At any time. Ill now recognize myself for five minutes for my Opening Statement. Good afternoon. Thanks for being here. Its been over 240 years since our forefathers declared independence and a democratic experiment began. Throughout the entirety of our existence our adversaries have sought to suppress our voting process. Voting is one of our fundamental rights. Our existence as a democracy depends on free, fair and accurate elections. Today we are here to talk about the best way to protect the integrity of our Voting Systems bu the cybersecurity of our Voting Machines and election systems. There are over 10,000 election jurisdictions nationwide that administer elections and even within states, counties use different systems and different technologies to conduct elections. Over a year ago, last september. Ranking member kelly and i held a hearing in the subcommittee titled cybersecurity and sharing the integrity of the ballot box to discuss potential cybersecurity issues with the upcoming election. It was an issue then, and it remains an issue now. Former dhs secretary jeh johnson has made clear that to the best of his knowledge the russian government did not, through any cyber intrusions alter ballot, ballot counts or reporting of Election Results. However, our adversaries have always sought to use our nations unique qualities to undermine our robust and resilient democracy. Just because russia did not tamper with ballots or reporting of results in the last election it doesnt mean they or others wont try to do so in the next election or the one after that. Electronic voting is vulnerable to hacking. Our Voting Systems are no exception. Dhs designated the Voting Systems as Critical Infrastructure. Something being discussed at our hear in 2016. Were here to follow up on that. Its essential that states take appropriate steps to secure their voting infrastructure. It is also essential that states have the ability to audit their balance for accuracy whenever any kind of manipulation is suspected. State of virginia has joined the growing list of states that went to a paper system. I am curious to hear about how the transition went and what the witnesses think about moving to paperbased Voting Systems. Additionally, what are the chances that a foreign entity could tamper with the ballot box . These are questions and issues i want to explore today. Im interested to hear what the witnesses have to say on the topic and i thank the witnesses for being here today and for their efforts as fellow citizens to ensure that our countrys elections are free and fair. Now, with pleasure. I recognize the rooanking membe of the Information Technology subcommittee my friend miss kelly for five minutes in her opening remarks. Thank you mr. Chair. Hope you had a nice thanksgiving. Thank you for holding this important hearing today. There is no doubt that russia, at the direction of president Vladimir Putin, attempted to manipulate our elections and has worked to manipulate those of our western allies. It was a broad and coordinated campaign to undermine faith in democratic elections. Earlier this year the i. T. Subcommittee explored the kremlins efforts to use social media to influence voters. Today were looking at another part of their effort to undermine our democracy by hacking our Voting Machines and election infrastructure. A year ago we held a hearing entitled cybersecurity, ensuring the integrity of the ballot box where we looked at state and federal preparations for cybersecurity on our Voting Machines. Today were discovering still new facts. In September Dhs notified 21 states that hackers affiliated with the russian government breached or attempted to breach their election infrastructure. In my home state of illinois the hackers illegally downloaded the personal information of 90,000 voters and attempted to change and delete data. Fortunately they were unsuccessful. While we continue learning about the full scope of russias election interference one thing is clear. There will be another attempt to manipulate our elections, whether it be russia, another nationstate or a nonstate actor or even a terrorist organization. The threats to our election infrastructure are growing. So what are we going to do about it . Earlier this year researchers at the defcon conference successfully hacked five different direct recording electronic Voting Machines or dres in a day. The first vulnerabilities were discovered in just 90 minutes. Even Voting Machines not connected to the internet still contained physical vulnerabilities like usb ports that can be used to upload malware. Many lack the ability to allow experts to determine theyve been hacked. Despite the flaws theyre still commonly used. In 2016, 42 states used them. They were more than a decade old and some run software no longer supported by the manufacturer. Updating the Voting Machines to paperbased machines such as optical scanners is a step we need to take right now. Our election infrastructure is broad and contain numerous vulnerabilities. If we are going to withstand a coordinated attack we need a coordinated defense. In january of this year, dhs designated election infrastructure as Critical Infrastructure. And this announcement then dhs secretary jeh johnson was clear that this designation was not to be a federal takeover of state and local election infrastructure. Rather, it was a designation intended to ensure the current state and local officials had the resources necessary to secure their elections. Since then, former dhs secretary and now white house chief of staff general john kelly has supported this designation. This designation can help ensure that the cornerstone of our democracy, our elections, remain fair and secure. If this designation is to be successful, we will all have to Work Together, dhs and our state Election Officials must do a better job of working together to detect and solve problems. Again, i want to thank you, mr. Chairman, for holding this crucial hearing. Thank you to our witnesses for being here. I look forward to hearing from all of you about how we can continue protecting our democracy. I yield back. Its always a pleasure to be with you, representative kelly. Like to thank my friend, chairman palmer, for the Intergovernmental Affairs subcommittees cooperation and work on this important issue. Its a pleasure to recognize the Ranking Member of the Intergovernmental Affairs subcommittee, miss demings, for five minutes in her opening remarks. Thank you so much, chairman hurd and chairman palmer, for convening this hearing today. I would also like to thank Ranking Member kelly for her leadership and all of our witnesses for joining us for this very important hearing. I am pleased that we are holding this hearing on a matter so essential to democracy. While there are many issues that divide us, the integrity of the voting process should not be in question. Regardless of race, gender, sexual identity, zip code, income, every vote should count. Every vote should count the same. I believe that voting is the last true equalizer. However, russias interference in the 2016 election and intrusion in at least 21 state Voter Registration databases indisputable and confirmed by u. S. Intelligence agencies have forced us to acknowledge Voting System security has not kept pace with the current and emerging threats from nations, organizations or even a single individual determined to undermine our democracy. Recently i joined the Congressional Task force on Election Security. Just as we keep our homeland safe from physical harm, so too must we harden our soft targets against cyberattacks. The task force has heard from security professionals, academia and state and local Elections Officials. Their message is clear. We must act now to protect our vogting systems. In over 40 states elections are carried out using Voting Machines and Voter Registration databases created more than a decade ago. These technologies are more likely to suffer from known vulnerabilities that cannot be patched easily, if at all. As we saw in the voting village set up at this years hacking conference, even hackers with limited prior knowledge, tools and resources are able to breach Voting Machines in a matter of minutes. We should not assume that state Voting Machines are secure enough to withstand a statesponsored cyberattack and there is no reason to believe that these attacks will subside. Congress must do its part. Yes, we must. And help states fund and maintain secure election systems. This means funding to purchase newer, more secure election systems and Voting Machines with voter marked paper ballots helping to establish baseline Security Standards for those systems and the vendors that service them and encourage states to conduct postelection risklimiting audits. Our democratic process relies on voters faith that their vote does count. Election security is National Security, and our election infrastructure is Critical Infrastructure. With just under a year until the 2018 midterm elections it is critical that we understand the vulnerabilities of the past and secure our networks for the future. I thank our witnesses again for sharing their testimony today, and i look forward to this very important discussion. Thank you so much. With that, i yield back. Thank you, Ranking Member demings. And now i am pleased to introduce our witnesses. First and foremost, the honorable christopher krebs, senior official performing the duties of the undersecretary for National Protection and programs directorate. Tom schedler from licenses. Thank you for coming today. Commissioner cortes, the commission on the Virginia Department of elections. Sir, thank you for being here. Dr. Matthew blaze. Associate professor of computer and Information Science at the university of pennsylvania. And miss susan cline hennessey, a fellow and National Security and governance studies at the brookings institute. Welcome to you all. Pursuant to Committee Rules all witnesses will be sworn in before you testify. Please rise and raise your right hand. [ witnesses sworn ] let the record reflect that all witnesses answered in the affirmative. In order to allow time for discussion, please limit your testimony to four minutes. Your entire written statement will be made part of the record and i appreciate your written statements, especially the all of you all had outlined a number of Interesting Solutions to these problems as well as articulating the concerns that we have. So folks that are interested in this topic, many of all of these written statements is valuable in understanding the state of where we are. As a reminder, also, the clock in front of you shows your remaining time. The light will turn yellow when you have 30 seconds left and when it flashes red that means your time is up. Please also remember to push the button to turn your microphone on before speaking. We would like to start with mr. Krebs. You are now recognized for five minutes. Four minutes. Excuse me. Chairman hurd, chairman palmer, Ranking Member kelly, Ranking Member demings and the members of the subcommittee, thank you for this opportunity to discuss the department of Homeland Securitys ongoing efforts to enhance the security of our elections. In 2016 the United States saw malicious Cyber Operations directed against u. S. Election infrastructure and political entities. Since january we have reaffirmed the designation of election systems as Critical Infrastructure and a clear eye that threats to our nations election systems remain an ongoing concern. The organization i lead, the National Protection and programs directorate at the department of Homeland Security is leading an interagency effort to provide voluntary assistance to state and local officials. This interagency assistance brings together the Election Assistance Commission, the fbi, the Intelligence Community, nist and other dhs partners and is modelled on our work with other Critical Infrastructure sectors. Our nations election systems are managed by state and local governments in thousands of jurisdictions over the country. State and local officials have already been working individually and collectively to reduce risks and ensure the integrity of their elections. As threat actors become more sophisticated dhs stands in partnership to support the efforts of Election Officials. We offer three primary types of assistance. Assessments, information and Incident Response. Dhs typically offers two kinds of assessments to state and local officials. First, the cyber Hygiene Service for internet facing systems provides a recurring report identifying vulnerabilities in internet connected systems and mitigation recommendations. Second our cybersecurity experts can go onsight to conduct risk and Vulnerability Assessments. They are more thorough and result in a full report of vulnerabilities and recommendations allowing the testing. As we continue to understand the requirements from our stakeholders, well refine and diversify the offerings. In terms of information sharing, dhs continues to share actionable information on Cyber Threats and incidents through multiple means. For example, dhs published best practices for securing Voter Registration databases and addressing potential threats to election systems. We share cyber threat indicators and other analysis the Network Defenders can use to secure their numbers. The National CyberSecurity Systems works to provide threat and vulnerability information to state and local officials. Election officials may also receive information and assistance directly from the ncic or through security advise rsz and protective security advisers. We offer security clearances to senior Elections Officials and and other state officials. The dhs provides Incident Response assistance to help state and local officials identify and remediate any possible incidents. In the case of an attempted hacks. We have a collective defense approach. Its important to note that these relationships are built and sustained on trust. Breaking that trust will have farranging consequences in our ability to collaboratively counter this growing threat. To formally to formalize and coordinate efforts with our federal partners and Election Officials we established a government coordinating council. We are working to formalize partnerships with private sector industry through a sector coordinating council. Within this environment of sharing critical threat information, risk management, best practices and other vital information, dhs is leading federal efforts to support enhanced security across the nation. Securing the nations election systems is a complex challenge and shared responsibility. There is no one size fits all solution. In conversations with Election Officials over the last year and working with the eac, nist, doj, the department learned a great deal. Youre hear from louisiana, they already do great work but resources remain a challenge. Not only budget for modernizing it and Work Force Training and recruitment. As we work collectively to address these and other challenges the department will continue to work with congress and Industry Experts to support our state and local partners. Thank you for this opportunity to testify and i look forward to any questions. Thank you, mr. Krebs. Secretary schedler, again, thank you for being flexible. I know this has been rescheduled a few times. Your perspective and experience on this topic is important. Thank you for being here. Sir, you are now recognized for four minutes. Thank you, mr. Chairman. And thank you to this committee for the invitation to participate today. Its important for you to hear the perspective