Csp csp cspspan. Or cspan. Org. Next, a look at hacking attempts by russia which may have targeted as many as 21 u. S. States. We heard yesterday from the person in charge of Cyber Security for the Homeland Security department janet manfra and other intelligence officials. From capitol hill this is a little over three hours. Hearing is in order. Today the committee convenes the sixth open hearing of 2017 to further examine russias interference in the election. This is an opportunity for the committee and the American People to drill down on this vitally important topic. In 2016 a hostile foreign power reached down into the state and local levels to touch voter data. It employed sophisticated cyber tools and capabilities and helped moscow to potentially build detailed knowledge of how our elections work. There was another example of russian efforts to interfere into a democracy with the goal of undermining our system. In 2016 we were woefully unprepared to defend and respond and im hopeful that we will not be caught flat fooded again. Our witnesses will tell us about 2016, what we should expect in 2018 and 2020. Im deeply concerned that if we do not work in lockstep with the states to secure our elections, we could be here if two or four years talking about a much worse crisis. The first panel will include expert witnesses from dhs and fbi to discuss russian intervention in 2016 elections and u. S. Government efforts to mitigate the threat. The second panel will include witnesses from Illinois State board of elections, the National Association of state elections directors, the National Associations of secretary of state, and an expert on Election Security to get us there on the ground on how federal resources might be brought to bear on this very important issue. For our first panel, id like to welcome our witnesses today. Dr. Samuel laos, acting director of Cyber Division within the office of intelligence and analysis at the department of Homeland Security. Jennifer manfra, acting deputy undersecretary, National Protection and programs dick tort, also at dhs. And jeanette, i think i told you next time you came i do not want acting in front of your name so now ive publicly said that to everybody in front of dhs. Hopefully next time that will be removed. And bill the assistant director for Counterintelligence Division at the federal bureau of investigation. Bill, i want to thank you for the help that you have personally provided to the investigative staff of this committee as weve worked through so far over five and a half months into our investigations of the 2016 elections. As youre well aware, the committee is in the midst of the investigation. The extent to which russian government under the direction of president putin conducted intelligence activities also known as russian active measures targeted the u. S. Elections. The Intelligence Community assesses it while russian influence obtain and maintained access to elements of multiple u. S. State and local election boards. Those systems were not involved in vote tally. During the first panel, i would like to address the depth and breadth of russian government cyber activities during 2016 election cycle with the u. S. Government to defend against these intrusions. We must keep the foundation of our democracy free and Fair Elections in 2018 and beyond. I thank all three of our first witnesses, i turn to the vice chairman. Thank you, mr. Chairman, and welcome to the witnesses and thank you for the work youve done with us. We all know that in january the entire Intelligence Community reached the unanimous conclusion thata took extraordinary steps to interfere in our 2016 president ial elections. Russias interference i believe was a watershed moment in our political history. This is one of the most significant events i think any of us on this dais will be asked to address in our time as senators. And woman a robust and comprehensive response we will protect our democratic processes from even more dramatic incursions in the future. Much of what the russians did at this point i think at least in this room was well known. Spreading fake news, flooding social media, hacking personal emails and leaking them for maximum political benefit. Without firing a shot at a minimal cost russia sewed chaos in our political system and undermined faith in our democratic process and as weve heard from earlier witnesses is the Intelligence Communitys conclusion that they also secured and maintained access to elements of multiple u. S. State and local electoral boards. As the chairman said, theres no reason to doubt the validity of the vote totals in the 2016 election. However, dhs and the fbi have confirmed and ill come back to this repeatedly only two intrusions into the Voter Registration databases in both arizona and illinois. Even though no data was modified or threadeleted in those two st. At the same time, weve seen published reports that literally dozens ive seen one report that said 39 states were potentially attacked. Its good news the attempts in 2016 did not change the results of that election but the bad news is this wont be their last attempt and im deeply concerned about the danger posed by future interference in our elections and attempts on russia to undermine confidence in our elections. We saw recently russian attempts to interfere in the elections in france and i thank the chairman that well be having hearings on this. We can be sure Russian Hackers and trolls will continue to refine their tactics in the future, et specially if theres no penalty for these malicious attacks. Thats again one reason i think the senate voted so overwhelmingly last week and i thank my colleagues for that 972 vote to strengthen our sanctions on russia. I hope that action sends a strong message to mr. Putin that there will be a heavy price to pay for attacks against the fundamental core of our democratic system. Make no mistake, its likely well see more attacks not just in america but against our partners. I heard coming in on the radio that the russians are already actively engaged in the german election cycle which takes place this fall. Some might say well, why the urgency. I can assure you, we have elections in 2018 but my home state of virginia we have statewide elections this year so this needs a sense of urgency. The american electoral process, the actual counting and reporting primarily is a local and state responsibility and in many states, including my own, we have a very decentralized approach which can be both the strength and the weakness. In virginia, for instance, the centralization helps deter largescale hacking or manipulation because our system is to diffuse. But virginia localities use more than a dozen different types of Voting Machines. None of which are connected to the internet while in use but we have a number of machine read machines so that the tabulations actually could be broken into on an individual machine basis. All this makes large Cyber Attacks on our electoral system because of the diffusion more difficult. But it also makes maintaining consistent coordinated cyber defenses more challenging as well. I strongly believe the threat requires us to harden our cyber defenses and to thoroughly educate the American Public about the danger. Yesterday i wrote to the secretary of Homeland Security. I urged dhs to work closely with state and local Election Officials to disclose publicly, emphasize publicly which states were targeted, not to embarrass any state. But how to put the American Public on notice when weve only heard two states but weve heard there are reports there are dozen. That makes no sense. I know its the position of dhs is since the states were victims it is their responsibility but i cannot believe that this was an attack on physical infrastructure in a variety of state there is wouldnt be a more coordinated response. We are not making our country safer if we dont make sure all americans realize the breadth and extent of what the russians did in 2016 and, frankly, if we dont get our act together what they will do in an even more dramatic form in 2018 and 2020 and candidly the idea of this bureaucratic its not my responsibility, not my job i dont believe is an acceptable decision. I hope that we hear a plan on how we can get more information into the bloodstream, how we can make sure that we have better best practices so that all states are doing whats needed. Im not urging or suggesting in any way the federal government intervenes in what is a local and state responsibility but to not put all americans on notice. To have the number of states that were hacked into or attempted to be hacked in to kept secret is crazy in my mind so my hope is that we will get some answers. I do want to thank the fact that in january dhs did designate the nations electoral infrastructure as krit sal infrastructure. Thats important. If we call it Critical Infrastructure but dont tell the public how many states were packed or how many could be attacked the the next cycle i dont think we get to where we need to be. So were going to see more of this. This is the new normal. Appreciate the chairman for holding this hearing and ill look forward very much to getting my questions answered. Thank you. Thank you, vice chairman. With that, doctor, i understand youre going to go first, the floor is yours. Chairman burr, Ranking Member warner, distinguished members of the committee, thank you for the invitation to be here. I represent the cyber Analysis Division of the department of Homeland Securities Office of intelligence and analysis. Our submission to produce cyber focus intelligence information and analysis, represent our partners like inkick to the Intelligence Community, coordinate and share intelligence with our customers at the lowest classification possibility. We are a team of dedicated analysts who take threats to the Critical Infrastructure of the United States seriously. Id like to begin by clarifying the threat we observe nod the infrastructure in the 2016 election. Prior to the election we had no indication that criminals were planning Cyber Operations against the u. S. Election infrastructure that would change the outcome of the coming u. S. Election however throughout spring and early summer 2016 we and others in the ic began to find indications that the russian government was responsible for widely reported compromises ableak s and leaks s from u. S. Political figures and institutions. As awareness of these activities grew, dhs began in august, 2016, to receive reports of cyberenabled scanning and probing of electionrelated infrastructure in some states. From that point on, ina began working together, analyze and share Additional Information about the threat. Ina participated in red team events looking at all possible scenarios, collaborated and coauthored production with other Community Members and the National Intelligence council provided direct support to the cyber center, the national Cyber Security and Communications Integration center and worked hand in hand with state and local information. By late september, we determined internetconnected networks in 21 states were potentially targeted by russian government cyber actors its important to note that none of the systems were involved in vote tallying. Our understanding of that tallying augmented by further classified reporting is that still consistent with the scale and scope. This activity is best characterized as hackers attempting to use commonly available cyber tools to exploit known system vulnerabilities. This vast majority of the activity we observed was indicative of simple scanning for vulnerabilities analogous to somebody walking down the street and looking to see if you are home. A small number of systems were unsuccessfully explode d as though somebody rattled the doorknob. Finally a small number of net t networks were exploited. They made it through the door. Based on that activity, we made a series of suspects. We started out with we had no indication prior to the election that adversaries were Planning Operations against the infrastructure that would change the outcome of the 2016 election. We also saw diversity of systems, noninternet connected vote magazines, preelection testing and processes for media, campaign and Election Officials to check, audit and validate the results. All of these made it likely that cyber manipulations of the u. S. Election system would be detected. We also finally assess the types of systems russian actors targeted or compromised were not involved in vote tallying. What we continue to evaluate is any new information, dhs has not altered these prior assessments having characterized the threat as we observed it, ill stop to allow my colleague Jeanette Manfra to talk about how theyre working with election systems to enhance security and resiliency. I look forward to answering your questions. Thank you, ms. Manfra . Thank you, sir, chairman burr, vice chairman warner, thank you for todays opportunity to represent the men and women that serve in the department of Homeland Security. Today im here to discuss the departments mission to reduce and eliminate threats to the nations critical, physical and Cyber Infrastructure, specifically as it relates to our elections. Our nations Cyber Infrastructure is under constant attack. In 2016 we saw Cyber Operations directed against u. S. Election infrastructure and political entities. As awareness of these activities grew, dhs and its partners provided actionable information and capabilities to help Election Officials identify and mitigate vulnerabilities on their networks. Actionable information led to detections of potentially malicious activity affecting internetconnected electionrelated networks, potentially targeted by russian cyber actors in multiple states. When we became aware of detected activity, we worked with the affected entity to understand if a successful intrusion had, in fact, occurred. Many of these detections represented potentially malicious vulnerability scanning activity, not successful intrusions. This activity and partnership with these potential victims and targets enhanced our Situational Awareness of the threat and further informed our engagement with state and local Election Officials across the country. Given the vital role that elections have in a free and democratic society, on january 26 of this year, the former secretary of Homeland Security established election infrastructure as a Critical Infrastructure subsector. As such, dhs is leading federal efforts to partner with state and local Election Officials as well as private sector vendors to formalize the prioritization of voluntary securityrelated assistance and to ensure that we have the Communications Channels and protocols as senator warner discussed to ensure that Election Officials receive information in a timely manner and that we understand how to jointly respond to incidents election infrastructure now receives Cyber Security and Infrastructure Protection assistance similar to what is provided to other Critical Infrastructure such as Financial Institutions and electric utilities. Our election system is run by the state and local governments in thousands of jurisdictions across the country. Importantly state and local officials have already been working individually and collectively to reduce risks and ensure the integrity of their elections. As threat actors become increasingly sophisticated, dhs stands in partnership to support their efforts. Safeguarding and securing cyberspace spais a core mission. Dhs assists state and local customers as part of our daily operations. Such assistance is completely voluntary and does not sbam regulation or federal oversight. Our role is limited to support. In this role we offer three types of assistance assessments, information and Incident Response. For the most part, dhs has offered two kinds of assistance to state and local officials. First, the cyber Hygiene Service for internetfacing systems provides a recurring report identifying vulnerabilities and mitigation recommendations. Second, our Cyber Security experts can go on site to conduct risk and vulnerability assessments and provide recommendations to the owners of those systems for how best to reduce th