If we may, we can begin our hearing. It was delayed with the arrival mr. Scalise, who was received warmly by the house, and we are continuing to pray for his continued recovery, and his family is constantly in our minds. This is our Congressional Task force on election security. Body to lookd this at some issues around what happened during the last election. A lot of us are concerned about it. We are kind of looking forward rather than backward. If we to figure out missed something, can we use this as an opportunity to fix things for the future . , the cochair,sly who is a Ranking Member on the house administration. A comment for the record, as the cochair, in the interest of time, im just going to submit it for the record. We are joined here by former secretary of Homeland Security, jeh johnson, and former undersecretary for for the department, suzanne spaulding. Welcome. We are going to allow you to begin. Mr. Johnson thank you for having us, for inviting us. I accepted this invitation because it is an opportunity for me to reconnect with undersecretary spalding i am here. Im here because of the respect i have for the members of congress who have invited me to be here, and because of the importance of the issue. I intend to speak my mind as a withrned private citizen the experience of having been secretary of Homeland Security for 37 months. Knows, in this country, we elect our National Leadership through the electoral college. Case, ass that is the long as that is the constitutional requirement, and given our politics, National Elections will be decided in key precincts in key states. , the integrity of our Election Outcomes on a National Level dances on the head of a pin. If writers of the tv series house of cards could figure that out, then a lot of other people could do the same. Last Years Experience was a wakeup call. As i sit here, i know of no evidence that last year, ballots were altered or votes were suppressed through a cyber attempt. But last Years Experience exposed certain cyber vulnerabilities in our election infrastructure. It was a wakeup call. The question now is what do we do . What do we do in washington and at the state and local level . Andope is this task force the other committees of Congress Looking into this question find answers about what we do. Aroundknow, beginning august 2016, we began to see scanning and a probing of various state Election Officials systems. Including but not limited to, Voter Registration databases. As i testified before the House Intelligence Committee in june, i issued public statements about this threat. On august 15, september 16, october 1, october 7, october 10 about this thread. About this threat. The director of National Intelligence and died, on and i, on october 7, took the step of formally attempting the russian government of attempting to interfere. Thanks to the leadership of undersecretary spalding and others, by election time, 33 states had come to us to seek our Cyber Security assistance in the runup to the election. 36 cities and counties have done the same. We were able to identify a number of vulnerabilities in providing that assistance, and of course, on january 6, 2017, utilizing my authority as secretary of Homeland Security, i designated election infrastructure in our country as Critical Infrastructure. Regarded asmust be efforts to in our shore up the Cyber Security of election infrastructure. My understanding is that some progress on the state level has been made, but there is more to do. I look forward to our discussion. Thank you, mr. Secretary. Mrs. Spalding. We appreciate i appreciate the opportunity to be here today to discuss with you the important subject of election security. Its a great pleasure to be here with my former boss, secretary jeh johnson who has ably laid out the steps that weve taken to the runup to the elections last year. I would like to focus my brief remarks on the lessons i think and be learned from our experience. First, as the undersecretary for the National Protection and programs director, i found it extremely valuable to bring together what i call our cyber , as well as our infrastructure experts from our office of infrastructure protection, who have developed relationships with state and local officials over many years. Cyber andfice of infrastructure analysis, which are created in 2014, to give us a holistic approach to understanding cyber and noncyber elements of election infrastructure. This helps us prioritize those risks and develop technical and nontechnical ways to reduce those risks. As weve seen in so many other , having contexts them under one roof is key to effectively managing these kinds of risks. That said, another lesson weve learned is that the hadtionships that it developed were with the governors and their offices, and we did not fully appreciate the degree to which some secretaries of state offices are separate , politically, administratively, and sometimes even technically, with separate networks. It leads to another important lesson. And localstate Election Officials needs to begin early. By the time we were getting the reports and engaging with secretaries of state last summer , they were already well into their countdown for the election. Most said it was too late to make significant changes. Have a why we need to strong sense of urgency with regard to upcoming elections. I was glad to see the dhs has been working closely with virginia in the runup to their Gubernatorial Election this november. Onneed to be focusing now the midterm elections next november and the election in 2020. Timely, theto being effort to secure our election needs to be bipartisan. I am pleased to be on the board of Harvard Universitys defending Digital Democracy project, led by the Bipartisan Team of Hillary ClintonsCampaign Manager and mitt romneys Campaign Manager. Along with Outstanding National security and technology experts. Noted in our recent workshop for state and local Election Officials, one thing democrats and republicans can agree on is that foreign adversaries have no place in our domestic politics. The defending Digital Democracy project aims to identify and recommend strategies, tools, technology to protect the democratic prospects process informationnd attacks. The key message we are sharing with state Election Officials is that as important as all of the upfront security measures taken in advance of an election are, postelection measures are also vitally important. If an adversary attempts to sow doubt of the integrity of elections, making sure you have a way to audit the results in a way that can resort that can restore confidence, it is may be as important as keeping the bad guys out to begin with. Im glad to see that virginia, earlier this month, decided to mandate that all precincts must use paperback voting machines. Securing elections is vital for security. But it is also important to recognize russias interference it did not begin or end with elections. Longtermengaged in a effort to undermine democracy, both tactically, to weaken the west, and strategically, to reduce liberal democracys appeal, not just in the United States but to russias own population, and others in central and Eastern Europe and around the world where russia competes for influence and power. These measures are designed to affect elections and so chaos and discord generally. We need to broaden our focus to the way these measures undermine other fundamental pillars of democracy. Including the press, and even our judicial system. To have a Robust National strategy to counter threats from russia and other adversaries to our fundamental democratic institutions. Developments of this strategy is long overdue. It must be led by the federal government, but must include response to this serious and determined threat. I urge congress to request such a strategy from the executive to enact anyve necessary legislation to this ofnot wait for the outcome various investigations. As important as they are, and as much light as they may shed on additional details, we know enough now to understand what needs to be done. It is time to act. Thank you very much i look forward to your questions. Mr. Thompson thank you very much. If it is all right with my cochair, ill start. Secretary, you were in office when our collection our election system was identified as Critical Infrastructure. Committed how ,ou arrived at that designation and what your expectations as secretary happen to be Going Forward with that designation . Mr. Johnson yes, sir. 2016, we were looking proactively for ways to shore up the Cyber Security of our collection infrastructure of our election infrastructure. We were beginning to see the activity around Voter Registration databases. We were alarmed by it, seeing a growing list of states that were the targets of scanning and probing activities, and we were also seeing a clearer intelligence picture about russian hacking of the dnc and other individuals. With my staff, and im sure that suzanne was part of this conversation about what we at dhs could do to encourage states to seek our assistance. I was told it was within the to declare it as Critical Infrastructure alongside the 16 existing Critical Infrastructure sectors. I said that is interesting, id like to hear more. Meanst basically is, it the dhs will prioritize providing Cyber Security assistance if the customer, in effect, asks. Ofthe Customers PartCritical Infrastructure. And if it is, it enjoys the protection of various international Cyber Security norms and it enables dhs and the to have Confidential Communications protected by law and regulation. I thought that was a good idea. I wanted to engage state Election Officials first to get their reaction. As i testified in june before the House Intelligence Committee , initially, the reaction was somewhere between neutral and negative. That was a misperception Critical Infrastructure designation would somehow be a federal takeover of the election process itself. I laid those concerns i alla yed those concerns and addressed them the best i could. I realized this would be a hot button issue. The shorter term goal had to be getting those states to come in, theeek our to bring horse to water. I put the designation on the back burner until after the election. Had said, a moment ago, we a large number of states common. I was concerned i was convinced it was the right thing to do, but i wanted to hear out the states one more time about their concerns and reservations. I heard them out and i was still convinced that it was a good idea, so i made the designation on january 6. My expectation is that the things i mentioned earlier will now occur. That dhs prioritizes providing assistance to state Election Officials, that they will enjoy the protections of Confidential Communications, and that the election infrastructure will be part of our Cyber Security norms on an international basis. There is more work to do in the implementation of that designation. Mr. Thompson thank you. A you know, there is quite bit of discussion about what our role as members of congress would be. Mr. Spalding, you talked a little bit about your work and , yourd ms. Spalding talked about your bipartisan record. Let me indicate that our hope initially was to have a Bipartisan House Committee look at it. We were unsuccessful, however, we felt Strong Enough that we really needed to go forward and analyze the information that is available. That i thinkings we were looking at is whether or congress is a role for electionng infrastructure Going Forward. You have had some opportunity to look at this, and i would love to hear your opinion on it at this point. Ms. Spaulding thank you. I do think there is a role for congress. A couple things that they could do, and i know there are underative packages consideration even now. Certainly one area the states have made clear they would benefit from is Additional Resources to do the things they need to do. That, for example, any kind of Grant Program to provide funding to the states. You might want to think about connecting that with a requirement that they do a full assessment of their system. Example,shing off, for to invest in a lot of new technology, the missed framework framework that we share says start with the assessment, then move to prevention, detection, response, and recovery. I think thats an importance that. The department of Homeland Security has offered before the election last year to do assessments for states and local officials. But to common and do a full assessment is resource intensive. It requires 23 weeks. Give Additional Resources to staff up of those teams, but to the extent that states are nervous about having federal employees coming into their system, thirdparty entities could be certified as offering substantially the same services and perhaps there could to contract with those thirdparty companies, either by dhs or state and local officials. There is a resource issue that is important but assessments are equally important. Another interesting recommendation that has been made by former leaders in the Intelligence Community and as recently as yesterday, by the former Homeland Security adviser in the bush administration, is to remove the politics from the threat assessment itself. One of those suggestions would be for congress to put in a 100slative requirement that 20 days or 180 days out from the national election, that the Intelligence Community provide a threat assessment with regard to any threat activities they might see related to the elections. That helps to remove the implication that whatever administration is in place at the time is trying to put a farm on the scale or influence the thumb on the put a scale. It becomes a standard process that includes a requirement for updates if there is significant additional information. A are areas i can see useful role here. I think that if we had the money, that would go a long way. We respect the independence of each state and locality in the conduct of its collections, and one of the challenges of it elections, and one of the faced is how to integrate ourselves in the process without being a nuisance. We were involved in the help america vote act, and weve had experiences there that tell us we have to get some matrix and other things and not just give money. I think that is kind of what your comment is about. I yield to the cochair. Thank you, cochair. I would like to thank our witnesses. This election proved there are powerful enemies who want to harm our elections. We are here to understand that threat and hopefully do something about it. When a foreign power interferes with our election, it is an attack on our nation. Now, there is no doubt that russia launched an unprecedented attack on our elections. In 2018 andt more 2020. The security of our elections should not be a partisan issue. Fair, free, and secure elections are cornerstones of our democracy. I thank you for joining the conversation on how to work to secure our election system. I heard what you say about what we need to do and assessment. Is there any way you would know i guess you wouldnt know that if our current state iection systems are secure . Dont know how we could possibly secure them without funding for interfering too much with state rights. I dont know whether they need to be replaced. I note from the city of philadelphia, we just had recently replaced our voting not a techut im savvy guide, nor would i want to be. You fixhat once something, there are smarter people that come in and hack that. Im saying, we are struggling amongst ourselves, which means we about what we can do and how we can do it. I respect states rights, but i respect who we are and what we can do to instill upon them the major importance, to make sure that the process does work, that it cant be hacked by anyone else and we have fair elections. Theres been this talk about internal states and cities doing something, or we had of someations inappropriate things happening on election day, and they come out to be miniscule, minor. Haveprobably never would really changed the outcome of an election, except now im getting nervous. We tell people