Homeland security secretary jeh johnson and a former Homeland Security undersecretary. They talked about russias speakinte interference in the election and how to prevent interference in the upcoming elections. If we may, well begin our hearing. It obviously was delayed with the arrival of former member scalise, which was obviously received quite warmly with the house. We are continuing to pray for his continued recovery and his family is constantly in our mind. This is our Congressional Task force on Election Security. We have formed this body to look at some issues around what happened during the last electi election. A lot of us are concerned about it. Were kind of looking forward rather than backward but kind of trying to figure out did we miss something. Can we use this as an opportunity to fix things for the future . We have the cochair miss br braddo braddock, Ranking Member on house administration. I have a comment for the record, miss cochair, in the interest of time, im just going to submit it for the record. Okay. And we are joined here by former secretary of Homeland Security jeh johnson and the former undersecretary for National Protection and Program Directorate for the department suzanne spaulding. Welcome. Mr. Secretary, were going to allow you to begin, and well now hear from you. [ inaudible ] does that work . Okay. Gentlemen, thank you for having us, inviting us. I accepted this invitation first because its an opportunity for me to reconnect with undersecretary spaulding. Im here because of the respective for members of congress who invited me to be here, and im here because of the importance of the issue. I intend to speak my mind as a concerned private citizen with the experience of having been secretary of Homeland Security for 37 months. As everyone knows in this country we elect our National Leadership through the electoral college. As long as thats the case, as long as thats the constitutional requirement, and given our politics, National Elections will be decided in key precincts in key states. In other words, the integrity of our Election Outcomes on a National Level dances on the head of a pin. If writers of the tv series house of cards can figure that out, then a lot of other people can do the same. Last Years Experience was a wakeup call. As i sit here, i know of no evidence that last year ballots were altered or votes were suppressed through cyber attack. But last Years Experience exposed certain cyber vulnerabilities in our election infrastructure. It was a wakeup call so the question now is what do we do . What do we do here in washington and what do we do at the state and local level. My hope is the task force and members looking into this find answers about what we do. As you know beginning around 2016 we began to see scanning and probing of various state Election Officials systems specifically including but not limited to Voter Registration databases. As i testified before the House Intel Committee in june, i issued public statements about this threat. On august 5th, september 16th, october 1st, october 7th, october 10th about this threat. Of course the director of National Intelligence and i on october 7th took the unprecedented step of formally and publicly accusing the russian government of attempting to interfere in our election process. The good news is thanks to the leadership of undersecretary spaulding and others, by election time 33 states had come to us to seek our Cyber Security assistance in the run up to the election and 36 cities and counties had done the same. We were able to identify a number of vulnerabilities in providing that assistance. Of course on january 6, 2017, utilizing my authority as secretary of Homeland Security, i designated election infrastructure in our country as Critical Infrastructure. These steps must be regarded as beginning in our efforts to shore up Cyber Security of electi election. My understanding is some progress on the state level has been made but there is more to do. I look forward to our discussion. Thank you, mr. Secretary. Miss spaulding . Thank you, mr. Chairman, chairman brady, members of the task force. Very much appreciate the opportunity to be here today to discuss with you this vitally important subject of Election Security. Of course its a great pleasure to be here with my former boss secretary jeh johnson, who has ably laid out the steps we took in the run up to the elections last year. I would like to focus my brief remarks on the lessons i think can be learned from our experience. First as the undersecretary for National Protection and programs directora directorate, i found it extremely valuable to be able to bring together what i call our cyber ninjas as well as our infrastructure experts from our office of Infrastructure Protection who had developed relationships with state and local officials over many years and the office of cyber and infrastructure analysis which i created in 2014 to give us a holistic approach to understand cyber and noncyber elements of election infrastructure. This helped taos prius to priord develop technical and nontechnical ways to reduce those risks. As weve seen in so many other contextses having cyber and infrastructure experts together under one roof is key to effectively managing these kinds of risks. That said, another lesson we learned is that the relationships that mppd had typically developed were with the governors and their offices and we did not fully appreciate the degree to which some secretary of state offices are separate and apart, politically and administratively and sometimes even technically with separate networks, which leads to another important lesson. Work with state and local Election Officials needs to begin early. By the time we were getting the reports and engaging with secretaries of state late last summer, they were already well into our countdown for the election. And most said it was too late to make significant changes. This is why we need to have a strong sense of urgency with regard to upcoming elections. I was glad to see dhs was working closely with virginia and the runup to their Gubernatorial Election this november. We need to be focusing now on the midterm elections next november and the election in 2020. In addition to being timely, the effort to secure our election needs to be bipartisan. Im pleased to be on the board of Harvard Universitys defending Digital Democracy project run by eric roczen bach and led by Hillary ClintonsCampaign Manager and matt rhodes who managed mitt romneys campaign for president along with Outstanding National security and technology experts. As matt rhodes noted in our recent workshop for state and local Election Officials, one thing democrats and republicans can agree on is that foreign adversaries have no place in our domestic politics. The defending Digital Democracy project aims to identify and recommend strategies, tools, and technology to protect the democratic process and systems from cyber and information attacks. A key message we are sharing with state Election Officials is that as important as all of the upfront security measures taken in advance of an election are, post election measures are also vitally important. If an adversary intends to sew doubt about the integrity of an election, making sure you have a way to audit the results in a way that can restore confidence may be as important as keeping the bad guys out of your system to begin with. Again, i was glad to see virginia earlier this month decided to mandate that all precincts must use paper backed Voting Machines. Securing our elections is vital for National Security but it is also important that we recognize russias interference did not begin or end with elections. Russia is engaged in a longterm effort to undermine democracy both tactically to weaken the west and strategically to reduce liberal democracys appeal, not just in the United States but to russias own population and others in central and Eastern Europe and around the world where russia competes for influence and power. These active measures are designed not only to affect elections but to sew chaos and discord generally. We need to broaden our focus to the ways these measures undermined other fundamental pillars of democracy, including the press and even our judicial system. We need to have a Robust National strategy to counter threats from russia and other adversaries to our fundamental democratic institutions. The development of this strategy is long overdue. It must be led by the federal government but must include whole of nation response to this very serious and determined threat. I urge congress to request such a strategy from the executive branch and to move urgently to consider and enact any necessary legislation to implement a national strategy. This cannot wait for the outcome of various investigations, as important as they are, and as much light as they may shed on additional details. We know enough now to understand what needs to be done. Its time to act. Thank you very much, and i look forward to your questions. Thank you very much. If its all right with my cochair, ill start. It mr. Secretary, you were in office when our election system was identified as Critical Infrastructure. Can you give the committee how you arrived at that designation and what you your expectations as secretary happened to be Going Forward with that designation . Yes, sir. In summer 2016we were looking proactively to shore up security of our election infrastructure. We were beginning to see the activity around Voter Registration databases. We were alarmed by it. We were seeing a growing list of states that were the targets of scanning and probing activities, and we were also seeing a clearer and clearer intelligence picture about russian hacking of the dnc and other individuals. So i probed with my staff, and im sure suzanne was part of this conversation about what we at dhs could do. In addition tonight couraging the states to seek our assistance. I was told it was in the authority of the secretary of Homeland Security to declare election infrastructure as Critical Infrastructure alongside the 16 existing Critical Infrastructure sectors. And i said thats very interesting. Id like to hear more about that. What it basically is is it means dhs will prioritize providing Cyber Security assistance if the customer, in effect, asked, if the customer is part of the Critical Infrastructure. And if its Critical Infrastructure, it enjoys the protection of various international Cyber Security norms, and it enables dhs and the sector to have Confidential Communications protected by law and regulations. So i thought that was a good idea. I wanted to engage state Election Officials first to get their reaction. And as i testified in june before the House Intel Committee initially the reaction was somewhere between neutral and negative in that there was a misperception that a Critical Infrastructure designation would somehow be a federal takeover of the election process itself. And i allayed those concerns, addressed them as best i could but realized in the runup to the election, this was going to be a hot button issue. There would ab lot of miss p misperception. The shorter term goal had to be to get states to come in to seek our cyber assistance. Bring the horse to water. I put the designation on the back burner until after the election. As i said a moment ago, we had a large number of states actually cocome in. After the election i returned to this issue because i was convinced it was the right thing to do but i wanted to hear out the states one mayor time about their concerns and reservations. I heard them out. I was still convinced that it was a good idea, so i made the designation on january 6th. My expectation is that the things i mentioned earlier will now occur, that dhs prioritizes providing assistance to Election Officials, that they will enjoy the protections of Confidential Communications and that election infrastructure will be part of one of our Cyber Security norms on an international basis. So theres a lot more work temperature in the implementation of that designation. Thank you. As you know, theres been quite a bit of discussion about what our role as members of congress would be. Miss spaulding, you talked a little about your work at harvard and the bipartisan effort. Let me for the record indicate that our hope initially was to have a Bipartisan House Committee to look at it. We were unsuccessful. However, we felt Strong Enough we really needed to go forward and analyze the information thats available. One of the things that i think we are looking at is whether or not there is a role for congress in securing election infrastructure Going Forward. Youve had some opportunity to look at this. Id love to hear your opinion on it at this point. Thank you, mr. Chairman. I do think theres a role for congress. A couple of things that congress could do, and i know there are legislative packages under consideration even now. But certainly one area that the states have made clear they would benefit from is some Additional Resources to do the things they need to do. And my sense is that, for example, any kind of Grant Program to provide funding to the states, you might want to think about connecting that with a requirement that they do a full assessment of their systems before rushing off, for example, to invest in a lot of new technology. The substitute of Technology Framework we share with private sector and state and local says start with the assessment and then move to prevention, detection, response, and recovery. I think thats a very important step. The department of Homeland Security, as you know, has offered before the election last year to do assessments for state and local officials. But to come in and do a full assessment is very resource intensive, requires two to three weeks. So dhs could use some Additional Resources to staff up those teams. But to the extent that states are nervous about having federal employees, officials coming into our systems, thirderty entities could be certified for offering the same sources and resources to contract with those companies, dhs or state and local officials. There as resource there that i think is important but assessments are equally important. Another interesting recommendation that has been made on a bipartisan basis, both by former leaders in the Intelligence Community and as recently as yesterday by Ken Wainstein former Homeland Security adviser in the Bush Administration is to remove the politics from the threat assessment itself. One would be for congress to put in a legislative requirement that 120 days or 180 days out from a National Election that the Intelligence Community provide a threat assessment with regard to any threat activity they might see related to the elections. That reps to remove the implication that whatever administration is in place at the time is trying to put a thumb on the scale or influence the outcome of the election. It becomes a standard required process. It would include a requirement for updates if fls any significant additional information. So those are certainly a couple of areas where i can see congress very definitely could play a useful role here. I think if we had the money that would go a long way, we respect independence of each state and locality in the conduct of election. One of the challenges we have is how do we integrate ourselves into that process without becoming a nuisance. We were involved in the help america vote act, but we had some experiences there that tell us we have to set some matrix and other things and not