Skip to main content

tv   Cybersecurity Voting Machines  CSPAN  December 2, 2017 3:14am-5:09am EST

3:14 am
once that entitlement is put in place, then the game has changed. interest groups form around protecting that entitlement, pressing for more assistance. money starts flowing to politicians who protect those benefits and the game changes. that desire for reelection. >> on u.s. federal entitlement programs sunday night at 8:00 eastern on c-span's q&a. >> the house oversight committee looked at the integrity of u.s. voting machines and what the federal government and state can do to prepare for the 2018 midterm elections. this is just under two hours. >> subcommittee on information technology and government affairs will come to order. without objection, the chair is authorized to declare a recess
3:15 am
at any time. i recognize myself for five minutes for my opening statement. good afternoon. thanks for being here and it's thanks for being here and it's been over 240 years since our forefathers declared independence and a democratic experiment began. throughout the entirety of our existence, our adversaries both internal and external have sought to suppress. our existence as a democracy depends on free, fair and accurate elections. our existence as a democracy
3:16 am
today, we're here to talk about the best way to protect our integrity of our voting systems. there are over 10,000 election jurisdictions nationwide that administer elections and even within states counties use different systems to conduct elections. a year ago, last september, ranking member kelly and i held a hearing ensuring the integrity of the ballot box to discuss potential issues with the upcoming election. it was an issue then and remains an issue now. the former secretary has made clear to the best of his knowledge the russians did not alter ballots. however, our adversaries have always sought to use our unique qualities to undermine our democracy. just because they didn't tamper with results during the last election, it doesn't mean they and other adversaries won't try to do so in the next election. our voting systems are no exception. this past january, dhs designated the nation's election systems as critical infrastructure, something that was being discussed back in a hearing in 2016.
3:17 am
it's essential that states take appropriate steps to secure their voting infrastructure. also essential states have the ability to alter their voting structure. i'm curious to hear about how that transition went. it's essential that states take additionally, what are the chances a foreign entity could tamper with our ballot box? these are all questions and answers i'd like to hear today. i thank our witnesses for being here today and for their efforts to ensure our country remains free and fair. i recognize the ranking member, kelly, for her opening remarks. >> hope you had a good thanksgiving.
3:18 am
thank you for holding this important hearing today. there is no doubt that russia at the direction of president vladimir putin attempted to manipulate our elections and has worked to manipulate those of our western allies. it was a broad and coordinated campaign to undermine faith and democratic election. today, we are taking a look at another part of their effort to undermine our democracy by hacking our voting machines and election infrastructure. more than one year ago, we held a hearing entitled cybersecurity to ensure the integrity of the
3:19 am
ballot box. we took a look at state and local integrity of our ballot machines. ballot box. we took a look at state and local integrity of our ballot machines. noted 21 states that hackers attempted to breach their infrastructure. in my own state of illinois, the hackers attempted to breach data. fortunately, they were unsuccessful. while we continue to learn the full scope of russia's election interference, one thing is clear, there will be another attempt to manipulate our elections. whether it be russia, another nation state or nonstate actor or even a terrorist organization, the threats to our election infrastructure are growing. so what are week go to do about it? earlier this year the researchers at def con were successfully able to hack machines in a day. it contained physical it? earlier this year the researchers at def con were successfully able to hack vulnerabilities were discovered
3:20 am
in 90 minutes. like usb ports that can be used to up load malware. despite these flaws, dres are still commonly used. in 2016, 42 states used them. some running outdated software no longer supported by the manufacturer. updating our machines to paper-based machines such as optical scanners is a step we need to take right now. our election infrastructure is broad and contain numerous vulnerabilities. if we were going to withstand a coordinated attack, we need a coordinated defense. in january of this year, dhs designated election infrastructure as critical infrastructure. in this announcement, then dhs secretary jeh johnson was clear this designation was not going to be a federal take over of state and local infrastructure.
3:21 am
rather it was a designation intended to ensure the current state resources necessary to secure their elections. since then the former secretary and now white house chief of staff john kelly has supported this designation. if designation is be successful, we will all have to work together, dhs and our state election officials must do a better job of working together to detect and solve problems. again, i want to thank you, mr. chairman, for holding this crucial hearing. thank you to our witnesses for being here. i look forward to hearing from all of you about how we can continue protecting our democracy. i yield back. >> always a pleasure to be with you, representative kelly. i'd like to thank our friend, chairman palmer, for cooperation and work on this important issue. now it's a pleasure to recognize the ranking member of the intergovernmental affairs
3:22 am
subcommittee for five minutes in her opening remarks. >> thank you so much, chairman herd, and chairman palmer for convening this hearing today. i'd also like to thank ranking member kelly for her leadership and all of our witnesses for joining us for this very important hearing. i'm pleased we're holding this hearing so essential to democracy. while there are so many issues that divide us, integrity of the voting process should not be in question. regardless of race, gender, sexual identity, zip code, income, every vote should count. every vote should count the same. i believe that voting is the last true equalizer. however, russia's interference in the 2016 election and intrusions in at least 21 states voter registration databases indisputable and confirmed by intelligence has not kept pace with the current and emerging threats from nations, organizations or even a single
3:23 am
individual determined to undermine our democracy. recently, i joined the congressional task force on election security. just as we keep our homeland safe from physical harm, so too must we harden from cyber attacks. their message is clear. we must act now to protect our voting systems. in over 40 states, elections are carried out using voting machines and voter registration databases created more than a decade ago. these technologies are more likely to suffer from known vulnerabilities that cannot be patched easily if at all. as we saw from the voting bill setup at this year's hacking conference, even hackers with limited prior knowledge, tools and resources are able to breach voting machines in a matter of minutes.
3:24 am
we should not assume that state voting machines are secure enough to withstand a state-sponsored cyberattack. and there is no reason to believe that these attacks will subside. congress must do its part. yes, we must. and help states fund and maintain secure election systems. this means funding to purchase new secure election systems and voter machines, help and established certified baseline cybersecurity standards for those states that service them. our democratic process relies on voters faith that their vote does count. election security is national security, and our election infrastructure is critical infrastructure. with just under a year until the 2018 mid-term elections, it is criticate that we understand the vulnerabilities of the past and secure our networks for the
3:25 am
future. i thank our witnesses again for sharing their testimony today and i look forward to this very future. i thank our witnesses again for important discussion. thank you so much. with that, i yield back. >> thank you, ranking member. now i'm pleased to introduce our witnesses. first and foremost, the honorable christopher krebs at the u.s. department of homeland security. we have the honorable tom shedler, secretary of state for louisiana. thank you for coming up here today. commissioner cortez, the commissioner of the virginia department of elections. so thank you for being here. dr. matthew blaze, associate professor of commuter science at the university of pennsylvania. and ms. susan cline at the brookings institute. welcome to you all. all witnesses will be sworn in
3:26 am
before you testify, so please rise and raise your right hand. do you solemnly swear or affirm the testimony you're about to give is the truth, the whole truth and nothing but the truth? thank you. let the record reflect that all witnesses answered in the affirmative. in order to allow time for discussion, please limit your testimony to four minutes. your entire written statement will be made part of the record. and i appreciate y'all's written statements, especially all of y'all had outlined a number of interesting solutions to these problems as well as articulating testimony to four minutes. the concerns that we have. so folks that are interested in this topic, many -- all of these written statements is valuable in understanding the state of where we are. as a reminder also, the clock in front of you shows your remaining time. the light will turn yellow when you have 30 seconds left. and when it starts flashing red, that means your time is up.
3:27 am
so please also remember to push the button, to turn your microphone on before speaking, and we'd like to start with mr. krebs. you are now recognized for five minutes -- four minutes, excuse me. >> chairman herd, chairman palm, ranking member kelly, ranking member demings, members of the subcommittee, thank you for this opportunity to discuss homeland security's ongoing efforts to enhance secure election. in 2016, the u.s. saw operations -- clearly the threats to our election systems remain an ongoing concern. the organizations i lead, the national protections programs director at the department of security is leading an effort to provide voluntary assistance to state and local officials.
3:28 am
this brings together the fbi, the intelligence commit community, nist, and other dhs sectors. state and local officials have already been working individually and collectively to reduce risks and ensure the integrity of their elections. as threat actors become increasingly sophisticated, dhs stands up in partnership to offer assistance. they offer three types of assistance. dhs typically offers two kinds of assessments to state ask local officials. the first provides a recurring report identifying vulnerabilities in internet connected systems and mitigation recommendations. second, our security experts can go on site. these assessments are more thorough allowing the testing. as we continue to understand the requirements from our stakeholders, we'll refine and diversify these voluntary
3:29 am
offerings. dhs continues to share actionable resignation. we share cyber threat indicators and other analysis our network defenders can use to secure one works with a multi-state and information sharing analysis center to provide threat and vulnerability information to state and local officials. they may also receive information directly from the inkick. notably we're offering security to selected election officials and also providing clearance to in our third category, the dhs helps to identify possible incidents.
3:30 am
it shares anonmized information with other states to assist their ability to defend their own systems in a collective defense approach. it is important to note these relationships are built and sustained on trust. breaking that trust will have far ranging consequences in our ability to collaboratively counter this growing threat. we have established a government coordinating council. we have similarly working to formalize partnerships with a sector coordinating counsel. within this environment of sharing critical information, risk management and other vital information, dhs is leading efforts to support enhanced security across the nation. securing the nations systems is complex challenge and shared responsibility. there is no one size fits all solution. in conversations with elected officials over the last year, in
3:31 am
working with the eoc, nist, you'll hear institutions already do great work. but they provide a challenge, as we work correctively to address these and other challenges we will work to support our state and local partners. thank you for this opportunity to testify and i look forward to any questions. >> thank you, mr. krebs. and secretary, i want to thank you again for being flexible. your perspective and experience on this topic is important. and thank you for being here. and sir, you're now recognized for four minutes. >> thank you, mr. chairman and for the opportunity to participate today. it's important to hear the perspective of those who oversee
3:32 am
across the country. past, present and in the national association of state on nast. securing elections in november 18 and beyond is critical and important to all of us in our nations secretary of state. perspective of those who oversee we are not naive to the likelihood of future cyberattacks. but we also know the use of paper ballots can just as easily open up vulnerabilities. first, i'd like to share with you the important developments taking place through nast election cybersecurity task force which was established earlier this career. in addition to helping states share information and combat cyber threats a task force assisted with creating partnerships including with the u.s. department of homeland security and u.s. election
3:33 am
commission as well. it's been a key component of the council. it's designated or designed to facilitate, improve communications that as you know did not go well in 2016. our members were concerned about the possibility of federal overreach and because the designation came without meaningful constellitation without any elected officials. my colleagues and i understood we could continue to get the same support and services from dhs without critical designation so it seemed unnecessary. however, the designation is still with us today. part of that work includes chief election officials obtaining security clearances. we have often been told by dhs still with us today. they can't share information because it is classified. hopefully these new clearances will address this problem.
3:34 am
ensuring the integrity of the election process is important to every officer including myself. in west virginia, secretary mack warner has added an air national guard cybersecurity specialist to his staff. jim condo solicited the third party risk data systems in 2015 that led to his office to build a new firewall and begin regular penetration testing. colorado secretary wains williams office provides software for colleagues to install on their computers squoo detect malware functions. in louisiana our hurricane season, we have one of those states for sure that are very
3:35 am
expert in that field. remember with the passage of the help america vote act in 2002 states were required to purchase at least one piece of accessible polling equipment for each polling place. they began updating the existing voting system with guidelines to address the new system such as dres. last month, the eac released their latest update. the guidelines are set for manufacturing specifics at are certain standards of functionality, autoability and security capabilities. and final approval is expected in the spring of 2018. in louisiana, we take pride and go way beyond any current standards with our voting in the spring of 2018. machines. the state purchases warehouses of every voting machine in the state. we test each and every before and after elections. once the machines are tested, a machines. tamperproof seal is placed on them to protect against any
3:36 am
intrusion. in louisiana because no one touches our voting machines except our staff, because they're never sent out to manufacture for repair, they are not handled by individuals or companies who program voting machines because they're tightly controlled by our office, we have the utmost confidence in the system. we do need to prepare, yes. we do need to continue to update our procedures and processes, yes. we are currently looking for a better practices that we can solicit for various entities and groups. and most of all we're looking for the remaining $396 million that have never been appropriated to help us replace aging equipment purchased over 10 years ago. i'll certainly be available for any questions. >> and let the record reflect you're prepared to come testify.
3:37 am
sir, you're now recognized for four minutes. >> i'm the commissioner of elections in virginia, and this role i serve as the chief election official for the commonwealth and lead the virginia department of elections. virginia has 133 local election jurisdictions and over five million active registered voters. today, i'm going to focus on the recommendations that are prod provided in there. and reduce the administrate chb workload for elected officials while increasing accountability in our processes. one aspect of these wide ranging efforts has been to strengthen
3:38 am
the security of virginia's voting equipment including the votish machines and electronic when i became commissioner in 2014, approximately 113 of virginia's 133 localities used paperless dres. i'm happy to say that all virginians voted using a paper based system. virginia has twice been put in the unfortunate position of having to decertify voting equipment and transition to new equipment in a condensed time frame based on previously used dres. these steps were not taken lightly. they place a financial and administrative stress on the electoral system. they were however essential to maintain the public's trust. the november election was effectively voted. our didicated voting vendors, the transition administrative stress on the to paper based voting systems was incredibly successful and
3:39 am
significantly increased the security of the election. although it's clearly possible to transition quickly doing so to paper based voting systems is less than ideal. i request you consider the following recommendations, which i believe will make these issues much easier to manage in the future. number one, congress needs to ensure sufficient federal funding is available for states to maintain equipment and secure voting systems. this is critical need and must be addressed immediately if funding is going to be provided in time for the 2018 elections. number two, the u.s. election assistance commission has been ensuring that a set of systems,
3:40 am
and certified test labs are available to states. congress must ensure the eac is continually funded. and certified test labs are number three, congress should ensure the use -- to ensure the use of secure voting equipment in the future, congress should require federal voting certification. this is currently a voluntary process. federal certifications should also be required for electronic poll books, which currently are not subject to any federal guidelines. requiring certifications will ensure there's a baseline across the country for securing our elections. to ensure that the individuals possible for this fundamental american right are equipped with the appropriate skill and knowledge set. elections are an integral function of government, and we still have much more to do in virginia and across the country.
3:41 am
especially with the mid-term especially with the mid-term elections quickly approaching. we're extremely appreciative of the work and assistance to date, the federal government can and should do more to safeguard this most fundamental american right. thank you again for allowing me to join you today. we look forward to continuing to work with congress to ensure sufficient federal resources are available to state and local election officials to continue this important work. >> thank you, sir. and dr. blaze, great to have you here. and having participated and walked through the def con, i saw up close and personal what the hacker community and research community does and the impact they have on public policy. and so thank you for your efforts there, and you're now recognized for four minutes. >> thank you very much, mr.
3:42 am
chairman, the ranking members and all of the members who are here today. as a computer scientist who specializes in the security of large-scale critical systems, i've had an interest in electronic voting technology since it was first introduced at large scale in the united states after the passage of the help america vote act in 2002. i've had an interest in electronic voting technology since it was first introduced at in particular, i led several of the teams commissioned in 2007 by the secretaries of state of california and ohio to evaluate the voting system products used in those states as well as elsewhere in the nation. i also helped organize the def convoting machine hacking village that was held this summer at which these systems were made available really to a larger community for the first time -- for the first time ever. virtually every aspect of our election process from voter registration to ballot creation
3:43 am
to casting ballots and then to counting and reporting election results is today controlled in someway by software. and unfortunately, software is notoriously difficult to secure, especially in large-scale systems such as those used in voting. and the software used in elections is really no exception to this. it's difficult to overstate how vulnerable our voting infrastructure that's in use in many states today is. particularly the compromise by a determined and well funded adversary. for example, in 2007 our teams discovered exploitable vulnerabilities in virtually every voting system component that we examined including back end election management software as well as in particularly dre voting terminals themselves. at this year's def conevent, event, we saw that many of the
3:44 am
weaknesses are not only still present in these systems but can be exploited quickly and easily by nonspecialists who lack access to proprietary information such as source code. these vulnerabilities are serious but ultimately unsurprising. the design of dre systems makes them particularly dependent on the really herculean task dependent on the systems -- this is alarming and unsurprising. worse as we saw in 2016 we largely underestimated the nature of the threat to the extent these systems are intended to even be secure.
3:45 am
that is they're designed against a traditional adversary who wants to cheat in an election and alter the results. there's actually a more serious adversary. a nation-state or state actor who might seek to disrupt an election, cast doubt on the legitimacy of the outcome and cause a threat to our confidence in the legitimacy of our elected officials. i discuss all of these issues in detail in my written testimony. and i offer really three particular recommendations. the first is that paperless dre voting machines should be immediately phased out from u.s. elections in favor of systems such as precinct, scan ballots that leave a direct artifact of voters choices. secondly, statistic risk limiting audits should be used after every election in order to detect software failures in the
3:46 am
back end systems and recover true election results if a problem is found. and then finally, additional resources, infrastructure, and training should be made available to state and local voting officials to help them more effectively defend their systems against increasingly sophisticated adversaries. so thank you very much. >> thank you, sir. ms. hennessy, you're now recognized for four minutes. >> thank you to chairman herd, ranking member kelly, to chairman palmer and ranking member demings for the opportunity to speak to you today. i'm a fellow at the brookings institution focusing on cyber surveillance. i'd like to begin by noting how extraordinary it is that a full year after the last presidential election there's still enduring attention to the issue of election security. this moment really represents a
3:47 am
remarkable opportunity to take long overdue steps in securing federal and state elections. in order to do so, however, we have to carefully -- information operations certainly impact the broader context in which elections occur, but they are distinct problems with distinct solutions. the matter currently before these committees is narrower but no less pernicious. the elections security threat is not limited exclusive ely to changing vote counts. as other experts have testified here today, altering vote tallies is technically possible, however it remains difficult to do so on the scale necessarily to predictably change the outcome on a state wide and national action.
3:48 am
foreign governments which would need to avoid both foreign detection and u.s. alley communities. to do so, a malicious actor needs only to penetrate systems in a manner that introduces uncertainty. this landscape increases the importance of being cautious in how we discuss election security issues to avoid inadvertently undermining confidence ourselves. congressionally driven solutions to account for international and domestic realities. internationally, while most attention has been on russia any number of adversaries possess the capabilities of interest to be of genuine concern. domesticically a strong tradition of federalism, an election administration ensures
3:49 am
that despite clear constitutional authority any proceeds of federal overreach will meet strong resistance of from states on political and policy grounds. i believe congress should adopt the following broad solutions, which are detailed more expensively in my statement for the record. first to development for national strategy for securing elections aimed at protecting systems, deterring bad actors and bolstering public confidence. second, provide resources to states in the form of federal funding, support and best practices. fourth, lead the development of international norms against election interference. finally, congress as our primary elective body must renew and sustain political commitment to the issue of election security and re-establish norms that have
3:50 am
been broken in the way we discuss election integrity elective body must renew and and outcomes. thank you again for the opportunity to address you today. i look forward to taking question on this important national security issue. >> thank you. and to start off our first round of questions, chairman palmer, you're recognized for five minutes. >> thank you, mr. chairman. dr. blaze, what do you think is the biggest takeaway from the def con report? >> i think the biggest takeaway is both alarming and yet unsurprising. and that is that the vulnerabilities that we knew in principle were present are in fact exploitable in practice by nonspecialists. >> here's a question that i'm going to direct to you and some others may want to respond to
3:51 am
it. i'm very concerned about foreign influence on our elections but we particularly in the last year and last few years we've had hundreds if not thousands of reports of domestic voter fraud. whether it's federal registration, manipulation of ballots at the polling place. is that not also a threat to our elections? >> well, certainly, you know, the potential threats to our election are very broad and include everything from the voter registration through the reporting of election results. my concern as a computer scientist and my expertise is focused particularly on the technical vulnerabilities present in the systems as they're designed and built. and really every expert who's
3:52 am
looked at these systems has found that the surface attack of these machines leaves us particularly vulnerable -- >> not just foreign interference but domestic as well, wouldn't you agree? so someone with a political agenda could, if they had the technical expertise, would be as much a threat as a foreign entity. would that be a reasonable conclusion? >> particularly someone interested in disrupting the election or casting doubt on legitimacy where, particularly the dre systems are designed, it's very difficult to disprove that tampering has occurred. and ultimately that's a critical aspect of being able to have confidence in the result. >> one of the things that particularly concerns me is that you can be disconnected from the internet, from wi-fi and still hack a machine because the
3:53 am
potential of parts within the machine, foreign manufactured parts. can you talk briefly about that? >> that's right. the design of dre systems makes their security dependent not just on the software in the systems but the hardware's ability to run that software correctly and to protect against malicious software being loaded. so an unfortunate property of the design of the dre systems is we've basically given them the hardest possible security task. any flaw in a dre machine's software or hardware can become an avenue of attack that potentially can be exploited. and this is very difficult thing to protect. >> ok, we need to go to if we have some electronic components to back it up or paper ballots because your fall-back position is always to open the machine and count the ballots. >> that's right.
3:54 am
the optical scan systems also depend on software, but they have the particular safeguard that there is a paper artifact of the voters true vote that can be used to determine the true election results. paperless dre systems don't have that property, so we're completely at the mercy of the software and hardware. >> as inconvenient as it might seem, for years and years we've relied on paper ballots. it doesn't seem unreasonable that would be a great safeguard. i want to ask secretary shandler and cortez about this. in alabama, it's a mixture of voting machines. do you have that as well? do you have kind of a all over the road map? >> congressman palmer, louisiana is what we call a top-down
3:55 am
system. we control as i indicated in my opening comments, all of our machines, we warehouse our own machines. you know, we do have a tape system of paper behind that that we can audit specifically with three different types of processes. it's never been unproven in a court of law. and the only thing i want to add to def con i want anything from an academic side to look content. let's talk about when you discover, and i'm certain the professor from the university of pennsylvania or mit or anyone if i give them unfettered access to a machine they could figure how to disrupt that machine. in louisiana or most states, the machines are not linked
3:56 am
together. each one has a separate cartridge to itself. i guess the implication is at the point of programming, you could do something to that. i guess that's possible. and i wouldn't argue that point with someone much more learned on that subject than i. but again, in a top-down system, that would mean someone in my office on a computer that is cleaned and scrubbed before an election and after would have to have access to that program and equipment in my office. the other thing that's never mentioned in the hacking of the machine is after you've figured what you're going to do, has anyone ever yet sat down and discussed -- and i'll only give you louisiana. in a roughly 36-hour period after we go into the machine, put a metal clamp like you have on your electrical box at your home with a serial number, figure out they're going to get
3:57 am
into 64 warehouses across our state, go into 10,200 machines undetected under camera. no one saw you. unscrew the back of the panel, do what you're going to do, put the panel back on, and figure out how you're going to put that metal clamp back on. so the point i'm making is that a lot of these things that we talk about are certainly possible. but i would suggest to you the amount of people you'd have to put in play to commit this fraud, you'd be easier to do a stomp speech and convince them to basically do it your way as the legal way. fraud, you'd be easier to do a there are issues that occur from electricity to going to fires at a precinct, i could go on and on, flooding in louisiana and the like. but, you know, one of the things that everybody has to understand is that all of these
3:58 am
conversations around this, all deter voter participation, whether you believe it or not. >> let me just say this, mr. chairman, i appreciate your answer, mr. secretary. couple of things i hope we're sensitive to. one is that we don't want the federal government's involvement in this to infringe upon the state's authority to conduct elections. and we other we don't want interfere in giving due diligence. i yield back. >> i want to ask about your elections. and we other we don't want agency's efforts, dhs, to identify states about 21 states on russian attacks on their systems. ranking member cummings and i sent a letter requesting copies of the notifications you sent to 21 states that were attacked
3:59 am
before the last elections. and mr. chairman, i asked in unanimous consent this letter be part of the official record of today's hearing. >> so ordered. >> and i quote we ask for documents hacked by russian based systems. earlier this week, the republican committee staff made crystal clear to dhs we wanted these documents before today's hearings so we could ask informed questions. dhs ensured us they would respond. instead late in the day yesterday dhs sent us only an e-mail with a short script that dhs employees apparently read over the phone to state and election officials. i'm only asking where the documents that we requested. >> ma'am, i'm aware of the script that was provided. a lot of those notifications were over the phone. they were not by e-mail.
4:00 am
as to the rest of the documents, if you'll permit me to go back, and i commit to you we will have a more fulsome answer for you. but as to the specifics of each document, i would have to go back and check on that. >> okay, i'm counting on you to deliver because the telephone script is literally on 13 sentences long. it does not refer to any specific state or any specific attack. it's just a generic script that provides no additional information at all. and just curious about where all the supporting documents that we requested that set forth the details of the attacks. and with all due respect the telephone script does not help us do our job, which will help you in turn. you have not provided us with any information about the tools the attackers used or their tactics that they utilized or any information on the results of your conversations with these states or the steps you took to follow up. so it's been more than a month since we
4:01 am
asked for those documents, and the majority wants those documents also. can you tell us what the hold up is? >> ma'am, i'm not aware of any particular hold up. what i will say is the nature of the conversations we've had over the last, frankly, year with the states. and i've had a number of conversations with secretary shedler. by team has regular conversations with commissioner cortez and a range of other state election officials. when you characterize these things as attacks, i think that is perhaps overstating what may have happened in the 21 states as was mentioned over the course of the summer. the majority of the activity was simple scanning. scanning happens all the time. it's happening right now to a number of probably your websites. scanning is regular activity across the web. i would not characterize that as an attack. it is a preparatory step. in terms of those scripts, there are two scripts. one script was provided to states that wanted additional information if they were include
4:02 am
in that batch of 21. and the other script was for those states that were not in that batch of 21. so if that context was not provided, i apologize, and i'm happy to follow up and make sure that you get the information you're looking for. 00:47:52 >> okay. and i just want to make sure the chairman is willing to work with me today by directing dhs to provide all it documents actually within one week. and i hope we can work together to get these documents as soon as possible. hopefully, in one week because this hearing is supposed to be about social security, of voting machinand our investigation should be bipartisan. yet dhs is withholding the very documents that would help us on both sides of the aisle, help our committee understand exactly how our state election systems were attacked by the russians. so i look forward to your cooperation in working with my chairman. i yield back. >> would you yield to me? >> of course. >> mr. krebs, was there anything
4:03 am
other than scanning done at those locations? >> there was a very small subset of those groups there was a compromise on the voter registration side but not within the tallying. and there was a small group also that had some targeting. so we actually whittled it down. when we talk about that scanning, it was also necessarily an election system that was scanned. that's an additional context we provided to our partners in the state election offices. what we saw in a lot of those cases was frankly drive-bys. you think about walking down the street and you're looking for a house, you knock on the door and you don't know what's there. you may be walking to a neighbors house looking for a key. apologize for the mundane analogy. but as secretary shedler pointed out
4:04 am
there are significant protections involved. >> so you'll be able to provide us details who was in addition to scanning and what the nature of that contact was? >> in terms of the states that were targeted, that's a difficult conversation because the information is provided to us based on trust. we just like all other relationships with the critical infrastructure community, the fact we don't have statutory to compel, we are engaged in -- if i turb around and share information tom provided with me outside of that scope of confidential relationship, tom will never share with me. this is going to jump out in this relationship, and the entire mission is a voluntary mission. that entire mission will be jeopardized if we divulge confidential information. so happy to provide information on those 21 states,
4:05 am
but in terms of those 21 states, i will help you to reach back to your states. miami, you mentioned that your state may have been one. i will help you facilitate that conversation. but today while we're sitting here, i also encourage you to ask my counter parts here from the states. >> mr. kyungen, you're now recognized for five minutes. >> thank you, mr. chairman. i want to go back to this def con article. every piece was effectively breached in some manner. and it says in the def conreport the results were, quote, by the end of the confidential every piece of equipment in the voting village was effectively breached in some manner. participants with limited knowledge and tools were able to undermine the integrity of these systems. back just a
4:06 am
few months ago when they had the worldwide cyberattacks, i don't often quite liberal mag sbreensazines in here, but the editor of the american prospect magazine wrote this. this was written in the huffington post. he said last week's cyber attack to produce the wrong lessons. the immediate take away seems to be that large institutions need much better cybersecurity systems, but there's a much better solution that can't withstand the catastrophic risk of malicious hacking should just go off-line. hackers will always be able to find ways of getting into network systems. the fantasy of ever better cybersecurity is delusional. we could spend half the gdp on network security and someone will still find a way to breach it. i know that we have everyone
4:07 am
to this country to the computers and ipads and so forth, but i toll tell you that cybersecurity is a multibillion dollar hoax. and we're going to spend untold billions trying to come these systems as mr. cutner says is a fantasy. and i think the solution should be that we should go to the canadian system. i read several years ago that they had much smaller precincts used on the average of 500 people per precinct. and they use paper ballots. and i know that's old-fashioned, but i think we're headed down the wrong path here. it's a path that i'm sure we're going to go on. but i think that i agree
4:08 am
with mr. cutner and also the findings of this def con report. anybody want to say anything? >> i'll just say louisiana's not one of the 28 states -- 21 states, excuse me. so you can scratch one off. >> all right. well, i yield back, mr. chairman. >> rank member demings, you're now recognized for five minutes. >> thank you so much, mr. chairman. as we continue this discussion today i cannot help but think about my own parents. my mother was a maid and my father was a janitor. they didn't have a lot that other people had, but they did have their votes. and i cannot remember an election growing up where they did not cast that vote. they believed that it mattered. and i would hope that every witness here today and every member of our subcommittees that regardless of if you were a billionaire or a
4:09 am
maid or a janitor, that we would all work to protect the integrity of our voting system nat greatest country the world. so dr. blaze, i want to go back to the defcon report that we've talked quite a bit about today. i certainly listened to some of the comments my colleague mr. duncan made about how the systems were breached. but could you please talk a little bit more about the equipment that was used to breach the systems. was it sophisticated equipment or not, and what kind of prior knowledge did the breachers have, if any at all? >> i would like to point out first of all that the defcon voting village was not intended to be a formal security assessment. it was an informal opportunity for people from a broader community really for the first time to get access to actual voting equipment. we got five different models of voting
4:10 am
machine and electronic poll book. we made available the reports that had been published about these equipments in some cases. and that was it. we opened the doors at -- on friday afternoon, and people came in and any tools and equipment that they brought to that, they were -- they had to bring in themselves. there was no access to any proprietary information; no computer source code was available, just the equipment and electricity. >> and i know some or many have criticized or questioned the vulnerability or ability to hack the systems because of the decentralized nature of the machines. do you agree that the decentralized nature of our elections protects us from
4:11 am
disruptions or not so much? >> it's a double-edged sword. the fact that we have highly heterogeneous systems that are decentralized in their administration makes it difficult for somebody to do a single thing that will affect us on a national scale. and that is, in fact, an important safeguard. but it cuts both ways. there is, in fact, only a relatively limited number of different models of voting equipment used in the united states, and an adversary, particularly a foreign state actor interested in disrupting our election process, has the luxury of being able to pick the weakest systems. and need only find the most poorly administered and the most vulnerable systems to do sufficient damage to suit their needs. so while it may make us more secure against somebody
4:12 am
with one-stop shopping, disrupting a national election, it actually increases our vulnerability to some disruption happening, perhaps sufficient disruption that we don't have confidence in the outcome. >> we've heard a lot about the need for an audit. what type of audit do you believe would have to be performed on a paperless voting machine to verify the vote counts or verify that the vote counts had not been altered? >> paperless voting machines essentially are voting computers that are completely dependent on the software that was running on them at the time of the election. there is no fully reliable way to audit these kinds of systems. we may get lucky and detect some forensic evidence, but ultimately the design of these systems precludes our ability to do a conclusive audit of the voter's true intent. that's why the
4:13 am
paperless systems really need to be phased out in favor of things like optical scan paper ballots that are counted at the precinct but backed by an artifact of the voter's true intent. >> thank you, dr. blaze. with that, i yield back. >> mr. mitchell, you are recognized for five minutes. >> thank you, mr. chairman. mr. krebs, could you help me with one thing. on june 21st, secretary johnson -- this is a quote -- appeared before the house select committee on intelligence. he said, to my current knowledge the russian did not alter ballots, ballot counts or reporting of election results. has anything changed since that point in time that you are aware of? >> not to my knowledge, no, sir. >> we've received no information that the election results either at the federal level or the
4:14 am
states you looked at were altered in terms of counts or outcomes? >> no, sir, i don't have any additional or contrary information. >> do you have any indication that any actor, be it a foreign agency or domestic, actually attempted to influence the vote counts or ballot activity? >> i believe that's a different question. >> it is slightly. correct. >> my understanding, the intelligence assessment is that the foreign adversary -- if i can back up. you said june. june of 2016? >> 2017. >> june 21st, 2017. >> former secretary johnson. >> yes. >> since then, any opportunity to influence >> -- is that your question? >> question is did you find any indication that there was an effort by domestic or foreign influence to affect the ballot results since that point in time? >> no, sir. >> thank you. let me ask the group as a whole. i think the consensus is that the integrity of our elections is a national infrastructure issue. anybody disagree about that? it's every
4:15 am
bit as important as our roads, ports, waterways, yet we don't investn federal money or federal standards on that. anybody opposed to the idea that we invest to support that program with some kind of guidelines and states can choose as to whether they can participate or not? >> i think best practices would be a better word to use. i think the states as a whole, and i speak in a nonpartisan fashion, would be adamantly against the intrusion of the federal government -- >> i agree. >> it's in the constitution. but certainly best practices. i think there are a lot of evidence of that with some of the entities that are out there today. we welcome additional ones, certainly -- >> let me clarify, secretary. i wasn't suggesting that we impose a system on the states. simply a grant program with a range of options -- >> usually grant programs have strings attached.
4:16 am
>> it says, if you want to update your equipment that meets standards of security you can choose to or not. >> we can accept whatever strings come with it and you can turn it down, i have no problem. >> any feedback on that, commissioner? >> i think resources for states to either purchase equipment or for those that have already moved to equipment to do other things to strengthen security of the election, whether electronic poll votes or other things would be something we greatly support. >> we do that for our highways, ports, but yet we expect magically the elections happen with local resources without support. mr. duncan talked about would we not be better off with paper ballots. feedback on simply going to a paper system or paper dependent system. >> you are referring to a paper
4:17 am
system at the poll location, not a mail paper ballot. >> correct. >> correct. >> i am not opposed to that. the system that we are looking at would be one that would produce, even though you vote on electronic machine it would produce an actual paper ballot that you could hold in your hand and cast ballot only at that point when you put it into a secure box. >> dr. blaze makes the point that, if you produce a paper result after you put it in the machine -- >> we have currently at least in the machines i use, a paper -- i don't want to call it a cash register receipt but for purposes of this meeting, that we can produce an audit back. there are several audits, even though i don't have a paper ballot of mr. mitchell, i can certainly use that in a court of law and we have been very effective with that. one thing i want to mention. in this whole
4:18 am
conversation, the segregation of the vulnerability side of the registration or poll book versus voting day. no state, no state, votes online in cyber space. >> i know that. >> how do you attack something in cyber space that's not in cyber space? one or two exceptions. alabama with military voting. alaska in some remote other states but a minimum amount of votes. >> i understand. i think dr. blaze's suggestion of an optical scan that you have the original source document that says voter 028 voted this way. question -- you all are aware of what happened in the michigan, in terms of federal election, 60% of the precincts in detroit weren't -- they couldn't do a recount because the numbers didn't match.
4:19 am
>> no, sir, i am not aware. >> there were more voters that voted -- admittedly 728 or less. more votes counted than there were voters and 328 were listed as voting but the ballots didn't know. 60% of the votes in the city of detroit were not auditable. the point is you couldn't do a recount. i think something we need to encourage states to do is have an audit system where we raise the issues of why the disparities and how to prevent them. if in fact we need to do a recount, it was not possible to do it in the city and other jurisdictions. i submit for the record from detroit which was a paper scanned system. they still managed to lose enough votes that they couldn't recount. >> i brought that out in my comments. even with a paper system you still have to have good protocols. it's not foolproof. >> agreed. thank you. i yield back. >> distinguished gentleman from
4:20 am
the state of missouri, you are recognized for five minutes. >> thank you, mr. chairman. i want to thank the witnesses for your testimony today. last june the vice chair of the presidential advisory commission on election integrity, kris kobach, made a request of directors to transmit to the white house the confidential voting information history of all americans living in their state and he directed the state elections officials to provide the sensitive data to a government e-mail address with no apparent means of securing that data. dr. blaze, please explain the data security issues with transmitting sensitive voter data over e-mail. >> well, i -- i am not familiar with the precise nature of the request. but as you have
4:21 am
described it, certainly sending that kind of information over an ordinary unencrypted e-mail system would be fraught with many security and privacy issues. >> if confidential voter data were revealed due to insecure transmission, could that provide means to infiltrate state election systems? >> yes. that sort of information could potentially be quite valuable to an adversary interested in targeting particular polling places or individuals or areas. so information about historical voting patterns and about individual registered voters can be quite sensitive. >> i see. i understand your states did not comply with mr. cothe question.
4:22 am
>> we had significant concerns related to the sweeping nature of the request and we spend a lot of effort and a lot of resources protecting our voter'' data in virginia, so to take that and turn it over to a commission with no sense of what it was going to be utilized for, how it was going to be stored and maintained, raised significant concerns for us so we declined to provide anything whatsoever. >> thank you for that. mr. schedler. >> we likewise refused that. i want to clarify something that's been lost in the debate and why kris kobach did not clarify his position. if you look at the original request he truly didn't ask for that. what he asked for was what was available publicly under state law. after that
4:23 am
instead of putting a period he went on with social security and other numbers -- why he did that, i don't know. it caused me a lot of heartburn in my state with hundreds of thousands of e-mails and facebook posts and the like. so, to answer your question, no, i did not supply that to him. i told him for $5,000 and a credit card we would be glad to supply the public information data that you could get on anyone from google, quite frankly, more information. but you're correct. putting that out in the fashion it was -- but i do want to say this. it wasn't just the trump administration that asked for that. i was posed with that under three defiances to a federal judge to produce that under president obama's administration through the department of justice, in a lawsuit from several entities. i refused president obama and i refused president trump. so i am consistent. >> let me ask you. that brings me to another question for you
4:24 am
and mr. cortes. are you aware of any cases of voter impersonation in your state? mr. cortes? you can take it first. >> congressman. i am not aware of instances of voter impersonation in virginia. >> no pending cases or anything like that. >> not that we are aware of. >> we wouldn't in louisiana. we have some issues. put it this way. if we had one it's never been prosecuted or able to be proven. >> don't you think it's a little difficult to get enough voters to show up, let alone someone showing up and impersonating someone else? >> i think the real issue is -- and we separate the distinctions in the election system. the registration side or list maintenance. some states do a better job than others. i know
4:25 am
our current president has alluded to three to five million voters. what he is referring to is three to five million potential voters on registration lists. the voter fraud would be one of the individuals who shouldn't be on there showing up at the poll and voting. it may be that. it may be more. it may be less. but i -- >> you and i know people have the same names. >> yes, sir. yes, sir. >> that shouldn't disqualify them from being a qualified registered voter. >> we need information like mother's maiden name, date of birth so we can distinguish the differences. in louisiana we distinguish them by birthday or mother's maiden name. >> i thank you for your engagement. my time is up. i yield back. >> point of clarification. you did have reports of illegal voting in both your states. in virginia you had over 1800 illegals that apparently were
4:26 am
reported voting. is that correct, mr. -- commissioner cortes? >> mr. chairman, i asked about voter impersonation, someone else showing up and saying that they are someone other than who they are. >> thank you. >> and you know that's what the vote -- the photo i.d. laws are all about. >> right. >> congressman, i believe you asked about our reports regarding illegal voters. we don't agree with neither the findings of the report or, frankly, how the analysis was done. there are a lot of problems in that that we have indicated publicly. in terms of proving our -- identifying individuals that are citizens or not on the voter rolls is exceptionally difficult. the processes we have in place in virginia i think capture and prevent anybody from voting
4:27 am
illegally or improperly, and so the report you are referring to, i think, was very faulty in its analysis and took information and made sweeping, general statements without taking into account the reality, despite our best efforts to communicate with the report authors about it. >> thank you. >> in louisiana it's either herbert or herbert. i understand the problem you have there. the chair recognizes mr. desaulnier. >> i both agree with you. but maybe we have a small difference of opinion. the importance of the integrity of the voting process is supreme for all of us sitting in this room, but raising legitimate concerns about the integrity of that, making sure that we are pursuing best practices in a world that's changing dramatically, i think,
4:28 am
is what we are all concerned with. so, in that regard, i am hearing two sorts of versions of things here from the panel. and miss hennessey, in your research, i have -- i have a quote from michael vickers, who used to be the pentagon's top intelligence official who says this attack is the equivalent of 9/11. it's deadly, deadly serious, to the attacks we've seen in the united states in my view but also western democracy. this goes to undermining democracy. so we want to make sure, i would think, in congress that we are doing everything to make sure that we are ahead of it and questioning our existing system. so you made a number of suggestions. first off, is there any doubt in your research that these hacks are attributable to russia, the significant hacks? >> certainly the intelligence community -- >> hit your button.
4:29 am
>> the intelligence community assessment of the 2016 election assesses that with high confidence. that is supported by a large body of public data, and there is no public information that would counter or refute that conclusion. >> so, keeping in mind that we are talking about, in this hearing, the title is cybersecurity of voting machines and we've got lots of other activity going out there that hopefully we'll discuss further in congress, vis-a-vis the things we are learning about social media and data collection, but for this purpose, are we ahead of the game in your research? i read where the french and other western democracies are being much more aggressive, not knowing what their infrastructure is, but from your research is the united states doing everything we can, compared to other international democracies who are aware of the problem? >> i think the short answer is no. there are two categories in which we can think about the u.s.'s response. what we have been talking to today can be categorized as deterrence by denial. setting security standards that make it difficult or impossible for the
4:30 am
adversaries to achieve their goals. they've articulated the insufficiency of the u.s. on that front, the more needing to be done in terms of federal resourcing and at the state level. there is also a broader concept of deterrence. deterrence through setting international norms, response options. we are also not seeing sufficient buy-in, frankly, from the top at this point to push those efforts forward in order to get the international community both to agree on the seriousness of what occurred and also to impose measures, including those passed by congress, to ensure that it doesn't happen again. >> appreciate that. mr. krebs, in that sort of vein, your response to miss kelly is -- seems somewhere in between. we know the uniqueness of the relationship as you have described it between states' rights and the ability for them not to feel like we're imposing on them. however, you have also talked about best practices. and it would strike me that you are
4:31 am
in a position to be able to acquire those best practices, particularly in conversation with the intelligence community. miss kelly asked you if you would give us those documents. it seems like you are equivo kaiting. you said, in order to have a relationship with the states, it's based on trust. but forgive me for inferring from that there is a lack of trust in giving those documents to congress. in a federal election is strikes me that congress and the federal government has a requirement to make sure that we are pursuing best practices, in partnership with the states, not overruling them, but if congress asks for documents, including the minority party, strikes me that you should give that to us, the whole committee, without edits and without comments. >> sir, if i may, i would like to clarify to the ranking member. the information -- >> ma'am. the information that i would provide, no question, best practices. got them right here. best practices are just fine to share. what we're talking about
4:32 am
is the -- is the trusted information that is shared on a nature of what may have been a scan or a compromise. that's the information. we have no question of the oversight interests of the committee. absolutely no question there. the balance we have is the optional mission of the department in partnership with the state and local partners in that -- again, that overarching cybersecurity mission of the department in working with our partners in a voluntary basis. >> i'll take that as we'll receive the documents soon. thank you. >> yes, sir. >> thank you, mr. chairman. >> mr. kurdishrishnamoorthi. thank you for convening today's important hearing. the sanctity and security of our election systems are the bed rock of our republic. the american people need to know, not just believe but they need to know for certain that their votes are counted fairly. my home state of illinois was one of 21 states that the department of homeland
4:33 am
security informed us was targeted by hackers in june of 2016. the nsa reported that personal files for over 90,000 illinois voters were illegally downloaded by russian hackers. mr. krebs, do you have any reason to dispute the nsa's findings that russian affiliated entities were behind the recent election data breaches? >> i am unfortunately not able to comment on that specific disclosure. i unfortunately would have to defer to the nsa. >> do you have reason to believe that they are incorrect about that? >> i am not certain of the nature of the report you are discussing. i unfortunately would have to, again, defer to the nsa. to comments specifically on the details -- >> you defer to the nsa because they are expert in this particular matter and they have the intelligence and the ability to ascertain whether these data breaches occurred and who was
4:34 am
the source of these data breaches, correct? >> again, i would defer to the nsa on any discussion here. >> sure. while the implications -- you are correct to defer to them. while the implication of russia's attack on one of our election systems are concerning what i find even more disturbing is that it was part of a broader international campaign to undermine western democracies. such as the 2017 elections in france and germany as well as recent elections in the uk and other nato countries. now, mr. krebs, again, i would like to ask you a follow-up question. can you assure me that dhs is working with our allies and the broader international community, the intelligence community, to develop a coordinated response to these incursions? >> sir, what i can speak to is the nature of the department of homeland security's engagements with our international partners immediately before the french
4:35 am
election we reached out to the french sert, the computer emergency response team. my responsibilities are two things. information sharing and technical support on a voluntary basis. information sharing with the state and locals and nfcinformation sharing with the french cert. as far as pushing back or a broader situation, i would defer on that. >> earlier this month the president said he took vladimir putin at his word that he did not interfere and russia did not interfere in the 2016 election. quote-unquote, he said, every time he sees me, he says, i didn't do that. and i believe i really believe that when he tells me that, he means it. quote-unquote. mr. krebs, just a few minutes ago you couldn't point to any reason or dispute, you have no reason to believe
4:36 am
that the nsa's conclusions with regard to russian hacking were inaccurate or incorrect, you defer to the nsa's conclusions. do you -- are you saying that the president is somehow wrong to take putin at his word as opposed to deferring to the nsa's conclusions on this particular topic? >> i would like to clarify one thing real quick. i have said all along that i agree with the intelligence community's assessment that the russians attempted to interfere with our elections. >> good. >> what you spoke about earlier was some report attributed to the nsa about a specific state. that is what i deferred to the nsa on. i am not able to comment on that. i am focused on information sharing, technical assistance and support to the state and locals. we are in a state role. >> you answer the question
4:37 am
correctly, in my view, which is that you agree that the russians did interfere in our 2016 election, or you at least agree with the intelligence community which knows what it's talking about that the russians did interfere in our 2016 election. so are you saying that the president is wrong to disagree with that conclusion and instead take the word of vladimir putin that russia did not interfere in our elections? >> no, sir. i said i agree with the assessment of the intelligence community on what happened in 2016. >> okay. do you agree with the president that, in his assessment, that vladimir putin did not actually interfere in our election? >> sir, i was not privy to that conversation. look. i am focused on helping the state and local governments for next year. every one of us recognized that there is a threat, whether it's from russia, china, north korea or iran. >> you are not answering the question, sir. >> yes, sir.
4:38 am
>> you don't have to be privy to the question. you don't have to be privy to the conversation to be able to answer the question. do you agree with his assessment that russia did not interfere in our elections? >> sir, i -- again, i will point back to last year's intelligence assessment. >> i will take that as a non-answer. >> chair notes the presence of our colleague, the gentleman woman from hawaii, miss gabbard. i asked unanimous consent that she be allowed to participate in today's hearing, without objection. >> so ordered. it's a pleasure to recognize my friend, the gentleman woman from the great state of hawaii, for questions. >> i thank the chairman and ranking member kelly for holding this hearing and thank the witnesses for sharing your expertise here. i think the topics boil down to the immediate task at hand, which is seeing what actions can and
4:39 am
should be taken to make sure that our elections are protected. for our democracy to work, the american people need to have faith and trust in our elections infrastructure and that the votes that they cast will actually be counted. and this is why making sure that our elections infrastructure is impenetrable is essential. that's the task before us here in congress and before our elections officials. mr. cortes, i would love to hear your insights regarding virginia's decision to switch from direct recording electronic voting machines to paper ballots. what were any obstacles that you found in implementing that change, and did you see voter confidence rise once the change was made? >> congresswoman in terms of the switch to paper, i think the biggest obstacle that we faced was timing, proximity to the election. we have statewide elections in virginia every
4:40 am
year, so we always have very little time to implement changes. i think in this particular round of de-certification. subsequent to the defcon reporting that came out the biggest challenges we faced were getting equipment to our state i.t. agency for them to test and provide us with their assessment. when it came down to the final decision about what to do with the equipment, our biggest consideration was if we had an issue -- if there were some issue reported on election day would we have the confidence to tell our voters that the results from the machines were accurate and that we could confirm that. i think ultimately we determined in consultation with our wonderful staff at the state i.t. agency and their assessment that we wouldn't be in a position to do that with the equipment we were using. without the independent verification, the paper ballot, there would be no way for us to do that. i think that ultimately was the moment where, you know,
4:41 am
decertification moved forward and we decided to have paper ballots statewide for this past november. our local election officials had less than 60 days before the election. frankly, less than two weeks before the start of absentee voting to deploy new equipment. they did a phenomenal job, using exceptionally limited resources that they have and working with not only in partnership with us but also in terms of the voting system vendors to get equipment deployed, get ballots printed, do training, do voter education, all within that window. they pulled it off successfully. and so it, you know, give a lot of credit to our local election officials across the state for being able to do that. >> thank you. miss hennessey, i just came in here the last part of your previous statement about making sure that -- i think you used the word impossible. making it so that our elections infrastructure is impossible to hack. noting the defcon report
4:42 am
that came out and the fact that it states, by the end of defcon conference every paperless electronic voting machine was effectively breached in some manner, would the implementation of voting machines across the country with some form of an auditable paper record create that impossibility? >> to clarify, i was referring to impossible to hack as a goal of sort of the deterrence by denial model. i don't know that that's achievable, though we shouldn't make perfect the enemy of the good. there is a vast improvement that can be made. certainly we should want to move to a place in which systems are both auditable and also audited. not just to think about how to ensure that a built-in resiliency model so in the event that there is some form of compromise, some reason to doubt the outcomes, that we actually
4:43 am
have a system in place to verify it and restore voter confidence. >> a backup. >> right. and then also that we actually periodically undertake those checks, right, an auditable system is effectively meaningless if we don't actually undertake the audit. >> this is such an important point, and i think mr. cortes your testimony is critical to this. in answering the question of how do we ensure with confidence that you can answer your voters saying that the election results are accurate. i am working on legislation that will essentially ensure that whatever the systems the states choose to use in their elections, obviously that is the freedom of the states to do that, that there be some form of backup in place, a paper voter verified backup to ensure exactly that question and that we can all answer with confidence to voters that the election results are as a result of the votes that they cast. so i thank you all for being here today. thank you, mr. chairman.
4:44 am
>> going to now recognize myself for some time. first off, dr. blaze, correct me if i'm wrong, i think we may have set a record here today for the number of times defcon has been said in a positive way. so all my harkcker buddies will be happy about that. in dr. blaze and miss hennessey's statements, they have talked about what i would characterize as old-school ballot stuffing, as one threat. but what a nation-state actor or an intelligence service would try to do, discredit an election is another threat. and mr. -- secretary schedler, the first question is to you as the
4:45 am
secretary of state for louisiana. it's hard to manipulate the votes in an election in your state. is that correct? commissioner cortes, would you agree? not for louisiana but virginia. >> yes, mr. chairman. >> and dr. blaze, and miss hennessey, is it still hard to stuff the ballot electronically in many of these states? >> i think it's very difficult. i think the difficulty that we have is that it's very difficult to prove that it hasn't happened. >> sure. sure. it's a trust issue. but when it comes to physically because of the decentralization, because many of the vote tabulation machines are not connected to the internet, are not connected to one another, because of the physical security precautions taken around the physical machines that secretary schedler talked about and many of the best practices that mr. krebs
4:46 am
and his organization have promoted, it makes it hard. but the use case that i am worried about is the credibility of our elections. and not being able to prove something is one of those things. and for our two secretaries of states would you agree that undermining of trust in our elections is a bad thing and something we should try to fight against? mr. schedler first? >> i would absolutely agree. [inaudible] >> microphone please, sir. >> in all due respect, i mean, what has happened -- and i think any secretary of state that would address you in all honesty is, is since the last presidential election and all the rhetoric and all the committee reports and all of the things that are going around this, if you don't think that has had a tremendously negative feeling to voters, we see it. i just got out of an election for
4:47 am
the mayor of new orleans, open seat, that the -- had a 32% voter turnout no orleans pa risch and we had a statewide election for state treasurer. overall turnout, 12%. that's absurd in this country. i am not going to sit here. one of my most frequently asked questions is why, secretary schedler. i could give you a litany of ten or 15 things. one of them i know you all wouldn't want to hear. but for certain, the rhetoric that has gone around from this past election has tremendously deterred voter confidence. and it's a balancing act for a guy like me and -- well, mr. cortes because we are up here trying to defend the integrity of a system. >> for sure. >> and yet it's being torn down as i speak. >> right. that's one of the
4:48 am
reasons to have this hearing. >> yes, sir. i am respectful of that. >> to get smart folks in a dispassionate way talking about the realities and then how can we identify certain things that we can do together in a way to ensure that that trust is there so that we get more than 12%. now, i would also say that a -- i was at a panel in south by southwest with a bunch of youtube stars, and i didn't know any of them, but when you added all their fans together, it was almost a billion. the woman who does digital -- digital stuff for the rock said, if a movie performs poorly at the box office, do you blame movie goers or the movie? and i think in this case a lot of times we want to blame -- we want to blame voters when we're not providing the voters something for them to
4:49 am
come out and purchase by pulling a lever. so that is an aside. mr. cortes, was there any funny business in your elections in virginia a couple of weeks ago? >> mr. chairman, i think we had a -- >> that's a technical term, too, by the way, funny business. >> i believe we had a very successful election in virginia a couple of weeks ago. we actually -- i am sorry to hear that you all had a lower turnout in your statewide. we had record turnout in our statewide race for governor, lieutenant governor, attorney general as well as the house of delegates. it was a very successful -- we did not receive any complaints related to voting equipment, which was a first in the time that i have been there. we had a very successful day across the commonwealth, very few issues. you always get the occasional place where they have delivered equipment to the wrong place and they may open a couple of minutes late, but we had no
4:50 am
major systemic issues that took place. >> touche. to virginia. mr. krebs, some specific questions. how many cyber hygiene services over the internet for internet-facing systems can your organization do in a calendar year? i realize that's a difficult -- you can ballpark it for us. >> that's tough because, frankly, engineering-wise it's -- i don't want to say infinity, but it's, frankly, it's very, very scaleable. >> so you are not concerned about the over 10,000 voting jurisdictions requesting that particular service that you feel like you will be able to meet the need -- >> no, sir. i think the challenge would be intake, signing up the legal agreement side, deploying. >> how many risk and vulnerability assessments can you do in a calendar year? >> that is a different question. risk a vulnerability assessments are time and manpower limited. in terms of the number on a
4:51 am
given year, it would be -- let me put it this way. to do one risk and vulnerability assessment it takes two weeks. a week on site and a week report drafting. what we are doing in the meantime -- >> you have about 130 people who are able to do this function? >> i would get back to you on the specific numbers on the teams, but we are man power limited there. the reason for that, and you just made my job a little bit harder with the mgt act. but this all comes out of the same pile of assessments as federal i.t., the high value assets. so if we're going to do modernization activities, congratulations, but that's going to make my job a little bit tougher. that's also the critical infrastructure community. what that designation did for the election sub sector is allowed me to reprioritize. i am now able to put requests up at the top of the list. we completed an rva last week. i
4:52 am
reviewed the product this week earlier and it's an impressive domestic document. i'd like to do more. we'll continue to prioritize upon requests. these are voluntary products but keeping in mind that a number of states have their own resources or private sector resources. we are not looking to serve for every single state, but we are looking to re-prioritize to address. >> the next question is for secretary schedler, commissioner cortes and mr. krebs and maybe secretary schedler, you take the first swing at this. and this is probably better -- this question -- i am asking you this as your former hat at nass. and what role exactly does nist and the hava standards board play? mr. krebs, if you are more appropriate to answer that question, you know, i'll leave
4:53 am
it up to you all. >> it certainly assists us in certification issues and some of the outlier issues that we have, but i think it's more the collective whole of nass, whether it be with the election commission, nist or any of us. we collaboratively all work together, we share information through our executive director miss reynolds here in washington. i think it's a good thing. i wouldn't want to necessarily disband that. but i think it's more looking at it as a collective whole, and our new partners in homeland security. i alluded that we were very much against critical infrastructure. we are in it. we are in a cooperative spirit, we are trying to get our security clearances done at this time and we're going to continue that. >> secretary, am i hearing dhs is not trying to take over? >> i don't think so. not yet. i'll give you a call.
4:54 am
>> how is -- please do. please do. how -- are folks comfortable with the security clearance process? >> yes. >> i know we are trying to get every secretary of state and i believe two additional folks -- >> yes. >> -- and your indication is that folks are happy with that process and how it's going. >> yes. we are. that's the first good step that we can share some information. >> commissioner cortes, do you have any information to disagree with that? >> mr. chairman, i think, from our perspective in virginia, having had a statewide election, we had an opportunity to work very closely with dhs throughout the year, preparation for that, and really figuring out how to leverage the federal resource offerings along with what our state i.t. agency provides as well as our -- the virginia national guard. and so we have worked very collaboratively with them. i think the creation of the coordinating council, i think will be exceptionally helpful going forward. when it comes to eac and nist, eac's role in this has been -- hasn't been as highlighted as i think
4:55 am
it should be. i think they've been critical in opening up the dialogue between dhs and the elections community as well as facilitating a lot of the meetings and interactions that have taken place. so they have been exceptionally helpful there. when it comes to nist, i think for us and i think going forward, you know, what we need to look at is the nist cybersecurity framework is something that our state i.t. standards are premised on and that we utilize for our voting equipment security and electronic poll book security. those standards being there are very helpful to us and provides a level of expertise and things to look for and test against that we would not, you know, with our state resources, be able to recreate on our own. so everybody has been exceptionally helpful. >> that is very helpful feedback. mr. krebs, kudos to you for your leadership in that
4:56 am
process. and maybe to anybody at this panel, why does eac have $300 million in unspent funds? anybody have any -- none of you all sit at eac? would anybody like to offer -- >> they must have some of the hava dollars that we need. >> that's what we are trying to get at, is there an opportunity there to reprogram some of those funds to help some of the municipalities that need to upgrade some of their systems. >> yes, sir. that was a tongue in cheek comment. i am on their advisory commission. i truly don't know. >> can you hit the button. >> yes, sir. i do not know what that balance is. i mean, i just -- certainly something to look at. i think we've got to look at any and all avenues of funding because we do need assistance in the state. i can assure you. just like federal government, states are in budgetary issues. i know certainly louisiana is and at this critical point of
4:57 am
trying to replace equipment because of some of the subject matter we're talking about here, we are scrambling to find a way to do that. i am getting ready to go out on rfp. >> mr. krebs, comments? >> i think what we're talking about now and i wish matt masterton, chairman of the eac was here. he is iowa i think doing training. eac has been a critical partner. when dhs got into this game last year, it was before my time, it was a brave new world. didn't have relationships. eac was critical in bridging the gap and developing relationships with louisiana, virginia and the rest of the states. what i -- nist is also a partner. i think dr. blaze would agree that nist is probably reputationally unmatched in terms of cybersecurity, cryp tography excellence. then on the information sharing piece, one
4:58 am
last thing. i want to touch on the classified and the clearances piece. clearances, as has been pointed out, clearances in the sharing of classified information is important. we are, in the meantime, focusing on that declassification effort. it is critically important that we speed up that process to get it out. tear lines, all that good stuff. in the meantime, when something truly sensitive comes in and someone doesn't have the clearance but needs to see a piece of information. i have the capability to authorize one day read-ins. we have a suite of tools and services and capabilities to make sure the partners have the information they need. >> that's why dhs is the belly button or information sharing with municipalities and the private sector. i believe you are the only organization that can truly achieve need to share versus need to know and continuing down that line is important. dr. blaze, when it
4:59 am
comes to the kinds of systems, the actual vote tabulation machines and you have talked a lot about the scan, you know, version, are -- are -- one of the concerns i have about some of the legislation that's being discussed is talking specifically about a type of machine versus an outcome. and is it fair to say that, based on your research and your activity, that you are saying there needs to be an artifact that can be checked in the case that a system is -- is suspected of compromise? >> that's correct. the two important properties are, first, that there be a paper actrtifact of the voter. optical stan optical scan is an example. that's probably the state of the art technology right now. secondly, we have a mechanism for detecting compromise of the software that tabulates votes. and that's the risk limiting
5:00 am
audit feature. put together those achieve or approach what we call strong software independence, which means that, even if the software is compromised we still can learn the true outcome of the election. , thanks foruestion the indulgence is slightly outside of the bounds of the topic today. as we talk about the importance of protecting our voting systems and trying to fight this effort to erode trust in our national disinformation is the tool that hostile
5:01 am
intelligence services will continue to use against us. i would just welcome and really, andetary schedler commissioner cortez, what is the role of states in helping to ,ombat this information specifically when it comes around election time? dr. blais, miss hennessy, i would welcome your thoughts. it's the old-fashioned way. you get out there and communicate with people and get on the airwaves on radio and tv and get in the newspaper and you combat some of this. i will be honest with you, i had an individual just this morning --texted me from the previous election and was convinced that our machines were connected to the school internet system. i guess it was plugged into a plug.
5:02 am
i don't know but it's those types of things and every real day of an election official across the country that we combat. it's part of the job. it has become on steroids in the last 24 months. >> as a member of congress, i would say i understand those concerns. thank you, sir. commissioner cortez? it's reallyman, about being open and transparent in the process and having processes in place and working as election officials to make sure voters are comfortable with the process and getting out and getting out the information about how the process works. our focus is on transparency and equipment that has verifiable backup. these are things we can do to provide voters assurances that they can actually see and observe, not just tell them everything is ok.
5:03 am
at a stage with our election process is where people need to be able to understand what steps we are taking and how we are doing to make sure things are ok and their voting experiences a good one and their votes are counted accurately. >> dr. blais? --the most in porton thing the most important thing from technologies that the voting technology allows us to refute the reports the election was tampered with. many of the systems used today, even if they haven't been tampered with, are not designed in a way that allows us to do that. i look forward to seeing a shift toward technologies that are more robust and allow us to do meaningful recounts. >> ms. hennessy? to resist time to resist 10 tatian's of partisanship in the
5:04 am
event that there are those enduring encrypt -- credible voices. the closer we get to elections, the higher risk of politicize a ation which sets the importance of neutral standards for the type of information that will be shared and for response options. >> thank you, final words mr. krebs? counteringtenet of information is shining a light on the activities so what we have ahead of us is we have some coordination work we need to do and response planning and develop a playbook so if something pops up on social get the call, we can work to refute the information and we can push it out through a clear, trusted channel to the american people so they can retain confidence in our elections. >> i want to thank all of you all to help shine a light on the activities in our states and the federal government to ensure
5:05 am
that the american people can have the trust in their elections. that's what makes this country great when we are faced with adversity. we all pull together and i appreciate you all appear in before us today and the flexibility in your travel schedules. the hearing record will remain open for two weeks for any member who wants to write an opening statement. further business, without objection, this subcommittee is adjourned. [captions copyright national cable satellite corp. 2017] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org]
5:06 am
5:07 am
5:08 am
>> c-span's washington journal live every day with news and policy issues that impact you. coming up this morning withfisa section 702 set to expire, we will speak with a cyber security reporter about its reauthorization and other surveillance law. onn the nation institute the rise of the christian legal advocacy group alliance defending freedom and attorney joe weston talks about dna testing services now genetic data can be used against consumers. be sure to watch c-span's "washington journal" beginning at live at 7:00 this evening. -- at 7:00 this morning, joined the discussion. >> join us for c-span3 for american history tv. today at 3:00 p.m. eastern, in honor of the 50th anniversary of the 1967 public broadcasting act, the library of congress hosts a discussion about the
5:09 am
history of news and public affairs programming. at 8:00 p.m. eastern on lectures in history, the university of kansas professor on the role of african-american ministers in politics and how churches helped members gain experience with organizing and running for political office. sunday at 8:00 a.m. eastern, recollections of the battle of world war iiour veterans. and sunday on real america, the film "dreams of equality" featuring a re-creation of the 1848 women's convention. american history tv all weekend on c-span3. morning, live in tallahassee florida for the next stop on the c-span bus 50 capitals store. lord a state representative and speaker of the house richard corcoran will be our guest on the bus

55 Views

info Stream Only

Uploaded by TV Archive on