the witnesses for their testimony. I find a little stunning mr. Sandvoss, your answer. I think if you saw the preceding panel, you had the dhs and the fbi unambiguously say that it was the russians who hacked into these 21 systems and find a little strange that theyve not relaid thi relay relayed that information to you. We found that even though we know those 21 states attempted to be hacked into or doors rattled or whatever analogy you want to use, in many cases the state Election Officials, whether the state directors or the secretaries of state, may not even have been notified. I find that stunning. And clearly lots of local Election Officials where the activities really take place havent been notified. So ive got a series of questions and id ask fairly brief responses. Dr. Halderman, can you just again restate, as senator king mentioned in the earlier testimony, you dont need to disrupt a whole system. You could disrupt a single jurisdiction in a state and if you could in effect wipe that ledger clean, could you invalidate potentially not just that local election but then the results of the state, the congressional level, the state and ultimately the nation, is that not correct . Yes, thats correct. So i believe its important in our centralized system, we are on as strong as our weakest link. Is that correct . Thats correct. Do you believe all 21 states that were hacked that the state Elections Officials are aware . I cant answer that question, sir. I will tell you that indiana has not been notified. I dont know if were even on the list. I dont know for sure except dhs did indicate in a teleconference that all the states that were attacked have been notified. We were told earlier thats not the case. We were told the vendors may have been notified. Do you know if wisconsin was attacked . We have not been told there was not an attack in wisconsin. Are you comfortable, either one of you, with not having that knowledge . We are hyper sensitive about our security. I would say when the fbi sent the notice in september for states to look for certain i. P. Addresses to see if their systems had been penetrated or attempted to be penetrated, we absolutely searched in fact, we looked at 15,500,000 logins that had happened in our system since the first of january that year so we believe that our system has not been hacked. I would also state that both our office and the chief was in officer of the state and his office would likely be able to detect that the system was hacked. Weve got the two leading state Election Officials not knowing whether their states were one of the 21 that at least the russians probed. Let me finish, please. The notion that state officials wouldnt know that local Election Officials clearly havent been notified, i appreciate the chairmans offer. The chairman and i are going to write a letter to all the states, if you view yourself as victims, i think there is a public obligation to disclose. Again not to relitigate 2016 but to make sure were prepared for 2017 where i have state elections in my state this years and 2018. And its to do otherwise because there are some, there are some still in the political process that believe this whole russian incursion into our elections is a witch hunt and fake news. I could easily understand some local elected official saying this is not a problem, this is not a bother. I dont need to tighten up my security procedures at all and that would do a huge, huge disservice to secretary lawson that you say you want to try to prevent and provide to our voters. I hope when you receive the letter from our and well write this on a confidential basis, that you would urge your colleagues to come forward. Again, not to embarrass any state, but i find it totally unacceptable, one, that the public doesnt know that local Election Officials dont know that you as the leaders of the state Election Officials dont even know whether your states were part of the 21 that has been testified by the dhs that at least they were if not looked at, door jiggled or actually as the case in illinois were information from where Voter Registration efforts were my hope is youll work with us on a cooperative basis. We want to make sure dhs and others are better at sharing the information and you get the classified briefings that you deserve. July 12 was the date you first learned you had issues, right . Thats correct. And that was as a result of a high volume spike, correct . That is correct. And when you looked you saw it started joon 23rd. Gentlemen. And those were lowvolume spikes on june 23rd . Yes. So had they not turned up the volume, would you not have discovered it . I would say it would not have been des covered, certainly right away. If the volume was low up in, even an analysis of our server logs might not catch Something Like that because it wouldnt stand out. I think the answer to your question is yes. So you said the 19th you notified the attorney general; is that correct . Yes, correct. That was the illinois attorney general, not the u. S. Attorney general, correct . Yes. State law requires we notify the attorney general in these instance. So the next thing was that you were contacted by the fbi; is that correct . Yes. So the question ive got and im just trying to get an understanding of the facts, are you assuming that the illinois a. G. Contacted the fbi or do you know that or not know that . I dont know that for sure but i would suspect that they did because how else would the fbi know. Thats where i was getting it. That was not the result of a federal analysis that turned up what had actually happened. Is that a fair statement . I believe so, yes. You then did some things to try to mitigate what had happened. Have you shared this with other states as to what you had done in order to develop a best practices if you would . We didnt have any formal notification to all 50 states, no. I believe that once the fbi became aware of this, i believe that they contacted the different states. I dont believe our Attorney Generals Office did, though i dont know for service. We didnt have any formal communication with all 50 states regarding this. And do you believe you have developed a best practices action after this attack that youve described for us . I believe so, yes. Do you think it would be appropriate for you to get that out through the secretary of States Organization or other organization so that other states could have that . Certainly. Absolutely. Mr. Halderman, your hacking that youve described for us, would your ability if you were sitting in russia right now and wanted to do the same thing that you had done, would that ability be dependent upon the machines or whatever system is used being connected to the internet . That ability would depend on whether pieces of election i. T. Equipment, i. T. Offices where the election programming is prepared are connected to the internet. The machines themselves dont have to be directly connected to the internet for a remote attacker to target them. So would you recommend that the Voting System be disconnected from the internet; that is, be a standalone system that cant be accessed from the outside . Its a best practice certainly to isolate vote tabulate equipment to be disconnected from the internet but other pieces of election infrastructure that are critical, such as electronic phone books or online Registration Systems do sometimes need to be connected to systems that have internet access. But that wouldnt necessarily require that it be connected to the internet for the actual voting process;; is that right . Thats right. And then the extrication of that information off of the voting machine, would that be fair . I think thats fair to say. Thank you. Mr. Chairman, i think all of this really needs to be drilled down a little built furthit fur because it seems to me with this experience, theres probably pretty good information where you could put a fire wall in place to stop this or at least minimize this. Thank you. What are the dangers of manipulation of Voter Registration databases, particularly if it isnt apparent until election day when people show up at the polls to vote . Im concerned that manipulating Voter Registration databases could be used to try to sabotage the election process on election day. If voters are removed from the Voter Registration database and they show up on election day thats going to cause problems, if voters are added to the Voter Registration database, that could be used to conduct further attacks. Let me ask, and this can be directed at any of you, im trying to get my arms around this role of contractors and subcontractors and vendors who are involved in elections. Any idea, even a ballpark number of how many of these people there are . Ten . 70 . 200 . Voters that host the Voter Registration system . Yeah. Im sorry, senator, i dont have a number. Sir, i dont have an exact number either, but i will tell you in indiana, for example, we have six different Voting System types. Counties make that decision on their own but theyre all certified by our program. That was my next question. So somebody is doing certification over these contractors and subcontractors and equipment vendors and the like . Does that include Voting Machines, by the way . It does. Most states will have a mechanism to certify the Voting Machines that theyre using, electronic poll books theyre using, the tabulation machines theyre using, making sure they comply with federal and state law and have the audit process do you all have a high degree of confidence that the certification prossies acesses leaving this other world of subcontractors and the like vulnerable . I have several concerns about those certification processes, including that some states do not railroad require certification case to the federal standards, and the standards are long overdue for an update and have significant gaps when it comes to security and that the certification process doesnt necessarily cover all of the actors that are involved in that process, including the datetoday operations of companies that do preelection programming. One last question. We oregonians and a number of my colleagues are supportive of an effort to take vote by mail national. And weve had it i was in effect the countrys first senator elected by vote by mail in 1996, weve got a paper trail. Weve got air gap computers, weve got plenty of time to correct Voter Registration problems if there are any. Arent those the key elements of trying to get on top of this . Because it seems to me particularly the paper trail, if you want to seasonnd a message the people who are putting at risk the integrity of our electoral institutions, having a paper trail is just fund fundamental to having the paper trail we need. One or two of you at the end are nodding affirmatively and ill quit while im ahead if thats the case. Would either of you like to take that on . Vote by mail has significant Cyber Security benefits. Its very difficult to hack a vote by mail sm from an office in moscow. There are whether vote by mail is appropriate in every state and every context is in our system, of course, a maher for the states but it offers positive security benefits. Thank you. On that last answer to that last question, how do you count votebymail sfwhaulballots . They would be generally be counted by optical scanners. Generally they are as if they are subsequently audited, you can get high security from that process. Thats a different question. The question is you prefer paper ballots and an audit trail and i do, too, but lets not assume that the vote by mail ballots are counted any differently theyre counted probably at a more central location, but that doesnt mean that all the manipulation you talked about that we need to protect against wouldnt happen in a vote by mail election. Youve got a way to go back and youve got a paper trail to count. Thats correct. There are three things you need, paper, auditing and otherwise good security practices. While ive got you there, on auditing, how would you audit a nonpaper system. Fi if its a touch screen system, you mentioned San Francisco already required a paper audit. How would you do a nonpaper audit . Senator, i think it would be difficult or impossible to audit nonpaper systems with the technology that we use in the United States to a high level of assurance. So even if you dont have something to audit, its pretty hard to audit a system that didnt leave a trail. Basically impossible. So mr. Sandvoss, in illinois do you certify counting systems . And do you certify counting systems . Yes, sir. Somebody is we rely on the eac certification and our commission does a testing protocol and then approves the equipment to be used in the state of wisconsin. And then back in illinois, do you then monitor that counting system while its doing the actual counting . No, the actual counting done on election day or rk night rather is done locally at the county Clerks Office or one of our commissioners offices. We. They have a fairly rigorous test of the roting equipment but then in actual practice, woo do conduct preelection tests of the voting equipment before each election but its a limited number of jurisdictions. And do you do that in a way that allows you to go to your Central Office or do you go to the local jurisdictions or just monit monitor. We actually visited the jurisdiction. Secretary lawson, similar . Similar, however, the states do not go the states are required to do a public test. Its public. Theyre required to do testing in. I guess the i want to make is that not opening that door to the counting system, if you dont have a door, nobody else can get threw theres monitoring, theres local testing. Dont suggest at all that dr. Halderman as comments arent important or something we should guard against, i was an election official for 20 years, including the chief election official for eight of those and as we were transitioning to these systems, something i was always concerned about is what could possibly be done that could be done and undetected. One of the reasons i always liked the audit trail. Obviously, dr. Alderman, you do, too. You do have something to go back if have a reason to go back and really determine what happened on election day. Let talk for just a moment about the much more open Registration System. Secretary law what are they logging in there, the statewide Registration System . The 92 clerks in indiana are and the logins reflected the work they did that year. Caller 15 15 million,do you have counties where they can also put those registrations direct ory. We do have a record that is compared to the b and b questions and the they find that information in their hopper the next day or their Computer System and the next day they will have the ability to determine whether the application is correct. Do all of your three jurisdictions here have some kind of provisional voting if you get to the voting place on election day and your address is wrong or your name is wrong or it doesnt appear at all, do you have a way somebody can cast a ballot before they leave . Yes, sir. And illinois . Yes weeks do. We have provisional ballots but theyre very limited. And we also have election day registration so people can register at the polls. So the failure to have your name properly on the i understand, chairman, and i also notice the time on others. But just the Registration System is much more open than the tallying system. That doesnt mean the tallying the idea that ing ting is. Senator cane. Thank you, mr. Chairman. Dr. Halderman, youre pretty good at hacking Voting Machines by your testimony. Did russians of the resources youve testified here today that you were able to hack into a voting machine in 48 hours, change the results and nobody knew you had done it. And if you could do it, i think the point is the russians could do it if they chose. And weve been talking a lot about registration lists. My understanding is that quite often a Voter Registration list at some point in the process is linked up with the computer that has the Voter Registration list is linked up with configuring the Voting Machines and perhaps even tallying votes. Is that true . Can any of you no, sir. Theres no connection between the registration list and the Voting Machines . No. No in tt in illinois. Thats correct. Dr. Halderman . I believe that depends on the specific equipment involved. There may be some designs of Voting Systems where the signin and the vote counting system are linked. But of course, as you testified i think, if the voting registration list is tampered with on some day, it would be chaos if names disappeared and people arrived at the polls and their names werent on the list. Isnt that correct, ms. Lawson . If a person showed up at the polls to vote and their name want on the list as they were expected they would be given a provisional ballot, i think the biggest danger is that the lines at the polls were increase significantly if there was a large up in of folks might have to do that in each precinct. Right that, is what i was referring to. On august 1 of 016, press reports indicated there was an fbi notification to all of their field offices about the danger of cyber intrusions into Voting Systems. Supposedly those were did you folks get something from the fbi that gave people information around i. P. Warnings and what should be done . Yes, we did. His lawson, did you see that . We did as well. So there is some interconnection. One of the things that im sort of hearing and im frankly appreciative and happy that you all did see that notice. But there. If something happens in illinois, some system where by you can alert your ol eegs across i and the pb rrn, they c can dr. Halder man . Yes, i would support further information sharing. And finally we talked about what we do about this. Paper trails has come up. Is that the present pal defense . Dr. Halderman, what if i ask. What would be the three things most important or my secretary of state in maine to protect themselves against a threat we know is coming . The most important things are to make sure we have votes recorded on paper, paper ballots, which just cannot be changed in a cyber attack, that we look at enough of that paper in a post election, risk limiting audit and to make sure we are generally. One final question. Is it possible that pb i tiber attack for a vendor to tamper with those machines before ne if from. And our system in practice is not quite as decentralized as it may appear. Attacks spreading by vendors could be a way to reach voting equipment over a very large year. A and. Thank you, mr. Chairman. I want to thank you for holding this hearing. This is such Important Information for the public and for our democracy. I bleach. Thank you, sir. Senator harris. So theres a saying im sure many of have in terms of our election, theres prevention, detection and also resilience, if we discover that weve been manipulated, lets have the ability to stand back up as quickly as possible. So i have a few questions in that regard. Flul, have each of you, you received for the states received the notification from the fbi. ; is that correct . Yes, maam. Yes, yes. And were any of you also notified by dhs . Weve had communications with dhs. I dont know how they were initiated. I do know there were some Conference Calls with them and it may have been the fbi. And im speaking before the 2016 election. Yes. Secretary lawson . We did have conversations wi with. I did have contact but it was through our association, it was not a drk i believe was but our communications with dhs were more about general steps that could be taken to follow up o ourthat might be helpful so we can figure out how notifications might be more helpful to you in the nut. Hopefully theyre not net you about fwrfrmt, requiring states to report to the federal government if theres been a breach or a hack. Can yfrp hes that kitty mr frn if the fbi or the department of hochlland skurpt ways to count are those attacks or to make sure that the reconnaissance is done after auch indiana did not take the opportunity that would be the con. Can you, professor halderman tell me before this last election cycle, there had been a lot of talk through the various states, im sure you were part of the talk about the efficacy of online voting, it would be speed and accuracy and now we see there could be great vulnerabilities by doing that. Can you talk with me a little just in terms of policy . Is the day of discussing the need for online voting, has that day passed because of the vulnerabilities that are associated with that . I think that online voting unfortunately would be painting a bulls eye on our election system. Todays Technology Just does not provide the level of security assurance for an online election that you would need in order for voters to have high confidence. And i say that having myself done that was about to be used in real elections, having found vulnerabilities in online Voting Systems used in other countries, the Technology Just isnt ready for use. Isnt that the irony that the professor of Computer Engineering and i who always believed that we need to do more to adopt be i think were talking about some election vendors have required states to sign agreements that prevent or inhibit independent security testing, are you familiar with that . That certainly had been something that inhibited attempts by researchers like me to study election systems in the past. And do you believe that thats a practice that is continuing . I do not i dont know theans to that question. Have any of you had that experience with any of your vendors . In illinois, no, i have not and i dont believe illinois would allow such an agreement. I dont believe that would happen in indiana either, about because in order have voting it has to be certified, which which requires testing. Yes. Thank you. I want to thank all of you for your testimony today. Secretary lawson, to you, i really encourage you as the next representative of secretary of state to remain engaged with the federal government, particularly the department of Homeland Security. And i this with any transfer of administration there is a handoff and a ramp up. And ive been extremely impressed with our witness from dhs who not only was here today, but she has taken the bull buy t by the horns on this issue and i think youll see those guidelines very quickly and i hope that there will be some interaction between secretaries because since in 40 states, you control the voting process. And you can find the system of federal guidance and collaboration that works comfortably with every secretary of state in your organization. I think it is absolutely critical that we have not only a collaboration but a communication between the federal government and the states as it relates to our Voting Systems. If not, i fear that there would be an attempt to in some way, shape or form nationalize that. That is not the answer. And ill continue to point mr. Sandvoss to illinois. It is a great example of a state that apparently focused on the i. T. Infrastructure and staff and didnt wait for the federal government to knock on the door and say, hey, you got a problem. You identified your problem, you began to remediate it. At some point the federal government came in as a partner and you think where we see our greatest strength is to work with states and to chase people like you, dr. Halderman who like to break into no, im just kidding with you. Listen, i think what you did is important, and i think the questions that you raised about the fact that you really can target to make the impact of what youre trying to do very, very effective. And thats clearly what campaigns do every day. So we shouldnt be surprised if the russians actually looked at that or anybody else who wants to intrude into our Voting System and our democracy in this country. Ive got to admit that the variation of voting methods, in indiana where i dont know how many counties youve got, ive got a hundred county in North Carolina, it may be that i find out every county in North Carolina has the power to determine what Voting Machines and software they have. This can get extremely complicated. Short of trying to standardize everything, which i dont think is the answer how do we create the mechanism for the federal governments collaborate and understand up front what we bring to the table and how woo bring it so that were all looking at the same thing, the integrity of every vote going to exactly who it was intended to do. So were going to have debates on lker will be at the end of the day if we havent gotten collaboration and communication, i can assure you well be here with another congress with another Committee Asking the same questions because we wont have fixed it. I think what dr. Halderman has said to us is there are some ways where we can approach this whereas our certainty of intrusion and the accuracy of the vote totals can be certified. I thank all the four of you for being here today in our second panel. This hearing is now adjourned. This morning in a series of tweets, President Trump said that former Homeland Security adviser jeh johnson is the latest top intelligence official to state there was no grand scheme between trump and russia. He was referring to the former secretarys yesteay