Hearings
Hearing Type:
Open
Date & Time:
Wednesday, June 21, 2017 - 9:30am
Location:
Hart 216
Witnesses
Panel 1
Acting Director
Dr. Samuel
Liles
Acting Director of Cyber Division, Office of Intelligence and Analysis
DHS
Acting Deputy Undersecretary
Jeanette
Manfra
National Protection and Programs Directorate
DHS
Panel 2
Michael
Haas
Midwest Regional Representative
National Association of State Election Directors
Professor
Dr. J. Alex
Halderman
Professor of Computer Science & Engineering
University of Michigan
President-Elect
Connie
Lawson
President-Elect of National Association of Secretaries of State (NASS) & Secretary of State
Indiana
Executive Director
Steve
Sandvoss
Executive Director of Illinois State Board of Elections
Illinois
Full Transcript
[Senate Hearing 115-92]
[From the U.S. Government Publishing Office]
S. Hrg. 115-92
RUSSIAN INTERFERENCE IN THE 2016 U.S. ELECTIONS
=======================================================================
HEARING
BEFORE THE
SELECT COMMITTEE ON INTELLIGENCE
OF THE
UNITED STATES SENATE
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
WEDNESDAY, JUNE 21, 2017
__________
Printed for the use of the Select Committee on Intelligence
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
_________
U.S. GOVERNMENT PUBLISHING OFFICE
26-125 PDF WASHINGTON : 2017
____________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001
SELECT COMMITTEE ON INTELLIGENCE
[Established by S. Res. 400, 94th Cong., 2d Sess.]
RICHARD BURR, North Carolina, Chairman
MARK R. WARNER, Virginia, Vice Chairman
JAMES E. RISCH, Idaho DIANNE FEINSTEIN, California
MARCO RUBIO, Florida RON WYDEN, Oregon
SUSAN COLLINS, Maine MARTIN HEINRICH, New Mexico
ROY BLUNT, Missouri ANGUS KING, Maine
JAMES LANKFORD, Oklahoma JOE MANCHIN III, West Virginia
TOM COTTON, Arkansas KAMALA HARRIS, California
JOHN CORNYN, Texas
MITCH McCONNELL, Kentucky, Ex Officio
CHUCK SCHUMER, New York, Ex Officio
JOHN McCAIN, Arizona, Ex Officio
JACK REED, Rhode Island, Ex Officio
----------
Chris Joyner, Staff Director
Michael Casey, Minority Staff Director
Kelsey Stroud Bailey, Chief Clerk
CONTENTS
----------
JUNE 21, 2017
OPENING STATEMENTS
Burr, Hon. Richard, Chairman, a U.S. Senator from North Carolina. 1
Warner, Hon. Mark R., Vice Chairman, a U.S. Senator from Virginia 2
WITNESSES
Liles, Sam, Acting Director, Office of Intelligence and Analysis,
Cyber Division, Department of Homeland Security................ 4
Manfra, Jeanette, Undersecretary of Homeland Security, and Acting
Director, National Protection and Programs Directorate......... 6
Prepared statement........................................... 8
Priestap, Bill, Assistant Director, Counterintelligence Division,
Federal Bureau of Investigation................................ 15
Prepared statement........................................... 16
Lawson, Connie, Indiana Secretary of State and President-Elect,
National Association of Secretaries of State................... 48
Prepared statement........................................... 50
Haas, Michael, Midwest Regional Representative, National
Association of State Election Directors........................ 59
Prepared statement........................................... 62
Sandvoss, Steve, Executive Director, Illinois State Board of
Elections...................................................... 68
Prepared statement........................................... 70
Halderman, J. Alex, Professor of Computer Science and
Engineering, University of Michigan............................ 72
Prepared statement........................................... 74
SUPPLEMENTAL MATERIAL
Phishing email received by Billy Rinehart of DNC................. 37
Report titled ``Securing Elections from Foreign Interference''
submitted by Senator Warner.................................... 96
Questions for the record......................................... 134
RUSSIAN INTERFERENCE IN THE 2016 U.S. ELECTIONS
----------
WEDNESDAY, JUNE 21, 2017
U.S. Senate,
Select Committee on Intelligence,
Washington, DC.
The Committee met, pursuant to notice, at 9:32 a.m. in Room
SH-216, Hart Senate Office Building, Hon. Richard Burr
(Chairman of the Committee) presiding.
Committee Members Present: Senators Burr, Warner, Risch,
Rubio, Collins, Blunt, Lankford, Cotton, Cornyn, Feinstein,
Wyden, Heinrich, King, Manchin, Harris, and Reed.
OPENING STATEMENT OF HON. RICHARD BURR, CHAIRMAN, A U.S.
SENATOR FROM NORTH CAROLINA
Chairman Burr. I'd like to call the hearing to order.
Today the Committee convenes its sixth open hearing of
2017, to further examine Russia's interference in the 2016
elections. This is yet another opportunity for the Committee
and the American people to drill down on this vitally important
topic.
In 2016, a hostile foreign power reached down to the State
and local levels to touch voter data. It employed relatively
sophisticated cyber tools and capabilities and helped Moscow to
potentially build detailed knowledge of how our elections work.
It was also another example of Russian efforts to interfere
into a democracy with the goal of undermining our system. In
2016, we were woefully unprepared to defend and respond and I'm
hopeful that we will not be caught flatfooted again.
Our witnesses are here to tell us more about what happened
in 2016, what that tells us about Russian intentions, and what
we should expect in 2018 and 2020. I'm deeply concerned that if
we do not work in lockstep with the states to secure our
elections, we could be here in two or four years talking about
a much worse crisis.
The hearing will feature two panels. The first panel will
include expert witnesses from DHS and FBI to discuss Russian
intervention in 2016 elections and U.S. government efforts to
mitigate the threat. The second panel will include witnesses
from the Illinois State Board of Elections, the National
Association of State Election Directors, the National
Association of Secretaries of States, and an expert on election
security to give us their on-the-ground perspective on how
Federal resources might be brought to bear on this very
important issue.
For our first panel, I'd like to welcome our witnesses
today: Dr. Samuel Liles, Acting Director of Cyber Division
within the Office of Intelligence and Analysis at the
Department of Homeland Security; Jeanette Manfra, Acting Deputy
Under Secretary, National Protection and Programs Directorate,
also at DHS.
And Jeanette, I think I told you next time you came I did
not want ``Acting'' in front of your name. So now I've publicly
said that to everybody at DHS. Hopefully next time that will be
removed.
And Bill Priestap. Bill's the Assistant Director for
Counterintelligence Division at the Federal Bureau of
Investigation.
Bill, I want to thank you for the help that you have
personally provided to the investigative staff of this
Committee as we've worked through so far over five and a half
months of our investigation into the 2016 elections.
As you're well aware, this Committee is in the midst of a
comprehensive investigation on the specific issue: the extent
to which the Russian government under the direction of
President Putin conducted intelligence activities, also known
as Russian active measures, targeted at the 2016 U.S.
elections. The intelligence community assesses that, while
Russian influence obtained and maintained access to elements of
multiple U.S. State and local election boards, those systems
were not involved in vote tallying.
During the first panel, I would like to address the depth
and the breadth of Russian government cyber activities during
the 2016 election cycle, the efforts of the U.S. government to
defend against these intrusions, and the steps that DHS and FBI
are taking to preserve the foundation of our democracy's free
and fair elections in 2018 and beyond.
I thank all three of our first witnesses. I turn to the
Vice Chairman.
OPENING STATEMENT OF HON. MARK WARNER, A U.S. SENATOR FROM
VIRGINIA
Vice Chairman Warner. Thank you, Mr. Chairman, and welcome
to the witnesses. And, Bill, thank you again for all the work
you've done with us.
We all know that in January the entire intelligence
community reached the unanimous conclusion that Russia took
extraordinary steps to intervene in our 2016 Presidential
elections. Russia's interference in our elections in 2016 I
believe was a watershed moment in our political history. This
was one of the most significant events I think any of us on
this dais will be asked to address in our time as Senators. And
only with a robust and comprehensive response will we be able
to protect our democratic processes from even more dramatic
incursions in the future.
Much of what the Russians did at this point, I think at
least in this room, is--was well known: spreading fake news,
flooding social media, hacking personal e-mails and leaking
them for maximum political benefit. Without firing a shot and
at minimal cost, Russia sowed chaos in our political system and
undermined faith in our democratic process. And as we've heard
from earlier witnesses, sometimes that was aided by certain
candidates in terms of their comments about the legitimacy of
our democratic processes.
Less well understood, though, is the intelligence
community's conclusion that they also secured and maintained
access to elements of multiple U.S. State and local electoral
boards. Now, again, as the Chairman has said, there's no reason
to doubt the validity of the vote totals in the 2016 election.
However, DHS and the FBI have confirmed--and I'm going to come
back to this repeatedly--only two intrusions into the voter
registration databases, in both Arizona and Illinois, even
though no data was modified or deleted in those two states.
At the same time, we've seen published reports that
literally dozens--I've seen one published report that actually
said 39 states--were potentially attacked. Certainly it's good
news that the attempts in 2016 did not change the results of
that election. But the bad news is this will not be their last
attempt. And I'm deeply concerned about the danger posed by
future interference in our elections and attempts by Russia to
undermine confidence in our whole electoral system.
We saw Russian--we saw recently--and this was just not
happening here, obviously--we saw recently Russian attempts to
interfere in the elections in France. And I thank the Chairman
that next week we'll be having a hearing on some of these
Russian efforts in Europe. We can be sure that Russian hackers
and trolls will continue to refine their tactics in the future,
especially if there's no penalty for these malicious attacks.
That's again, one reason I think that the Senate voted so
overwhelmingly last week, and I thank all my colleagues for
that 97-2 vote, to strengthen our sanctions on Russia. I hope
that that action sends a strong message to Mr. Putin that there
will be a heavy price to pay for attacks against the
fundamental core of our democratic system.
Make no mistake, it's likely that we'll see more of these
attacks not just in America, but against our partners. I heard
this morning coming in on the radio that the Russians are
already actively engaged in the German election cycle, which
takes place this fall.
Now, some might say, ``Well, why the urgency?'' I can
assure you, you know, we have elections in 2018, but in my home
State of Virginia we have statewide elections this year. So
this needs a sense of urgency. The American electoral election
process, the machinery, the Election Day manpower, the actual
counting and reporting, primarily is a local and State
responsibility. And in many states, including my own, we have a
very decentralized approach, which can be both a strength and a
weakness.
In Virginia, for instance, decentralization helps deter
large-scale hacking or manipulation because our system is so
diffuse. But Virginia localities use more than a dozen
different types of voting machines, none of which are connected
to the Internet while in use, but we have a number of machine-
read machines, so that the tabulations actually could be broken
into on an individual machine basis.
All this makes large cyber attacks on electoral systems,
because of the diffusion, more difficult. But it also makes
maintaining consistent, coordinated cyber defenses more
challenging as well.
Furthermore, states may be vulnerable when it comes to the
defense of voter registration and voter history databases.
That's why I strongly believe that the threat requires us to
harden our cyber defenses and to thoroughly educate the
American public about the danger.
Yesterday, I wrote to the Secretary of Homeland Security. I
urged DHS to work closely with State and local election
officials to disclose publicly--and I emphasize, publicly--
which states were targeted. Not to embarrass any states, but
how can we put the American public on notice when we've only
revealed two states, yet we have public reports that there are
literally dozens? That makes absolutely no sense.
I know it is the position of DHS that since the states were
victims, it is their responsibility. But I cannot believe if
this was an attack on physical infrastructure in a variety of
states, there wouldn't be a more coordinated response.
We are not making our country safer if we don't make sure
that all Americans realize the breadth and the extent of what
the Russians did in 2016 and, frankly, if we don't get our act
together, what they will do in an even more dramatic form in
2018 and 2020. And candidly, the idea of this kind of
bureaucratic ``Well, it's not my responsibility, not my job'' I
don't believe is an acceptable decision.
So, I'm going to hope from our witnesses, particularly our
DHS witnesses, that we hear a plan on how we can get more
information into the bloodstream, how we can make sure that we
have better best practices, so that all states are doing what's
needed. I'm not urging or suggesting that in any way the
Federal Government intervenes in what is a local and State
responsibility. But to not put all Americans on notice and to
have the number of states that were hacked into or attempted to
be hacked into still kept secret is just crazy in my mind.
So, my hope is that we will get some answers. I do want to
thank the fact that in January DHS did designate the Nation's
electoral infrastructure as critical infrastructure. That's
important. But if we call it critical infrastructure but then
don't tell the public how many states were attacked or
potentially how many could be attacked in the next cycle, I
don't think we get to where we need to be.
So, we're going to see more of this. This is the new
normal. I appreciate the Chairman for holding this hearing and
I'm going to look forward very much to getting my questions
answered.
Thank you.
Chairman Burr. Thank you, Vice Chairman.
With that, Dr. Liles, I understand you're going to go
first. The floor is yours.
STATEMENT OF SAM LILES, Ph.D., ACTING DIRECTOR, CYBER DIVISION,
OFFICE OF INTELLIGENCE AND ANALYSIS, DEPARTMENT OF HOMELAND
SECURITY
Dr. Liles. Chairman Burr, Ranking Member Warner, and
distinguished members of the Committee, thank you for the
invitation to be here. My name is Sam Liles. I represent the
Cyber Analysis Division of the Department of Homeland
Security's Office of Intelligence and Analysis. Our mission is
to produce cyber-focused intelligence, information, and
analysis, represent our operational partners like the NCCIC to
the intelligence community, coordinate and collaborate on IC
products, and share intelligence and information with our
customers at the lowest classification possible. We are a team
of dedicated analysts who take threats to the critical
infrastructure of the United States seriously.
I'd like to begin by clarifying and characterizing the
threat we observed to the election infrastructure in the 2016
election. Prior to the election, we had no indication that
adversaries or criminals were planning cyber operations against
the U.S. election infrastructure that would change the outcome
of the coming U.S. election.
However, throughout spring and early summer 2016, we and
others in the IC began to find indications that the Russian
government was responsible for widely reported compromises and
leaks of e-mails from U.S. political figures and institutions.
As awareness of these activities grew, DHS began in August of
2016 to receive reports of cyber-enabled scanning and probing
of election-related infrastructure in some states.
From that point on, I&A began working to gather, analyze,
and share additional information about the threat. I&A
participated in red team events, looking at all possible
scenarios, collaborated and co-authored production with other
intelligence community members and the National Intelligence
Council. We provided direct support to the Department's
operational cyber center, the National Cyber Security and
Communications Integration Center, and worked hand-in-hand with
the State and local partners to share threat information
related to their networks.
By late September, we determined that Internet-connected
election-related networks in 21 states were potentially
targeted by Russian government cyber actors. It is important to
note that none of these systems were involved in vote tallying.
Our understanding of that targeting, augmented by further
classified reporting, is that's still consistent with the scale
and scope.
This activity is best characterized as hackers attempting
to use commonly available cyber tools to exploit known system
vulnerabilities. The vast majority of the activity we observed
was indicative of simple scanning for vulnerabilities,
analogous to somebody walking down the street and looking to
see if you are home.
A small number of systems were unsuccessfully exploited, as
though somebody had rattled the doorknob but was unable to get
in, so to speak. Finally, a small number of the networks were
successfully exploited. They made it through the door.
Based on the activity we observed, DHS made a series of
assessments. We started out with, we had no indication prior to
the election that adversaries were planning cyber operations
against election infrastructure that would change the outcome
of the 2016 election. We also assessed that multiple checks and
redundancies in U.S. election infrastructures, including
diversity of systems, non-Internet-connected voting machines,
pre-election testing, and processes for media, campaign, and
election officials to check, audit, and validate the results,
all these made it likely that cyber manipulation of the U.S.
election systems intended to change the outcome of the national
election would be detected.
We also, finally, assessed that the types of systems
Russian actors targeted or compromised were not involved in
vote tallying.
While we continue to evaluate any and all new available
information, DHS has not altered any of these prior
assessments. Having characterized the threat as we observed it,
I'll stop there to allow my NPPD colleague Jeanette Manfra to
talk more about how DHS is working with election systems to
enhance security and resiliency.
I look forward to answering your questions.
Chairman Burr. Thank you.
Ms. Manfra.
STATEMENT OF JEANETTE MANFRA, ACTING DIRECTOR AND UNDER
SECRETARY, NATIONAL PROTECTION AND PROGRAMS DIRECTORATE,
DEPARTMENT OF HOMELAND SECURITY
Ms. Manfra. Thank you, sir. Chairman Burr, Vice Chairman
Warner, members of this Committee: thank you for today's
opportunity to represent the men and women that serve in the
Department of Homeland Security.
Today I'm here to discuss the Department's mission to
reduce and eliminate threats to the Nation's critical physical
and cyber infrastructure, specifically as it relates to our
election.
Our Nation's cyber infrastructure is under constant attack.
In 2016, we saw cyber operations directed against U.S. election
infrastructure and political entities. As awareness of these
activities grew, DHS and its partners provided actionable
information and capabilities to help election officials
identify and mitigate vulnerabilities on their networks.
Actionable information led to detections of potentially
malicious activity affecting Internet-connected election-
related networks, potentially targeted by Russian cyber actors
in multiple states. When we became aware of detected activity,
we worked with the affected entity to understand if a
successful intrusion had in fact occurred.
Many of these detections represented potentially malicious
vulnerability scanning activity, not successful intrusions.
This activity, in partnership with these potential victims and
targets, enhanced our situational awareness of the threat and
further informed our engagement with State and local election
officials across the country.
Given the vital role that elections have in a free and
democratic society, on January 26 of this year the former
Secretary of Homeland Security established election
infrastructure as a critical infrastructure sub-sector. As
such, DHS is leading Federal efforts to partner with State and
local election officials, as well as private sector vendors, to
formalize the prioritization of voluntary security-related
assistance and to ensure that we have the communications
channels and protocols, as Senator Warner discussed, to ensure
that election officials receive information in a timely manner
and that we understand how to jointly respond to incidents.
Election infrastructure now receives cybersecurity and
infrastructure protection assistance similar to what is
provided to other critical infrastructure, such as financial
institutions and electric utilities.
Our election system is run by State and local governments
in thousands of jurisdictions across the country. Importantly,
State and local officials have already been working
individually and collectively to reduce risks and ensure the
integrity of their elections. As threat actors become
increasingly sophisticated, DHS stands in partnership to
support their efforts.
Safeguarding and securing cyber space is a core mission at
DHS. Through our National Cybersecurity and Communications
Center, or NCCC, DHS assists State and local customers such as
election officials as part of our daily operations. Such
assistance is completely voluntary. It does not entail
regulation or Federal oversight. Our role is limited to
support.
In this role, we offer three types of assistance:
assessments, information, and incident response. For the most
part, DHS has offered two kinds of assistance to State and
local officials: first, the cyber hygiene service for Internet-
facing systems provides a recurring report identifying
vulnerabilities and mitigation recommendations. Second, our
cybersecurity experts can go on site to conduct risk and
vulnerability assessments and provide recommendations to the
owners of those systems for how best to reduce the risk to
their networks.
DHS continues to share actionable information on cyber
threats and incidents through multiple means. For example, we
publish best practices for securing voter registration
databases and addressing potential threats to election systems.
We share cyber threat indicators and other analysis that
network defenders can use to secure their systems.
We partner with the multistate Information Sharing and
Analysis Center to provide threat and vulnerability information
to State and local officials. This organization is partially
grant-funded by DHS and has representatives that sit on our
NCCC floor and can interact with our analysts and operators on
a 24/7 basis. They can also receive information through our
field-based personnel stationed throughout the country and in
partnership with the FBI.
Finally, we provide incident response assistance at request
to help State and local officials identify and remediate any
possible cyber incidents. In the case of an attempted
compromise affecting election infrastructure, we will share
that technical information with other states to assist their
ability to defend their own systems from similar malicious
activity.
Moving forward, we must recognize that the nature of risk
facing our election infrastructure will continue to evolve.
With the establishment of an election infrastructure sub-
sector, DHS is working with stakeholders to establish these
appropriate coordinating councils and our mechanisms to engage
with them. These will formalize our mechanisms for
collaboration and ensure long-term sustainability of this
partnership. We will lead the Federal efforts to support
election officials with security and resilience efforts.
Before closing, I want to reiterate that we do have
confidence in the overall integrity of our electoral system
because our voting infrastructure is fundamentally resilient.
It is diverse, subject to local control, and has many checks
and balances built in. As the risk environment evolves, the
Department will continue to support State and local partners by
providing information and offering assistance.
Thank you very much for the opportunity to testify, and I
look forward to any questions.
[The prepared statement of Ms. Manfra follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Burr. Thank you very much.
Mr. Priestap.
STATEMENT OF BILL PRIESTAP, ASSISTANT DIRECTOR,
COUNTERINTELLIGENCE DIVISION, FEDERAL BUREAU OF INVESTIGATION
Mr. Priestap. Good morning. Chairman Burr, Vice Chairman
Warner, and members of the Committee: Thank you for the
opportunity to appear before you today. My statement for the
record has been submitted. And so, rather than restating it,
I'd like to step back and provide you a description of the
broader threat as I see it.
My understanding begins by asking one question: What does
Russia want? As you well know, during the Cold War the Soviet
Union was one of the world's two great powers. However, in the
early 1990's it collapsed and lost power, stature, and much
territory. In a 2005 speech, Vladimir Putin referred to this as
a major catastrophe. The Soviet Union's collapse left the U.S.
as the sole superpower.
Since then, Russia has substantially rebuilt, but it hasn't
been able to fully regain its former status or its former
territory. The U.S. is too strong and has too many alliances
for Russia to want a military conflict with us. Therefore,
hoping to regain its prior stature, Russia has decided to try
to weaken us and our allies.
One of the ways Russia has sought to do this is by
influence, rather than brute force. Some people refer to
Russia's activity in this regard as information warfare,
because it is information that Russia uses as a weapon.
In regards to our most recent Presidential election, Russia
used information to try to undermine the legitimacy of our
election process. Russia sought to do this in a simple manner.
They collected information via computer intrusions and via
their intelligence officers and they selectively disseminated
e-mails they hoped would disparage certain political figures
and shed unflattering light on political processes.
They also pushed fake news and propaganda, and they used
online amplifiers to spread the information to as many people
as possible. One of their primary goals was to sow discord and
undermine a key democratic principle, free and fair elections.
In summary, I greatly appreciate the opportunity to be here
today to discuss Russia's election influence efforts. But I
hope the American people will keep in mind that Russia's
overall aim is to restore its relative power and prestige by
eroding democratic values. In other words, its election-related
activity wasn't a one-time event. Russia will continue to pose
an influence threat. I look forward to your questions. Thank
you.
[The prepared statement of Mr. Priestap follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Burr. Thank you very much to all of our witnesses.
For members, we will proceed by seniority for recognition
for up to five minutes, and the Chairman will tell you when you
have used all your time if you proceed that far. The Chair
would recognize himself for five minutes.
Yes or no, to all three of you. Most important question: Do
you have any evidence that the votes themselves were changed in
any way in the 2016 Presidential election?
Dr. Liles.
Dr. Liles. No, sir. There was no detected change in the
vote.
Chairman Burr. Ms. Manfra.
Ms. Manfra. No, sir.
Chairman Burr. Mr. Priestap.
Mr. Priestap. No, sir.
Chairman Burr. Bill, to you. This adversary is determined.
They're aggressive and they're getting more sophisticated by
the day. The diversity of our election system is a strength,
but the intrusions into State systems also show that Moscow is
willing to put considerable resources towards an unclear
result.
In 2016, we saw voter data stolen. How could Moscow
potentially use that data?
Mr. Priestap. They could use the data in a variety of ways.
Unfortunately, in this setting I can't go into all of them.
First of all, I think they took the data to understand what it
consisted of, what's there, so that they can in effect better
understand and plan accordingly.
And when I say ``plan accordingly,'' plan accordingly in
regards to possibly impacting future elections and/or targeting
of particular individuals, but also by knowing what's there and
studying it they can determine if it's it something they can
manipulate or not, possibly, going forward. And there's a
couple of other things that wouldn't be appropriate in this
setting as well.
Chairman Burr. To any of you: You've heard the Vice
Chairman talk about his frustration about publicly talking
about how many states. Can you tell the American people why you
can't disclose which states and the numbers?
I'll turn to Ms. Manfra first.
Ms. Manfra. Thank you for the question, sir. There are--
through the long history that the Department has in working
with the private sector and State and local on critical
infrastructure and cybersecurity issues, we believe it is
important to protect the confidentiality that we have and the
trust that we have with that community. So when the entity is a
victim of a cyber incident, we believe very strongly in
protecting the information around that victim.
That being said, what we can do is take the technical
information that we learn from the engagement with that victim
and anonymize it so it is not identified as to what that entity
or individual is. We can take all the technical information and
turn that around and share that broadly with whether it's the
affected sector or broadly across the entire country. And we
have multiple mechanisms for sharing that.
But we believe that this has been a very important key to
our success in developing trusted relationships across all of
these 16 critical infrastructure sectors.
Chairman Burr. Are we prepared today to say publicly how
many states were targeted?
Ms. Manfra. We, as of right now, we have evidence of 21
states, election-related systems in 21 states that were
targeted.
Chairman Burr. But in no case were actual vote tallies
altered in any way, shape, or form?
Ms. Manfra. That is correct.
Chairman Burr. How did the French respond to the Russian
involvement in the French elections a month ago? Is that
something we followed, the Bureau? Bill?
Mr. Priestap. Sir, From the Bureau's standpoint, it's
something we followed from afar. We did have engagement with
French officials, but I'm just not at liberty to go into what
those consisted of.
Chairman Burr. Okay. We've talked about last year, Russia's
intent, their target. Let's talk about next year. Let's talk
about the 2017 elections in Virginia. Let's talk about the 2018
elections, Congressional and gubernatorial elections. What are
we doing to prepare ourselves this November and next November?
Ms. Manfra.
Ms. Manfra. Yes, sir. As we noted, we are taking this
threat very seriously, and part of that is identifying this
community as a critical infrastructure subsector. That's
allowed us to prioritize and formalize the engagement with
them.
Similar to the 2016 elections, we are identifying
additional resources, prioritizing our engagement with them
through information-sharing products, identifying, in
partnership again with the State and local community, those
communication protocols--how do we ensure that we can
declassify information quickly should we need to and get it to
the individuals that need it.
We also have committed to working with State and local
officials on incident response playbooks. So how do they
understand where to engage with us, where do we engage with
them, and how do we--are we able to bring the entire resources
of the Federal Government to bear in helping the State and
local officials secure their election systems?
Chairman Burr. Great.
Vice Chairman.
Vice Chairman Warner. Thank you for the answer at 21. 21
states is almost half the country. We've seen reports that were
even higher. I concur with the Chairman that the vote totals
were not changed. But can you explain to me how we're made
safer by keeping the identity of 19 of those states secret from
the public, since Arizona and Illinois have acknowledged they
were attacked?
Dr. Liles. Well, sir, I'd bring it back to the earlier
points you made about the future elections. One of the key
pieces for us within I&A is our ability to work with our
partners because of how our collection mechanisms work. It's
built on a high level of trust----
Vice Chairman Warner. If this was water systems or power
systems, would the public be safer by not knowing that their
water system or power system in their respective State was
attacked?
Ms. Manfra. Sir, I can--for other sectors we apply the same
principles. When we do have a victim of an incident in the
electric sector or the water sector, we do keep the name of
that entity confidential. Some of these sectors do have breach
reporting requirements that requires the victims----
Vice Chairman Warner. Are all 21 of the states that were
attacked, are they aware they were attacked?
Ms. Manfra. All of the system owners within those states
are aware of the targeting, yes, sir.
Vice Chairman Warner. At the State level, you could have
local registrars and other local officials that there may have
been an attempt to penetrate at the State level and you may
have local registrars in the respective states that would not
even know that their State had been the subject of Russian
activities?
Ms. Manfra. We are currently working with State election
officials to ensure communication between the local and the
State officials.
Vice Chairman Warner. But at this moment in time, there may
be a number of State and local election officials that don't
know their states were targeted in 2016, is that right?
Ms. Manfra. The owners of the systems that were targeted do
know that they were targeted----
Vice Chairman Warner. The owners may know, but because we
have a decentralized system many local elective--I just----
Ms. Manfra. I cannot----
Vice Chairman Warner [continuing]. Fundamentally disagree.
I understand the notion of victimization.
Ms. Manfra. Yes, sir.
Vice Chairman Warner. But I do not believe our country is
made safer by holding this information back from the American
public. I have no interest in trying to embarrass any State,
but if this--because we've seen this for too long in cyber,
we've seen it in the financial industry, and others, where
people simply try to sweep this under the rug and assume
they'll go along their way.
When we're talking about--I go back to Dr. Liles' initial
comments. We had no idea--we had no ability to predict this
beforehand. We had 21 states that were tapped. We've got two
that have come forward. While no election results were changed,
we do know there were a number of states--perhaps you'll answer
this: How many states did the Russians actually exfiltrate
data, such as voter registration lists?
Ms. Manfra. I'd prefer not to go into those details in this
forum, sir. I can tell you that we're tracking 21 states that
were targeted----
Vice Chairman Warner. Do the states who had their data
exfiltrated by the Russians--are they aware of that?
Ms. Manfra. Yes, sir.
Vice Chairman Warner. And is there any coordinated response
on how we're going to prevent this going forward?
Ms. Manfra. Yes, sir.
Vice Chairman Warner. How do we make sure, if states are
not willing to acknowledge that they had vulnerabilities, that
they were subject to attack--again, we're in a brave new world
here, and I understand your position. I'm not trying to--I'm
very frustrated, but I'm not--I get this notion.
But I think we need a re-examination of this policy. You
know, the designation by former Secretary Johnson as critical
infrastructure, what does that change in terms of how our
operations are going forward? By that designation in January, I
appreciated it, but what does that really mean in practical
terms, in terms of assistance or information sharing?
Ms. Manfra. What it means, it means three things, sir. The
first is a statement that we do recognize that these systems
are critical to the functioning of American life, and so that
is an important statement.
The second is that it formalizes and sustains the
Department's prioritization of engagement with this community.
And the last is, it provides a particular protection for
sharing of information, in particular with vendors within the
election community, that allows us to have conversations to
discuss vulnerabilities with potential systems, that we would
not have to disclose.
Vice Chairman Warner. I talked to Secretary Kelly last
week, and I hope you'll take this, at least this Senator's
message, back to him. I would like us to get more information.
What I have heard today is that, there were 21 states. I
appreciate that information, but within those 21 states I have
no guarantee that local election officials are aware that their
State system may have been attacked, number one.
Number two, we don't know how many states actually had
exfiltration. And the final question is, have you seen any
stoppage of the Russian activities after the election? Or are
they continuing to ping and try to feel out our various
election systems?
Ms. Manfra. On the first two questions, sir, we will be
happy to get back to you. I spoke to the Secretary this morning
and look forward to responding to your letter. On the third
question, I'll defer to the FBI.
Mr. Priestap. Vice Chairman, I just can't comment on our
pending investigations related to the cyber----
Vice Chairman Warner. You can't say whether the--so, should
the public take away a sense of confidence that the Russians
have completely stopped, as of November of 2016, trying to
interfere or tap into our electoral systems? Is that what
you're saying?
Mr. Priestap. That's not what I'm saying, sir. I believe
the Russians will absolutely continue to try to conduct
influence operations in the U.S., which will include cyber
intrusions.
Vice Chairman Warner. Thank you, Mr. Chairman.
Chairman Burr. Thank you, Vice Chairman.
To DHS and to the Bureau, a quick question; and if you
can't answer it, please go back and get us an answer. Would
your agency be opposed to the Chair and Vice Chair sending a
letter to the 19 states that have not been publicly disclosed,
a classified letter, asking them if they would consider
publicly disclosing that they were a target of the last
election?
Mr. Priestap. Sir, I'd be happy to take that question back
to my organization, but I would just add that the role your
Committee is playing in regards to highlighting the Russians'
aims and activities I think is critically important for this
country.
The Bureau is just trying to balance what, we'll call it
the messaging end of that, with doing things that hopefully
don't impact what we can learn through our investigations. I
know it's a fine balance, but the bottom line is you play a key
role in raising awareness of that, and I thank you.
Chairman Burr. Fair concern, and if both of you would just
go back and get back with us, we'll proceed from there.
Senator Risch.
Senator Risch. Thank you much.
So that the American people can have solid confidence in
what you've done, and thank you for what you've done, could you
give the American people an idea--if you feel the numbers are
classified and that sort of thing, you don't have to go into
it--but the number of people that were involved on DHS and the
FBI in this investigation? Can you give us a general idea about
that? Whichever one of you want to take that question. Ms.
Manfra.
Ms. Manfra. From a DHS perspective, we did amass quite a
few resources both from our intelligence and analysis and our
operations analysis. To put a number on it is somewhat
challenging but, you know----
Senator Risch. Would you say it was substantial?
Ms. Manfra. It was a substantial level of effort, yes, sir.
Senator Risch. You're confident that you got where you
wanted to go when you set out to make this investigation?
Ms. Manfra. Yes, sir. One of our key priorities was
developing relationships with that community and getting
information out, whether it was to the specific victims or
broader indicators that we could share. We accomplished that.
We held multiple sessions. We sent over 800 indicators to the
community, and so we do believe that we accomplished that. We
don't want to let that down at all. We want to continue that
level of effort and we intend to continue it.
Senator Risch. And I'm focusing on not what you did after
you got the information, but how you got the information.
You're confident you got what you needed to appropriately
advise everyone on this, what was going on?
Ms. Manfra. Yes, sir. Yes, we did.
Senator Risch. Mr. Priestap.
Mr. Priestap. The FBI considered this a very grave threat
and so we dedicated substantial resources to this effort as
well.
Senator Risch. Okay. Thank you.
To both of you, both agencies again: Everyone in this
Committee knows the specificity and identity of the Russian
agencies involved. Are you comfortable in identifying them here
today, or do you feel--still feel that's classified?
Mr. Priestap. Yeah. Other than what was mentioned in the
unclassified version of the intelligence community assessment,
I'd rather not go into any of those details.
Senator Risch. Were there any of those agencies identified,
any of the Russian intelligence agencies, identified in that?
Mr. Priestap. It's my understanding that GRU was
identified.
Senator Risch. Homeland Security, same answer?
Dr. Liles. Yes, sir.
Senator Risch. Okay. Thank you much.
Let me ask this question. And I come at this from a little
different perspective, and I think the American people have the
right to know this. From all the work that either of your
agencies did, all the people involved, all the digging you did
through what the Russians had done and their attempts, did you
find any evidence, direct or circumstantial, to any degree,
down to a scintilla of evidence, that any U.S. person colluded
with, assisted, or communicated with the Russians in their
efforts?
Mr. Priestap.
Mr. Priestap. I'm sorry, I just can't comment on that
today. That falls under the Special Counsel's purview and I
have to defer to him.
Senator Risch. Are you aware of any such evidence?
Mr. Priestap. And I'm sorry, sir, I just can't comment on
that.
Senator Risch. Ms. Manfra.
Ms. Manfra. Sorry, sir. I cannot also comment on that.
Senator Risch. Thank you.
Thank you, Mr. Chairman.
Chairman Burr. Senator Feinstein.
Senator Feinstein. Thanks very much, Mr. Chairman.
Candidly, I'm very disappointed by the testimony. I mean,
we have learned a great deal and the public has learned a great
deal. And it seems to me we have to deal with what we've
learned.
Mr. Priestap, is that correct? You have said, and I think
quite pointedly, that Russia has decided to weaken us through
covert influence rather than brute force. And I think that's a
correct assessment, and I thank you for having the courage to
make it.
Here's a question. To the best of the FBI's knowledge, have
they conducted covert influence in prior election campaigns in
the United States? If so, when, what and how?
Mr. Priestap. Yes, absolutely they've conducted influence
operations in the past. What made this one different in many
regards was of course the degree and then with what you can do
through electronic systems today.
When they did it in the past, it was doing things like
trying to put in biased or half-true stories, getting stories
like that into the press or pamphlets that people would read,
so on and so forth. The Internet has allowed Russia to do so
much more today than they've ever been able to do in the past.
Senator Feinstein. So you're saying prior campaigns were
essentially developed to influence one campaign above another,
to denigrate a candidate if she was elected and to support
another candidate subtly?
Mr. Priestap. Yeah, I'm saying that Russia, for years, has
conducted influence operations targeting our elections, yes.
Senator Feinstein. Equal to this one?
Mr. Priestap. Not equal to this one. No, ma'am.
Senator Feinstein. Okay, here we go. What made this one
different?
Mr. Priestap. Again, I think the scale, the scale and the
aggressiveness of the effort, in my opinion, made this one
different. And again, it's because of the electronic
infrastructure, the Internet, what have you, today that allowed
Russia to do things that in the past they weren't able to do.
Senator Feinstein. Would you say that this effort was
tailored to achieve certain goals?
Mr. Priestap. Absolutely.
Senator Feinstein. And what would those goals have been?
Mr. Priestap. I think the primary goal in my mind was to
sow discord and to try to delegitimize our free and fair
election process. I also think another of their goals, which
the entire United States intelligence community stands behind,
was to denigrate Secretary Clinton and to try to help then--
current President, Trump.
Senator Feinstein. Have they done this in prior elections
in which they've been involved?
Mr. Priestap. Have they----
Senator Feinstein. Denigrated a specific candidate and-or
tried to help another candidate?
Mr. Priestap. Yes, ma'am, they have.
Senator Feinstein. And which elections were those?
Mr. Priestap. Oh--I'm sorry. I know there--I'm sorry, I
can't think of an example off the top of my head, but even
though--all the way through the Cold War, up to our most recent
election, in my opinion, they have tried to influence all of
our elections since then, and this is a common practice.
Senator Feinstein. Have they ever targeted what is admitted
here today to be 21 states?
Mr. Priestap. If they have, I am not aware of that. That's
a--that scale is different than what I'm aware of what they
tried to do in the past. So again, the scale and aggressiveness
here separates this from their previous activity.
Senator Feinstein. Has the FBI looked at how those states
were targeted?
Mr. Priestap. Absolutely, ma'am.
Senator Feinstein. And what is your finding?
Mr. Priestap. We have a number of investigations open in
regards to that. In this setting, because they're all still
pending investigations, I'd rather not go into those details.
The other thing I'd ask you to keep in mind is that we
continue to learn things. So, there was some activity we were
looking at prior to the election. It's not like when the
election was finished our investigation stopped. So as we learn
more, we share more.
Senator Feinstein. Do you know if it's the intent of the
FBI to make this information public at some point?
Mr. Priestap. I think this gets back to an issue the Vice
Chairman raised, and I guess I want to be clear on my position
on it. I think it is critically important to raise awareness
about Russia's aims to undermine our democracy, and then their
tradecraft and how they do it.
My organization--part of understanding that tradecraft is
conducting our investigations where we learn more and more
about tradecraft. So we try to balance, what do we need to
provide to partners so they can best protect themselves versus
not interrupting our investigations if the information were to
be made public.
Senator Feinstein. Thank you very much.
Mr. Priestap. A balancing act.
Senator Feinstein. My time is up. Thank you
Chairman Burr. Thank you, Senator Feinstein.
The Vice Chairman and I have already decided that we're
going to invite the Bureau in for a classified briefing to
update all members on the open investigations and any that we
see that might warrant, on their minds, an opening of a new
investigation.
In addition, let me remind members that one of the mandates
of our investigation is that we will, at the end of this, work
with the Bureau and other appropriate agencies to make a public
report in as great a public detail as we can our findings on
Russia's involvement in our election.
So, it is the intent of the Chair, at least, to make sure
that as much as we can declassify, it's done and the public
gets a true understanding when we put out a final report.
Senator Rubio.
Senator Rubio. Thank you, Mr. Chairman. And that's
critically important. I think the most important thing we're
going to do in this report is tell the American people how this
happened, so we're prepared for the next time. And it begins, I
think, by outlining what their goals were, what they tried to
do, in this regard.
And we know what they tried to do, because they've done it
in other countries around the world for an extensive period of
time. The first is, undermine the credibility of the electoral
process; to be able to say, that's not a real democracy. It's
filled with all kinds of problems.
The second is to undermine the credibility of our leaders,
including the person who may win. They want that person to go
into office hobbled by scandal and all sorts of questions about
them. And the third, ideally, in their minds, I imagine, is to
be able to control the outcome in some specific instances. If
they think they could, either through public messaging, or even
in a worst case scenario by actually being able to manipulate
the vote--which I know has now been repeatedly testified did
not happen here.
And, by the way, these are not mutually exclusive. You can
do all three, you can only take one. They all work in
conjunction. I think you can argue that they have achieved
quite a bit, if you think about the amount of time that we have
been consumed in this country on this important topic and the
political fissures that it's developed.
And the way I always kind of point to it--and if anyone
disagrees I want you to tell me this--but, you know, we have
something in American politics. It's legitimate; both sides do
it. It's called opposition research. You find out about your
opponent. Hopefully it's embarrassing or disqualifying
information if you're the opposition research person. You
package it. You leak it to a media outlet. They report it. You
run ads on it.
Now, imagine being able to do that with the power of a
nation state, illegally acquiring things like e-mails and being
able to weaponize it by leaking, leaking it to somebody who
will post that and create all sorts of noise. I think that's
certainly one of the capabilities.
The other is just straight-out misinformation, right? The
ability to find a site that looks like a real news place, have
them run a story that isn't true, have your trolls begin to
click on that story. It rises on Facebook as a trending topic.
People start to read it. By the time they figure out it isn't
true, a lot of people think it is.
I remember seeing one in early fall that President Obama
had outlawed the Pledge of Allegiance, and I had people texting
me about it. And I knew that wasn't true, but my point is that
we have people texting about it, asking if it was. It just
tells you--and I don't know if that was part of that effort, or
it was just somebody with too much time on their hands.
And then the third, of course, is the access to our voting
systems, and obviously people talk about affecting the tallies.
But just think about this. Even the news that a hacker from a
foreign government could have potentially gotten into the
computer system is enough to create the specter of a losing
candidate arguing, the election was rigged, the election was
rigged.
And because most Americans, including myself, don't fully
understand all the technology that's around voting systems per
se, you give that ``election is rigged'' kind of narrative to a
troll and a fake news site, and that stuff starts to spread.
And before you know it, you have the specter of a political
leader in America being sworn in under the cloud of whether or
not the election was stolen because vote tallies were actually
changed.
So I don't know why they were probing these different
systems, because obviously a lot of the information they were
looking at was publicly available. You can buy it, voter rolls.
Campaigns do it all the time. But I would speculate that one of
the reasons potentially is because they wanted these stories to
be out there, that someone had pinged into these systems,
creating a specter of being able to argue at some point that
the election was invalid because hackers had touched election
systems in key states.
And that is why I really, truly believe, Mr. Chairman, it
is so important that, to the extent possible, that part of it,
the systems part, as much of it be available to the public as
possible, because the only way to combat misinformation is with
truth and with facts, and explain to people, and I know some of
it is proprietary. I know some of it we were trying to protect
methods and so forth, but it is really critical that people
have confidence that when they go vote that vote is going to
count and someone's not going to come in electronically and
change it.
And I think they're--I just really hope we err on the side
of disclosure about our systems so that people have full
confidence when they go vote. Because I can tell you, I was on
the ballot in November, and I remember people asking me
repeatedly, is my vote going to count? I was almost afraid
people wouldn't vote because they thought their vote wouldn't
count. So I just hope as we move forward--I know that's not
your decision to make in terms of declassifications and the
like, but it is really, really, really important that Americans
understand how our voting systems work, what happened, what
didn't and that we be able to communicate that in real-time in
the midst of an election, so that if in 2018 these reports
start to emerge about our voting systems being pinged again,
people aren't--we can put out enough information in October and
early November so people don't have doubts.
And I know that's not your decisions to make, but I just
really hope that's part of what we push on here, because I
think it's critical for our future.
Chairman Burr. Senator Wyden.
Senator Wyden. Thank you, Mr. Chairman.
Let me say to the three of you, and I say it respectfully,
that on the big issue, which is which states were affected by
Russian hacking in 2016, the American people don't seem to be
getting more information than what they already had before they
showed up. We want to be sensitive to security concerns, but
that question has to be answered sooner rather than later. I
want to send that message in the strongest possible way.
We obviously need to know about vulnerabilities so that we
can find solutions, and we need better cybersecurity to protect
elections from being hacked in the first place. And that means
solutions like Oregon's vote-by-mail system, that has a strong
paper trail, air-gapped computers, and enough time to fix the
problems if they pop up.
But now to my question. You all mentioned the January
intelligence assessment, saying that the types of systems we
observed Russian actors targeting or compromising are not
involved in vote tallying. Your prepared testimony today makes
another point that I think that is important. You say it is
likely that cyber-manipulation of U.S. election systems
intended to change the outcome of a national election would be
detected. So that is different than what we have heard thus
far.
So I have two questions for you, Ms. Manfra, and you, Dr.
Liles: What level of confidence does the Department have in its
assessment that 2016 vote tallying was not targeted or
compromised? And second, does that assessment apply to State
and local elections?
Dr. Liles. Thank you, sir, for the question.
So, the level of effort and scale required to change the
outcome of a national election would make it nearly impossible
to avoid detection. This assessment is based on the diversity
of systems, the need for physical access to compromise voting
machines themselves, the security of pre-election testing
employed by the State and local officials. There's a level, a
number of standards and security protocols that are put in
place. In addition, the vast majority of localities engage in
logic and accuracy testing, which work to ensure voting
machines are operating and tabulating as expected.
Before, during, and after the election, there has been an
immense amount of media attention applied to this, which also
brings in the idea of people actually watching and making sure
that the election results represent what they see. And plus
there's just the statistical anomalies that would be detected,
so we have a very high confidence in our assessments.
Senator Wyden. What about State and local elections? Do you
have the same level of confidence?
Dr. Liles. So, from the standpoint of a nation-state actor
operating against a State and local election system, we would
have the same--for an Internet-connected system, we would have
the same level of confidence.
Senator Wyden. Ms. Manfra.
Ms. Manfra. Yes, sir. And I think this also gets to Senator
Rubio's point about the difficulty in the general public
understanding the variety of systems that are used in our
election process.
So we broke our level of engagement and concern down to a
couple of different areas. The voter registration systems,
which are often, usually connected to the Internet. We also
were looking at the voting machines themselves, which by best
practice and by the voluntary voting standards and guidelines
that the Department of Commerce works with the Election
Assistance Commission on, is, by best practice--those are not
connected to the Internet.
Senator Wyden. So can Homeland Security assure the public
that the Department would be able to detect an attempted attack
on vote tallying?
Ms. Manfra. What I would suggest, sir, is that the ability,
as has been demonstrated by security researchers, to access
remotely a voting machine to manipulate that vote and then to
be able to scale that across multiple different voting machines
made by different vendors, would be virtually impossible to
occur in an undetected way within our current election system.
Senator Wyden. Has the Department conducted any kind of
post-election forensics on the voting machines that were used
in 2016?
Ms. Manfra. We are currently engaged with many vendors of
those systems to look into conducting some joint forensics with
them. The vendor community is very interested in engaging with
us. We have not conducted----
Senator Wyden. So there's no--there's been no analysis yet?
Ms. Manfra. We have not--our Department has not conducted
forensics on specific voting machines.
Senator Wyden. Do you believe it's important to do that in
terms of being able to reassure Americans that there was no
attack on vote tallying?
Ms. Manfra. Sir, I would say that we do currently have
voluntary standards in place that vendors are enabled--and in
approximately 35 states, actually require, some level of
certification of those voting machines that they are complying
with those standards. We would absolutely be interested in
working with vendors to conduct that level of analysis.
Senator Wyden. Let me ask one last question. Obviously, the
integrity of elections depends on a lot of people: State and
local election officers, equipment vendors, third party
contractors. Are you all, at Homeland Security and the FBI,
confident that the Federal Government has now identified all of
the potential government and private sector targets?
Ms. Manfra. Yes, sir. I'm confident that we've identified
the potential targets.
Senator Wyden. Okay.
Thank you, Mr. Chairman.
Chairman Burr. Senator Collins.
Senator Collins. Mr. Priestap, let me start by saying that
it's a great pleasure to see you here again. I remember back in
2003, you were detailed to the Homeland Security Committee when
I was the Chairman and how helpful you were in our drafting of
the Intelligence Reform and Terrorism Prevention Act. So thank
you for your continued public service.
You testified this morning and answered the question of,
what does Russia want? And you said that the Russians want to
undermine the legitimacy of our elections and sow the seeds of
doubt among the American public.
Despite the exposure and the publicity given to the
Russian's efforts in this regard, do you have any doubt at all
that the Russians will continue their activities in subsequent
elections?
Mr. Priestap. I have no doubt. I just can't--I just don't
know the scale and aggressiveness, whether they'll repeat that,
if it'll be less or if it'll be more. But I have no doubt they
will continue.
Senator Collins. Is there any evidence that the Russians
have implanted malware or backdoors or other computer
techniques to allow them easier access next time to our
election systems?
Mr. Priestap. I'm sorry, Senator. I just can't comment on
that because of our pending investigations.
Senator Collins. Secretary Manfra, the secretaries of state
who are responsible for the election systems have a pretty
blistering attack on the Department of Homeland Security in the
testimony that will be given later this morning. And I want to
read you part of that and have you respond. They say: ``Yet,
nearly six months after the designation''--and they mean the
designation of election systems as critical infrastructure--
``and in spite of comments by DHS that they are rushing to
establish election protections, no secretary of state is
currently authorized to receive classified threat information
that would help them to protect their election systems.'' Why
not?
Ms. Manfra. Thank you, ma'am, for that question. I would
note that this community, the secretaries of state, and for
those states where they have a State election director, is not
one that the department has historically engaged with. And what
we have done in the process of building the trust and learning
about how they do their work and how we can assist, we have
identified the need to provide clearances to that community.
And so we have committed to them to work through that process
between our Department and the FBI.
Senator Collins. Let me ask you about your own agency,
which is the agency that focuses on critical infrastructure,
including our election systems. Now, NPPD is not an official
element of the intelligence community that would have routine
access to especially sensitive classified information. So how
do you know with any certainty whether you and others in the
agency are read into all the relevant classified information
that may exist regarding foreign threats to our critical
infrastructure, including our election systems?
Ms. Manfra. Yes, ma'am. I would say, despite the fact that
we're not a part of the intelligence community and our focus is
on network defense and operations, in partnership with the
critical infrastructure and the Federal Government, we feel
very confident that with the partnership with our own
Intelligence and Analysis Division, that serves as an advocate
for us within the intelligence community, as well as our direct
relationships with many of those individuals in organizations
such as the FBI, NSA, and others, that we receive information
quickly; And when we ask to declassify that, they are
responsive. And we work through our partners at the
Intelligence and Analysis Office to ensure that that happens
quickly.
So is there room for improvement? Absolutely, of course.
But we have the full commitment of the intelligence community
to support us and get us the information that we need and our
stakeholders need.
Senator Collins. And, finally, how many states have
implemented all the best practices recommended in the document
developed by DHS regarding the protection of election systems?
Ms. Manfra. Ma'am, I'd have to get back to you on a
specific number of states. I don't have that.
Senator Collins. Do you think most states have?
Ms. Manfra. In our informal engagement, many of them noted
that they had already adopted some of these and to the extent
that they weren't they were incorporating them.
Senator Collins. I would ask for a response for the record.
Ms. Manfra. Yes, ma'am.
Senator Collins. That's a really important point.
Chairman Burr. Senator Heinrich.
Senator Heinrich. Mr. Priestap, I want to thank you for
just how seriously you've taken this and how you've answered
the questions this morning in your testimony. I think you hit
the nail on the head when you said we need to step back and ask
the fundamental question, what do the Russians want?
And by outlining that they want to undermine legitimacy in
our system, that they want to sow discord, that they want to
undermine our free and fair elections, we really have a better
lens with which to understand the specifics of what happened in
2016. In your view, were the Russians successful at reaching
their goals in their activities in our 2016 elections?
Mr. Priestap. I don't know for certain whether the Russians
would consider themselves successful. In many ways, they might
argue that, because of the time and energy we're spending on
this topic, maybe it's distracting us from other things. But on
the other hand, exactly what this Committee is doing as far as
raising awareness of their activities, their aims, for the
American people, to me they've done us--in my opinion, they've
done the American public a service in that regard. And so, I
guess I don't know, but could argue either way.
Senator Heinrich. Yes. I think the jury's certainly out for
the future, but when you look at the amount of discord that was
sown and the impact on 2016, I hope that the outcome of what
we're doing here is to make sure that in 2018, and in 2020, and
2022, that by no metric will they have been successful.
Mr. Priestap, you stated, very correctly, that one of their
primary goals was to delegitimize our democracy. Are are you
familiar with the term ``unwitting agent''?
Mr. Priestap. Yes, I am.
Senator Heinrich. Can you kind of summarize what that is
for us?
Mr. Priestap. In an intelligence context, it would be where
an intelligence service is trying to advance certain aims and
they reach out to a variety of people, some of which they might
try to convince to do certain things; and the people, person or
persons they contact might actually carry those out, but for
different reasons than the intelligence service that actually
wanted them to carry them out. In other words, they do it
unwittingly.
Senator Heinrich. By effectively reinforcing the Russian
narrative and publicly saying that our system is rigged, did
then-candidate Trump, now President Trump, become what
intelligence officials call an unwitting agent?
Mr. Priestap. I can't give you a comment on that.
Senator Heinrich. I don't blame you for not answering that
question.
[Laughter.]
We've got about a minute 46 left. Can you talk about the
relationship between the election penetration that we saw and
the coincident Russian use of what Senator Rubio very aptly
described of trolls, of bots, of social media, all designed to
manipulate the American media cycle, and how those two things
fit together?
Mr. Priestap. I'm sorry. To clarify, fit together the
intrusions with the----
Senator Heinrich. What's the relationship between what they
were doing in our elections from a technical point of view and
what they were seeking to do in our media cycle by using trolls
and bots and manipulation of the media cycles.
Mr. Priestap. I guess the best way I can describe it is
that this was a, my opinion, a well-planned, well-coordinated,
multi-faceted attack on our election process and democracy. And
while that might sound complicated, but it was actually really
straightforward. They want to collect intelligence from a
variety of sources, human and cyber means. They want to
evaluate that intelligence, and then they want to selectively--
they might selectively disseminate some of it. They might use
others for more strategic discussions.
But at the end of the day it's all about collecting
intelligence that would give them some type of advantage over
the United States and/or attempt to influence things, and then,
coordinated, well-coordinated, well-funded, diverse ways to
disseminate things to hopefully influence American opinion.
Senator Heinrich. This is a very sophisticated, highly
resourced effort.
Mr. Priestap. Absolutely.
Senator Heinrich. Thank you.
Chairman Burr. Senator Blunt.
Senator Blunt. Thank you. Thank you, Chairman.
Let's talk a little bit about once--let's start with a
comment that DHS made in its written comment which says it
assesses that the systems Russian actors targeted or
compromised were not involved in vote tallying. Now, is that
because the vote tallying systems are a whole lot harder to get
into than the voter registration systems?
Ms. Manfra. I can't make a statement as to why different
systems were targeted. What we can assess is that those vote
tallying systems, whether it was the machines at a kiosk that a
voter uses at the polling station or the systems that are used
to tally votes, were very difficult to access, and particularly
to access them remotely. And then, given the level of
observation for vote tallying at every level of the process,
that adds into, you know, that we would have identified issues
there, and there were no identified issues. So those two are--
--
Senator Blunt. Okay. I would think that if you could get
into the vote tallying system and you did want to impact the
outcome of an election, obviously the vote tallying system is
the place to do that. And I would also suggest that all of your
efforts, a lot of your efforts, should be to continue to do
whatever DHS thinks they need to advise--I don't think we
should centralize this system--to give advice to State and
local election officials to be sure that that vote tallying
system is protected at a level above other systems.
You know, the voter registration system is public
information. It is generally accessible in lots of ways. It's
not nearly as protected, for that reason. You have lots of
input from lots of sources into that system.
And I think, Ms. Manfra, you made the point that you said
that the best practice would be to not have the vote tallying
system connected in any unnecessary way to the Internet. Is
that right?
Ms. Manfra. Both the kiosks themselves and vote tallying
systems, to not connect them to the Internet and to also have,
ideally, paper auditing trails as well.
Senator Blunt. Well, I certainly agree with that. The paper
trail is significant and I think more prevalent as people are
looking at new systems. But also, I think any kind of third
party monitoring--the first two parties would be the voter and
the counting system--just creates another way into the system.
So my advice would be that DHS doesn't want to be in a
situation where somehow you're connected to all the voting
systems of the country.
And Mr. Liles, I think you said the diversity of our voting
system is a great strength of the system. Do you want to
comment on that any more?
Dr. Liles. Yes, sir. When we were setting it as part of our
red teaming activities, we looked at the diversity of the
voting system as actually a great strength and the fact that
there were not connected in any one kind of centralized way. So
we evaluated that as--when we were looking at the risk
assessment with OCIA, the Office of Cyber Intelligence
Analysis--Infrastructure Analysis, we looked at that as one of
the great strengths and our experts at the IC we worked with
also said the same thing.
Senator Blunt. Well, I would hope you'd continue to think
about that as one of the great strengths as you look at this
critical infrastructure, because every avenue for Federal
monitoring is also just one more avenue for somebody else to
figure out how to get into that system.
And again, the voter registration system, dramatically
different in what it does. All public information accessible,
printed out, given to people to use, though you are careful of
what information you give and what you don't. But almost all
election officials that have this system now have some way to
share that with the public as a system.
There is no reason to share the security of the vote
counting system with the public or to have it available or
accessible. And I would hope that the DHS, or nobody else,
decides that you're going to save this system by having more
avenues, more avenues into the system.
Ms. Manfra. Absolutely not, sir. We're fully supportive of
the voluntary standards process, and we are engaging with that
process with our experts, and we continue, again, with the
voluntary partnership with the State and local. And we intend
to continue that.
Senator Blunt. Thank you.
Thank you, Mr. Chairman.
Chairman Burr. Senator King.
Senator King. Thank you, Mr. Chairman.
Starting with a couple of short questions, Mr. Priestap.
Number one, you've stated this was a very grave threat, that
Russia--the attempts to probe and upset our local election
systems. Any doubt it was the Russians?
Mr. Priestap. No, sir.
Senator King. Any doubt that they'll be back?
Mr. Priestap. No, sir.
Senator King. To our DHS witnesses, have the 21 states that
you've mentioned, that we know where we had this happen, been
notified officially?
Ms. Manfra. Sir, the owners of the systems within those 21
states have been notified.
Senator King. How about the election officials in those
states?
Ms. Manfra. We are working to ensure that election
officials as well understand. I'll have to get back to you on
whether all 21 states----
Senator King. Have you had a conference of all State
election officials, secretaries of state, here in Washington on
this issue?
Ms. Manfra. I have had at least two teleconferences; and
in-person conferences, we will be engaging with them in July, I
believe.
Senator King. Well, I would urge you to put some urgency on
this. We've got another election coming in 18 months, and if
we're talking about systems and registration rolls, the time is
going by. So I believe this is, as we've already heard
characterized, is a very grave threat. It's going to be back
and shame on us if we're not prepared.
Ms. Manfra. Yes, sir. We have biweekly--every other week,
we hold a teleconference with all relevant election officials.
The national associations that represent those individuals have
nominated bipartisan individuals to engage with us on a regular
basis.
This is of the utmost urgency for the Department and this
government to ensure that we have better protections going
forward, and the community, the election community, is
similarly committed and has been so for years.
Senator King. And just to be clear, nobody's talking about
a Federal takeover of local election systems or Federal rules.
What we're talking about is technical assistance and
information and perhaps some funding at some point?
Ms. Manfra. Sir, this is similar to our engagement with all
critical infrastructure sectors, whether it's the electrical
sector, the nuclear sector, the financial sector, is completely
voluntary and it is about this Department providing information
both to potential victims, but to all network defenders, to
ensure that they have access to what we have access to and can
better defend themselves.
Senator King. Thank you.
Mr. Liles, I'll take issue with something that you said,
that we have a national election and it was just too large, too
diverse, to really crack. We don't have a national election.
What we have are 50 State elections. And each election in the
states can depend upon a certain number of counties. There are
probably 500 people within the sound of my voice who could tell
you which ten counties in the United States will determine the
next Presidential election.
And so you really--a sophisticated actor could hack a
Presidential election simply by focusing on particular
counties. Senator Rubio I'm sure remembers Dade County in the
year 2000 and the significance that had to determining who the
next President of the United States was.
So I don't think it works to just say, oh, it's a big
system and the diversity will protect us, because it really is
county by county, city by city, State by State, and a
sophisticated actor, which the Russians are, could easily
determine where to direct their attack. So I don't want to rely
on the diversity.
Second, a separate point is, what do we recommend? And
we've talked about paper backups. The Dutch just had an
election where they just decided to make it all paper and count
the ballots by hand, for this very reason. So what would you
tell my elections clerk in Brunswick, Maine, Ms. Manfra, would
be the top three things he or she should think about in
protecting themselves in this situation?
Ms. Manfra. Sir, I would say to, first, as previous
Senators mentioned, prioritize the security of your voting
machines and the vote tallying system, ensure that they are not
connected to the Internet, even if that is enabled on those
particular devices.
Second, ensure that you have an auditing process in place
where you can identify anomalies throughout the process,
educate polling workers to look for suspicious activity, for
example.
Senator King. But doesn't auditing mean a paper trail, a
paper backup?
Ms. Manfra. Yes, sir. I would recommend a paper backup.
Senator King. And one of the worrisome things, again, on
the issue of the national, we talk about how diverse it is, but
aren't we seeing a consolidation in terms of the vendors who
are producing these machines?
Ms. Manfra. Yes, sir. It is my understanding that we are
seeing some consolidation in the vendor community. Again, many
of them are committed and have engaged on the voluntary voting
standards and guidelines, which partly include security.
We will be updating those security guidelines in 2018. And
yes, while there is some concern about consolidation, we do
look forward to engaging with them, and as of now they are a
very engaged community.
Senator King. I think this aspect of this question that
this Committee is looking at is one of the most important, and
frankly one of the most daunting, because we pretty well
determined that they weren't successful in changing tallies and
changing votes, but they weren't doing what they did in at
least 21 states for fun. And they are going to be back, and
they're going to be back with knowledge and information that
they didn't have before.
So I commend you for your attention to this and certainly
hope that this is treated with the absolute utmost urgency.
Thank you, Mr. Chairman.
Chairman Burr. Senator Lankford.
Senator Lankford. Thank you, Mr. Chairman.
Thanks to all of you for being here as well today.
To Senator King just as a heads up, there are some states
that are like that. For 25 years the Oklahoma election system
has had a paper ballot and an optical scan and it's been a very
good back-up for us. We quickly count because of the optical
scan, but we're able to go back and verify because of paper.
This is such a big deal and it's such an ongoing
conversation that I'm actually in two simultaneous hearings
today I'm running back and forth with. In the Department of
Homeland Security and what we're dealing with State elections
and with State systems, is also happening in the HSGAC hearing
that I'm also at, including my own Oklahoma CIO that's there
testifying today on this same issue, how we are protecting
State systems, State elections and what's happening.
I brought this with me today. You all are probably--this
group is very, very familiar with this e-mail. This is the
famous e-mail that Billy Rinehart got from the DNC while he
happened to be on vacation. He was out in Hawaii enjoying some
quality time away from his work at the DNC, and he gets an e-
mail from Google, it appears, that says someone has used your
password, someone just tried to sign in to your Google account;
sent it to him and told him someone tried to do it from the
Ukraine; and recommended that he go in and change his password
immediately.
[The material referred to follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Senator Lankford. Which, as the New York Times reported, he
groggily at 4:00 a.m., when he saw that e-mail was frustrated
by it, went in, clicked on the link, changed his password and
went back to bed. But what he actually did was just gave the
Russian government access to the DNC, and then it took off from
there.
Multiple other staff members of the DNC got an e-mail that
looked just like this. Now, everyone who has a Google account,
will know that really looks like a Google account warning. It
looked like the real thing. When you hovered over the ``change
password,'' it showed a Google account connection where it was
going to, but it wasn't. It was going to the Russians.
About 91 percent, my understanding is, about 91 percent of
the hacks that come into different systems, start with a spear
phish attack that looks just like this.
So let's talk about, in practical terms, for our State
election folks and what happens in my State and other states.
First for you, Mr. Priestap. How does Russia identify a
potential target? Because this is not just a random e-mail that
came to him. This was targeted directly at him, to his address.
It looked very real, because they knew who he was and where he
works. So, how were the Russians that savvy to be able to track
this person and how does this work in the future for an
election system for a State?
Mr. Priestap. So I can't go into great detail in this
forum, but I'd say what intelligent services do, not just
Russia there, is they're looking for vulnerabilities. That
would begin in the cyber sense with computer vulnerabilities.
As far as targeting specific individuals, I don't know all
the facts surrounding that e-mail and all the e-mails that were
sent, but my guess is they didn't just send it to one person.
They sent it the email like that to a whole variety, just
hoping that one would click on it.
Senator Lankford. Right. But how are they getting that
information? Are they going to their website, for instance, and
gathering all the e-mails for it? I'm trying to figure out, are
they tracking individuals to get more information, so they get
something that looks like something they would click on?
Mr. Priestap. Yes. You hit on it, but a whole variety of
ways. They might get it through reviewing open source material,
either online or otherwise. But they also collect a lot of
information through human means as well.
Senator Lankford. So, Ms. Manfra, let me ask you this
question. When someone at any location clicks on a link like
this, what access to information do they get typically?
Ms. Manfra. Well, sir, it depends on the system itself. I
imagine that's probably a frustrating response. But given the--
and I think this is important for the public to understand. As
the threat evolves, they're going to continue as we educate the
public, don't click on certain things. Look at, you know, make
sure you know the sender, for instance, before you click on it,
and as our defense gets better the offense is going to look for
other means.
And so we look, you know, in this case, ideally, we want
people to look and see what is it that they're actually
clicking on before they click it. Some organizations choose to
say when an individual clicks on that link, they choose to not
allow that to go to that designation, because they know it's
suspicious or they have some mechanisms in place to put that
into a container and look at it. Other organizations don't take
those steps, and it really depends on your risk management and
the technical control that you put in place.
Senator Lankford. Let me ask you a quick question. Who has
primary responsibility for Federal election integrity? Which
agency is the prime mover in that? Obviously, states oversee
their own, but which Federal entity is working with the State
to say they're the prime person or the prime agency to do it?
Ms. Manfra. For election cybersecurity, our Department, in
coordination with the FBI and others, is leading the
partnership with State and locals.
Senator Lankford. Great. Thank you.
Chairman Burr. Senator Manchin.
Senator Manchin. Thank you, Mr. Chairman.
And thank all of you for your appearance here today and
your testimony. Being a former secretary of state of my great
State of West Virginia, and also being a former governor, my
utmost concern was voter fraud. Every time that we would have a
report of a fraud, I would see the election participation
decrease the next election cycle, thinking their vote didn't
count.
Is there any reason at all that any person that has the
knowledge that you all have, or anyone that you've--on our
Committee here, from the intelligence community, would give you
any doubt that Russia was involved, and Russia was very much
involved with the intent of doing harm to our election process,
as far as the confidence level that voters would have? Do any
of you have any concerns whatsoever, any doubts, that the
Russians were behind this and involved in a higher level than
ever? All three of you.
Mr. Priestap. No, no doubt from the FBI's end as far as
Russia's involvement.
Senator Manchin. And you've all interacted with all the
intelligence community, right?
Mr. Priestap. Yes, sir.
Ms. Manfra. Similar, sir. I have no doubt.
Mr. Liles. No, sir.
Senator Manchin. So nobody. There's not an American right
now that should have a reasonable doubt whatsoever that the
Russians were involved.
Were all 50 states notified on Russia's intentions and
activities during the 2016 election cycle? Had you all put an
alert out? So if I'd have been secretary of state in charge of
my elections in West Virginia, would you have notified me to be
on the lookout?
Ms. Manfra. Sir, I can discuss our products that we put out
and I'll defer to the FBI on what they put out. We did put out
products, not public products, but we did put out products,
primarily leveraging our Multi-State Information Sharing
Analysis Center, which has connections to all 50 states CIOs.
And we engaged with the Election Assistance Commission and
other national associations that represent those individuals to
ensure that we were able to reach--again, this was a community
that we had not historically engaged with, and so we relied on
those, and we did put out multiple products prior to the
election.
Senator Manchin. And you're really not sure if these
national associations, the secretaries of states, dispersed
that information, put everybody on high alert?
Ms. Manfra. I believe that they did, sir. We also held a
conference call where all 50 secretaries of state or an
election director if the secretary of state didn't have that
responsibility, in August, in September, and again in October,
both high-level engagement and network defense products.
Senator Manchin. And if I could ask this questions to
whoever, maybe Mr. Priestap. What was Russia's intention, and
do you think they were successful in what they desired to do,
even though they didn't alter--as you all have said, you can
see no alterations of the election results. Do you believe that
it had an effect in this election outcome of this 2016
election?
Mr. Priestap. As far as Russia's intention, again, the
broader being to undermine democracy and one of the ways they
sought to do this, of course, here was to undermine the
legitimacy of our free and fair election.
Senator Manchin. Do you believe they were successful in the
outcome?
Mr. Priestap. No, I--the FBI doesn't look at that as far as
did Russia achieve its aims in that regard.
Senator Manchin. Let me ask this question. Are there
counter-actions the U.S. can take to subvert or punish the
Russians for what they have done and their intention to
continue? And what's your opinion of the sanctions that we have
placed on Russia?
Mr. Priestap. As you know, the FBI doesn't do policy. I'm
here today to provide you an overview of the threat picture, at
least as I understand and see it. But obviously the U.S.
government did take action post-election in regards to making a
number of Russian officials----
Senator Manchin. Have you seen them subside at all any of
their activities since we have taken some actions?
Mr. Priestap. Subside? They have less people to carry out
their activities, so it's certainly had an impact on the number
of people.
Senator Manchin. And finally, with the few seconds I have
left, have we shared this with our allies, our European allies,
who are going through election processes, and have they seen
the same intervention in their election process that we have
seen from the Russians in ours?
Mr. Priestap. Sure. I can't speak for DHS, but the FBI is
sharing this information with our allies, absolutely.
Senator Manchin. How about DHS?
Ms. Manfra. We are also sharing information with our
allies.
Senator Manchin. Are they seeing a high--an overaggressive,
high activity, from the Russians that they haven't seen at this
level before, such as we did during the 2016 election?
Dr. Liles. Sir, there is media reporting that suggests
that. We don't have direct government-to-government
relationships from a DHS perspective. There is definitely media
reporting that they're seeing an increased activity.
Senator Manchin. Thank you.
Chairman Burr. Senator Cotton.
Senator Cotton. Thank you all for your appearance today.
Mr. Priestap, in response to Mr. Heinrich's question about
whether Donald Trump had become an unwitting agent of Russia
and their efforts to sow discord and discontent about our
elections, you said that you declined to answer, which is
understandable.
Let's look at this from a different perspective. Since her
election defeat, Hillary Clinton has blamed her loss on the
Russians, Vladimir Putin, the FBI, Jim Comey, fake news,
WikiLeaks, Twitter, Facebook, and, my personal favorite,
content farms in Macedonia. In her blaming her loss on these
actors, has Hillary Clinton become an unwitting agent of
Russians' goals in the United States?
Mr. Priestap. And I'm sorry, sir, but I'd rather not
comment. It's just something----
Senator Cotton. I understand. I just wanted to point out
that you can look at it from two different----
Mr. Priestap [continuing]. It's just something I haven't
given any thoughts to.
Senator Cotton. Let's turn to other matters, then. Would
you advise states and localities in the conduct of their
elections or, more broadly, in their government services not to
use or not to do business with Kaspersky Labs, companies that
do business with Kaspersky, or companies that use Kaspersky
products in their systems?
Mr. Priestap. Sir, I can't really comment on that in this
setting.
Senator Cotton. Miss Manfra, would you advise them not to
use Kaspersky products?
Ms. Manfra. I can also not comment on that in this forum,
sir.
Senator Cotton. I don't even have to ask, Dr. Liles. You're
reaching for your microphone.
Dr. Liles. Yes, sir. I can't comment either.
Senator Cotton. Okay. Senator Risch says he'll answer, but
I'll let him speak for himself at a later time.
Mr. Priestap, we've talked a lot about Russia's intent and
activities in our elections, but I think it's important that
the American people realize that it goes much farther than just
elections and the 2016 campaign, as well. Isn't it true that
Russian cyber actors have been probing U.S. critical
infrastructure for years?
Mr. Priestap. Yes, sir. I can't go into specifics, but they
probe a lot of things of critical importance to this country.
Senator Cotton. And as the head of counterintelligence, you
write in your statement, that quote, ``Russia's 2016
Presidential election influence effort was its boldest to date
in the United States,'' which implies there have been previous
efforts. You also say that the FBI had to strengthen the
intelligence community assessment because of our history
investigating Russia's intelligence operations within the
United States. Both of which suggest that this keeps you pretty
busy in your portfolio at counterintelligence, is that right?
Mr. Priestap. That's correct.
Senator Cotton. And this Russian intelligence threat is not
just a cyber threat, either. It also is a threat from
traditional human intelligence, or what a layman might call
spies, is that right?
Mr. Priestap. Yes, sir.
Senator Cotton. Do so-called diplomats who work down out of
the Russian embassy in Washington, D.C., have the requirement
to notify our State Department in advance if they plan to
travel more than 25 miles, and give that notification 48 hours
in advance?
Mr. Priestap. They do.
Senator Cotton. And the State Department's supposed to
notify the FBI in advance of those travel arrangements,
correct?
Mr. Priestap. Yes.
Senator Cotton. Is it true that the Russian nationals often
fail to give that notification at all, or they give it at, say,
4:55 on a Friday afternoon before a weekend trip?
Mr. Priestap. I'd prefer not to go into those details here,
but--I'll leave it at that.
Senator Cotton. Does it complicate you and your agents'
efforts to conduct your counterintelligence mission to have
Russian nationals wandering around the country more than 25
miles outside their duty assignment?
Mr. Priestap. Sure. If that were to happen, that would
absolutely complicate our efforts.
Senator Cotton. The Secretary of Defense recently indicated
at an Armed Services Committee hearing that Russia is in
violation of something called the Open Skies Treaty, a treaty
we have with Russia and other nations that allow us to overfly
their territory and take pictures and they do the same here. Do
we see so-called Russian diplomats traveling to places that are
in conjunction with Open Skies flights that Russia's conducting
in this country?
Mr. Priestap. I'm sorry, I just can't comment on that here.
Senator Cotton. Okay. Last summer, an American diplomat in
Moscow was brutally assaulted on the doorstep of our embassy in
Moscow. Did we take any steps to retaliate against Russia for
that assault in Moscow? Did we declare persona non grata any of
their so-called diplomats here in the United States?
Mr. Priestap. If I recall correctly, we didn't immediately
do anything in that regard.
Senator Cotton. Okay. This Committee passed unanimously in
Committee last year something that just passed as part of the
omnibus spending bill in April a provision that would require,
one, the State Department to notify the FBI of any requests for
Russian diplomats to travel more than 25 miles outside their
embassy and to report violations to you.
It further requires the State Department to report those
violations regularly to this Committee. What's the status of
that provision now that it's been in law for about two months?
Is the State Department cooperating more fully with you?
Mr. Priestap. I guess I'd rather not comment on that here.
We're still working through the implementation of that.
Senator Cotton. Well, I certainly hope they start.
Thank you.
Chairman Burr. Senator Harris.
Senator Harris. Thank you.
Ms. Manfra, you mentioned that you notified the owners. I'm
not clear on who the owners are. Are they the vendors?
Ms. Manfra. What I meant to clarify is in some case it may
not be the secretary of state or the state election director
who owns that particular system. So in some cases it could be a
locality or a vendor.
Senator Harris. So is there a policy of who should be
notified when you suspect that there's a threat?
Ms. Manfra. We are working through that policy with the
secretaries of state. That is one of the commitments that we
made to them, and election directors, in order to ensure that
they have appropriate information, while preserving the
confidentiality of the victim publicly.
Senator Harris. And can you tell us which states--in which
states you notified the vendor instead of notifying the
secretary of state?
Ms. Manfra. We keep the vendor information confidential as
well.
Senator Harris. Are there states that you notified where
you did not notify the person who was elected by the people of
that State to oversee elections?
Ms. Manfra. I don't believe that's the case, but I will get
back to you with a definitive answer.
Senator Harris. And how specific was the warning that you
sent? What exactly is it that you notified the states or the
vendors of?
Ms. Manfra. Depending on the scenario and the information
that we had--and more generally, what we do is when we get
classified information we look to declassify as much as
possible to enable----
Senator Harris. Let's talk about the election, yes.
Ms. Manfra. So for this particular one, what we took was
technical information that we had, that we believed was
suspicious, and that was emanating from Russia, and was
targeting their system. We asked them to look at their system.
We asked--and this was part of the broader dissemination as
well--we asked all states to look at their system, to identify
whether they had an intrusion or whether they blocked it. In
most cases, they blocked it.
Senator Harris. Do you have a copy with you of the
notification you sent to these various vendors or states?
Ms. Manfra. I do not, ma'am, but we can get back to you.
Senator Harris. Okay, and will you provide this Committee
with a copy of the notification you sent to those states or
vendors?
Ms. Manfra. Many of them were done in person, but what I
can show you is the technical information. That was also rolled
up in the information that we published in December, but I can
show you what we provided to the states and localities.
Senator Harris. And did you notify each of them the same
way? Or did you tailor the notification to each State?
Ms. Manfra. We tailor the notification. It's a process for
all victim or potential victim notifications, us and the FBI.
So sometimes it may be an FBI field agent that goes out there,
sometimes it may be a Department official that goes out there.
Senator Harris. Okay. So in your follow-up to the
Committee, please provide us with specifically who notified
each State, and then who in that State was notified, the vendor
or the State election official, and also what specifically they
were notified of.
In 2007, California worked with leading security
researchers--the secretary of state at the time was Deborah
Bowen--and they instituted some of the best practices, we
believe, for election security. And my understanding is that it
is considered a gold standard. So my question is, does DHS have
the technical capability and authority to coordinate a study
like that for all of the states?
Ms. Manfra. We do have the technical capability and
authority to conduct those sorts of studies, ma'am, yes.
Senator Harris. Have you pursued that as a viable option to
help the states do everything they can to secure their systems?
Ms. Manfra. That is one of the areas that we're
considering, yes, ma'am.
Senator Harris. So have you taken a look at that study that
was commissioned in California in 2007? And if not, I'd
encourage that you do.
Ms. Manfra. I have not personally, but I will read it,
ma'am.
Senator Harris. And I'm also concerned that the Federal
Government does not have all the information it needs in these
situations where there's been a breach. Is there any
requirement that a State notify the Federal Government when
they suspect there's been a breach?
Ms. Manfra. No, ma'am.
Senator Harris. And in terms of the American public and
voters in each of these states, can you tell me is there any
requirement that the State notify its residents when the State
suspects there may be a breach?
Ms. Manfra. I cannot comment. I know that multiple states
have different sunshine laws, etcetera, that apply to data
breaches within the State, so I couldn't make a general
statement about what their requirements are at the State level.
Senator Harris. And do any of you have any thoughts about
whether there should be such requirements, both in terms of
states reporting to the Federal Government and also states
reporting to their own residents and citizens about any
breaches of their election system?
Ms. Manfra. Required data breach reporting is a complicated
area. We prefer, and we've had a fair amount of success with,
voluntary reporting and partnerships, but we'd be happy to work
with your staff in further understanding how that might apply
here.
Senator Harris. Okay, I appreciate that. Any other thoughts
as we think about how we can improve notification and sharing
of information?
[No response.]
No. Okay, thank you.
Chairman Burr. Before I move to Senator Reed, let me just
say that, since a number of members have questioned the
agencies, especially those that are here, and the sharing with
Congress of the investigation, I'll just say that the Chair and
the Vice Chair were briefed at the earliest possible time and
continued to be briefed throughout the process, and then it was
opened up to all the members of the Committee. I'm not sure
that I had ever shared that with everybody, but I just want to
make sure that everybody's aware of that.
Senator Reed.
Senator Reed. Thanks very much, Mr. Chairman.
Thank you very much, ladies and gentlemen. Let's start with
Mr. Priestap. Are you aware of any direction or guidance from
President Trump to conduct this investigation about the Russian
interest in our elections?
Mr. Priestap. Sir, I can't comment on that. It could be
potentially related to things under the Special Counsel's
purview.
Senator Reed. Thank you.
Ms. Manfra, in terms of the Department of Homeland
Security, are you aware of any direction by the President to
conduct these types of operations or your investigations?
Ms. Manfra. Sir, to clarify the question, direction from
the President to----
Senator Reed. That the President of the United States has
directed that the Department of Homeland Security and other
Federal agencies conduct the activities that you're conducting,
essentially an investigation into the Russian hacking in the
election.
Ms. Manfra. I can't comment on the President's directions
specifically, but our Secretary is committed to understanding
what happened, ensuring that we are better protected in the
future, so our activities are fully supported.
Senator Reed. He has not communicated that this is at the
direction of the President of the United States?
Ms. Manfra. No, sir.
Senator Reed. Dr. Liles.
Dr. Liles. Sir, this comes directly--the IC has been
working on this for quite a while, and the Secretary has
completely supported it.
Senator Reed. But again, no----
Dr. Liles. Nothing from the President directly, sir.
Senator Reed. Thank you.
I thought Senator King raised some very interesting issues
in terms of most elections, national elections, as much you
like to think about it, particularly from Rhode Island, are not
decided in certain states, but decided even in certain cities
and counties, which raised an interesting question. You were
very assertive about that you'd be able to diagnose an
intrusion that was altering voter--votes, literally. When could
you do that? Within weeks of an election, on Election Day,
after Election Day?
Dr. Liles. Sir, from an IC perspective, the way we would do
that is by looking at the threats themselves that were
targeting the specific entities. And the other element that we
would look at is, as the reporting itself was coming in, if
there was any statistical anomalies in what we were seeing.
And I'd also point out that we're talking about Internet-
connected systems here, and not all of the key counties that
you would represent would be those Internet-connected systems.
Senator Reed. But, effectively, I think what you've said is
that you'd really have to wait for confirmation until the
results started coming in on Election Day, which raises the
issue of, even if you detect it on Election Day, what do we do?
The votes have already been cast.
Are you--is anyone planning on--what's the--what reaction
we take? How do we notify people? What are--what steps do we
take?
Dr. Liles. I'd have to defer that to others.
Ms. Manfra. Yes, sir. And I do want to clarify, when we say
that that activity would be difficult to detect, it would be--
or difficult to go on undetected, it would--that we're
discussing both at the polling station or the jurisdiction,
that it would be hard for somebody to do that without anybody,
not necessarily that the Department would have that immediate
insight.
And to answer your question, yes, that is absolutely
something that is a part of our planning and what we would look
forward to partnering with the State and local officials on
understanding.
Senator Reed. So we're, again, about 18 months away from
election. We have to be able to develop, not technical
infrastructure, but an organizational infrastructure that could
react, maybe on very short notice, to discovery that actual
votes were being tampered. Is that accurate?
Ms. Manfra. Absolutely, sir. It is both technical and
organizational.
Senator Reed. And do you think there's enough emphasis in
terms of the resources and support to do that, the
collaboration? You got 50 states and among those states many of
the voting jurisdictions are not at the State level; they're
the city and town. Are we taking it serious enough? I guess
that's the issue.
Ms. Manfra. Absolutely, sir. This is one of our highest
priorities. And I would also note that we're not just looking
ahead to 2018, as election officials remind me routinely that
elections are conducted on a regular basis. And so--highest
priority, sir. Yes.
Senator Reed. Let me ask, Mr. Priestap. If I've pronounced
it incorrectly, forgive me. But you testified today, and your
colleagues, that information was exfiltrated by the Russians.
What type of information was taken and what could it be used
for?
Mr. Priestap. Yes. I don't want to get into the details of
what victim information was taken. Again, we've got a variety
of pending investigations. But again, it could be used for a
variety of purposes. It could have been taken to understand
what's in those systems. It could have been taken to use to try
to target--learn more about individuals, so that they could be
targeted.
It could have been taken in a way to then publicize, just
to send a message that a foreign adversary has the ability to
take things and to sow doubt in our voters' minds.
Senator Reed. Let me ask you this question, as a judgment.
Given the activities that the Russians have deployed,
significant resources, constant effort over--as you, the
intelligence community--probably a decade, do you think they
have a better grasp of the vulnerabilities of the American
voting system than you have?
Mr. Priestap. I hope not. I think it's an excellent
question and I can--well, first of all, I hope not and I don't
think so. But if they did, I don't think they do any more.
Senator Reed. Thank you very much.
Chairman Burr. Thank you, Senator Reed.
Before we move to the second panel, one last question, Mr.
Priestap, for you. Is there any evidence that the attempt to
penetrate the DNC was for the purposes of launching this
election year intrusion process that they went on? Or was this
at the time one of multiple fishing expeditions that existed by
Russian actors in the United States?
Mr. Priestap. In my opinion, it was one of many efforts.
You'd call it a fishing expedition, but to determine, again,
what's out there, what intelligence can they collect. So they
don't go after one place. They go after lots of places and
then----
Chairman Burr. Tens? Hundreds? Thousands?
Mr. Priestap. Hundreds, at least hundreds.
Chairman Burr. Okay.
I want to wrap up the first panel with just a slight recap.
I think you have thoroughly covered that there's no question
that Russia carried out attacks on State election systems. No
vote tallies were affected or affected the outcome of the
elections. Russia continues to engage in exploitation of the
U.S. elections process and elections are now considered a
critical infrastructure, which is extremely important and does
bring some interesting potential new guidelines that might
apply to other areas of critical infrastructure that we have
not thought of because of the autonomy of each individual State
and the control within their State of their election systems.
So I'm sure this will be further discussed as the
appropriate committees talk about Federal jurisdiction, where
that extends to. And clearly, I think it's this Committee's
responsibility as we wrap up our investigation to hand off to
that Committee somewhat of a road map from what we've learned
are areas that we need to address, and we will work very
closely with DHS and with the Bureau as we do that.
With that, I will dismiss the first panel and call up the
second panel.
[Pause.]
Chairman Burr. I'd like to call the second panel to order,
and ask those visitors to please take their seats. As we move
into our second panel this morning, our hearing is shifting
from a Federal Government focus to a State-level focus. During
this second panel, we'll gain insight into the experiences of
the states in 2016, as well as hear about efforts to maintain
election security moving forward.
For our second panel, I'd like to welcome our witnesses:
the Honorable Connie Lawson, President-elect of the National
Association of Secretaries of State and the Secretary of State
of Indiana; Michael Haas, the Midwest Regional Representative
to the National Association of State Election Directors and the
Administrator of the Wisconsin Election Commission; Steve
Sandvoss, Executive Director of the Illinois State Board of
Elections; and Dr. J. Alex Halderman, Professor of Computer
Science and Engineering, University of Michigan.
Thank you all for being here. Collectively, you bring a
wealth of knowledge and a depth of understanding of our State
election systems, potential vulnerabilities of our voting
process and procedures, and the mitigation measures we need to
take at the State level to protect the foundation of American
democracy.
In January of this year, then-Secretary of Homeland
Security Jeh Johnson designated the election infrastructure
used in Federal elections as a component of U.S. critical
infrastructure. DHS stated that the designation established
election infrastructure as a priority within the national
infrastructure protection plan. It enabled the Department to
prioritize our cybersecurity assistance to State and local
election officials for those who requested it, and made it
publicly known that the election infrastructure enjoys all the
benefits and protections of critical infrastructure that the
U.S. government has to offer.
Some of your colleagues objected to this designation,
seeing it as Federal Government interference. Today I'd like to
hear your views on this specifically, but more broadly how the
states and the Federal Government can best work together. I'm a
proud defender of states' rights but this could easily be a
moment of ``divided we fall.'' We must set aside our suspicions
and see this for what it is, an opportunity to unite against a
common threat. Together, we can bring considerable resources to
bear and keep the election system safe.
Again, I'd like to thank our witnesses for being here, and
at this time I'd turn to the Vice Chairman for any comments he
might make.
The Vice Chairman doesn't have any.
I will assume, Mr. Haas, that by some process you have been
elected to go first, unless there is an agreement--which--where
are we going to start?
Mr. Haas. Actually, I think we were going to defer to
Secretary Lawson to start, if that's okay with the Chair.
Chairman Burr. Madam Secretary, you are recognized.
STATEMENT OF CONNIE LAWSON, PRESIDENT-ELECT, NATIONAL
ASSOCIATION OF SECRETARIES OF STATE, AND SECRETARY OF STATE,
STATE OF INDIANA
Ms. Lawson. Well, good morning, Chairman Burr and Vice
Chairman Warner and distinguished members of the Committee. I
want to thank you for the chance to appear before you today.
It's an honor to represent the Nation's secretaries of state,
40 of whom serve as chief State election officials.
I am Connie Lawson, Indiana Secretary of State, and I'm
also President-Elect of the bipartisan National Association of
Secretaries of State. I'm here to discuss our capacity to
secure State and locally-run elections from very significant
and persistent nation state cyber threats.
With statewide elections in New Jersey and Virginia this
year and many more contests to follow in 2018, I want to assure
you and all Americans that election officials across the United
States are taking cybersecurity very seriously. First and
foremost, this hearing offers a chance to separate facts from
fiction regarding the 2016 presidential election. As noted many
times, we have seen no evidence that vote casting or counting
was subject to manipulation in any State or locality, nor do we
have any reason to question the results.
Just a quick summary of what we know about documented
foreign targeting of State and local election systems. In the
2016 election cycle, as confirmed by the Department of Homeland
Security, no major cybersecurity issues were reported on
Election Day, November 8. Last summer, our intelligence
agencies found that up to 20 State networks had been probed by
entities essentially rattling the door knobs to check for
unlocked doors. Foreign-based hackers were able to gain access
to voter registration systems in Arizona and Illinois,
prompting the FBI to warn State election offices to increase
their election security measures for the November election.
In more recent days, we've learned from a TOP SECRET NSA
report that the identity of a company providing voter
registration support services in several states was
compromised.
Of course, it's gravely concerning that election officials
have only recently learned about the threats outlined in the
leaked NSA report, especially given the fact that the former
DHS Secretary Jeh Johnson repeatedly told my colleagues and I
that no specific or credible threats existed in the fall of
2016. It is unclear why our intelligence agencies would
withhold timely and specific threat information from election
officials.
I have every confidence that other panelists will address
voting equipment risk and conceptual attack scenarios for you
today. But I want to emphasize some systemic safeguards that we
have against cyber attackers. Our system is complex and
decentralized, with a great deal of agility and low levels of
connectivity. Even within states, much diversity can exist from
one locality to the next. This autonomy serves as a check on
the capabilities of nefarious actors.
I also want to mention the recent designation of election
systems as critical infrastructure. Real issues exist with the
designation, including a lack of clear parameters around the
order, which currently provides DHS and other Federal agencies
with a large amount of unchecked executive authority over our
election's process. At no time between August of 2016 and
January of 2017 did NASS and its members ever have a thorough
discussion with DHS on what the designation means.
Threat-sharing had been touted as a key justification for
the designation. Yet, nearly six months later, no secretary of
state is currently authorized to receive classified threat
information from our intelligence agencies.
From information gaps to knowledge gaps that aren't being
addressed, this process threatens to erode public confidence in
the election process as much as any foreign cyber threat. It's
also shredding the rights that states hold to determine their
own election procedures subject to the acts of Congress. If the
designation ultimately reduces diversity and autonomy in our
voting process, the potential for adverse effects from
perceived or real cyber effects--attacks excuse me--will likely
be much greater and not the other way around.
Looking ahead, the National Association--the NASS Election
Security Task Force was created to ensure that State election
officials are working together to combat threats and foster
effective partnerships with the Federal Government and other
public-private stakeholders. In guarding against cyber threats,
the trend line is positive, but more can be done. Most notably,
many states and localities are working to replace or upgrade
their voting equipment.
If I have one major request for you today, other than
rescinding the critical infrastructure designation for
elections, it is to help election officials get access to
classified information-sharing. We need this information to
defend State elections from foreign interference and respond to
threats.
Thank you, and I look forward to answering your questions.
[The prepared statement of Ms. Lawson follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Burr. Thank you, Secretary Lawson.
Who would like to--Mr. Haas.
STATEMENT OF MICHAEL HAAS, MIDWEST REGIONAL REPRESENTATIVE,
NATIONAL ASSOCIATION OF STATE ELECTION DIRECTORS
Mr. Haas. Thank you. Good morning.
Chairman Burr, Vice Chairman Warner and Committee members:
On behalf of the National Association of State Election
Directors, thank you for this opportunity to share what states
learned from the 2016 elections and some steps that we are
taking to further secure our election systems.
I serve as Wisconsin's chief election official, and I'm a
member of NASED's executive board. We do not have a State
elected official who oversees elections in Wisconsin. Many of
our State election directors across the country are housed in
the secretary of state's offices, but some are not.
The 2016 presidential election reinforced several basic
lessons, although sometimes in a new context. For instance, all
of us understand the importance of constant and effective
communication to ensure that all actors have the tools they
need. The new twist in 2016, of course, involved communicating
about the security of election systems with the Department of
Homeland Security as well as the State staff who provide cyber
security protection to our voter registration databases.
As we have heard this morning, some states have expressed
concerns about the timeliness and the details of communications
from Homeland Security regarding potential threats, security
threats to State election systems. The recent reports about
attempted attacks on State voter registration systems, which
occurred last fall, caught many states by surprise.
We look forward to working with DHS and other Federal
officials to develop protocols and expectations for
communicating similar information going forward. For example,
State election officials believe it is important that we be in
the loop regarding contacts that DHS has with local election
officials regarding security threats such as the spear phishing
attempts that were recently publicized. States should be aware
of this information to protect their systems and so that we can
provide additional training and guidance to local election
officials.
I appreciate the concern that was expressed this morning
that this is a two-way street. And we at the State level need
to also think carefully about how to most effectively
communicate with our local election officials if and when there
is an incident that we are aware of at the State level.
As part of the DHS designation of election systems as
critical infrastructure, bodies such as coordinating councils
can help to facilitate decisions regarding the proper balance
between notifying State and local officials and protecting
confidential or sensitive information.
NASED believes that those coordinating bodies should
consist of a broad representation of stakeholders, and we have
expressed our strong interest to DHS in participating on those
bodies.
I would also note that the executive board of NASED
supports the request of the U.S. Elections Assistance
Commission that it serves as the co-sector specific--specific
agency as the logical Federal agency to partner with DHS to
provide subject matter expertise and assistance in
communicating with local election officials, as the EAC has
that communications structure already in place.
The 2016 elections also reinforced the need for constantly
enhancing the security of voter registration databases, as we
have heard this morning. While hacking into a voter
registration system has no effect on tabulating election
results, intrusions could result in unauthorized parties
gaining access to data regarding voters, candidates, ballot
contests, and polling places.
I would note that, while much of that information is public
upon request, there may be some confidential data held in those
databases, such as the voter's date of birth, the driver
license number, the last four digits of the social security
number. Different states have different laws about what pieces
of that data are confidential.
The 2016 elections demonstrated that State and local
election officials can implement steps to improve the security
of voter data, and that many of these steps are not
complicated. In addition to the cyber hygiene scans and risk
assessments, states are implementing greater use of multi-
factor authentication for users of our systems, updating
firewalls, the use of white lists to block unauthorized users,
and completely blocking access from any foreign IP address.
The final lesson of 2016 I would like to address relates to
voting equipment. To be clear, as it has been said many times
this morning, there is no evidence that voting machines or
election results have been altered in U.S. elections. I
appreciate the Committee's emphasis on that. I think that for
the public that cannot be stated enough and strongly enough.
Still, we as election administrators must exercise
vigilance to assure that such theoretical attacks do not become
reality, and we must also continue to educate the public about
safeguards in the system. Those safeguards include the
decentralized structure of elections that we've heard about
this morning and the diversity of voting equipment. Also, in
most cases voting equipment is not connected to the Internet
and therefore cannot be attacked through cyber space. Also it
is important to keep in mind that three out of four ballots
cast in American elections are on paper ballots. Most ballots
cast on touchscreen equipment also have a paper trail that
voters can immediately verify their votes and that election
officials can use for audits and recounts.
There are also several redundancies in the testing and
certification of voting equipment. It's important to realize
that voting equipment is not only used on Election Day. Its
functionality is tested several times during the process.
In short, the 2016 elections taught us that the potential
for disrupting election processes and technology by foreign or
domestic actors is a serious and increasing concern. However,
we as State election directors believe that continued
cooperation and more effective communication, along with
continued vigilance and innovation, will ensure the integrity
of our voting processes and election results.
Again, we look forward to working with our Federal partners
as we plan for elections going forward. Thank you for the
opportunity to share these thoughts and I'd be happy to answer
any questions.
[The prepared statement of Mr. Haas follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Burr. Thank you, Mr. Haas.
Mr. Sandvoss.
STATEMENT OF STEVE SANDVOSS, EXECUTIVE DIRECTOR OF ILLINOIS
STATE BOARD OF ELECTIONS
Mr. Sandvoss. Good morning. Thank you, Chairman Burr, Vice
Chairman Warner, and distinguished members of the Committee.
As Director of the State Board of Elections, I'd just like
to briefly describe what our agency does. We are an independent
bipartisan agency created by the 1970 Illinois Constitution,
charged with general supervision over the election and
registration laws in the State of Illinois.
As all of you seem to be aware, almost a year ago today, on
June 23rd, the Illinois State Board of Elections was the victim
of a malicious cyber attack of unknown origin against the
Illinois voter registration system database. Because of the
initial low-volume nature of the attack, the State Board of
Elections staff did not become aware of it at first.
Almost three weeks later, on July 12th, State Board of
Elections IT staff was made aware of performance issues with
the IVRS database server. The processor's usage had spiked to
100 percent with no explanation. Analysis of the server logs
revealed that the heavy load was a result of rapidly repeated
database queries on the application status page of our
paperless online voter application website.
Additionally, the server log showed the database queries
were malicious in nature. It was a form of cyber attack known
as SQL, which is ``structured query language injection.'' SQL
injections are essentially unauthorized malicious database
queries entered into a data field in a web-based application.
We later determined that these SQLs originated from several
foreign-based IP addresses.
SBE programmers immediately introduced code changes to
eliminate this particular vulnerability in our website. The
following day, on July 13th, the SBE IT made the decision to
take the website and IVRS database offline to investigate the
severity of the attack. SBE staff maintained the ability to log
and view all site access attempts.
Malicious traffic from the IP addresses continued, though
it was blocked at the firewall level. Firewall monitoring
indicated that the attackers were hitting SBE IP addresses five
times per second, 24 hours a day. These attacks continued until
August 12th, when they abruptly ceased.
SBE staff began working to determine the extent of the
breech, analyzing the integrity of the IVRS database and
introducing security enhancements to the IVRS web servers and
database.
A week later, on July 19th, we notified the Illinois
General Assembly of the security breech in accordance with the
Personal Information Protection Act. In addition, we notified
the Attorney General's office. On July 21st, the State Board of
Elections' IT staff completed security enhancements and began
to bring the IVRS system back on line. A week after that, on
July 28th, both the Illinois registration system and the
paperless online voting application became totally functional
once again.
Since the attack occurred, the State Board of Elections has
maintained the following ongoing activities. The DHS scans the
State Board of Elections systems for vulnerabilities on a
weekly basis. The Illinois Department of Innovation and
Technology, which is a statewide entity that coordinates the IT
systems of many of the Illinois State agencies, continuously
monitors activity on the Illinois Century Network, which is the
general network that provides firewall protection for the State
computer systems.
This Department of Innovation and Technology, also called
DOIT, provided cyber security awareness training for all State
of Illinois employees, ours included. Now the State Board of
Election's IT staff continues to monitor web server and
firewall logs on a daily basis. And in addition, virus
protection software is downloaded also on a daily basis.
As a result of informing the Illinois Attorney General's
office of the breach, the State Board of Elections was
contacted by the Federal Bureau of Investigation, and we have
fully cooperated with the FBI in their ongoing investigation.
The FBI advised that we work with the Department of Homeland
Security's United States Computer Emergency Readiness Team to
ensure that there is no ongoing malicious activity on any of
the SBE systems. They also confirmed--that is, the Department
of Homeland Security also confirmed--that there's no ongoing
malicious activity occurring in SBE computer systems.
To comply with the Personal Information Protection Act,
nearly 76,000 registered voters were contacted as potential
victims of the data breach. The SBE provided information to
these individuals on steps to take if they felt that they were
the victims of identity theft. Additionally, the SBE developed
an online tool to inform affected individuals of the specific
information that was included in their voter record that may
have been compromised.
As far as looking for future concerns, one of the concerns
facing our State and many others we believe is aging voting
equipment. The Help America Vote Act established requirements
for voting equipment, but while initial funding was made
available to replace the old punch-card equipment, additional
funding has not been further appropriated.
If additional funding is not available, we would like to
receive authorization to use the State's existing HAVA funds to
allow spending on enhanced security across all election-related
systems. The IVRS database is a Federal mandate through the
Help America Vote Act.
Cyber attacks targeting end users are also of particular
concern. Security training funded and provided by a Federal
entity such as the EAC or DHS would also be beneficial in our
view. In addition, any guidance or recommendations as to
methods for the protection of registration and voting systems
from cyber intrusions are always welcome.
Thank you for the time, and I'm happy to answer any
questions.
[The prepared statement of Mr. Sandvoss follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Burr. Thank you, Mr. Sandvoss.
Dr. Halderman.
STATEMENT OF J. ALEX HALDERMAN, Ph.D., PROFESSOR OF COMPUTER
SCIENCE AND ENGINEERING, UNIVERSITY OF MICHIGAN
Dr. Halderman. Chairman Burr, Vice Chairman Warner, and
members of the Committee: Thank you for inviting me to speak
with you today about the security of U.S. elections.
I'm a Professor of Computer Science and have spent the last
10 years studying the electronic voting systems that our Nation
relies on. My conclusion from that work is that our highly
computerized election infrastructure is vulnerable to sabotage
and even to cyber attacks that could change votes. These
realities risk making our election results more difficult for
the American people to trust.
I know America's voting machines are vulnerable because my
colleagues and I have hacked them repeatedly as part of a
decade of research studying the technology that operates
elections and learning how to make it stronger. We've created
attacks that can spread from machine to machine, like a
computer virus, and silently change election outcomes. We've
studied touchscreen and optical scan systems, and in every
single case we found ways for attackers to sabotage machines
and to steal votes. These capabilities are certainly within
reach for America's enemies.
As you know, states choose their own voting technology and,
while some states are doing well with security, others are
alarmingly vulnerable. This puts the entire Nation at risk. In
close elections, an attacker can probe the most important swing
states or swing counties, find areas with the weakest
protection, and strike there. In a close election year,
changing a few votes in key localities could be enough to tip
national results.
The key lesson from 2016 is that these threats are real.
We've heard that Russian efforts to target voter registration
systems struck 21 states, and we've seen reports detailing
efforts to spread an attack from an election technology vendor
to local election offices. Attacking vendors and municipalities
could have put Russia in a position to sabotage equipment on
Election Day, causing machines or poll books to fail, and
causing long lines or disruption. They could have engineered
this chaos to have a partisan effect by striking places that
lean heavily towards one candidate.
Some say the fact that voting machines aren't directly
connected to the Internet makes them secure, but unfortunately,
this is not true. Voting machines are not as distant from the
Internet as they may seem. Before every election, they need to
be programmed with races and candidates. That programming is
created on a desktop computer, then transferred to voting
machines. If Russia infiltrated these election management
computers, it could have spread a vote-stealing attack to vast
numbers of machines.
I don't know how far Russia got or whether they managed to
interfere with equipment on Election Day, but there's no doubt
that Russia has the technical ability to commit widespread
attacks against our voting system, as do other hostile nations.
I agree with James Comey when he warned here two weeks ago: We
know they're coming after America, and they'll be back. We must
start preparing now.
Fortunately, there's a broad consensus among cybersecurity
experts about measures that would make America's election
infrastructure much harder to attack. I've co-signed a letter
that I've entered into the record from over 100 leading
computer scientists, security experts, and election officials
that recommends three essential steps.
First, we need to upgrade obsolete and vulnerable voting
machines, such as paperless touchscreens, and replace them with
optical scanners that count paper ballots. This is a technology
that 36 states already use. Paper provides a physical record of
the vote that simply can't be hacked.
President Trump made this point well on Fox News the
morning after--the morning of the election. He said, ``There's
something really nice about the old paper ballot system. You
don't worry about hacking.''
Second, we need to use the paper to make sure that the
computer results are right. This is a common-sense quality
control and it should be routine. Using what's known as a risk-
limiting audit, officials can check a small, random sample of
the ballots to quickly and affordably provide high assurance
that the election outcome was correct. Only two states,
Colorado and New Mexico, currently conduct audits that are
robust enough to reliably detect cyber attacks.
Lastly, we need to harden our systems against sabotage and
raise the bar for attacks of all sorts by conducting
comprehensive threat assessments and applying cybersecurity
best practices to the design of voting equipment and the
management of elections.
These are affordable fixes. Replacing insecure paperless
voting machines nationwide would cost $130 million to $400
million. Running risk-limiting audits nationally for Federal
elections would cost less than $20 million a year. These
amounts are vanishingly small compared to the national security
improvement they buy.
State and local election officials have an extremely
difficult job, even without having to worry about cyber attacks
by hostile governments. But the Federal Government can make
prudent investments to help them secure elections and uphold
voters' confidence. We all want election results that we can
trust.
If Congress works closely with the states, we can upgrade
our election infrastructure in time for 2018 and 2020. But if
we fail to act, I think it's only a matter of time until a
major election is disrupted or stolen in a cyber attack.
Thank you for the opportunity to testify today and for your
leadership on this critical matter. I look forward to answering
any questions.
[The prepared statement of Dr. Halderman follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Burr. Dr. Halderman, thank you.
The Chair would recognize himself for five minutes. Members
will be recognized by seniority.
Secretary Lawson, in how many states is the secretary of
state in charge of the elections process, do you know?
Ms. Lawson. Yes, sir. It's 40.
I'm sorry. Yes, sir. It's 40.
Chairman Burr. Okay. Would you be specific: What do the
secretary of states do--what is it they do not like about
elections being designated critical infrastructure?
Ms. Lawson. The most important issue, sir, is that there
have been no clear parameters set and, even after the three
calls that we had with Secretary Jeh Johnson before the
designation was made, we consistently asked for what would be
different if the designation was made and how we would
communicate. Would it be any different----
Chairman Burr. So nothing has negatively happened except
that you don't have the guidance to know what to do?
Ms. Lawson. Nothing has negatively happened to this date,
but also nothing positive has happened.
Chairman Burr. Got it. Got it.
Mr. Sandvoss, Illinois is one of the few states that have
publicly been identified. I guess that's in part because you
took the initiative to do it. You gave a good chronology: 23
June, first sign; 12 July, State IT staff took action; 12
August, the attacks stopped.
At what point was the State of Illinois contacted by any
Federal entity about their system having been attacked or was
it the State of Illinois that contacted the Federal Government?
Mr. Sandvoss. We were contacted by the FBI--I don't have
the exact date, but it was after we had referred the matter to
the Attorney General's office. My guess would be probably a
week after.
Chairman Burr. A week after----
Mr. Sandvoss. After the AG was notified by us of this
breach.
Chairman Burr. And the AG was notified approximately when?
Mr. Sandvoss. On July 19th.
Chairman Burr. July 19th. Okay.
At what point did the State of Illinois know that it was
the Russians?
Mr. Sandvoss. Actually, to this day we don't know with
certainty that it was the Russians. We've never been told by
any official entity. The only one that we're aware of that was
investigating was the FBI and they have not told us
definitively that it was the Russians. Our IT staff was able to
identify, I think it was, seven IP addresses from a foreign
location, I believe it was The Netherlands. But that doesn't
mean that the attack originated in the Netherlands. We have no
idea where it originated from.
Chairman Burr. Did your IT staff have some initial
assessments on their own?
Mr. Sandvoss. No, because I think any--anything of that
nature would have been speculative and we didn't want to do
that. I think we wanted to leave that to the professional
investigators.
Chairman Burr. You gave an update on what you're currently
doing to enhance the security: DHS weekly security checks. Has
the Federal--in your estimation, has the Federal Government
responded appropriately to date?
Mr. Sandvoss. I believe they have, yes. I've heard nothing
from our IT division and they'd be the persons that would know.
I've heard nothing from them that the DHS's work in that matter
has been less than satisfactory.
Chairman Burr. Let me ask all of you, except for you, Mr.
Sandvoss: Do you believe the extent of cyber threats to
election systems should be made public before the next election
cycle? Should we identify those states that were targeted, Mr.
Haas?
Mr. Haas. I think as election directors we're certainly
sensitive to the balance that Homeland Security and others need
to make. I think so far, as far as we've gone, we want to know
as the victims or potential victims. And then I think as part
of the coordinating council and designation of critical
infrastructure, there has to be a conversation amongst the
election----
Chairman Burr. Is there a right of the public in your State
to know?
Mr. Haas. Yes, I believe there is. If there was a hack into
our system, I think that we would certainly want to consult our
statutes and so forth, but we would--we believe in
transparency. We would want to let the public know.
Chairman Burr. Dr. Halderman.
Dr. Halderman. I think the public needs details about these
attacks and about the vulnerabilities of the system, in order
to make informed decisions about how we can make the system
better and to provide the resources that election officials
need. So, yes.
Chairman Burr. Okay.
Secretary Lawson.
Ms. Lawson. I lay awake at night worrying about public
confidence in our election systems, and so I think we need to
be very careful and we need to balance the information, because
the worst thing that we can do is make people think that their
vote doesn't count or it could be canceled out.
And so if telling the public that, you know, that these
attacks are out there and our systems are vulnerable and it
doesn't undermine confidence, it makes them know that we are
doing everything we possibly can to stop those attacks, I'd be
in favor of it.
Chairman Burr. I take for granted none of you at the table
have evidence that vote tallies were altered in the 2016
election?
Dr. Halderman. Correct.
Chairman Burr. Dr. Halderman, before I recognize the Vice
Chairman real quickly: When you and your colleagues hacked
election systems, did you get caught?
Dr. Halderman. We hacked election systems as part of
academic research, where we had machines in our facilities----
Chairman Burr. I get that. Did you get caught? Did they see
your intrusion into their systems?
Dr. Halderman. The one instance when I was invited to hack
a real voting system while people were watching, was in
Washington, D.C., in 2010, and in that instance it took less
than 48 hours for us to change all the votes and we were not
caught.
Chairman Burr. Vice Chairman.
Vice Chairman Warner. I'd like to thank all the witnesses
for their testimony. I find a little stunning, Mr. Sandvoss,
your answer. I don't know--I think if you saw the preceding
panel, you had the DHS and the FBI unambiguously say that it
was the Russians who hacked into these 21 systems, and I find
it a little strange that they've not relayed that information
to you.
What we discovered in the earlier testimony is that we
finally got public disclosure that 21 states were attacked, and
under questioning from Senator Harris we found that, even
though we know those 21 states were attempted to be hacked
into, or doors rattled or whatever analogy you want to use, in
many cases the State election officials, whether the State
directors or the secretaries of state, may not even have been
notified.
I find that stunning. And clearly lots of local elected
officials, local election officials, where the activities
really take place, haven't been notified. So I've got a series
of questions and I'd ask for fairly brief responses.
Dr. Halderman, can you just again restate--as Senator King
mentioned in the earlier testimony, you don't need to disrupt a
whole system. You could disrupt a single jurisdiction in a
State, and if you could in effect wipe that ledger clean, you
could invalidate potentially not just that local election, but
then the results at the State, the Congressional level, the
states, and ultimately the Nation, is that not correct?
Dr. Halderman. Yes, that's correct.
Vice Chairman Warner. So we are not--while it's important
and I believe in our decentralized system, we are only as
strong as our weakest link. Is that not correct?
Dr. Halderman. That's correct.
Vice Chairman Warner. Mr. Haas and Secretary Lawson, do you
believe that all 21 states that were attacked, that the State
election officials are aware?
Ms. Lawson. I can't answer that question, sir. I'm not
certain. I will tell you that Indiana has not been notified. I
don't know if we're even on the list.
Mr. Haas. I don't know for sure, except that DHS did
indicate in a teleconference that all the states that were
attacked have been notified.
Vice Chairman Warner. We were told earlier that that's not
the case. We were told that they may have been--the vendors may
have been notified. So do you know whether Wisconsin was
attacked?
Mr. Haas. We have not been told that we were--that there
was an attack on Wisconsin.
Vice Chairman Warner. Are you comfortable, either one of
you, with not having that knowledge?
Ms. Lawson. We are hypersensitive about our security and I
would say that when the FBI sent the notice in September for
states to look for certain IP addresses to see if their systems
had been penetrated or attempted to be penetrated, we
absolutely searched. In fact, we looked at 15,500,000 log-ins
that had happened in our system since the 1st of January that
year. So we believe that our system has not been hacked.
Mr. Haas. I would also state that both our office and the
chief information officer of the State and his office would
likely be able to detect if the system was hacked.
Vice Chairman Warner. Well just, we've got the two leading
State election officials not knowing whether their states were
one of the 21 that at least the Russians probed--let me finish,
please. And you know, I see--I understand the balance. But the
notion that State election officials wouldn't know, that local
election officials clearly haven't been notified--I appreciate
the Chairman's offer. The Chairman and I are going to write a
letter to all the states: If you view yourself as victims, I
think there is a public obligation to disclose. Again, not to
re-litigate 2016, but to make sure that we're prepared for
2017, where I have State elections in my State this year, and
2018. And to do otherwise--because there are some, there are
some still in the political process, that believe this whole
Russian incursion into our elections is a witch hunt and fake
news.
So I could very easily see some local elected officials
saying: ``This is not a problem, this is not a bother; I don't
need to tighten up my security procedures at all.'' And that
would do a huge, huge disservice to the very trust, Secretary
Lawson, that you say you want to try to present and provide for
our voters.
So I hope when you receive the letter from our--and we'll
write this on a confidential basis, but that you would urge
your colleagues to come forward, again not to embarrass any
State. But I find it totally unacceptable, one, that the public
doesn't know, that local elected officials--local election
officials don't know, that you as two, as the leaders of the
State election officials, don't even know whether your states
were part of the 21 that has been testified by the DHS that at
least they were, if not looked at, door jiggled, or actually,
as the case in Illinois, where actual information from the
voter registration efforts were exfiltrated.
So my hope is that you will work with us on a cooperative
basis and we want to make sure that the DHS and others are
better at sharing information and you get those classified
briefings that you deserve.
Chairman Burr. Senator Risch.
Senator Risch. Thank you very much.
Mr. Sandvoss, July 12th was the date that you first
discovered that you had issues, is that right?
Mr. Sandvoss. Yes, that's correct.
Senator Risch. And that was a result of a high-volume
spike. Is that correct?
Mr. Sandvoss. Yes, that is correct.
Senator Risch. Then when you looked at it, you found out
that the intrusion attempts actually had started June 23rd, is
that correct?
Mr. Sandvoss. Yes.
Senator Risch. So--and those were low-volume spikes,
starting on June 23rd?
Mr. Sandvoss. Yes.
Senator Risch. All right. So if they had never cranked up
the volume, is it fair to say you would have never discovered
it or probably wouldn't have discovered it?
Mr. Sandvoss. I would say it would probably not have been
discovered, certainly not right away. And if it was--the volume
was low enough, even an analysis of our server logs might not
catch something like that, because it wouldn't stand out. So I
think the answer to your question is yes.
Senator Risch. Then you said 12--or seven days later, the
19th, you notified the Attorney General. Is that right?
Mr. Sandvoss. Yes, correct.
Senator Risch. That was the Illinois Attorney General, not
the U.S. Attorney General, is that correct?
Mr. Sandvoss. Yes. State law requires that we notify the
Attorney General in these instances.
Senator Risch. So then the next thing that happened is you
were contacted by the FBI. Is that correct?
Mr. Sandvoss. Yes.
Senator Risch. All right. So the question I've got--I'm
just trying to get an understanding of the facts--are you
assuming that the Illinois AG contacted the FBI, or do you know
that or not know that, or----
Mr. Sandvoss. I don't know that for sure, but I would
suspect that they probably did, because how else would the FBI
know?
Senator Risch. Right. Well, and that's kind of where I was
getting, is that was not the result of some Federal analysis,
that there wasn't a Federal analysis of this that turned up
what had actually happened. Is that a fair statement?
Mr. Sandvoss. I believe so, yes.
Senator Risch. Okay. You then did some things to try to
mitigate what had happened. Have you shared this with other
states as to what you had done, in order to, I don't know,
develop a best practices, if you would?
Mr. Sandvoss. We didn't have any formal notification to all
50 states, no. I think our focus at that time was trying to
repair the damage and assess, you know, what needed to be done,
especially with respect to the voters who had their information
accessed.
I believe that once the FBI became aware of this, I know
they contacted the different states. I don't believe our
Attorney General's office did, although I don't know that for
certain. But we did not have any formal communication with all
50 states regarding this.
Senator Risch. And do you believe that you have developed a
best-practices action after this attack that you've described
for us?
Mr. Sandvoss. I believe so, yes.
Senator Risch. Do you think it would be appropriate for you
to get that out through the secretary of states organization or
other organizations, so that other states could have that?
Mr. Sandvoss. Certainly. Absolutely.
Senator Risch. Okay.
Mr. Halderman, Your hacking that you've described for us,
would your ability--if you were sitting in Russia right now and
wanted to do the same thing that you had done, would that
ability be dependent upon the machines or whatever system is
used being connected to the Internet?
Dr. Halderman. That ability would depend on whether pieces
of election IT equipment, IT offices that are where the
election programming is prepared, are ever connected to
Internet. The machines themselves don't have to be directly
connected to the Internet for a remote attacker to target them.
Senator Risch. So would you recommend that the voting
system be disconnected from the Internet, that it be a
standalone system that can't be accessed from the outside?
Dr. Halderman. It's a best practice, certainly, to isolate
vote tabulation equipment as much as possible from the
Internet, including isolating the systems that are used to
program it.
But other pieces of election infrastructure that are
critical, such as electronic poll books or online registration
systems, do sometimes need to be connected to Internet--to
systems that have Internet access.
Senator Risch. But that wouldn't necessarily require that
it be connected to the Internet for the actual voting process.
Is that right?
Dr. Halderman. That's right.
Senator Risch. And then the extrication of that information
off of the voting machine, would that be fair?
Dr. Halderman. I think that's fair to say.
Senator Risch. Thank you.
Mr. Chairman, I think all of this really needs to be
drilled down a little bit further, because it seems to me, with
this experience, there's probably some pretty good information
where you could put a firewall in place to stop it, or at least
minimize it.
Thank you.
Chairman Burr. Senator Wyden.
Senator Wyden. Thank you, Mr. Chairman. And thank all of
you.
I want to start with you, Professor Halderman. What are the
dangers of manipulation of voter registration databases,
particularly if it isn't apparent until Election Day when
people show up at the polls to vote?
Dr. Halderman. I'm concerned that manipulating voter
registration databases could be used to try to sabotage the
election process on Election Day. If voters are removed from
the registration database and then they show up on Election
Day, that's going to cause problems. If voters are added to the
voter registration database, that could be used to conduct
further attacks.
Senator Wyden. Let me ask--and this can be directed at any
of you. I'm trying to get my arms around this role of
contractors and subcontractors and vendors who are involved in
elections. Any idea, even a ball park number, of how many of
these people there are? 10, 70, 200?
Dr. Halderman. Vendors that host the voter registration
system?
Vice Chairman Warner. Yes.
Dr. Halderman. I'm sorry, Senator, I don't have a number.
Ms. Lawson. Sir, I don't have an exact number either, but I
will tell you, in Indiana, for an example, we have six
different voting system types. Counties make that decision on
their own. But they are all certified by our voting system
technical oversight program.
Senator Wyden. That was my main question. So somebody is
doing certification over these contractors and subcontractors
and equipment vendors and the like? Does that include voting
machines, by the way?
Ms. Lawson. It does. Most states will have a mechanism to
certify the voting machines that they're using, the electronic
poll books they're using, the tabulation machines that they're
using, making sure that they comply with Federal and State law,
and making sure that they have the audit processes in place.
Senator Wyden. So do you all have a high degree of
confidence that these certification processes are not leaving
this other world of subcontractors and the like vulnerable?
Dr. Halderman. I have several concerns about the
certification processes, including that some states do not
require certification to Federal standards; that the Federal
standards that we have are unfortunately long overdue for an
update and have significant gaps when it comes to security; and
that the certification process doesn't necessarily cover all of
the actors that are involved in that process, including the
day-to-day operations of companies that do pre-election
programming.
Senator Wyden. One last question. We Oregonians and a
number of my colleagues are supportive of our efforts to take
vote-by-mail national. And we've had it. I was in effect the
country's first Senator elected by vote-by-mail in 1996. We've
got a paper trail. We've got air gap computers. We've got
plenty of time to correct voter registration problems if there
are any.
Aren't those the key elements of trying to get on top of
this? Because it seems to me, particularly the paper trail--if
you want to send a message to the people who are putting at
risk the integrity of our electoral institutions, having a
paper trail is just fundamental to being able to have the
backup we need.
I think you're nodding affirmatively, Professor Halderman,
so I'm kind of inclined--or one of you two at the end were
nodding affirmatively, and I'll quit while I'm ahead if that
was the case. But would either of you like to take that on?
Dr. Halderman. Vote-by-mail has significant cybersecurity
benefits. It's very difficult to hack a vote-by-mail system
from an office in Moscow. Whether vote-by-mail is appropriate
for every State in every context is in our system of course a
matter for the states, but I think it offers positive security
benefits.
Senator Wyden. All right.
Thank you, Mr. Chairman.
Chairman Burr. Senator Blunt.
Senator Blunt. Dr. Halderman, on that last answer to that
last question, how do you count vote-by-mail ballots?
Dr. Halderman. Generally, they would be counted using
optical scanners.
Senator Blunt. Exactly. So you count them the same way you
count ballots that aren't vote-by-mail in almost every
jurisdiction?
Dr. Halderman. If the optical scan ballots are subsequently
audited, you can get high security from that process, but yes.
Senator Blunt. Well that's a different--that's a different
question. Your question there is do you prefer paper ballots
and an audit trail, and I do too. But let's not assume that the
vote-by-mail ballots are counted any differently. They're
counted probably at a more central location, but that doesn't
mean that all the manipulation you talked about that we need to
protect against wouldn't happen in a vote-by-mail election.
You've got a way to go back and you've got a paper trail to
count.
Dr. Halderman. That's correct. There are three things you
need: paper, auditing, and otherwise good security practices.
Senator Blunt. While I've got you there, on auditing, how
would you audit a non-paper system? If it's a touchscreen
system--you mentioned Colorado, and New Mexico already did a
required sample audit, which I'm certainly not opposed to that
if that's what states want to do, or it's the best thing to do.
How would you do a non-paper audit?
Dr. Halderman. Senator, I think it would be difficult or
impossible to audit non-paper systems with the technology that
we use in the United States to a high level of assurance.
Senator Blunt. So even if you--if you don't have something
to audit, it's pretty hard to audit a system that counted--that
didn't leave a trail.
Dr. Halderman. It's basically impossible.
Senator Blunt. So, Mr. Sandvoss, in Illinois do you certify
counting systems?
Mr. Sandvoss. Yes, we do.
Senator Blunt. And Secretary Lawson, do you certify
counting systems?
Ms. Lawson. Yes, sir.
Senator Blunt. Mr. Haas, in your, your jurisdiction,
somebody is certifying those systems that you use?
Mr. Haas. We both rely on the EAC certification and then
our commission does a testing protocol and then approves the
equipment to be used in the State of Wisconsin.
Senator Blunt. And back in Illinois, do you then monitor in
any way that counting system while it's doing the actual
counting?
Mr. Sandvoss. No, the actual counting done on Election Day,
Election Night rather, is done locally at the county clerk's
offices or board of election commissioner offices. We certify
the voting equipment. They have to apply for certification and
approval, which we conduct a fairly rigorous test of the voting
equipment. But then in actual practice, other than--we do
conduct pre-election tests of the voting equipment on a random
basis before each election, but there--it's a limited number of
jurisdictions.
Senator Blunt. And do you do that in a way that allows you
from your central office to get into the local system? Or do
you go to the local jurisdictions or just monitor how they
count that--how they, how they check that counting system?
Mr. Sandvoss. When we do our pre-election tests, we
actually visit the jurisdiction.
Senator Blunt. All right.
Secretary Lawson, similar?
Ms. Lawson. Similar. However, the State does not go into
the counties, but the counties are required to do a public test
and, as I mentioned, it's public. And so they're required to do
testing on the machines, the tabulation. There's a bipartisan
election board that's there----
Senator Blunt. I guess the point I'd want to drive home
there is that not opening that door to the counting system--if
you don't have the door, nobody else can get through that door
as well. But there's monitoring, there's local testing.
I don't suggest at all that Dr. Halderman's comments aren't
important or something we should guard against. I was an
election official for 20 years, including the chief election
official for 8 of those, and something--as we were
transitioning to these systems, something I was always
concerned about is what could possibly be done that could be
done and undetected.
One of the reasons I always liked the audit trail--that
obviously, Dr. Halderman, you do, you do too, is that you do
have something to go back, if you have a reason to go back, and
really determine what happened on Election Day.
Let's talk for just a moment about the much more open
registration system. Secretary Lawson, you said you had 15,500
logins. I believe that was--talk about logging--what are they
logging into there? The statewide voter registration system
that you maintain a copy of?
Ms. Lawson. The 92 county clerks in Indiana are connected
to the statewide voter registration system, and that 15,500,000
logins reflected the work that they did that year.
Senator Blunt. 15,500,000?
Ms. Lawson. 15,500,000.
Senator Blunt. So obviously that's a system that has lots
of people coming in and out of that system all the time. Do
local jurisdictions, like if the library does registration, do
you have counties where they can also put those registrations
directly into the system?
Ms. Lawson. Other than the counties, no, sir. But we do
have Indianavoters.com, where a voter can go on and register
themselves. And it's a record that is compared to the DMV
record, and then the counties will find that information in
their hopper the next day. And then they will--or their
computer system, and then the next day they will have the
ability to determine whether or not the application is correct.
Senator Blunt. Do all of your jurisdictions, the three
jurisdictions here reflected, have some kind of provisional
voting? If you get to the voting place on Election Day and your
address is wrong, or your name is wrong, or it doesn't occur--
it doesn't appear at all, do you have a way somebody can cast a
ballot before they leave?
Ms. Lawson. Yes, sir.
Senator Blunt. And in Illinois?
Mr. Sandvoss. Yes, we do.
Mr. Haas. We have provisional ballots, but they are very
limited. We are not an NVRA State. And we also have Election
Day registration, so people can register at the polls.
Senator Blunt. So, the failure to have your name properly
on the--I understand, Chairman, and I also noticed the time on
others. But just, the registration system is much more open
than the tallying system, that doesn't mean the tallying system
doesn't need to be further protected. But the registration
system, the idea that somebody gets into the registration
system--there are plenty of ways to do that. Unfortunately, we
think now other countries and governments may be doing that as
well.
Chairman Burr. Senator King.
Senator King. Thank you, Mr. Chairman.
Dr. Halderman, you're pretty good at hacking voting
machines, by your testimony. Do you think the Russians are as
good as you?
Dr. Halderman. The Russians have the resources of a nation
state. I would say their capabilities would significantly
exceed mine.
Senator King. I expected that was going to be your answer,
but I wasn't sure whether your modesty would--but I think
that's an important point, because you testified here today
that you were able to hack into a voting machine in 48 hours,
change the results, and nobody knew you had done it. And if you
could do it, I think the point is the Russians could do it if
they chose.
And we've been talking a lot about registrations lists. My
understanding is that quite often a voter registration list at
some point in the process is linked up with--the computer that
has the voter registration list is linked up with configuring
the voting machines, and perhaps even tallying votes. Is that
true? Can any of you----
Ms. Lawson. No, sir.
Senator King. There's no connection between the
registration list and the voting machines?
Ms. Lawson. No.
Senator King. Illinois? Is that----
Mr. Sandvoss. Not in Illinois, no.
Senator King. Okay.
Mr. Haas. That's correct.
Senator King. Then I was mistaken.
Yes, Dr. Halderman?
Dr. Halderman. I believe that depends on the specific
equipment involved. There may be some designs of voting systems
where the sign-in and the vote counting system are linked.
Senator King. But of course, if, as you testified I think,
if the voting registration list is tampered with in some way on
Election Day, it would be chaos if names disappeared, people
arrived at the polls and their names weren't on the list. Isn't
that correct, Ms. Lawson?
Ms. Lawson. If a person showed up at the polls to vote and
their name wasn't on the list, if they were expecting they
would be given a provisional ballot, I think the biggest danger
is that the lines at the polls would increase significantly if
there was a large number of folks who had to do that in each
precinct.
Senator King. Right, that was what I was referring to.
On August 1 of 2016, press reports have indicated that
there was an FBI notification to all of their field offices
about the danger of cyber intrusions into voting systems.
Supposedly, those were passed on to State election systems. Did
you three get something from the FBI around August 1st that
gave IP addresses and some warnings about what should be done?
Mr. Sandvoss. Yes, we did receive an FBI flash. It was in
August, and you're saying the 1st. I believe that was it.
Senator King. That was, yes, I understand that was the date
of it. Ms. Lawson, did you receive that?
Ms. Lawson. Yes, Indiana received a notice from the FBI.
Mr. Haas. We did as well.
Senator King. So there is some interconnection. I mean, one
of the things that I'm sort of hearing, and I'm frankly
appreciative and happy that you all did receive that notice,
but there seems to be a lack of information-sharing that goes
on that we really need to be sure that--for example, if you
learn--if something happens in Illinois, some system whereby
you can alert your colleagues across the country to look out
for this. And if we learn things here in Washington, if the FBI
learns things, that they can alert people around the country,
because the best time to deal with this is before the election.
After the election or on Election Day is much more difficult.
Dr. Halderman.
Dr. Halderman. Yes, I would support further information
sharing.
Senator King. And then finally, we've talked about what we
do about this. Paper trails has come up. Is that the principal
defense? Is that--Dr. Halderman, what if--I asked the question
to the prior panel. What would you tell my elections clerk in
Brunswick, Maine, would be the three things most important that
they should do, or my Secretary of State in Maine, to protect
themselves against a threat we know is coming?
Dr. Halderman. The most important things are to make sure
we have votes recorded on paper, paper ballots, which just
cannot be changed in a cyber attack, that we look at enough of
that paper in a post-election, risk-limiting audit, to know
that they haven't--the electronic records haven't been changed;
and then, to make sure we are generally increasing the level of
our cyber security practice. Information-sharing is an example
of a good and recommended practice, as are firewalling systems
and other things that have been suggested.
Senator King. One final question. Is it possible--and there
are some press reports about this--a cyber attack on the
vendors of these machines, to somehow tamper with the machines
before they go out to the states. Is that a risk?
Dr. Halderman. I would be concerned about that. And in fact
the small number of vendors is an example of how our system in
practice is not quite as decentralized as it may appear, that
attacks spreading via vendors or from vendors to their
customers could be a way to reach voting equipment over a very
large area.
Senator King. And there have been press reports that that
in fact, was attempted in 2016.
Dr. Halderman. Yes, that's correct.
Senator King. Thank you, Mr. Chairman. Mr. Chairman, I want
to thank you for holding this hearing. This is such important
information for the public and for our democracy. I appreciate
your work here.
Chairman Burr. Thank you, Senator.
Senator Harris.
Senator Harris. Thank you.
So there's a saying that I'm sure many of you have heard,
which is the you know the difference between being hacked and
not being hacked, is knowing you've been hacked. And so I
appreciate, Dr. Halderman, the recommendations that you and
your colleagues have made, because it also seems to cover the
various elements of what we need to do to protect ourselves as
a country in terms of our elections, which is prevention, and
then there's the issue of detection and also resilience. Once
we--if we discover that we've been manipulated, let's have the
ability to stand back up as quickly as possible.
So I have a few questions in that regard. First of all,
have each of you--you received for the states, received a
notification from the FBI? Is that correct?
Ms. Lawson. Yes, ma'am.
Mr. Haas. Yes, yes.
Mr. Sandvoss. Yes.
Senator Harris. And were any of you also notified by DHS?
Mr. Sandvoss?
Mr. Sandvoss. We've had communications with DHS. I don't
recall how they were initiated. But I do know that there have
been some conference calls with them, and it may have been
through the FBI that that occurred.
Senator Harris. And I'm speaking of before the 2016
election.
Mr. Sandvoss. Yes.
Senator Harris. Yes.
Mr. Sandvoss. Yes.
Senator Harris. Secretary Lawson.
Ms. Lawson. Yes, we had--we did have conversations with
Department of Homeland Security. However, it was through our
national association. It was not a direct contact with the
State.
Senator Harris. Thank you.
Mr. Haas. We were one of the states that took up DHS on
their offers to do the cyber hygiene scan. We did have a number
of communications with, I believe, a point person in their
Chicago office. The FBI alert I think was about a specific
incident, but our communications with DHS were more about
general steps that could be taken to protect our systems.
Senator Harris. So as a follow-up to this hearing, if each
of you, to the extent that you can recall the nature of those
conversations with DHS before the election, if you could share
that with the Committee that would be helpful, so we can figure
out how notifications might be more helpful to you in the
future. Hopefully they're not necessary, but if necessary.
Can you, Ms. Lawson, tell me--Secretary Lawson--what in
your opinion are the pros and cons of requiring states to
report to the Federal Government if there's been a breach or a
hack? What can you imagine would be the pros and cons of a
policy that would require that?
Ms. Lawson. Well, the pro would be that if there--if, for
an example, the FBI or the Department of Homeland Security has
better ways to counter those attacks, or to make sure that the
reconnaissance that's done after such an attack is more
sophisticated than the states, then obviously that would be a
pro.
Indiana did not take the opportunity to have DHS do our
cyber cleaning because we felt that we were in better shape
than what they could provide for us, so that would be the con.
Senator Harris. Okay.
And can you, Professor Halderman, tell me--you know, before
this last election cycle, there had been a lot of talk through
the years in various states--Senator Blunt, I'm sure you were
part of those discussions--about the efficacy of online voting,
because it would bring convenience, speed, efficiency,
accuracy. And now we can see that there will be great,
potentially, vulnerabilities by doing that. So can you talk
with me a little about, just in terms of policy, is the day of
discussing the need for online voting, has that day passed
because of the vulnerabilities that are associated with that?
Dr. Halderman. I think that online voting, unfortunately,
would be painting a bullseye on our election system. Today's
technology just does not provide the level of security
assurance for an online election that you would need in order
for voters to have high confidence.
And I say that having myself done--hacked an online voting
system that was about to be used in real elections, having
found vulnerabilities in online voting systems that are used in
other countries. The technology just isn't ready for use.
Senator Harris. And isn't that the irony, that the
professor of computer engineering and I, who always believed
that we need to do more to adopt technology, that government
needs to adopt technology, I think we're advocating the good
old days of paper voting are the way to go, or at least an
emphasis on that, instead of using technology to vote.
Can you tell me also--any of you, if you know--it's my
understanding that some of the election system vendors have
required states to sign agreements that prevent or inhibit
independent security testing. Are you familiar with that?
Dr. Halderman. That certainly had been something that
inhibited attempts by researchers like me to study election
systems in the past.
Senator Harris. And do you believe that that's a practice
that is continuing?
Dr. Halderman. I do not--I don't know the answer to that
question.
Senator Harris. Have any of you had that experience with
any of your vendors?
Mr. Sandvoss. In Illinois, no, we have not. And I don't
think Illinois law would allow such an agreement.
Ms. Lawson. I don't believe that would happen in Indiana
either, Senator, because in order to sell voting equipment in
the State of Indiana it has to be certified.
Senator Harris. Right, which would require testing.
Ms. Lawson. Yes, which requires testing.
Senator Harris. Thank you.
Thank you, Mr. Chairman. Thank you.
Chairman Burr. Thank you, Senator Harris.
Does any Senators seek additional questions or time?
[No response.]
Seeing none, let me wrap up. I want to thank all of you for
your testimony today.
Secretary Lawson, to you. I really encourage you, as the
next representative of secretaries of states, to remain engaged
with the Federal Government, specifically the Department of
Homeland Security. And I think with any transition of an
administration there is a handoff and a ramp-up. And I've been
extremely impressed with our witness from DHS, who not only was
here today, but she has taken the bull by the horns on this
issue. And I think you'll see those guidelines very quickly,
and I hope that there will be some interaction between
secretaries of states, since in 40 states you control the
voting process, and you can find a system of Federal guidance
and collaboration that works comfortably with every secretary
of state in your organization.
I think it is absolutely critical that we have not only a
collaboration, but a communication, between the Federal
Government and the states as it relates to our voting systems.
If not, I fear that there would be an attempt to in some way,
shape, or form nationalize that. That is not the answer.
And I'll continue to point, Mr. Sandvoss, to Illinois as a
great example of a State that apparently focused on the IT
infrastructure and staff, and didn't wait for the Federal
Government to knock on the door and say, hey, you got a
problem. You identified your problem, you began to remediate
it. At some point, the Federal Government came in as a partner.
And I think where we see our greatest strength is to work with
states and to chase people like you, Dr. Halderman, who like to
break into--no, I'm just kidding with you.
Listen, I think what you did is important. And I think the
questions that you raised about the fact that you really can
target to make the impact of what you're trying to do very,
very effective. And that's clearly what campaigns do every day.
So we shouldn't be surprised if the Russians actually looked at
that or anybody else who wants to intrude into our voting
system and our democracy in this country.
I've got to admit that the variation of voting methods, six
in Indiana, where I don't know how many counties you've got--
I've got 100 counties in North Carolina. It may be that I find
out that every county in North Carolina has the power to
determine what voting machines, what voting software they have.
This can get extremely complicated. Short of trying to
standardize everything, which I don't think is the answer, is
how do we create the mechanism for the Federal Government to
collaborate directly with those heads of election systems in
the states and understand up front what we bring to the table
and how we bring it, so that we're all looking at the same
thing--the integrity of every vote going to exactly who it was
intended to do.
So, yes, we're going to have debates on paper or
electronic. We're going to have debates on what should the
Federal role be. At the end of the day, if we haven't got
cooperation and collaboration and communication, I will assure
you we will be here with another Congress, with another makeup
of the Committee, asking the same questions, because we won't
have fixed it.
But I think that what Dr. Halderman has said to us is,
there are some ways that we can collectively approach this to
where our certainty of intrusions in the future can go down and
the accuracy of the vote totals can be certified.
So I thank all the four of you for being here today in our
second panel. This hearing is now adjourned.
[Whereupon, at 12:36 p.m., the hearing was adjourned.]
Supplemental Material
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]