Hearing Type: 
Date & Time: 
Wednesday, June 21, 2017 - 9:30am
Hart 216


Panel 1
Acting Director
Dr. Samuel
Acting Director of Cyber Division, Office of Intelligence and Analysis
Acting Deputy Undersecretary
National Protection and Programs Directorate
Assitant Director
Assitant Director of Counterintelligence Division
Panel 2
Midwest Regional Representative
National Association of State Election Directors
Dr. J. Alex
Professor of Computer Science & Engineering
University of Michigan
President-Elect of National Association of Secretaries of State (NASS) & Secretary of State
Executive Director
Executive Director of Illinois State Board of Elections

Full Transcript

[Senate Hearing 115-92]
[From the U.S. Government Publishing Office]

                                                         S. Hrg. 115-92



                               BEFORE THE


                                 OF THE

                          UNITED STATES SENATE


                             FIRST SESSION


                        WEDNESDAY, JUNE 21, 2017


      Printed for the use of the Select Committee on Intelligence

         Available via the World Wide Web: http://www.fdsys.gov

 26-125 PDF               WASHINGTON : 2017       
 For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
  Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001            

           [Established by S. Res. 400, 94th Cong., 2d Sess.]

                 RICHARD BURR, North Carolina, Chairman
                MARK R. WARNER, Virginia, Vice Chairman

JAMES E. RISCH, Idaho                DIANNE FEINSTEIN, California
MARCO RUBIO, Florida                 RON WYDEN, Oregon
SUSAN COLLINS, Maine                 MARTIN HEINRICH, New Mexico
ROY BLUNT, Missouri                  ANGUS KING, Maine
JAMES LANKFORD, Oklahoma             JOE MANCHIN III, West Virginia
TOM COTTON, Arkansas                 KAMALA HARRIS, California
                 MITCH McCONNELL, Kentucky, Ex Officio
                  CHUCK SCHUMER, New York, Ex Officio
                    JOHN McCAIN, Arizona, Ex Officio
                  JACK REED, Rhode Island, Ex Officio
                      Chris Joyner, Staff Director
                 Michael Casey, Minority Staff Director
                   Kelsey Stroud Bailey, Chief Clerk


                             JUNE 21, 2017

                           OPENING STATEMENTS

Burr, Hon. Richard, Chairman, a U.S. Senator from North Carolina.     1
Warner, Hon. Mark R., Vice Chairman, a U.S. Senator from Virginia     2


Liles, Sam, Acting Director, Office of Intelligence and Analysis, 
  Cyber Division, Department of Homeland Security................     4
Manfra, Jeanette, Undersecretary of Homeland Security, and Acting 
  Director, National Protection and Programs Directorate.........     6
    Prepared statement...........................................     8
Priestap, Bill, Assistant Director, Counterintelligence Division, 
  Federal Bureau of Investigation................................    15
    Prepared statement...........................................    16
Lawson, Connie, Indiana Secretary of State and President-Elect, 
  National Association of Secretaries of State...................    48
    Prepared statement...........................................    50
Haas, Michael, Midwest Regional Representative, National 
  Association of State Election Directors........................    59
    Prepared statement...........................................    62
Sandvoss, Steve, Executive Director, Illinois State Board of 
  Elections......................................................    68
    Prepared statement...........................................    70
Halderman, J. Alex, Professor of Computer Science and 
  Engineering, University of Michigan............................    72
    Prepared statement...........................................    74

                         SUPPLEMENTAL MATERIAL

Phishing email received by Billy Rinehart of DNC.................    37
Report titled ``Securing Elections from Foreign Interference'' 
  submitted by Senator Warner....................................    96
Questions for the record.........................................   134



                        WEDNESDAY, JUNE 21, 2017

                                       U.S. Senate,
                          Select Committee on Intelligence,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 9:32 a.m. in Room 
SH-216, Hart Senate Office Building, Hon. Richard Burr 
(Chairman of the Committee) presiding.
    Committee Members Present: Senators Burr, Warner, Risch, 
Rubio, Collins, Blunt, Lankford, Cotton, Cornyn, Feinstein, 
Wyden, Heinrich, King, Manchin, Harris, and Reed.


    Chairman Burr. I'd like to call the hearing to order.
    Today the Committee convenes its sixth open hearing of 
2017, to further examine Russia's interference in the 2016 
elections. This is yet another opportunity for the Committee 
and the American people to drill down on this vitally important 
    In 2016, a hostile foreign power reached down to the State 
and local levels to touch voter data. It employed relatively 
sophisticated cyber tools and capabilities and helped Moscow to 
potentially build detailed knowledge of how our elections work. 
It was also another example of Russian efforts to interfere 
into a democracy with the goal of undermining our system. In 
2016, we were woefully unprepared to defend and respond and I'm 
hopeful that we will not be caught flatfooted again.
    Our witnesses are here to tell us more about what happened 
in 2016, what that tells us about Russian intentions, and what 
we should expect in 2018 and 2020. I'm deeply concerned that if 
we do not work in lockstep with the states to secure our 
elections, we could be here in two or four years talking about 
a much worse crisis.
    The hearing will feature two panels. The first panel will 
include expert witnesses from DHS and FBI to discuss Russian 
intervention in 2016 elections and U.S. government efforts to 
mitigate the threat. The second panel will include witnesses 
from the Illinois State Board of Elections, the National 
Association of State Election Directors, the National 
Association of Secretaries of States, and an expert on election 
security to give us their on-the-ground perspective on how 
Federal resources might be brought to bear on this very 
important issue.
    For our first panel, I'd like to welcome our witnesses 
today: Dr. Samuel Liles, Acting Director of Cyber Division 
within the Office of Intelligence and Analysis at the 
Department of Homeland Security; Jeanette Manfra, Acting Deputy 
Under Secretary, National Protection and Programs Directorate, 
also at DHS.
    And Jeanette, I think I told you next time you came I did 
not want ``Acting'' in front of your name. So now I've publicly 
said that to everybody at DHS. Hopefully next time that will be 
    And Bill Priestap. Bill's the Assistant Director for 
Counterintelligence Division at the Federal Bureau of 
    Bill, I want to thank you for the help that you have 
personally provided to the investigative staff of this 
Committee as we've worked through so far over five and a half 
months of our investigation into the 2016 elections.
    As you're well aware, this Committee is in the midst of a 
comprehensive investigation on the specific issue: the extent 
to which the Russian government under the direction of 
President Putin conducted intelligence activities, also known 
as Russian active measures, targeted at the 2016 U.S. 
elections. The intelligence community assesses that, while 
Russian influence obtained and maintained access to elements of 
multiple U.S. State and local election boards, those systems 
were not involved in vote tallying.
    During the first panel, I would like to address the depth 
and the breadth of Russian government cyber activities during 
the 2016 election cycle, the efforts of the U.S. government to 
defend against these intrusions, and the steps that DHS and FBI 
are taking to preserve the foundation of our democracy's free 
and fair elections in 2018 and beyond.
    I thank all three of our first witnesses. I turn to the 
Vice Chairman.


    Vice Chairman Warner. Thank you, Mr. Chairman, and welcome 
to the witnesses. And, Bill, thank you again for all the work 
you've done with us.
    We all know that in January the entire intelligence 
community reached the unanimous conclusion that Russia took 
extraordinary steps to intervene in our 2016 Presidential 
elections. Russia's interference in our elections in 2016 I 
believe was a watershed moment in our political history. This 
was one of the most significant events I think any of us on 
this dais will be asked to address in our time as Senators. And 
only with a robust and comprehensive response will we be able 
to protect our democratic processes from even more dramatic 
incursions in the future.
    Much of what the Russians did at this point, I think at 
least in this room, is--was well known: spreading fake news, 
flooding social media, hacking personal e-mails and leaking 
them for maximum political benefit. Without firing a shot and 
at minimal cost, Russia sowed chaos in our political system and 
undermined faith in our democratic process. And as we've heard 
from earlier witnesses, sometimes that was aided by certain 
candidates in terms of their comments about the legitimacy of 
our democratic processes.
    Less well understood, though, is the intelligence 
community's conclusion that they also secured and maintained 
access to elements of multiple U.S. State and local electoral 
boards. Now, again, as the Chairman has said, there's no reason 
to doubt the validity of the vote totals in the 2016 election. 
However, DHS and the FBI have confirmed--and I'm going to come 
back to this repeatedly--only two intrusions into the voter 
registration databases, in both Arizona and Illinois, even 
though no data was modified or deleted in those two states.
    At the same time, we've seen published reports that 
literally dozens--I've seen one published report that actually 
said 39 states--were potentially attacked. Certainly it's good 
news that the attempts in 2016 did not change the results of 
that election. But the bad news is this will not be their last 
attempt. And I'm deeply concerned about the danger posed by 
future interference in our elections and attempts by Russia to 
undermine confidence in our whole electoral system.
    We saw Russian--we saw recently--and this was just not 
happening here, obviously--we saw recently Russian attempts to 
interfere in the elections in France. And I thank the Chairman 
that next week we'll be having a hearing on some of these 
Russian efforts in Europe. We can be sure that Russian hackers 
and trolls will continue to refine their tactics in the future, 
especially if there's no penalty for these malicious attacks.
    That's again, one reason I think that the Senate voted so 
overwhelmingly last week, and I thank all my colleagues for 
that 97-2 vote, to strengthen our sanctions on Russia. I hope 
that that action sends a strong message to Mr. Putin that there 
will be a heavy price to pay for attacks against the 
fundamental core of our democratic system.
    Make no mistake, it's likely that we'll see more of these 
attacks not just in America, but against our partners. I heard 
this morning coming in on the radio that the Russians are 
already actively engaged in the German election cycle, which 
takes place this fall.
    Now, some might say, ``Well, why the urgency?'' I can 
assure you, you know, we have elections in 2018, but in my home 
State of Virginia we have statewide elections this year. So 
this needs a sense of urgency. The American electoral election 
process, the machinery, the Election Day manpower, the actual 
counting and reporting, primarily is a local and State 
responsibility. And in many states, including my own, we have a 
very decentralized approach, which can be both a strength and a 
    In Virginia, for instance, decentralization helps deter 
large-scale hacking or manipulation because our system is so 
diffuse. But Virginia localities use more than a dozen 
different types of voting machines, none of which are connected 
to the Internet while in use, but we have a number of machine-
read machines, so that the tabulations actually could be broken 
into on an individual machine basis.
    All this makes large cyber attacks on electoral systems, 
because of the diffusion, more difficult. But it also makes 
maintaining consistent, coordinated cyber defenses more 
challenging as well.
    Furthermore, states may be vulnerable when it comes to the 
defense of voter registration and voter history databases. 
That's why I strongly believe that the threat requires us to 
harden our cyber defenses and to thoroughly educate the 
American public about the danger.
    Yesterday, I wrote to the Secretary of Homeland Security. I 
urged DHS to work closely with State and local election 
officials to disclose publicly--and I emphasize, publicly--
which states were targeted. Not to embarrass any states, but 
how can we put the American public on notice when we've only 
revealed two states, yet we have public reports that there are 
literally dozens? That makes absolutely no sense.
    I know it is the position of DHS that since the states were 
victims, it is their responsibility. But I cannot believe if 
this was an attack on physical infrastructure in a variety of 
states, there wouldn't be a more coordinated response.
    We are not making our country safer if we don't make sure 
that all Americans realize the breadth and the extent of what 
the Russians did in 2016 and, frankly, if we don't get our act 
together, what they will do in an even more dramatic form in 
2018 and 2020. And candidly, the idea of this kind of 
bureaucratic ``Well, it's not my responsibility, not my job'' I 
don't believe is an acceptable decision.
    So, I'm going to hope from our witnesses, particularly our 
DHS witnesses, that we hear a plan on how we can get more 
information into the bloodstream, how we can make sure that we 
have better best practices, so that all states are doing what's 
needed. I'm not urging or suggesting that in any way the 
Federal Government intervenes in what is a local and State 
responsibility. But to not put all Americans on notice and to 
have the number of states that were hacked into or attempted to 
be hacked into still kept secret is just crazy in my mind.
    So, my hope is that we will get some answers. I do want to 
thank the fact that in January DHS did designate the Nation's 
electoral infrastructure as critical infrastructure. That's 
important. But if we call it critical infrastructure but then 
don't tell the public how many states were attacked or 
potentially how many could be attacked in the next cycle, I 
don't think we get to where we need to be.
    So, we're going to see more of this. This is the new 
normal. I appreciate the Chairman for holding this hearing and 
I'm going to look forward very much to getting my questions 
    Thank you.
    Chairman Burr. Thank you, Vice Chairman.
    With that, Dr. Liles, I understand you're going to go 
first. The floor is yours.


    Dr. Liles. Chairman Burr, Ranking Member Warner, and 
distinguished members of the Committee, thank you for the 
invitation to be here. My name is Sam Liles. I represent the 
Cyber Analysis Division of the Department of Homeland 
Security's Office of Intelligence and Analysis. Our mission is 
to produce cyber-focused intelligence, information, and 
analysis, represent our operational partners like the NCCIC to 
the intelligence community, coordinate and collaborate on IC 
products, and share intelligence and information with our 
customers at the lowest classification possible. We are a team 
of dedicated analysts who take threats to the critical 
infrastructure of the United States seriously.
    I'd like to begin by clarifying and characterizing the 
threat we observed to the election infrastructure in the 2016 
election. Prior to the election, we had no indication that 
adversaries or criminals were planning cyber operations against 
the U.S. election infrastructure that would change the outcome 
of the coming U.S. election.
    However, throughout spring and early summer 2016, we and 
others in the IC began to find indications that the Russian 
government was responsible for widely reported compromises and 
leaks of e-mails from U.S. political figures and institutions. 
As awareness of these activities grew, DHS began in August of 
2016 to receive reports of cyber-enabled scanning and probing 
of election-related infrastructure in some states.
    From that point on, I&A began working to gather, analyze, 
and share additional information about the threat. I&A 
participated in red team events, looking at all possible 
scenarios, collaborated and co-authored production with other 
intelligence community members and the National Intelligence 
Council. We provided direct support to the Department's 
operational cyber center, the National Cyber Security and 
Communications Integration Center, and worked hand-in-hand with 
the State and local partners to share threat information 
related to their networks.
    By late September, we determined that Internet-connected 
election-related networks in 21 states were potentially 
targeted by Russian government cyber actors. It is important to 
note that none of these systems were involved in vote tallying. 
Our understanding of that targeting, augmented by further 
classified reporting, is that's still consistent with the scale 
and scope.
    This activity is best characterized as hackers attempting 
to use commonly available cyber tools to exploit known system 
vulnerabilities. The vast majority of the activity we observed 
was indicative of simple scanning for vulnerabilities, 
analogous to somebody walking down the street and looking to 
see if you are home.
    A small number of systems were unsuccessfully exploited, as 
though somebody had rattled the doorknob but was unable to get 
in, so to speak. Finally, a small number of the networks were 
successfully exploited. They made it through the door.
    Based on the activity we observed, DHS made a series of 
assessments. We started out with, we had no indication prior to 
the election that adversaries were planning cyber operations 
against election infrastructure that would change the outcome 
of the 2016 election. We also assessed that multiple checks and 
redundancies in U.S. election infrastructures, including 
diversity of systems, non-Internet-connected voting machines, 
pre-election testing, and processes for media, campaign, and 
election officials to check, audit, and validate the results, 
all these made it likely that cyber manipulation of the U.S. 
election systems intended to change the outcome of the national 
election would be detected.
    We also, finally, assessed that the types of systems 
Russian actors targeted or compromised were not involved in 
vote tallying.
    While we continue to evaluate any and all new available 
information, DHS has not altered any of these prior 
assessments. Having characterized the threat as we observed it, 
I'll stop there to allow my NPPD colleague Jeanette Manfra to 
talk more about how DHS is working with election systems to 
enhance security and resiliency.
    I look forward to answering your questions.
    Chairman Burr. Thank you.
    Ms. Manfra.


    Ms. Manfra. Thank you, sir. Chairman Burr, Vice Chairman 
Warner, members of this Committee: thank you for today's 
opportunity to represent the men and women that serve in the 
Department of Homeland Security.
    Today I'm here to discuss the Department's mission to 
reduce and eliminate threats to the Nation's critical physical 
and cyber infrastructure, specifically as it relates to our 
    Our Nation's cyber infrastructure is under constant attack. 
In 2016, we saw cyber operations directed against U.S. election 
infrastructure and political entities. As awareness of these 
activities grew, DHS and its partners provided actionable 
information and capabilities to help election officials 
identify and mitigate vulnerabilities on their networks.
    Actionable information led to detections of potentially 
malicious activity affecting Internet-connected election-
related networks, potentially targeted by Russian cyber actors 
in multiple states. When we became aware of detected activity, 
we worked with the affected entity to understand if a 
successful intrusion had in fact occurred.
    Many of these detections represented potentially malicious 
vulnerability scanning activity, not successful intrusions. 
This activity, in partnership with these potential victims and 
targets, enhanced our situational awareness of the threat and 
further informed our engagement with State and local election 
officials across the country.
    Given the vital role that elections have in a free and 
democratic society, on January 26 of this year the former 
Secretary of Homeland Security established election 
infrastructure as a critical infrastructure sub-sector. As 
such, DHS is leading Federal efforts to partner with State and 
local election officials, as well as private sector vendors, to 
formalize the prioritization of voluntary security-related 
assistance and to ensure that we have the communications 
channels and protocols, as Senator Warner discussed, to ensure 
that election officials receive information in a timely manner 
and that we understand how to jointly respond to incidents.
    Election infrastructure now receives cybersecurity and 
infrastructure protection assistance similar to what is 
provided to other critical infrastructure, such as financial 
institutions and electric utilities.
    Our election system is run by State and local governments 
in thousands of jurisdictions across the country. Importantly, 
State and local officials have already been working 
individually and collectively to reduce risks and ensure the 
integrity of their elections. As threat actors become 
increasingly sophisticated, DHS stands in partnership to 
support their efforts.
    Safeguarding and securing cyber space is a core mission at 
DHS. Through our National Cybersecurity and Communications 
Center, or NCCC, DHS assists State and local customers such as 
election officials as part of our daily operations. Such 
assistance is completely voluntary. It does not entail 
regulation or Federal oversight. Our role is limited to 
    In this role, we offer three types of assistance: 
assessments, information, and incident response. For the most 
part, DHS has offered two kinds of assistance to State and 
local officials: first, the cyber hygiene service for Internet-
facing systems provides a recurring report identifying 
vulnerabilities and mitigation recommendations. Second, our 
cybersecurity experts can go on site to conduct risk and 
vulnerability assessments and provide recommendations to the 
owners of those systems for how best to reduce the risk to 
their networks.
    DHS continues to share actionable information on cyber 
threats and incidents through multiple means. For example, we 
publish best practices for securing voter registration 
databases and addressing potential threats to election systems. 
We share cyber threat indicators and other analysis that 
network defenders can use to secure their systems.
    We partner with the multistate Information Sharing and 
Analysis Center to provide threat and vulnerability information 
to State and local officials. This organization is partially 
grant-funded by DHS and has representatives that sit on our 
NCCC floor and can interact with our analysts and operators on 
a 24/7 basis. They can also receive information through our 
field-based personnel stationed throughout the country and in 
partnership with the FBI.
    Finally, we provide incident response assistance at request 
to help State and local officials identify and remediate any 
possible cyber incidents. In the case of an attempted 
compromise affecting election infrastructure, we will share 
that technical information with other states to assist their 
ability to defend their own systems from similar malicious 
    Moving forward, we must recognize that the nature of risk 
facing our election infrastructure will continue to evolve. 
With the establishment of an election infrastructure sub-
sector, DHS is working with stakeholders to establish these 
appropriate coordinating councils and our mechanisms to engage 
with them. These will formalize our mechanisms for 
collaboration and ensure long-term sustainability of this 
partnership. We will lead the Federal efforts to support 
election officials with security and resilience efforts.
    Before closing, I want to reiterate that we do have 
confidence in the overall integrity of our electoral system 
because our voting infrastructure is fundamentally resilient. 
It is diverse, subject to local control, and has many checks 
and balances built in. As the risk environment evolves, the 
Department will continue to support State and local partners by 
providing information and offering assistance.
    Thank you very much for the opportunity to testify, and I 
look forward to any questions.
    [The prepared statement of Ms. Manfra follows:]


    Chairman Burr. Thank you very much.
    Mr. Priestap.


    Mr. Priestap. Good morning. Chairman Burr, Vice Chairman 
Warner, and members of the Committee: Thank you for the 
opportunity to appear before you today. My statement for the 
record has been submitted. And so, rather than restating it, 
I'd like to step back and provide you a description of the 
broader threat as I see it.
    My understanding begins by asking one question: What does 
Russia want? As you well know, during the Cold War the Soviet 
Union was one of the world's two great powers. However, in the 
early 1990's it collapsed and lost power, stature, and much 
territory. In a 2005 speech, Vladimir Putin referred to this as 
a major catastrophe. The Soviet Union's collapse left the U.S. 
as the sole superpower.
    Since then, Russia has substantially rebuilt, but it hasn't 
been able to fully regain its former status or its former 
territory. The U.S. is too strong and has too many alliances 
for Russia to want a military conflict with us. Therefore, 
hoping to regain its prior stature, Russia has decided to try 
to weaken us and our allies.
    One of the ways Russia has sought to do this is by 
influence, rather than brute force. Some people refer to 
Russia's activity in this regard as information warfare, 
because it is information that Russia uses as a weapon.
    In regards to our most recent Presidential election, Russia 
used information to try to undermine the legitimacy of our 
election process. Russia sought to do this in a simple manner. 
They collected information via computer intrusions and via 
their intelligence officers and they selectively disseminated 
e-mails they hoped would disparage certain political figures 
and shed unflattering light on political processes.
    They also pushed fake news and propaganda, and they used 
online amplifiers to spread the information to as many people 
as possible. One of their primary goals was to sow discord and 
undermine a key democratic principle, free and fair elections.
    In summary, I greatly appreciate the opportunity to be here 
today to discuss Russia's election influence efforts. But I 
hope the American people will keep in mind that Russia's 
overall aim is to restore its relative power and prestige by 
eroding democratic values. In other words, its election-related 
activity wasn't a one-time event. Russia will continue to pose 
an influence threat. I look forward to your questions. Thank 
    [The prepared statement of Mr. Priestap follows:]
    Chairman Burr. Thank you very much to all of our witnesses.
    For members, we will proceed by seniority for recognition 
for up to five minutes, and the Chairman will tell you when you 
have used all your time if you proceed that far. The Chair 
would recognize himself for five minutes.
    Yes or no, to all three of you. Most important question: Do 
you have any evidence that the votes themselves were changed in 
any way in the 2016 Presidential election?
    Dr. Liles.
    Dr. Liles. No, sir. There was no detected change in the 
    Chairman Burr. Ms. Manfra.
    Ms. Manfra. No, sir.
    Chairman Burr. Mr. Priestap.
    Mr. Priestap. No, sir.
    Chairman Burr. Bill, to you. This adversary is determined. 
They're aggressive and they're getting more sophisticated by 
the day. The diversity of our election system is a strength, 
but the intrusions into State systems also show that Moscow is 
willing to put considerable resources towards an unclear 
    In 2016, we saw voter data stolen. How could Moscow 
potentially use that data?
    Mr. Priestap. They could use the data in a variety of ways. 
Unfortunately, in this setting I can't go into all of them. 
First of all, I think they took the data to understand what it 
consisted of, what's there, so that they can in effect better 
understand and plan accordingly.
    And when I say ``plan accordingly,'' plan accordingly in 
regards to possibly impacting future elections and/or targeting 
of particular individuals, but also by knowing what's there and 
studying it they can determine if it's it something they can 
manipulate or not, possibly, going forward. And there's a 
couple of other things that wouldn't be appropriate in this 
setting as well.
    Chairman Burr. To any of you: You've heard the Vice 
Chairman talk about his frustration about publicly talking 
about how many states. Can you tell the American people why you 
can't disclose which states and the numbers?
    I'll turn to Ms. Manfra first.
    Ms. Manfra. Thank you for the question, sir. There are--
through the long history that the Department has in working 
with the private sector and State and local on critical 
infrastructure and cybersecurity issues, we believe it is 
important to protect the confidentiality that we have and the 
trust that we have with that community. So when the entity is a 
victim of a cyber incident, we believe very strongly in 
protecting the information around that victim.
    That being said, what we can do is take the technical 
information that we learn from the engagement with that victim 
and anonymize it so it is not identified as to what that entity 
or individual is. We can take all the technical information and 
turn that around and share that broadly with whether it's the 
affected sector or broadly across the entire country. And we 
have multiple mechanisms for sharing that.
    But we believe that this has been a very important key to 
our success in developing trusted relationships across all of 
these 16 critical infrastructure sectors.
    Chairman Burr. Are we prepared today to say publicly how 
many states were targeted?
    Ms. Manfra. We, as of right now, we have evidence of 21 
states, election-related systems in 21 states that were 
    Chairman Burr. But in no case were actual vote tallies 
altered in any way, shape, or form?
    Ms. Manfra. That is correct.
    Chairman Burr. How did the French respond to the Russian 
involvement in the French elections a month ago? Is that 
something we followed, the Bureau? Bill?
    Mr. Priestap. Sir, From the Bureau's standpoint, it's 
something we followed from afar. We did have engagement with 
French officials, but I'm just not at liberty to go into what 
those consisted of.
    Chairman Burr. Okay. We've talked about last year, Russia's 
intent, their target. Let's talk about next year. Let's talk 
about the 2017 elections in Virginia. Let's talk about the 2018 
elections, Congressional and gubernatorial elections. What are 
we doing to prepare ourselves this November and next November?
    Ms. Manfra.
    Ms. Manfra. Yes, sir. As we noted, we are taking this 
threat very seriously, and part of that is identifying this 
community as a critical infrastructure subsector. That's 
allowed us to prioritize and formalize the engagement with 
    Similar to the 2016 elections, we are identifying 
additional resources, prioritizing our engagement with them 
through information-sharing products, identifying, in 
partnership again with the State and local community, those 
communication protocols--how do we ensure that we can 
declassify information quickly should we need to and get it to 
the individuals that need it.
    We also have committed to working with State and local 
officials on incident response playbooks. So how do they 
understand where to engage with us, where do we engage with 
them, and how do we--are we able to bring the entire resources 
of the Federal Government to bear in helping the State and 
local officials secure their election systems?
    Chairman Burr. Great.
    Vice Chairman.
    Vice Chairman Warner. Thank you for the answer at 21. 21 
states is almost half the country. We've seen reports that were 
even higher. I concur with the Chairman that the vote totals 
were not changed. But can you explain to me how we're made 
safer by keeping the identity of 19 of those states secret from 
the public, since Arizona and Illinois have acknowledged they 
were attacked?
    Dr. Liles. Well, sir, I'd bring it back to the earlier 
points you made about the future elections. One of the key 
pieces for us within I&A is our ability to work with our 
partners because of how our collection mechanisms work. It's 
built on a high level of trust----
    Vice Chairman Warner. If this was water systems or power 
systems, would the public be safer by not knowing that their 
water system or power system in their respective State was 
    Ms. Manfra. Sir, I can--for other sectors we apply the same 
principles. When we do have a victim of an incident in the 
electric sector or the water sector, we do keep the name of 
that entity confidential. Some of these sectors do have breach 
reporting requirements that requires the victims----
    Vice Chairman Warner. Are all 21 of the states that were 
attacked, are they aware they were attacked?
    Ms. Manfra. All of the system owners within those states 
are aware of the targeting, yes, sir.
    Vice Chairman Warner. At the State level, you could have 
local registrars and other local officials that there may have 
been an attempt to penetrate at the State level and you may 
have local registrars in the respective states that would not 
even know that their State had been the subject of Russian 
    Ms. Manfra. We are currently working with State election 
officials to ensure communication between the local and the 
State officials.
    Vice Chairman Warner. But at this moment in time, there may 
be a number of State and local election officials that don't 
know their states were targeted in 2016, is that right?
    Ms. Manfra. The owners of the systems that were targeted do 
know that they were targeted----
    Vice Chairman Warner. The owners may know, but because we 
have a decentralized system many local elective--I just----
    Ms. Manfra. I cannot----
    Vice Chairman Warner [continuing]. Fundamentally disagree. 
I understand the notion of victimization.
    Ms. Manfra. Yes, sir.
    Vice Chairman Warner. But I do not believe our country is 
made safer by holding this information back from the American 
public. I have no interest in trying to embarrass any State, 
but if this--because we've seen this for too long in cyber, 
we've seen it in the financial industry, and others, where 
people simply try to sweep this under the rug and assume 
they'll go along their way.
    When we're talking about--I go back to Dr. Liles' initial 
comments. We had no idea--we had no ability to predict this 
beforehand. We had 21 states that were tapped. We've got two 
that have come forward. While no election results were changed, 
we do know there were a number of states--perhaps you'll answer 
this: How many states did the Russians actually exfiltrate 
data, such as voter registration lists?
    Ms. Manfra. I'd prefer not to go into those details in this 
forum, sir. I can tell you that we're tracking 21 states that 
were targeted----
    Vice Chairman Warner. Do the states who had their data 
exfiltrated by the Russians--are they aware of that?
    Ms. Manfra. Yes, sir.
    Vice Chairman Warner. And is there any coordinated response 
on how we're going to prevent this going forward?
    Ms. Manfra. Yes, sir.
    Vice Chairman Warner. How do we make sure, if states are 
not willing to acknowledge that they had vulnerabilities, that 
they were subject to attack--again, we're in a brave new world 
here, and I understand your position. I'm not trying to--I'm 
very frustrated, but I'm not--I get this notion.
    But I think we need a re-examination of this policy. You 
know, the designation by former Secretary Johnson as critical 
infrastructure, what does that change in terms of how our 
operations are going forward? By that designation in January, I 
appreciated it, but what does that really mean in practical 
terms, in terms of assistance or information sharing?
    Ms. Manfra. What it means, it means three things, sir. The 
first is a statement that we do recognize that these systems 
are critical to the functioning of American life, and so that 
is an important statement.
    The second is that it formalizes and sustains the 
Department's prioritization of engagement with this community. 
And the last is, it provides a particular protection for 
sharing of information, in particular with vendors within the 
election community, that allows us to have conversations to 
discuss vulnerabilities with potential systems, that we would 
not have to disclose.
    Vice Chairman Warner. I talked to Secretary Kelly last 
week, and I hope you'll take this, at least this Senator's 
message, back to him. I would like us to get more information. 
What I have heard today is that, there were 21 states. I 
appreciate that information, but within those 21 states I have 
no guarantee that local election officials are aware that their 
State system may have been attacked, number one.
    Number two, we don't know how many states actually had 
exfiltration. And the final question is, have you seen any 
stoppage of the Russian activities after the election? Or are 
they continuing to ping and try to feel out our various 
election systems?
    Ms. Manfra. On the first two questions, sir, we will be 
happy to get back to you. I spoke to the Secretary this morning 
and look forward to responding to your letter. On the third 
question, I'll defer to the FBI.
    Mr. Priestap. Vice Chairman, I just can't comment on our 
pending investigations related to the cyber----
    Vice Chairman Warner. You can't say whether the--so, should 
the public take away a sense of confidence that the Russians 
have completely stopped, as of November of 2016, trying to 
interfere or tap into our electoral systems? Is that what 
you're saying?
    Mr. Priestap. That's not what I'm saying, sir. I believe 
the Russians will absolutely continue to try to conduct 
influence operations in the U.S., which will include cyber 
    Vice Chairman Warner. Thank you, Mr. Chairman.
    Chairman Burr. Thank you, Vice Chairman.
    To DHS and to the Bureau, a quick question; and if you 
can't answer it, please go back and get us an answer. Would 
your agency be opposed to the Chair and Vice Chair sending a 
letter to the 19 states that have not been publicly disclosed, 
a classified letter, asking them if they would consider 
publicly disclosing that they were a target of the last 
    Mr. Priestap. Sir, I'd be happy to take that question back 
to my organization, but I would just add that the role your 
Committee is playing in regards to highlighting the Russians' 
aims and activities I think is critically important for this 
    The Bureau is just trying to balance what, we'll call it 
the messaging end of that, with doing things that hopefully 
don't impact what we can learn through our investigations. I 
know it's a fine balance, but the bottom line is you play a key 
role in raising awareness of that, and I thank you.
    Chairman Burr. Fair concern, and if both of you would just 
go back and get back with us, we'll proceed from there.
    Senator Risch.
    Senator Risch. Thank you much.
    So that the American people can have solid confidence in 
what you've done, and thank you for what you've done, could you 
give the American people an idea--if you feel the numbers are 
classified and that sort of thing, you don't have to go into 
it--but the number of people that were involved on DHS and the 
FBI in this investigation? Can you give us a general idea about 
that? Whichever one of you want to take that question. Ms. 
    Ms. Manfra. From a DHS perspective, we did amass quite a 
few resources both from our intelligence and analysis and our 
operations analysis. To put a number on it is somewhat 
challenging but, you know----
    Senator Risch. Would you say it was substantial?
    Ms. Manfra. It was a substantial level of effort, yes, sir.
    Senator Risch. You're confident that you got where you 
wanted to go when you set out to make this investigation?
    Ms. Manfra. Yes, sir. One of our key priorities was 
developing relationships with that community and getting 
information out, whether it was to the specific victims or 
broader indicators that we could share. We accomplished that. 
We held multiple sessions. We sent over 800 indicators to the 
community, and so we do believe that we accomplished that. We 
don't want to let that down at all. We want to continue that 
level of effort and we intend to continue it.
    Senator Risch. And I'm focusing on not what you did after 
you got the information, but how you got the information. 
You're confident you got what you needed to appropriately 
advise everyone on this, what was going on?
    Ms. Manfra. Yes, sir. Yes, we did.
    Senator Risch. Mr. Priestap.
    Mr. Priestap. The FBI considered this a very grave threat 
and so we dedicated substantial resources to this effort as 
    Senator Risch. Okay. Thank you.
    To both of you, both agencies again: Everyone in this 
Committee knows the specificity and identity of the Russian 
agencies involved. Are you comfortable in identifying them here 
today, or do you feel--still feel that's classified?
    Mr. Priestap. Yeah. Other than what was mentioned in the 
unclassified version of the intelligence community assessment, 
I'd rather not go into any of those details.
    Senator Risch. Were there any of those agencies identified, 
any of the Russian intelligence agencies, identified in that?
    Mr. Priestap. It's my understanding that GRU was 
    Senator Risch. Homeland Security, same answer?
    Dr. Liles. Yes, sir.
    Senator Risch. Okay. Thank you much.
    Let me ask this question. And I come at this from a little 
different perspective, and I think the American people have the 
right to know this. From all the work that either of your 
agencies did, all the people involved, all the digging you did 
through what the Russians had done and their attempts, did you 
find any evidence, direct or circumstantial, to any degree, 
down to a scintilla of evidence, that any U.S. person colluded 
with, assisted, or communicated with the Russians in their 
    Mr. Priestap.
    Mr. Priestap. I'm sorry, I just can't comment on that 
today. That falls under the Special Counsel's purview and I 
have to defer to him.
    Senator Risch. Are you aware of any such evidence?
    Mr. Priestap. And I'm sorry, sir, I just can't comment on 
    Senator Risch. Ms. Manfra.
    Ms. Manfra. Sorry, sir. I cannot also comment on that.
    Senator Risch. Thank you.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator Feinstein.
    Senator Feinstein. Thanks very much, Mr. Chairman.
    Candidly, I'm very disappointed by the testimony. I mean, 
we have learned a great deal and the public has learned a great 
deal. And it seems to me we have to deal with what we've 
    Mr. Priestap, is that correct? You have said, and I think 
quite pointedly, that Russia has decided to weaken us through 
covert influence rather than brute force. And I think that's a 
correct assessment, and I thank you for having the courage to 
make it.
    Here's a question. To the best of the FBI's knowledge, have 
they conducted covert influence in prior election campaigns in 
the United States? If so, when, what and how?
    Mr. Priestap. Yes, absolutely they've conducted influence 
operations in the past. What made this one different in many 
regards was of course the degree and then with what you can do 
through electronic systems today.
    When they did it in the past, it was doing things like 
trying to put in biased or half-true stories, getting stories 
like that into the press or pamphlets that people would read, 
so on and so forth. The Internet has allowed Russia to do so 
much more today than they've ever been able to do in the past.
    Senator Feinstein. So you're saying prior campaigns were 
essentially developed to influence one campaign above another, 
to denigrate a candidate if she was elected and to support 
another candidate subtly?
    Mr. Priestap. Yeah, I'm saying that Russia, for years, has 
conducted influence operations targeting our elections, yes.
    Senator Feinstein. Equal to this one?
    Mr. Priestap. Not equal to this one. No, ma'am.
    Senator Feinstein. Okay, here we go. What made this one 
    Mr. Priestap. Again, I think the scale, the scale and the 
aggressiveness of the effort, in my opinion, made this one 
different. And again, it's because of the electronic 
infrastructure, the Internet, what have you, today that allowed 
Russia to do things that in the past they weren't able to do.
    Senator Feinstein. Would you say that this effort was 
tailored to achieve certain goals?
    Mr. Priestap. Absolutely.
    Senator Feinstein. And what would those goals have been?
    Mr. Priestap. I think the primary goal in my mind was to 
sow discord and to try to delegitimize our free and fair 
election process. I also think another of their goals, which 
the entire United States intelligence community stands behind, 
was to denigrate Secretary Clinton and to try to help then--
current President, Trump.
    Senator Feinstein. Have they done this in prior elections 
in which they've been involved?
    Mr. Priestap. Have they----
    Senator Feinstein. Denigrated a specific candidate and-or 
tried to help another candidate?
    Mr. Priestap. Yes, ma'am, they have.
    Senator Feinstein. And which elections were those?
    Mr. Priestap. Oh--I'm sorry. I know there--I'm sorry, I 
can't think of an example off the top of my head, but even 
though--all the way through the Cold War, up to our most recent 
election, in my opinion, they have tried to influence all of 
our elections since then, and this is a common practice.
    Senator Feinstein. Have they ever targeted what is admitted 
here today to be 21 states?
    Mr. Priestap. If they have, I am not aware of that. That's 
a--that scale is different than what I'm aware of what they 
tried to do in the past. So again, the scale and aggressiveness 
here separates this from their previous activity.
    Senator Feinstein. Has the FBI looked at how those states 
were targeted?
    Mr. Priestap. Absolutely, ma'am.
    Senator Feinstein. And what is your finding?
    Mr. Priestap. We have a number of investigations open in 
regards to that. In this setting, because they're all still 
pending investigations, I'd rather not go into those details.
    The other thing I'd ask you to keep in mind is that we 
continue to learn things. So, there was some activity we were 
looking at prior to the election. It's not like when the 
election was finished our investigation stopped. So as we learn 
more, we share more.
    Senator Feinstein. Do you know if it's the intent of the 
FBI to make this information public at some point?
    Mr. Priestap. I think this gets back to an issue the Vice 
Chairman raised, and I guess I want to be clear on my position 
on it. I think it is critically important to raise awareness 
about Russia's aims to undermine our democracy, and then their 
tradecraft and how they do it.
    My organization--part of understanding that tradecraft is 
conducting our investigations where we learn more and more 
about tradecraft. So we try to balance, what do we need to 
provide to partners so they can best protect themselves versus 
not interrupting our investigations if the information were to 
be made public.
    Senator Feinstein. Thank you very much.
    Mr. Priestap. A balancing act.
    Senator Feinstein. My time is up. Thank you
    Chairman Burr. Thank you, Senator Feinstein.
    The Vice Chairman and I have already decided that we're 
going to invite the Bureau in for a classified briefing to 
update all members on the open investigations and any that we 
see that might warrant, on their minds, an opening of a new 
    In addition, let me remind members that one of the mandates 
of our investigation is that we will, at the end of this, work 
with the Bureau and other appropriate agencies to make a public 
report in as great a public detail as we can our findings on 
Russia's involvement in our election.
    So, it is the intent of the Chair, at least, to make sure 
that as much as we can declassify, it's done and the public 
gets a true understanding when we put out a final report.
    Senator Rubio.
    Senator Rubio. Thank you, Mr. Chairman. And that's 
critically important. I think the most important thing we're 
going to do in this report is tell the American people how this 
happened, so we're prepared for the next time. And it begins, I 
think, by outlining what their goals were, what they tried to 
do, in this regard.
    And we know what they tried to do, because they've done it 
in other countries around the world for an extensive period of 
time. The first is, undermine the credibility of the electoral 
process; to be able to say, that's not a real democracy. It's 
filled with all kinds of problems.
    The second is to undermine the credibility of our leaders, 
including the person who may win. They want that person to go 
into office hobbled by scandal and all sorts of questions about 
them. And the third, ideally, in their minds, I imagine, is to 
be able to control the outcome in some specific instances. If 
they think they could, either through public messaging, or even 
in a worst case scenario by actually being able to manipulate 
the vote--which I know has now been repeatedly testified did 
not happen here.
    And, by the way, these are not mutually exclusive. You can 
do all three, you can only take one. They all work in 
conjunction. I think you can argue that they have achieved 
quite a bit, if you think about the amount of time that we have 
been consumed in this country on this important topic and the 
political fissures that it's developed.
    And the way I always kind of point to it--and if anyone 
disagrees I want you to tell me this--but, you know, we have 
something in American politics. It's legitimate; both sides do 
it. It's called opposition research. You find out about your 
opponent. Hopefully it's embarrassing or disqualifying 
information if you're the opposition research person. You 
package it. You leak it to a media outlet. They report it. You 
run ads on it.
    Now, imagine being able to do that with the power of a 
nation state, illegally acquiring things like e-mails and being 
able to weaponize it by leaking, leaking it to somebody who 
will post that and create all sorts of noise. I think that's 
certainly one of the capabilities.
    The other is just straight-out misinformation, right? The 
ability to find a site that looks like a real news place, have 
them run a story that isn't true, have your trolls begin to 
click on that story. It rises on Facebook as a trending topic. 
People start to read it. By the time they figure out it isn't 
true, a lot of people think it is.
    I remember seeing one in early fall that President Obama 
had outlawed the Pledge of Allegiance, and I had people texting 
me about it. And I knew that wasn't true, but my point is that 
we have people texting about it, asking if it was. It just 
tells you--and I don't know if that was part of that effort, or 
it was just somebody with too much time on their hands.
    And then the third, of course, is the access to our voting 
systems, and obviously people talk about affecting the tallies. 
But just think about this. Even the news that a hacker from a 
foreign government could have potentially gotten into the 
computer system is enough to create the specter of a losing 
candidate arguing, the election was rigged, the election was 
    And because most Americans, including myself, don't fully 
understand all the technology that's around voting systems per 
se, you give that ``election is rigged'' kind of narrative to a 
troll and a fake news site, and that stuff starts to spread. 
And before you know it, you have the specter of a political 
leader in America being sworn in under the cloud of whether or 
not the election was stolen because vote tallies were actually 
    So I don't know why they were probing these different 
systems, because obviously a lot of the information they were 
looking at was publicly available. You can buy it, voter rolls. 
Campaigns do it all the time. But I would speculate that one of 
the reasons potentially is because they wanted these stories to 
be out there, that someone had pinged into these systems, 
creating a specter of being able to argue at some point that 
the election was invalid because hackers had touched election 
systems in key states.
    And that is why I really, truly believe, Mr. Chairman, it 
is so important that, to the extent possible, that part of it, 
the systems part, as much of it be available to the public as 
possible, because the only way to combat misinformation is with 
truth and with facts, and explain to people, and I know some of 
it is proprietary. I know some of it we were trying to protect 
methods and so forth, but it is really critical that people 
have confidence that when they go vote that vote is going to 
count and someone's not going to come in electronically and 
change it.
    And I think they're--I just really hope we err on the side 
of disclosure about our systems so that people have full 
confidence when they go vote. Because I can tell you, I was on 
the ballot in November, and I remember people asking me 
repeatedly, is my vote going to count? I was almost afraid 
people wouldn't vote because they thought their vote wouldn't 
count. So I just hope as we move forward--I know that's not 
your decision to make in terms of declassifications and the 
like, but it is really, really, really important that Americans 
understand how our voting systems work, what happened, what 
didn't and that we be able to communicate that in real-time in 
the midst of an election, so that if in 2018 these reports 
start to emerge about our voting systems being pinged again, 
people aren't--we can put out enough information in October and 
early November so people don't have doubts.
    And I know that's not your decisions to make, but I just 
really hope that's part of what we push on here, because I 
think it's critical for our future.
    Chairman Burr. Senator Wyden.
    Senator Wyden. Thank you, Mr. Chairman.
    Let me say to the three of you, and I say it respectfully, 
that on the big issue, which is which states were affected by 
Russian hacking in 2016, the American people don't seem to be 
getting more information than what they already had before they 
showed up. We want to be sensitive to security concerns, but 
that question has to be answered sooner rather than later. I 
want to send that message in the strongest possible way.
    We obviously need to know about vulnerabilities so that we 
can find solutions, and we need better cybersecurity to protect 
elections from being hacked in the first place. And that means 
solutions like Oregon's vote-by-mail system, that has a strong 
paper trail, air-gapped computers, and enough time to fix the 
problems if they pop up.
    But now to my question. You all mentioned the January 
intelligence assessment, saying that the types of systems we 
observed Russian actors targeting or compromising are not 
involved in vote tallying. Your prepared testimony today makes 
another point that I think that is important. You say it is 
likely that cyber-manipulation of U.S. election systems 
intended to change the outcome of a national election would be 
detected. So that is different than what we have heard thus 
    So I have two questions for you, Ms. Manfra, and you, Dr. 
Liles: What level of confidence does the Department have in its 
assessment that 2016 vote tallying was not targeted or 
compromised? And second, does that assessment apply to State 
and local elections?
    Dr. Liles. Thank you, sir, for the question.
    So, the level of effort and scale required to change the 
outcome of a national election would make it nearly impossible 
to avoid detection. This assessment is based on the diversity 
of systems, the need for physical access to compromise voting 
machines themselves, the security of pre-election testing 
employed by the State and local officials. There's a level, a 
number of standards and security protocols that are put in 
place. In addition, the vast majority of localities engage in 
logic and accuracy testing, which work to ensure voting 
machines are operating and tabulating as expected.
    Before, during, and after the election, there has been an 
immense amount of media attention applied to this, which also 
brings in the idea of people actually watching and making sure 
that the election results represent what they see. And plus 
there's just the statistical anomalies that would be detected, 
so we have a very high confidence in our assessments.
    Senator Wyden. What about State and local elections? Do you 
have the same level of confidence?
    Dr. Liles. So, from the standpoint of a nation-state actor 
operating against a State and local election system, we would 
have the same--for an Internet-connected system, we would have 
the same level of confidence.
    Senator Wyden. Ms. Manfra.
    Ms. Manfra. Yes, sir. And I think this also gets to Senator 
Rubio's point about the difficulty in the general public 
understanding the variety of systems that are used in our 
election process.
    So we broke our level of engagement and concern down to a 
couple of different areas. The voter registration systems, 
which are often, usually connected to the Internet. We also 
were looking at the voting machines themselves, which by best 
practice and by the voluntary voting standards and guidelines 
that the Department of Commerce works with the Election 
Assistance Commission on, is, by best practice--those are not 
connected to the Internet.
    Senator Wyden. So can Homeland Security assure the public 
that the Department would be able to detect an attempted attack 
on vote tallying?
    Ms. Manfra. What I would suggest, sir, is that the ability, 
as has been demonstrated by security researchers, to access 
remotely a voting machine to manipulate that vote and then to 
be able to scale that across multiple different voting machines 
made by different vendors, would be virtually impossible to 
occur in an undetected way within our current election system.
    Senator Wyden. Has the Department conducted any kind of 
post-election forensics on the voting machines that were used 
in 2016?
    Ms. Manfra. We are currently engaged with many vendors of 
those systems to look into conducting some joint forensics with 
them. The vendor community is very interested in engaging with 
us. We have not conducted----
    Senator Wyden. So there's no--there's been no analysis yet?
    Ms. Manfra. We have not--our Department has not conducted 
forensics on specific voting machines.
    Senator Wyden. Do you believe it's important to do that in 
terms of being able to reassure Americans that there was no 
attack on vote tallying?
    Ms. Manfra. Sir, I would say that we do currently have 
voluntary standards in place that vendors are enabled--and in 
approximately 35 states, actually require, some level of 
certification of those voting machines that they are complying 
with those standards. We would absolutely be interested in 
working with vendors to conduct that level of analysis.
    Senator Wyden. Let me ask one last question. Obviously, the 
integrity of elections depends on a lot of people: State and 
local election officers, equipment vendors, third party 
contractors. Are you all, at Homeland Security and the FBI, 
confident that the Federal Government has now identified all of 
the potential government and private sector targets?
    Ms. Manfra. Yes, sir. I'm confident that we've identified 
the potential targets.
    Senator Wyden. Okay.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator Collins.
    Senator Collins. Mr. Priestap, let me start by saying that 
it's a great pleasure to see you here again. I remember back in 
2003, you were detailed to the Homeland Security Committee when 
I was the Chairman and how helpful you were in our drafting of 
the Intelligence Reform and Terrorism Prevention Act. So thank 
you for your continued public service.
    You testified this morning and answered the question of, 
what does Russia want? And you said that the Russians want to 
undermine the legitimacy of our elections and sow the seeds of 
doubt among the American public.
    Despite the exposure and the publicity given to the 
Russian's efforts in this regard, do you have any doubt at all 
that the Russians will continue their activities in subsequent 
    Mr. Priestap. I have no doubt. I just can't--I just don't 
know the scale and aggressiveness, whether they'll repeat that, 
if it'll be less or if it'll be more. But I have no doubt they 
will continue.
    Senator Collins. Is there any evidence that the Russians 
have implanted malware or backdoors or other computer 
techniques to allow them easier access next time to our 
election systems?
    Mr. Priestap. I'm sorry, Senator. I just can't comment on 
that because of our pending investigations.
    Senator Collins. Secretary Manfra, the secretaries of state 
who are responsible for the election systems have a pretty 
blistering attack on the Department of Homeland Security in the 
testimony that will be given later this morning. And I want to 
read you part of that and have you respond. They say: ``Yet, 
nearly six months after the designation''--and they mean the 
designation of election systems as critical infrastructure--
``and in spite of comments by DHS that they are rushing to 
establish election protections, no secretary of state is 
currently authorized to receive classified threat information 
that would help them to protect their election systems.'' Why 
    Ms. Manfra. Thank you, ma'am, for that question. I would 
note that this community, the secretaries of state, and for 
those states where they have a State election director, is not 
one that the department has historically engaged with. And what 
we have done in the process of building the trust and learning 
about how they do their work and how we can assist, we have 
identified the need to provide clearances to that community. 
And so we have committed to them to work through that process 
between our Department and the FBI.
    Senator Collins. Let me ask you about your own agency, 
which is the agency that focuses on critical infrastructure, 
including our election systems. Now, NPPD is not an official 
element of the intelligence community that would have routine 
access to especially sensitive classified information. So how 
do you know with any certainty whether you and others in the 
agency are read into all the relevant classified information 
that may exist regarding foreign threats to our critical 
infrastructure, including our election systems?
    Ms. Manfra. Yes, ma'am. I would say, despite the fact that 
we're not a part of the intelligence community and our focus is 
on network defense and operations, in partnership with the 
critical infrastructure and the Federal Government, we feel 
very confident that with the partnership with our own 
Intelligence and Analysis Division, that serves as an advocate 
for us within the intelligence community, as well as our direct 
relationships with many of those individuals in organizations 
such as the FBI, NSA, and others, that we receive information 
quickly; And when we ask to declassify that, they are 
responsive. And we work through our partners at the 
Intelligence and Analysis Office to ensure that that happens 
    So is there room for improvement? Absolutely, of course. 
But we have the full commitment of the intelligence community 
to support us and get us the information that we need and our 
stakeholders need.
    Senator Collins. And, finally, how many states have 
implemented all the best practices recommended in the document 
developed by DHS regarding the protection of election systems?
    Ms. Manfra. Ma'am, I'd have to get back to you on a 
specific number of states. I don't have that.
    Senator Collins. Do you think most states have?
    Ms. Manfra. In our informal engagement, many of them noted 
that they had already adopted some of these and to the extent 
that they weren't they were incorporating them.
    Senator Collins. I would ask for a response for the record.
    Ms. Manfra. Yes, ma'am.
    Senator Collins. That's a really important point.
    Chairman Burr. Senator Heinrich.
    Senator Heinrich. Mr. Priestap, I want to thank you for 
just how seriously you've taken this and how you've answered 
the questions this morning in your testimony. I think you hit 
the nail on the head when you said we need to step back and ask 
the fundamental question, what do the Russians want?
    And by outlining that they want to undermine legitimacy in 
our system, that they want to sow discord, that they want to 
undermine our free and fair elections, we really have a better 
lens with which to understand the specifics of what happened in 
2016. In your view, were the Russians successful at reaching 
their goals in their activities in our 2016 elections?
    Mr. Priestap. I don't know for certain whether the Russians 
would consider themselves successful. In many ways, they might 
argue that, because of the time and energy we're spending on 
this topic, maybe it's distracting us from other things. But on 
the other hand, exactly what this Committee is doing as far as 
raising awareness of their activities, their aims, for the 
American people, to me they've done us--in my opinion, they've 
done the American public a service in that regard. And so, I 
guess I don't know, but could argue either way.
    Senator Heinrich. Yes. I think the jury's certainly out for 
the future, but when you look at the amount of discord that was 
sown and the impact on 2016, I hope that the outcome of what 
we're doing here is to make sure that in 2018, and in 2020, and 
2022, that by no metric will they have been successful.
    Mr. Priestap, you stated, very correctly, that one of their 
primary goals was to delegitimize our democracy. Are are you 
familiar with the term ``unwitting agent''?
    Mr. Priestap. Yes, I am.
    Senator Heinrich. Can you kind of summarize what that is 
for us?
    Mr. Priestap. In an intelligence context, it would be where 
an intelligence service is trying to advance certain aims and 
they reach out to a variety of people, some of which they might 
try to convince to do certain things; and the people, person or 
persons they contact might actually carry those out, but for 
different reasons than the intelligence service that actually 
wanted them to carry them out. In other words, they do it 
    Senator Heinrich. By effectively reinforcing the Russian 
narrative and publicly saying that our system is rigged, did 
then-candidate Trump, now President Trump, become what 
intelligence officials call an unwitting agent?
    Mr. Priestap. I can't give you a comment on that.
    Senator Heinrich. I don't blame you for not answering that 
    We've got about a minute 46 left. Can you talk about the 
relationship between the election penetration that we saw and 
the coincident Russian use of what Senator Rubio very aptly 
described of trolls, of bots, of social media, all designed to 
manipulate the American media cycle, and how those two things 
fit together?
    Mr. Priestap. I'm sorry. To clarify, fit together the 
intrusions with the----
    Senator Heinrich. What's the relationship between what they 
were doing in our elections from a technical point of view and 
what they were seeking to do in our media cycle by using trolls 
and bots and manipulation of the media cycles.
    Mr. Priestap. I guess the best way I can describe it is 
that this was a, my opinion, a well-planned, well-coordinated, 
multi-faceted attack on our election process and democracy. And 
while that might sound complicated, but it was actually really 
straightforward. They want to collect intelligence from a 
variety of sources, human and cyber means. They want to 
evaluate that intelligence, and then they want to selectively--
they might selectively disseminate some of it. They might use 
others for more strategic discussions.
    But at the end of the day it's all about collecting 
intelligence that would give them some type of advantage over 
the United States and/or attempt to influence things, and then, 
coordinated, well-coordinated, well-funded, diverse ways to 
disseminate things to hopefully influence American opinion.
    Senator Heinrich. This is a very sophisticated, highly 
resourced effort.
    Mr. Priestap. Absolutely.
    Senator Heinrich. Thank you.
    Chairman Burr. Senator Blunt.
    Senator Blunt. Thank you. Thank you, Chairman.
    Let's talk a little bit about once--let's start with a 
comment that DHS made in its written comment which says it 
assesses that the systems Russian actors targeted or 
compromised were not involved in vote tallying. Now, is that 
because the vote tallying systems are a whole lot harder to get 
into than the voter registration systems?
    Ms. Manfra. I can't make a statement as to why different 
systems were targeted. What we can assess is that those vote 
tallying systems, whether it was the machines at a kiosk that a 
voter uses at the polling station or the systems that are used 
to tally votes, were very difficult to access, and particularly 
to access them remotely. And then, given the level of 
observation for vote tallying at every level of the process, 
that adds into, you know, that we would have identified issues 
there, and there were no identified issues. So those two are--
    Senator Blunt. Okay. I would think that if you could get 
into the vote tallying system and you did want to impact the 
outcome of an election, obviously the vote tallying system is 
the place to do that. And I would also suggest that all of your 
efforts, a lot of your efforts, should be to continue to do 
whatever DHS thinks they need to advise--I don't think we 
should centralize this system--to give advice to State and 
local election officials to be sure that that vote tallying 
system is protected at a level above other systems.
    You know, the voter registration system is public 
information. It is generally accessible in lots of ways. It's 
not nearly as protected, for that reason. You have lots of 
input from lots of sources into that system.
    And I think, Ms. Manfra, you made the point that you said 
that the best practice would be to not have the vote tallying 
system connected in any unnecessary way to the Internet. Is 
that right?
    Ms. Manfra. Both the kiosks themselves and vote tallying 
systems, to not connect them to the Internet and to also have, 
ideally, paper auditing trails as well.
    Senator Blunt. Well, I certainly agree with that. The paper 
trail is significant and I think more prevalent as people are 
looking at new systems. But also, I think any kind of third 
party monitoring--the first two parties would be the voter and 
the counting system--just creates another way into the system. 
So my advice would be that DHS doesn't want to be in a 
situation where somehow you're connected to all the voting 
systems of the country.
    And Mr. Liles, I think you said the diversity of our voting 
system is a great strength of the system. Do you want to 
comment on that any more?
    Dr. Liles. Yes, sir. When we were setting it as part of our 
red teaming activities, we looked at the diversity of the 
voting system as actually a great strength and the fact that 
there were not connected in any one kind of centralized way. So 
we evaluated that as--when we were looking at the risk 
assessment with OCIA, the Office of Cyber Intelligence 
Analysis--Infrastructure Analysis, we looked at that as one of 
the great strengths and our experts at the IC we worked with 
also said the same thing.
    Senator Blunt. Well, I would hope you'd continue to think 
about that as one of the great strengths as you look at this 
critical infrastructure, because every avenue for Federal 
monitoring is also just one more avenue for somebody else to 
figure out how to get into that system.
    And again, the voter registration system, dramatically 
different in what it does. All public information accessible, 
printed out, given to people to use, though you are careful of 
what information you give and what you don't. But almost all 
election officials that have this system now have some way to 
share that with the public as a system.
    There is no reason to share the security of the vote 
counting system with the public or to have it available or 
accessible. And I would hope that the DHS, or nobody else, 
decides that you're going to save this system by having more 
avenues, more avenues into the system.
    Ms. Manfra. Absolutely not, sir. We're fully supportive of 
the voluntary standards process, and we are engaging with that 
process with our experts, and we continue, again, with the 
voluntary partnership with the State and local. And we intend 
to continue that.
    Senator Blunt. Thank you.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator King.
    Senator King. Thank you, Mr. Chairman.
    Starting with a couple of short questions, Mr. Priestap. 
Number one, you've stated this was a very grave threat, that 
Russia--the attempts to probe and upset our local election 
systems. Any doubt it was the Russians?
    Mr. Priestap. No, sir.
    Senator King. Any doubt that they'll be back?
    Mr. Priestap. No, sir.
    Senator King. To our DHS witnesses, have the 21 states that 
you've mentioned, that we know where we had this happen, been 
notified officially?
    Ms. Manfra. Sir, the owners of the systems within those 21 
states have been notified.
    Senator King. How about the election officials in those 
    Ms. Manfra. We are working to ensure that election 
officials as well understand. I'll have to get back to you on 
whether all 21 states----
    Senator King. Have you had a conference of all State 
election officials, secretaries of state, here in Washington on 
this issue?
    Ms. Manfra. I have had at least two teleconferences; and 
in-person conferences, we will be engaging with them in July, I 
    Senator King. Well, I would urge you to put some urgency on 
this. We've got another election coming in 18 months, and if 
we're talking about systems and registration rolls, the time is 
going by. So I believe this is, as we've already heard 
characterized, is a very grave threat. It's going to be back 
and shame on us if we're not prepared.
    Ms. Manfra. Yes, sir. We have biweekly--every other week, 
we hold a teleconference with all relevant election officials. 
The national associations that represent those individuals have 
nominated bipartisan individuals to engage with us on a regular 
    This is of the utmost urgency for the Department and this 
government to ensure that we have better protections going 
forward, and the community, the election community, is 
similarly committed and has been so for years.
    Senator King. And just to be clear, nobody's talking about 
a Federal takeover of local election systems or Federal rules. 
What we're talking about is technical assistance and 
information and perhaps some funding at some point?
    Ms. Manfra. Sir, this is similar to our engagement with all 
critical infrastructure sectors, whether it's the electrical 
sector, the nuclear sector, the financial sector, is completely 
voluntary and it is about this Department providing information 
both to potential victims, but to all network defenders, to 
ensure that they have access to what we have access to and can 
better defend themselves.
    Senator King. Thank you.
    Mr. Liles, I'll take issue with something that you said, 
that we have a national election and it was just too large, too 
diverse, to really crack. We don't have a national election. 
What we have are 50 State elections. And each election in the 
states can depend upon a certain number of counties. There are 
probably 500 people within the sound of my voice who could tell 
you which ten counties in the United States will determine the 
next Presidential election.
    And so you really--a sophisticated actor could hack a 
Presidential election simply by focusing on particular 
counties. Senator Rubio I'm sure remembers Dade County in the 
year 2000 and the significance that had to determining who the 
next President of the United States was.
    So I don't think it works to just say, oh, it's a big 
system and the diversity will protect us, because it really is 
county by county, city by city, State by State, and a 
sophisticated actor, which the Russians are, could easily 
determine where to direct their attack. So I don't want to rely 
on the diversity.
    Second, a separate point is, what do we recommend? And 
we've talked about paper backups. The Dutch just had an 
election where they just decided to make it all paper and count 
the ballots by hand, for this very reason. So what would you 
tell my elections clerk in Brunswick, Maine, Ms. Manfra, would 
be the top three things he or she should think about in 
protecting themselves in this situation?
    Ms. Manfra. Sir, I would say to, first, as previous 
Senators mentioned, prioritize the security of your voting 
machines and the vote tallying system, ensure that they are not 
connected to the Internet, even if that is enabled on those 
particular devices.
    Second, ensure that you have an auditing process in place 
where you can identify anomalies throughout the process, 
educate polling workers to look for suspicious activity, for 
    Senator King. But doesn't auditing mean a paper trail, a 
paper backup?
    Ms. Manfra. Yes, sir. I would recommend a paper backup.
    Senator King. And one of the worrisome things, again, on 
the issue of the national, we talk about how diverse it is, but 
aren't we seeing a consolidation in terms of the vendors who 
are producing these machines?
    Ms. Manfra. Yes, sir. It is my understanding that we are 
seeing some consolidation in the vendor community. Again, many 
of them are committed and have engaged on the voluntary voting 
standards and guidelines, which partly include security.
    We will be updating those security guidelines in 2018. And 
yes, while there is some concern about consolidation, we do 
look forward to engaging with them, and as of now they are a 
very engaged community.
    Senator King. I think this aspect of this question that 
this Committee is looking at is one of the most important, and 
frankly one of the most daunting, because we pretty well 
determined that they weren't successful in changing tallies and 
changing votes, but they weren't doing what they did in at 
least 21 states for fun. And they are going to be back, and 
they're going to be back with knowledge and information that 
they didn't have before.
    So I commend you for your attention to this and certainly 
hope that this is treated with the absolute utmost urgency.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator Lankford.
    Senator Lankford. Thank you, Mr. Chairman.
    Thanks to all of you for being here as well today.
    To Senator King just as a heads up, there are some states 
that are like that. For 25 years the Oklahoma election system 
has had a paper ballot and an optical scan and it's been a very 
good back-up for us. We quickly count because of the optical 
scan, but we're able to go back and verify because of paper.
    This is such a big deal and it's such an ongoing 
conversation that I'm actually in two simultaneous hearings 
today I'm running back and forth with. In the Department of 
Homeland Security and what we're dealing with State elections 
and with State systems, is also happening in the HSGAC hearing 
that I'm also at, including my own Oklahoma CIO that's there 
testifying today on this same issue, how we are protecting 
State systems, State elections and what's happening.
    I brought this with me today. You all are probably--this 
group is very, very familiar with this e-mail. This is the 
famous e-mail that Billy Rinehart got from the DNC while he 
happened to be on vacation. He was out in Hawaii enjoying some 
quality time away from his work at the DNC, and he gets an e-
mail from Google, it appears, that says someone has used your 
password, someone just tried to sign in to your Google account; 
sent it to him and told him someone tried to do it from the 
Ukraine; and recommended that he go in and change his password 
    [The material referred to follows:]
    Senator Lankford. Which, as the New York Times reported, he 
groggily at 4:00 a.m., when he saw that e-mail was frustrated 
by it, went in, clicked on the link, changed his password and 
went back to bed. But what he actually did was just gave the 
Russian government access to the DNC, and then it took off from 
    Multiple other staff members of the DNC got an e-mail that 
looked just like this. Now, everyone who has a Google account, 
will know that really looks like a Google account warning. It 
looked like the real thing. When you hovered over the ``change 
password,'' it showed a Google account connection where it was 
going to, but it wasn't. It was going to the Russians.
    About 91 percent, my understanding is, about 91 percent of 
the hacks that come into different systems, start with a spear 
phish attack that looks just like this.
    So let's talk about, in practical terms, for our State 
election folks and what happens in my State and other states. 
First for you, Mr. Priestap. How does Russia identify a 
potential target? Because this is not just a random e-mail that 
came to him. This was targeted directly at him, to his address. 
It looked very real, because they knew who he was and where he 
works. So, how were the Russians that savvy to be able to track 
this person and how does this work in the future for an 
election system for a State?
    Mr. Priestap. So I can't go into great detail in this 
forum, but I'd say what intelligent services do, not just 
Russia there, is they're looking for vulnerabilities. That 
would begin in the cyber sense with computer vulnerabilities.
    As far as targeting specific individuals, I don't know all 
the facts surrounding that e-mail and all the e-mails that were 
sent, but my guess is they didn't just send it to one person. 
They sent it the email like that to a whole variety, just 
hoping that one would click on it.
    Senator Lankford. Right. But how are they getting that 
information? Are they going to their website, for instance, and 
gathering all the e-mails for it? I'm trying to figure out, are 
they tracking individuals to get more information, so they get 
something that looks like something they would click on?
    Mr. Priestap. Yes. You hit on it, but a whole variety of 
ways. They might get it through reviewing open source material, 
either online or otherwise. But they also collect a lot of 
information through human means as well.
    Senator Lankford. So, Ms. Manfra, let me ask you this 
question. When someone at any location clicks on a link like 
this, what access to information do they get typically?
    Ms. Manfra. Well, sir, it depends on the system itself. I 
imagine that's probably a frustrating response. But given the--
and I think this is important for the public to understand. As 
the threat evolves, they're going to continue as we educate the 
public, don't click on certain things. Look at, you know, make 
sure you know the sender, for instance, before you click on it, 
and as our defense gets better the offense is going to look for 
other means.
    And so we look, you know, in this case, ideally, we want 
people to look and see what is it that they're actually 
clicking on before they click it. Some organizations choose to 
say when an individual clicks on that link, they choose to not 
allow that to go to that designation, because they know it's 
suspicious or they have some mechanisms in place to put that 
into a container and look at it. Other organizations don't take 
those steps, and it really depends on your risk management and 
the technical control that you put in place.
    Senator Lankford. Let me ask you a quick question. Who has 
primary responsibility for Federal election integrity? Which 
agency is the prime mover in that? Obviously, states oversee 
their own, but which Federal entity is working with the State 
to say they're the prime person or the prime agency to do it?
    Ms. Manfra. For election cybersecurity, our Department, in 
coordination with the FBI and others, is leading the 
partnership with State and locals.
    Senator Lankford. Great. Thank you.
    Chairman Burr. Senator Manchin.
    Senator Manchin. Thank you, Mr. Chairman.
    And thank all of you for your appearance here today and 
your testimony. Being a former secretary of state of my great 
State of West Virginia, and also being a former governor, my 
utmost concern was voter fraud. Every time that we would have a 
report of a fraud, I would see the election participation 
decrease the next election cycle, thinking their vote didn't 
    Is there any reason at all that any person that has the 
knowledge that you all have, or anyone that you've--on our 
Committee here, from the intelligence community, would give you 
any doubt that Russia was involved, and Russia was very much 
involved with the intent of doing harm to our election process, 
as far as the confidence level that voters would have? Do any 
of you have any concerns whatsoever, any doubts, that the 
Russians were behind this and involved in a higher level than 
ever? All three of you.
    Mr. Priestap. No, no doubt from the FBI's end as far as 
Russia's involvement.
    Senator Manchin. And you've all interacted with all the 
intelligence community, right?
    Mr. Priestap. Yes, sir.
    Ms. Manfra. Similar, sir. I have no doubt.
    Mr. Liles. No, sir.
    Senator Manchin. So nobody. There's not an American right 
now that should have a reasonable doubt whatsoever that the 
Russians were involved.
    Were all 50 states notified on Russia's intentions and 
activities during the 2016 election cycle? Had you all put an 
alert out? So if I'd have been secretary of state in charge of 
my elections in West Virginia, would you have notified me to be 
on the lookout?
    Ms. Manfra. Sir, I can discuss our products that we put out 
and I'll defer to the FBI on what they put out. We did put out 
products, not public products, but we did put out products, 
primarily leveraging our Multi-State Information Sharing 
Analysis Center, which has connections to all 50 states CIOs.
    And we engaged with the Election Assistance Commission and 
other national associations that represent those individuals to 
ensure that we were able to reach--again, this was a community 
that we had not historically engaged with, and so we relied on 
those, and we did put out multiple products prior to the 
    Senator Manchin. And you're really not sure if these 
national associations, the secretaries of states, dispersed 
that information, put everybody on high alert?
    Ms. Manfra. I believe that they did, sir. We also held a 
conference call where all 50 secretaries of state or an 
election director if the secretary of state didn't have that 
responsibility, in August, in September, and again in October, 
both high-level engagement and network defense products.
    Senator Manchin. And if I could ask this questions to 
whoever, maybe Mr. Priestap. What was Russia's intention, and 
do you think they were successful in what they desired to do, 
even though they didn't alter--as you all have said, you can 
see no alterations of the election results. Do you believe that 
it had an effect in this election outcome of this 2016 
    Mr. Priestap. As far as Russia's intention, again, the 
broader being to undermine democracy and one of the ways they 
sought to do this, of course, here was to undermine the 
legitimacy of our free and fair election.
    Senator Manchin. Do you believe they were successful in the 
    Mr. Priestap. No, I--the FBI doesn't look at that as far as 
did Russia achieve its aims in that regard.
    Senator Manchin. Let me ask this question. Are there 
counter-actions the U.S. can take to subvert or punish the 
Russians for what they have done and their intention to 
continue? And what's your opinion of the sanctions that we have 
placed on Russia?
    Mr. Priestap. As you know, the FBI doesn't do policy. I'm 
here today to provide you an overview of the threat picture, at 
least as I understand and see it. But obviously the U.S. 
government did take action post-election in regards to making a 
number of Russian officials----
    Senator Manchin. Have you seen them subside at all any of 
their activities since we have taken some actions?
    Mr. Priestap. Subside? They have less people to carry out 
their activities, so it's certainly had an impact on the number 
of people.
    Senator Manchin. And finally, with the few seconds I have 
left, have we shared this with our allies, our European allies, 
who are going through election processes, and have they seen 
the same intervention in their election process that we have 
seen from the Russians in ours?
    Mr. Priestap. Sure. I can't speak for DHS, but the FBI is 
sharing this information with our allies, absolutely.
    Senator Manchin. How about DHS?
    Ms. Manfra. We are also sharing information with our 
    Senator Manchin. Are they seeing a high--an overaggressive, 
high activity, from the Russians that they haven't seen at this 
level before, such as we did during the 2016 election?
    Dr. Liles. Sir, there is media reporting that suggests 
that. We don't have direct government-to-government 
relationships from a DHS perspective. There is definitely media 
reporting that they're seeing an increased activity.
    Senator Manchin. Thank you.
    Chairman Burr. Senator Cotton.
    Senator Cotton. Thank you all for your appearance today.
    Mr. Priestap, in response to Mr. Heinrich's question about 
whether Donald Trump had become an unwitting agent of Russia 
and their efforts to sow discord and discontent about our 
elections, you said that you declined to answer, which is 
    Let's look at this from a different perspective. Since her 
election defeat, Hillary Clinton has blamed her loss on the 
Russians, Vladimir Putin, the FBI, Jim Comey, fake news, 
WikiLeaks, Twitter, Facebook, and, my personal favorite, 
content farms in Macedonia. In her blaming her loss on these 
actors, has Hillary Clinton become an unwitting agent of 
Russians' goals in the United States?
    Mr. Priestap. And I'm sorry, sir, but I'd rather not 
comment. It's just something----
    Senator Cotton. I understand. I just wanted to point out 
that you can look at it from two different----
    Mr. Priestap [continuing]. It's just something I haven't 
given any thoughts to.
    Senator Cotton. Let's turn to other matters, then. Would 
you advise states and localities in the conduct of their 
elections or, more broadly, in their government services not to 
use or not to do business with Kaspersky Labs, companies that 
do business with Kaspersky, or companies that use Kaspersky 
products in their systems?
    Mr. Priestap. Sir, I can't really comment on that in this 
    Senator Cotton. Miss Manfra, would you advise them not to 
use Kaspersky products?
    Ms. Manfra. I can also not comment on that in this forum, 
    Senator Cotton. I don't even have to ask, Dr. Liles. You're 
reaching for your microphone.
    Dr. Liles. Yes, sir. I can't comment either.
    Senator Cotton. Okay. Senator Risch says he'll answer, but 
I'll let him speak for himself at a later time.
    Mr. Priestap, we've talked a lot about Russia's intent and 
activities in our elections, but I think it's important that 
the American people realize that it goes much farther than just 
elections and the 2016 campaign, as well. Isn't it true that 
Russian cyber actors have been probing U.S. critical 
infrastructure for years?
    Mr. Priestap. Yes, sir. I can't go into specifics, but they 
probe a lot of things of critical importance to this country.
    Senator Cotton. And as the head of counterintelligence, you 
write in your statement, that quote, ``Russia's 2016 
Presidential election influence effort was its boldest to date 
in the United States,'' which implies there have been previous 
efforts. You also say that the FBI had to strengthen the 
intelligence community assessment because of our history 
investigating Russia's intelligence operations within the 
United States. Both of which suggest that this keeps you pretty 
busy in your portfolio at counterintelligence, is that right?
    Mr. Priestap. That's correct.
    Senator Cotton. And this Russian intelligence threat is not 
just a cyber threat, either. It also is a threat from 
traditional human intelligence, or what a layman might call 
spies, is that right?
    Mr. Priestap. Yes, sir.
    Senator Cotton. Do so-called diplomats who work down out of 
the Russian embassy in Washington, D.C., have the requirement 
to notify our State Department in advance if they plan to 
travel more than 25 miles, and give that notification 48 hours 
in advance?
    Mr. Priestap. They do.
    Senator Cotton. And the State Department's supposed to 
notify the FBI in advance of those travel arrangements, 
    Mr. Priestap. Yes.
    Senator Cotton. Is it true that the Russian nationals often 
fail to give that notification at all, or they give it at, say, 
4:55 on a Friday afternoon before a weekend trip?
    Mr. Priestap. I'd prefer not to go into those details here, 
but--I'll leave it at that.
    Senator Cotton. Does it complicate you and your agents' 
efforts to conduct your counterintelligence mission to have 
Russian nationals wandering around the country more than 25 
miles outside their duty assignment?
    Mr. Priestap. Sure. If that were to happen, that would 
absolutely complicate our efforts.
    Senator Cotton. The Secretary of Defense recently indicated 
at an Armed Services Committee hearing that Russia is in 
violation of something called the Open Skies Treaty, a treaty 
we have with Russia and other nations that allow us to overfly 
their territory and take pictures and they do the same here. Do 
we see so-called Russian diplomats traveling to places that are 
in conjunction with Open Skies flights that Russia's conducting 
in this country?
    Mr. Priestap. I'm sorry, I just can't comment on that here.
    Senator Cotton. Okay. Last summer, an American diplomat in 
Moscow was brutally assaulted on the doorstep of our embassy in 
Moscow. Did we take any steps to retaliate against Russia for 
that assault in Moscow? Did we declare persona non grata any of 
their so-called diplomats here in the United States?
    Mr. Priestap. If I recall correctly, we didn't immediately 
do anything in that regard.
    Senator Cotton. Okay. This Committee passed unanimously in 
Committee last year something that just passed as part of the 
omnibus spending bill in April a provision that would require, 
one, the State Department to notify the FBI of any requests for 
Russian diplomats to travel more than 25 miles outside their 
embassy and to report violations to you.
    It further requires the State Department to report those 
violations regularly to this Committee. What's the status of 
that provision now that it's been in law for about two months? 
Is the State Department cooperating more fully with you?
    Mr. Priestap. I guess I'd rather not comment on that here. 
We're still working through the implementation of that.
    Senator Cotton. Well, I certainly hope they start.
    Thank you.
    Chairman Burr. Senator Harris.
    Senator Harris. Thank you.
    Ms. Manfra, you mentioned that you notified the owners. I'm 
not clear on who the owners are. Are they the vendors?
    Ms. Manfra. What I meant to clarify is in some case it may 
not be the secretary of state or the state election director 
who owns that particular system. So in some cases it could be a 
locality or a vendor.
    Senator Harris. So is there a policy of who should be 
notified when you suspect that there's a threat?
    Ms. Manfra. We are working through that policy with the 
secretaries of state. That is one of the commitments that we 
made to them, and election directors, in order to ensure that 
they have appropriate information, while preserving the 
confidentiality of the victim publicly.
    Senator Harris. And can you tell us which states--in which 
states you notified the vendor instead of notifying the 
secretary of state?
    Ms. Manfra. We keep the vendor information confidential as 
    Senator Harris. Are there states that you notified where 
you did not notify the person who was elected by the people of 
that State to oversee elections?
    Ms. Manfra. I don't believe that's the case, but I will get 
back to you with a definitive answer.
    Senator Harris. And how specific was the warning that you 
sent? What exactly is it that you notified the states or the 
vendors of?
    Ms. Manfra. Depending on the scenario and the information 
that we had--and more generally, what we do is when we get 
classified information we look to declassify as much as 
possible to enable----
    Senator Harris. Let's talk about the election, yes.
    Ms. Manfra. So for this particular one, what we took was 
technical information that we had, that we believed was 
suspicious, and that was emanating from Russia, and was 
targeting their system. We asked them to look at their system. 
We asked--and this was part of the broader dissemination as 
well--we asked all states to look at their system, to identify 
whether they had an intrusion or whether they blocked it. In 
most cases, they blocked it.
    Senator Harris. Do you have a copy with you of the 
notification you sent to these various vendors or states?
    Ms. Manfra. I do not, ma'am, but we can get back to you.
    Senator Harris. Okay, and will you provide this Committee 
with a copy of the notification you sent to those states or 
    Ms. Manfra. Many of them were done in person, but what I 
can show you is the technical information. That was also rolled 
up in the information that we published in December, but I can 
show you what we provided to the states and localities.
    Senator Harris. And did you notify each of them the same 
way? Or did you tailor the notification to each State?
    Ms. Manfra. We tailor the notification. It's a process for 
all victim or potential victim notifications, us and the FBI. 
So sometimes it may be an FBI field agent that goes out there, 
sometimes it may be a Department official that goes out there.
    Senator Harris. Okay. So in your follow-up to the 
Committee, please provide us with specifically who notified 
each State, and then who in that State was notified, the vendor 
or the State election official, and also what specifically they 
were notified of.
    In 2007, California worked with leading security 
researchers--the secretary of state at the time was Deborah 
Bowen--and they instituted some of the best practices, we 
believe, for election security. And my understanding is that it 
is considered a gold standard. So my question is, does DHS have 
the technical capability and authority to coordinate a study 
like that for all of the states?
    Ms. Manfra. We do have the technical capability and 
authority to conduct those sorts of studies, ma'am, yes.
    Senator Harris. Have you pursued that as a viable option to 
help the states do everything they can to secure their systems?
    Ms. Manfra. That is one of the areas that we're 
considering, yes, ma'am.
    Senator Harris. So have you taken a look at that study that 
was commissioned in California in 2007? And if not, I'd 
encourage that you do.
    Ms. Manfra. I have not personally, but I will read it, 
    Senator Harris. And I'm also concerned that the Federal 
Government does not have all the information it needs in these 
situations where there's been a breach. Is there any 
requirement that a State notify the Federal Government when 
they suspect there's been a breach?
    Ms. Manfra. No, ma'am.
    Senator Harris. And in terms of the American public and 
voters in each of these states, can you tell me is there any 
requirement that the State notify its residents when the State 
suspects there may be a breach?
    Ms. Manfra. I cannot comment. I know that multiple states 
have different sunshine laws, etcetera, that apply to data 
breaches within the State, so I couldn't make a general 
statement about what their requirements are at the State level.
    Senator Harris. And do any of you have any thoughts about 
whether there should be such requirements, both in terms of 
states reporting to the Federal Government and also states 
reporting to their own residents and citizens about any 
breaches of their election system?
    Ms. Manfra. Required data breach reporting is a complicated 
area. We prefer, and we've had a fair amount of success with, 
voluntary reporting and partnerships, but we'd be happy to work 
with your staff in further understanding how that might apply 
    Senator Harris. Okay, I appreciate that. Any other thoughts 
as we think about how we can improve notification and sharing 
of information?
    [No response.]
    No. Okay, thank you.
    Chairman Burr. Before I move to Senator Reed, let me just 
say that, since a number of members have questioned the 
agencies, especially those that are here, and the sharing with 
Congress of the investigation, I'll just say that the Chair and 
the Vice Chair were briefed at the earliest possible time and 
continued to be briefed throughout the process, and then it was 
opened up to all the members of the Committee. I'm not sure 
that I had ever shared that with everybody, but I just want to 
make sure that everybody's aware of that.
    Senator Reed.
    Senator Reed. Thanks very much, Mr. Chairman.
    Thank you very much, ladies and gentlemen. Let's start with 
Mr. Priestap. Are you aware of any direction or guidance from 
President Trump to conduct this investigation about the Russian 
interest in our elections?
    Mr. Priestap. Sir, I can't comment on that. It could be 
potentially related to things under the Special Counsel's 
    Senator Reed. Thank you.
    Ms. Manfra, in terms of the Department of Homeland 
Security, are you aware of any direction by the President to 
conduct these types of operations or your investigations?
    Ms. Manfra. Sir, to clarify the question, direction from 
the President to----
    Senator Reed. That the President of the United States has 
directed that the Department of Homeland Security and other 
Federal agencies conduct the activities that you're conducting, 
essentially an investigation into the Russian hacking in the 
    Ms. Manfra. I can't comment on the President's directions 
specifically, but our Secretary is committed to understanding 
what happened, ensuring that we are better protected in the 
future, so our activities are fully supported.
    Senator Reed. He has not communicated that this is at the 
direction of the President of the United States?
    Ms. Manfra. No, sir.
    Senator Reed. Dr. Liles.
    Dr. Liles. Sir, this comes directly--the IC has been 
working on this for quite a while, and the Secretary has 
completely supported it.
    Senator Reed. But again, no----
    Dr. Liles. Nothing from the President directly, sir.
    Senator Reed. Thank you.
    I thought Senator King raised some very interesting issues 
in terms of most elections, national elections, as much you 
like to think about it, particularly from Rhode Island, are not 
decided in certain states, but decided even in certain cities 
and counties, which raised an interesting question. You were 
very assertive about that you'd be able to diagnose an 
intrusion that was altering voter--votes, literally. When could 
you do that? Within weeks of an election, on Election Day, 
after Election Day?
    Dr. Liles. Sir, from an IC perspective, the way we would do 
that is by looking at the threats themselves that were 
targeting the specific entities. And the other element that we 
would look at is, as the reporting itself was coming in, if 
there was any statistical anomalies in what we were seeing.
    And I'd also point out that we're talking about Internet-
connected systems here, and not all of the key counties that 
you would represent would be those Internet-connected systems.
    Senator Reed. But, effectively, I think what you've said is 
that you'd really have to wait for confirmation until the 
results started coming in on Election Day, which raises the 
issue of, even if you detect it on Election Day, what do we do? 
The votes have already been cast.
    Are you--is anyone planning on--what's the--what reaction 
we take? How do we notify people? What are--what steps do we 
    Dr. Liles. I'd have to defer that to others.
    Ms. Manfra. Yes, sir. And I do want to clarify, when we say 
that that activity would be difficult to detect, it would be--
or difficult to go on undetected, it would--that we're 
discussing both at the polling station or the jurisdiction, 
that it would be hard for somebody to do that without anybody, 
not necessarily that the Department would have that immediate 
    And to answer your question, yes, that is absolutely 
something that is a part of our planning and what we would look 
forward to partnering with the State and local officials on 
    Senator Reed. So we're, again, about 18 months away from 
election. We have to be able to develop, not technical 
infrastructure, but an organizational infrastructure that could 
react, maybe on very short notice, to discovery that actual 
votes were being tampered. Is that accurate?
    Ms. Manfra. Absolutely, sir. It is both technical and 
    Senator Reed. And do you think there's enough emphasis in 
terms of the resources and support to do that, the 
collaboration? You got 50 states and among those states many of 
the voting jurisdictions are not at the State level; they're 
the city and town. Are we taking it serious enough? I guess 
that's the issue.
    Ms. Manfra. Absolutely, sir. This is one of our highest 
priorities. And I would also note that we're not just looking 
ahead to 2018, as election officials remind me routinely that 
elections are conducted on a regular basis. And so--highest 
priority, sir. Yes.
    Senator Reed. Let me ask, Mr. Priestap. If I've pronounced 
it incorrectly, forgive me. But you testified today, and your 
colleagues, that information was exfiltrated by the Russians. 
What type of information was taken and what could it be used 
    Mr. Priestap. Yes. I don't want to get into the details of 
what victim information was taken. Again, we've got a variety 
of pending investigations. But again, it could be used for a 
variety of purposes. It could have been taken to understand 
what's in those systems. It could have been taken to use to try 
to target--learn more about individuals, so that they could be 
    It could have been taken in a way to then publicize, just 
to send a message that a foreign adversary has the ability to 
take things and to sow doubt in our voters' minds.
    Senator Reed. Let me ask you this question, as a judgment. 
Given the activities that the Russians have deployed, 
significant resources, constant effort over--as you, the 
intelligence community--probably a decade, do you think they 
have a better grasp of the vulnerabilities of the American 
voting system than you have?
    Mr. Priestap. I hope not. I think it's an excellent 
question and I can--well, first of all, I hope not and I don't 
think so. But if they did, I don't think they do any more.
    Senator Reed. Thank you very much.
    Chairman Burr. Thank you, Senator Reed.
    Before we move to the second panel, one last question, Mr. 
Priestap, for you. Is there any evidence that the attempt to 
penetrate the DNC was for the purposes of launching this 
election year intrusion process that they went on? Or was this 
at the time one of multiple fishing expeditions that existed by 
Russian actors in the United States?
    Mr. Priestap. In my opinion, it was one of many efforts. 
You'd call it a fishing expedition, but to determine, again, 
what's out there, what intelligence can they collect. So they 
don't go after one place. They go after lots of places and 
    Chairman Burr. Tens? Hundreds? Thousands?
    Mr. Priestap. Hundreds, at least hundreds.
    Chairman Burr. Okay.
    I want to wrap up the first panel with just a slight recap. 
I think you have thoroughly covered that there's no question 
that Russia carried out attacks on State election systems. No 
vote tallies were affected or affected the outcome of the 
elections. Russia continues to engage in exploitation of the 
U.S. elections process and elections are now considered a 
critical infrastructure, which is extremely important and does 
bring some interesting potential new guidelines that might 
apply to other areas of critical infrastructure that we have 
not thought of because of the autonomy of each individual State 
and the control within their State of their election systems.
    So I'm sure this will be further discussed as the 
appropriate committees talk about Federal jurisdiction, where 
that extends to. And clearly, I think it's this Committee's 
responsibility as we wrap up our investigation to hand off to 
that Committee somewhat of a road map from what we've learned 
are areas that we need to address, and we will work very 
closely with DHS and with the Bureau as we do that.
    With that, I will dismiss the first panel and call up the 
second panel.
    Chairman Burr. I'd like to call the second panel to order, 
and ask those visitors to please take their seats. As we move 
into our second panel this morning, our hearing is shifting 
from a Federal Government focus to a State-level focus. During 
this second panel, we'll gain insight into the experiences of 
the states in 2016, as well as hear about efforts to maintain 
election security moving forward.
    For our second panel, I'd like to welcome our witnesses: 
the Honorable Connie Lawson, President-elect of the National 
Association of Secretaries of State and the Secretary of State 
of Indiana; Michael Haas, the Midwest Regional Representative 
to the National Association of State Election Directors and the 
Administrator of the Wisconsin Election Commission; Steve 
Sandvoss, Executive Director of the Illinois State Board of 
Elections; and Dr. J. Alex Halderman, Professor of Computer 
Science and Engineering, University of Michigan.
    Thank you all for being here. Collectively, you bring a 
wealth of knowledge and a depth of understanding of our State 
election systems, potential vulnerabilities of our voting 
process and procedures, and the mitigation measures we need to 
take at the State level to protect the foundation of American 
    In January of this year, then-Secretary of Homeland 
Security Jeh Johnson designated the election infrastructure 
used in Federal elections as a component of U.S. critical 
infrastructure. DHS stated that the designation established 
election infrastructure as a priority within the national 
infrastructure protection plan. It enabled the Department to 
prioritize our cybersecurity assistance to State and local 
election officials for those who requested it, and made it 
publicly known that the election infrastructure enjoys all the 
benefits and protections of critical infrastructure that the 
U.S. government has to offer.
    Some of your colleagues objected to this designation, 
seeing it as Federal Government interference. Today I'd like to 
hear your views on this specifically, but more broadly how the 
states and the Federal Government can best work together. I'm a 
proud defender of states' rights but this could easily be a 
moment of ``divided we fall.'' We must set aside our suspicions 
and see this for what it is, an opportunity to unite against a 
common threat. Together, we can bring considerable resources to 
bear and keep the election system safe.
    Again, I'd like to thank our witnesses for being here, and 
at this time I'd turn to the Vice Chairman for any comments he 
might make.
    The Vice Chairman doesn't have any.
    I will assume, Mr. Haas, that by some process you have been 
elected to go first, unless there is an agreement--which--where 
are we going to start?
    Mr. Haas. Actually, I think we were going to defer to 
Secretary Lawson to start, if that's okay with the Chair.
    Chairman Burr. Madam Secretary, you are recognized.

                        STATE OF INDIANA

    Ms. Lawson. Well, good morning, Chairman Burr and Vice 
Chairman Warner and distinguished members of the Committee. I 
want to thank you for the chance to appear before you today. 
It's an honor to represent the Nation's secretaries of state, 
40 of whom serve as chief State election officials.
    I am Connie Lawson, Indiana Secretary of State, and I'm 
also President-Elect of the bipartisan National Association of 
Secretaries of State. I'm here to discuss our capacity to 
secure State and locally-run elections from very significant 
and persistent nation state cyber threats.
    With statewide elections in New Jersey and Virginia this 
year and many more contests to follow in 2018, I want to assure 
you and all Americans that election officials across the United 
States are taking cybersecurity very seriously. First and 
foremost, this hearing offers a chance to separate facts from 
fiction regarding the 2016 presidential election. As noted many 
times, we have seen no evidence that vote casting or counting 
was subject to manipulation in any State or locality, nor do we 
have any reason to question the results.
    Just a quick summary of what we know about documented 
foreign targeting of State and local election systems. In the 
2016 election cycle, as confirmed by the Department of Homeland 
Security, no major cybersecurity issues were reported on 
Election Day, November 8. Last summer, our intelligence 
agencies found that up to 20 State networks had been probed by 
entities essentially rattling the door knobs to check for 
unlocked doors. Foreign-based hackers were able to gain access 
to voter registration systems in Arizona and Illinois, 
prompting the FBI to warn State election offices to increase 
their election security measures for the November election.
    In more recent days, we've learned from a TOP SECRET NSA 
report that the identity of a company providing voter 
registration support services in several states was 
    Of course, it's gravely concerning that election officials 
have only recently learned about the threats outlined in the 
leaked NSA report, especially given the fact that the former 
DHS Secretary Jeh Johnson repeatedly told my colleagues and I 
that no specific or credible threats existed in the fall of 
2016. It is unclear why our intelligence agencies would 
withhold timely and specific threat information from election 
    I have every confidence that other panelists will address 
voting equipment risk and conceptual attack scenarios for you 
today. But I want to emphasize some systemic safeguards that we 
have against cyber attackers. Our system is complex and 
decentralized, with a great deal of agility and low levels of 
connectivity. Even within states, much diversity can exist from 
one locality to the next. This autonomy serves as a check on 
the capabilities of nefarious actors.
    I also want to mention the recent designation of election 
systems as critical infrastructure. Real issues exist with the 
designation, including a lack of clear parameters around the 
order, which currently provides DHS and other Federal agencies 
with a large amount of unchecked executive authority over our 
election's process. At no time between August of 2016 and 
January of 2017 did NASS and its members ever have a thorough 
discussion with DHS on what the designation means.
    Threat-sharing had been touted as a key justification for 
the designation. Yet, nearly six months later, no secretary of 
state is currently authorized to receive classified threat 
information from our intelligence agencies.
    From information gaps to knowledge gaps that aren't being 
addressed, this process threatens to erode public confidence in 
the election process as much as any foreign cyber threat. It's 
also shredding the rights that states hold to determine their 
own election procedures subject to the acts of Congress. If the 
designation ultimately reduces diversity and autonomy in our 
voting process, the potential for adverse effects from 
perceived or real cyber effects--attacks excuse me--will likely 
be much greater and not the other way around.
    Looking ahead, the National Association--the NASS Election 
Security Task Force was created to ensure that State election 
officials are working together to combat threats and foster 
effective partnerships with the Federal Government and other 
public-private stakeholders. In guarding against cyber threats, 
the trend line is positive, but more can be done. Most notably, 
many states and localities are working to replace or upgrade 
their voting equipment.
    If I have one major request for you today, other than 
rescinding the critical infrastructure designation for 
elections, it is to help election officials get access to 
classified information-sharing. We need this information to 
defend State elections from foreign interference and respond to 
    Thank you, and I look forward to answering your questions.
    [The prepared statement of Ms. Lawson follows:]
    Chairman Burr. Thank you, Secretary Lawson.
    Who would like to--Mr. Haas.


    Mr. Haas. Thank you. Good morning.
    Chairman Burr, Vice Chairman Warner and Committee members: 
On behalf of the National Association of State Election 
Directors, thank you for this opportunity to share what states 
learned from the 2016 elections and some steps that we are 
taking to further secure our election systems.
    I serve as Wisconsin's chief election official, and I'm a 
member of NASED's executive board. We do not have a State 
elected official who oversees elections in Wisconsin. Many of 
our State election directors across the country are housed in 
the secretary of state's offices, but some are not.
    The 2016 presidential election reinforced several basic 
lessons, although sometimes in a new context. For instance, all 
of us understand the importance of constant and effective 
communication to ensure that all actors have the tools they 
need. The new twist in 2016, of course, involved communicating 
about the security of election systems with the Department of 
Homeland Security as well as the State staff who provide cyber 
security protection to our voter registration databases.
    As we have heard this morning, some states have expressed 
concerns about the timeliness and the details of communications 
from Homeland Security regarding potential threats, security 
threats to State election systems. The recent reports about 
attempted attacks on State voter registration systems, which 
occurred last fall, caught many states by surprise.
    We look forward to working with DHS and other Federal 
officials to develop protocols and expectations for 
communicating similar information going forward. For example, 
State election officials believe it is important that we be in 
the loop regarding contacts that DHS has with local election 
officials regarding security threats such as the spear phishing 
attempts that were recently publicized. States should be aware 
of this information to protect their systems and so that we can 
provide additional training and guidance to local election 
    I appreciate the concern that was expressed this morning 
that this is a two-way street. And we at the State level need 
to also think carefully about how to most effectively 
communicate with our local election officials if and when there 
is an incident that we are aware of at the State level.
    As part of the DHS designation of election systems as 
critical infrastructure, bodies such as coordinating councils 
can help to facilitate decisions regarding the proper balance 
between notifying State and local officials and protecting 
confidential or sensitive information.
    NASED believes that those coordinating bodies should 
consist of a broad representation of stakeholders, and we have 
expressed our strong interest to DHS in participating on those 
    I would also note that the executive board of NASED 
supports the request of the U.S. Elections Assistance 
Commission that it serves as the co-sector specific--specific 
agency as the logical Federal agency to partner with DHS to 
provide subject matter expertise and assistance in 
communicating with local election officials, as the EAC has 
that communications structure already in place.
    The 2016 elections also reinforced the need for constantly 
enhancing the security of voter registration databases, as we 
have heard this morning. While hacking into a voter 
registration system has no effect on tabulating election 
results, intrusions could result in unauthorized parties 
gaining access to data regarding voters, candidates, ballot 
contests, and polling places.
    I would note that, while much of that information is public 
upon request, there may be some confidential data held in those 
databases, such as the voter's date of birth, the driver 
license number, the last four digits of the social security 
number. Different states have different laws about what pieces 
of that data are confidential.
    The 2016 elections demonstrated that State and local 
election officials can implement steps to improve the security 
of voter data, and that many of these steps are not 
complicated. In addition to the cyber hygiene scans and risk 
assessments, states are implementing greater use of multi-
factor authentication for users of our systems, updating 
firewalls, the use of white lists to block unauthorized users, 
and completely blocking access from any foreign IP address.
    The final lesson of 2016 I would like to address relates to 
voting equipment. To be clear, as it has been said many times 
this morning, there is no evidence that voting machines or 
election results have been altered in U.S. elections. I 
appreciate the Committee's emphasis on that. I think that for 
the public that cannot be stated enough and strongly enough.
    Still, we as election administrators must exercise 
vigilance to assure that such theoretical attacks do not become 
reality, and we must also continue to educate the public about 
safeguards in the system. Those safeguards include the 
decentralized structure of elections that we've heard about 
this morning and the diversity of voting equipment. Also, in 
most cases voting equipment is not connected to the Internet 
and therefore cannot be attacked through cyber space. Also it 
is important to keep in mind that three out of four ballots 
cast in American elections are on paper ballots. Most ballots 
cast on touchscreen equipment also have a paper trail that 
voters can immediately verify their votes and that election 
officials can use for audits and recounts.
    There are also several redundancies in the testing and 
certification of voting equipment. It's important to realize 
that voting equipment is not only used on Election Day. Its 
functionality is tested several times during the process.
    In short, the 2016 elections taught us that the potential 
for disrupting election processes and technology by foreign or 
domestic actors is a serious and increasing concern. However, 
we as State election directors believe that continued 
cooperation and more effective communication, along with 
continued vigilance and innovation, will ensure the integrity 
of our voting processes and election results.
    Again, we look forward to working with our Federal partners 
as we plan for elections going forward. Thank you for the 
opportunity to share these thoughts and I'd be happy to answer 
any questions.
    [The prepared statement of Mr. Haas follows:]
    Chairman Burr. Thank you, Mr. Haas.
    Mr. Sandvoss.

                    STATE BOARD OF ELECTIONS

    Mr. Sandvoss. Good morning. Thank you, Chairman Burr, Vice 
Chairman Warner, and distinguished members of the Committee.
    As Director of the State Board of Elections, I'd just like 
to briefly describe what our agency does. We are an independent 
bipartisan agency created by the 1970 Illinois Constitution, 
charged with general supervision over the election and 
registration laws in the State of Illinois.
    As all of you seem to be aware, almost a year ago today, on 
June 23rd, the Illinois State Board of Elections was the victim 
of a malicious cyber attack of unknown origin against the 
Illinois voter registration system database. Because of the 
initial low-volume nature of the attack, the State Board of 
Elections staff did not become aware of it at first.
    Almost three weeks later, on July 12th, State Board of 
Elections IT staff was made aware of performance issues with 
the IVRS database server. The processor's usage had spiked to 
100 percent with no explanation. Analysis of the server logs 
revealed that the heavy load was a result of rapidly repeated 
database queries on the application status page of our 
paperless online voter application website.
    Additionally, the server log showed the database queries 
were malicious in nature. It was a form of cyber attack known 
as SQL, which is ``structured query language injection.'' SQL 
injections are essentially unauthorized malicious database 
queries entered into a data field in a web-based application. 
We later determined that these SQLs originated from several 
foreign-based IP addresses.
    SBE programmers immediately introduced code changes to 
eliminate this particular vulnerability in our website. The 
following day, on July 13th, the SBE IT made the decision to 
take the website and IVRS database offline to investigate the 
severity of the attack. SBE staff maintained the ability to log 
and view all site access attempts.
    Malicious traffic from the IP addresses continued, though 
it was blocked at the firewall level. Firewall monitoring 
indicated that the attackers were hitting SBE IP addresses five 
times per second, 24 hours a day. These attacks continued until 
August 12th, when they abruptly ceased.
    SBE staff began working to determine the extent of the 
breech, analyzing the integrity of the IVRS database and 
introducing security enhancements to the IVRS web servers and 
    A week later, on July 19th, we notified the Illinois 
General Assembly of the security breech in accordance with the 
Personal Information Protection Act. In addition, we notified 
the Attorney General's office. On July 21st, the State Board of 
Elections' IT staff completed security enhancements and began 
to bring the IVRS system back on line. A week after that, on 
July 28th, both the Illinois registration system and the 
paperless online voting application became totally functional 
once again.
    Since the attack occurred, the State Board of Elections has 
maintained the following ongoing activities. The DHS scans the 
State Board of Elections systems for vulnerabilities on a 
weekly basis. The Illinois Department of Innovation and 
Technology, which is a statewide entity that coordinates the IT 
systems of many of the Illinois State agencies, continuously 
monitors activity on the Illinois Century Network, which is the 
general network that provides firewall protection for the State 
computer systems.
    This Department of Innovation and Technology, also called 
DOIT, provided cyber security awareness training for all State 
of Illinois employees, ours included. Now the State Board of 
Election's IT staff continues to monitor web server and 
firewall logs on a daily basis. And in addition, virus 
protection software is downloaded also on a daily basis.
    As a result of informing the Illinois Attorney General's 
office of the breach, the State Board of Elections was 
contacted by the Federal Bureau of Investigation, and we have 
fully cooperated with the FBI in their ongoing investigation. 
The FBI advised that we work with the Department of Homeland 
Security's United States Computer Emergency Readiness Team to 
ensure that there is no ongoing malicious activity on any of 
the SBE systems. They also confirmed--that is, the Department 
of Homeland Security also confirmed--that there's no ongoing 
malicious activity occurring in SBE computer systems.
    To comply with the Personal Information Protection Act, 
nearly 76,000 registered voters were contacted as potential 
victims of the data breach. The SBE provided information to 
these individuals on steps to take if they felt that they were 
the victims of identity theft. Additionally, the SBE developed 
an online tool to inform affected individuals of the specific 
information that was included in their voter record that may 
have been compromised.
    As far as looking for future concerns, one of the concerns 
facing our State and many others we believe is aging voting 
equipment. The Help America Vote Act established requirements 
for voting equipment, but while initial funding was made 
available to replace the old punch-card equipment, additional 
funding has not been further appropriated.
    If additional funding is not available, we would like to 
receive authorization to use the State's existing HAVA funds to 
allow spending on enhanced security across all election-related 
systems. The IVRS database is a Federal mandate through the 
Help America Vote Act.
    Cyber attacks targeting end users are also of particular 
concern. Security training funded and provided by a Federal 
entity such as the EAC or DHS would also be beneficial in our 
view. In addition, any guidance or recommendations as to 
methods for the protection of registration and voting systems 
from cyber intrusions are always welcome.
    Thank you for the time, and I'm happy to answer any 
    [The prepared statement of Mr. Sandvoss follows:]
    Chairman Burr. Thank you, Mr. Sandvoss.
    Dr. Halderman.


    Dr. Halderman. Chairman Burr, Vice Chairman Warner, and 
members of the Committee: Thank you for inviting me to speak 
with you today about the security of U.S. elections.
    I'm a Professor of Computer Science and have spent the last 
10 years studying the electronic voting systems that our Nation 
relies on. My conclusion from that work is that our highly 
computerized election infrastructure is vulnerable to sabotage 
and even to cyber attacks that could change votes. These 
realities risk making our election results more difficult for 
the American people to trust.
    I know America's voting machines are vulnerable because my 
colleagues and I have hacked them repeatedly as part of a 
decade of research studying the technology that operates 
elections and learning how to make it stronger. We've created 
attacks that can spread from machine to machine, like a 
computer virus, and silently change election outcomes. We've 
studied touchscreen and optical scan systems, and in every 
single case we found ways for attackers to sabotage machines 
and to steal votes. These capabilities are certainly within 
reach for America's enemies.
    As you know, states choose their own voting technology and, 
while some states are doing well with security, others are 
alarmingly vulnerable. This puts the entire Nation at risk. In 
close elections, an attacker can probe the most important swing 
states or swing counties, find areas with the weakest 
protection, and strike there. In a close election year, 
changing a few votes in key localities could be enough to tip 
national results.
    The key lesson from 2016 is that these threats are real. 
We've heard that Russian efforts to target voter registration 
systems struck 21 states, and we've seen reports detailing 
efforts to spread an attack from an election technology vendor 
to local election offices. Attacking vendors and municipalities 
could have put Russia in a position to sabotage equipment on 
Election Day, causing machines or poll books to fail, and 
causing long lines or disruption. They could have engineered 
this chaos to have a partisan effect by striking places that 
lean heavily towards one candidate.
    Some say the fact that voting machines aren't directly 
connected to the Internet makes them secure, but unfortunately, 
this is not true. Voting machines are not as distant from the 
Internet as they may seem. Before every election, they need to 
be programmed with races and candidates. That programming is 
created on a desktop computer, then transferred to voting 
machines. If Russia infiltrated these election management 
computers, it could have spread a vote-stealing attack to vast 
numbers of machines.
    I don't know how far Russia got or whether they managed to 
interfere with equipment on Election Day, but there's no doubt 
that Russia has the technical ability to commit widespread 
attacks against our voting system, as do other hostile nations. 
I agree with James Comey when he warned here two weeks ago: We 
know they're coming after America, and they'll be back. We must 
start preparing now.
    Fortunately, there's a broad consensus among cybersecurity 
experts about measures that would make America's election 
infrastructure much harder to attack. I've co-signed a letter 
that I've entered into the record from over 100 leading 
computer scientists, security experts, and election officials 
that recommends three essential steps.
    First, we need to upgrade obsolete and vulnerable voting 
machines, such as paperless touchscreens, and replace them with 
optical scanners that count paper ballots. This is a technology 
that 36 states already use. Paper provides a physical record of 
the vote that simply can't be hacked.
    President Trump made this point well on Fox News the 
morning after--the morning of the election. He said, ``There's 
something really nice about the old paper ballot system. You 
don't worry about hacking.''
    Second, we need to use the paper to make sure that the 
computer results are right. This is a common-sense quality 
control and it should be routine. Using what's known as a risk-
limiting audit, officials can check a small, random sample of 
the ballots to quickly and affordably provide high assurance 
that the election outcome was correct. Only two states, 
Colorado and New Mexico, currently conduct audits that are 
robust enough to reliably detect cyber attacks.
    Lastly, we need to harden our systems against sabotage and 
raise the bar for attacks of all sorts by conducting 
comprehensive threat assessments and applying cybersecurity 
best practices to the design of voting equipment and the 
management of elections.
    These are affordable fixes. Replacing insecure paperless 
voting machines nationwide would cost $130 million to $400 
million. Running risk-limiting audits nationally for Federal 
elections would cost less than $20 million a year. These 
amounts are vanishingly small compared to the national security 
improvement they buy.
    State and local election officials have an extremely 
difficult job, even without having to worry about cyber attacks 
by hostile governments. But the Federal Government can make 
prudent investments to help them secure elections and uphold 
voters' confidence. We all want election results that we can 
    If Congress works closely with the states, we can upgrade 
our election infrastructure in time for 2018 and 2020. But if 
we fail to act, I think it's only a matter of time until a 
major election is disrupted or stolen in a cyber attack.
    Thank you for the opportunity to testify today and for your 
leadership on this critical matter. I look forward to answering 
any questions.
    [The prepared statement of Dr. Halderman follows:]
    Chairman Burr. Dr. Halderman, thank you.
    The Chair would recognize himself for five minutes. Members 
will be recognized by seniority.
    Secretary Lawson, in how many states is the secretary of 
state in charge of the elections process, do you know?
    Ms. Lawson. Yes, sir. It's 40.
    I'm sorry. Yes, sir. It's 40.
    Chairman Burr. Okay. Would you be specific: What do the 
secretary of states do--what is it they do not like about 
elections being designated critical infrastructure?
    Ms. Lawson. The most important issue, sir, is that there 
have been no clear parameters set and, even after the three 
calls that we had with Secretary Jeh Johnson before the 
designation was made, we consistently asked for what would be 
different if the designation was made and how we would 
communicate. Would it be any different----
    Chairman Burr. So nothing has negatively happened except 
that you don't have the guidance to know what to do?
    Ms. Lawson. Nothing has negatively happened to this date, 
but also nothing positive has happened.
    Chairman Burr. Got it. Got it.
    Mr. Sandvoss, Illinois is one of the few states that have 
publicly been identified. I guess that's in part because you 
took the initiative to do it. You gave a good chronology: 23 
June, first sign; 12 July, State IT staff took action; 12 
August, the attacks stopped.
    At what point was the State of Illinois contacted by any 
Federal entity about their system having been attacked or was 
it the State of Illinois that contacted the Federal Government?
    Mr. Sandvoss. We were contacted by the FBI--I don't have 
the exact date, but it was after we had referred the matter to 
the Attorney General's office. My guess would be probably a 
week after.
    Chairman Burr. A week after----
    Mr. Sandvoss. After the AG was notified by us of this 
    Chairman Burr. And the AG was notified approximately when?
    Mr. Sandvoss. On July 19th.
    Chairman Burr. July 19th. Okay.
    At what point did the State of Illinois know that it was 
the Russians?
    Mr. Sandvoss. Actually, to this day we don't know with 
certainty that it was the Russians. We've never been told by 
any official entity. The only one that we're aware of that was 
investigating was the FBI and they have not told us 
definitively that it was the Russians. Our IT staff was able to 
identify, I think it was, seven IP addresses from a foreign 
location, I believe it was The Netherlands. But that doesn't 
mean that the attack originated in the Netherlands. We have no 
idea where it originated from.
    Chairman Burr. Did your IT staff have some initial 
assessments on their own?
    Mr. Sandvoss. No, because I think any--anything of that 
nature would have been speculative and we didn't want to do 
that. I think we wanted to leave that to the professional 
    Chairman Burr. You gave an update on what you're currently 
doing to enhance the security: DHS weekly security checks. Has 
the Federal--in your estimation, has the Federal Government 
responded appropriately to date?
    Mr. Sandvoss. I believe they have, yes. I've heard nothing 
from our IT division and they'd be the persons that would know. 
I've heard nothing from them that the DHS's work in that matter 
has been less than satisfactory.
    Chairman Burr. Let me ask all of you, except for you, Mr. 
Sandvoss: Do you believe the extent of cyber threats to 
election systems should be made public before the next election 
cycle? Should we identify those states that were targeted, Mr. 
    Mr. Haas. I think as election directors we're certainly 
sensitive to the balance that Homeland Security and others need 
to make. I think so far, as far as we've gone, we want to know 
as the victims or potential victims. And then I think as part 
of the coordinating council and designation of critical 
infrastructure, there has to be a conversation amongst the 
    Chairman Burr. Is there a right of the public in your State 
to know?
    Mr. Haas. Yes, I believe there is. If there was a hack into 
our system, I think that we would certainly want to consult our 
statutes and so forth, but we would--we believe in 
transparency. We would want to let the public know.
    Chairman Burr. Dr. Halderman.
    Dr. Halderman. I think the public needs details about these 
attacks and about the vulnerabilities of the system, in order 
to make informed decisions about how we can make the system 
better and to provide the resources that election officials 
need. So, yes.
    Chairman Burr. Okay.
    Secretary Lawson.
    Ms. Lawson. I lay awake at night worrying about public 
confidence in our election systems, and so I think we need to 
be very careful and we need to balance the information, because 
the worst thing that we can do is make people think that their 
vote doesn't count or it could be canceled out.
    And so if telling the public that, you know, that these 
attacks are out there and our systems are vulnerable and it 
doesn't undermine confidence, it makes them know that we are 
doing everything we possibly can to stop those attacks, I'd be 
in favor of it.
    Chairman Burr. I take for granted none of you at the table 
have evidence that vote tallies were altered in the 2016 
    Dr. Halderman. Correct.
    Chairman Burr. Dr. Halderman, before I recognize the Vice 
Chairman real quickly: When you and your colleagues hacked 
election systems, did you get caught?
    Dr. Halderman. We hacked election systems as part of 
academic research, where we had machines in our facilities----
    Chairman Burr. I get that. Did you get caught? Did they see 
your intrusion into their systems?
    Dr. Halderman. The one instance when I was invited to hack 
a real voting system while people were watching, was in 
Washington, D.C., in 2010, and in that instance it took less 
than 48 hours for us to change all the votes and we were not 
    Chairman Burr. Vice Chairman.
    Vice Chairman Warner. I'd like to thank all the witnesses 
for their testimony. I find a little stunning, Mr. Sandvoss, 
your answer. I don't know--I think if you saw the preceding 
panel, you had the DHS and the FBI unambiguously say that it 
was the Russians who hacked into these 21 systems, and I find 
it a little strange that they've not relayed that information 
to you.
    What we discovered in the earlier testimony is that we 
finally got public disclosure that 21 states were attacked, and 
under questioning from Senator Harris we found that, even 
though we know those 21 states were attempted to be hacked 
into, or doors rattled or whatever analogy you want to use, in 
many cases the State election officials, whether the State 
directors or the secretaries of state, may not even have been 
    I find that stunning. And clearly lots of local elected 
officials, local election officials, where the activities 
really take place, haven't been notified. So I've got a series 
of questions and I'd ask for fairly brief responses.
    Dr. Halderman, can you just again restate--as Senator King 
mentioned in the earlier testimony, you don't need to disrupt a 
whole system. You could disrupt a single jurisdiction in a 
State, and if you could in effect wipe that ledger clean, you 
could invalidate potentially not just that local election, but 
then the results at the State, the Congressional level, the 
states, and ultimately the Nation, is that not correct?
    Dr. Halderman. Yes, that's correct.
    Vice Chairman Warner. So we are not--while it's important 
and I believe in our decentralized system, we are only as 
strong as our weakest link. Is that not correct?
    Dr. Halderman. That's correct.
    Vice Chairman Warner. Mr. Haas and Secretary Lawson, do you 
believe that all 21 states that were attacked, that the State 
election officials are aware?
    Ms. Lawson. I can't answer that question, sir. I'm not 
certain. I will tell you that Indiana has not been notified. I 
don't know if we're even on the list.
    Mr. Haas. I don't know for sure, except that DHS did 
indicate in a teleconference that all the states that were 
attacked have been notified.
    Vice Chairman Warner. We were told earlier that that's not 
the case. We were told that they may have been--the vendors may 
have been notified. So do you know whether Wisconsin was 
    Mr. Haas. We have not been told that we were--that there 
was an attack on Wisconsin.
    Vice Chairman Warner. Are you comfortable, either one of 
you, with not having that knowledge?
    Ms. Lawson. We are hypersensitive about our security and I 
would say that when the FBI sent the notice in September for 
states to look for certain IP addresses to see if their systems 
had been penetrated or attempted to be penetrated, we 
absolutely searched. In fact, we looked at 15,500,000 log-ins 
that had happened in our system since the 1st of January that 
year. So we believe that our system has not been hacked.
    Mr. Haas. I would also state that both our office and the 
chief information officer of the State and his office would 
likely be able to detect if the system was hacked.
    Vice Chairman Warner. Well just, we've got the two leading 
State election officials not knowing whether their states were 
one of the 21 that at least the Russians probed--let me finish, 
please. And you know, I see--I understand the balance. But the 
notion that State election officials wouldn't know, that local 
election officials clearly haven't been notified--I appreciate 
the Chairman's offer. The Chairman and I are going to write a 
letter to all the states: If you view yourself as victims, I 
think there is a public obligation to disclose. Again, not to 
re-litigate 2016, but to make sure that we're prepared for 
2017, where I have State elections in my State this year, and 
2018. And to do otherwise--because there are some, there are 
some still in the political process, that believe this whole 
Russian incursion into our elections is a witch hunt and fake 
    So I could very easily see some local elected officials 
saying: ``This is not a problem, this is not a bother; I don't 
need to tighten up my security procedures at all.'' And that 
would do a huge, huge disservice to the very trust, Secretary 
Lawson, that you say you want to try to present and provide for 
our voters.
    So I hope when you receive the letter from our--and we'll 
write this on a confidential basis, but that you would urge 
your colleagues to come forward, again not to embarrass any 
State. But I find it totally unacceptable, one, that the public 
doesn't know, that local elected officials--local election 
officials don't know, that you as two, as the leaders of the 
State election officials, don't even know whether your states 
were part of the 21 that has been testified by the DHS that at 
least they were, if not looked at, door jiggled, or actually, 
as the case in Illinois, where actual information from the 
voter registration efforts were exfiltrated.
    So my hope is that you will work with us on a cooperative 
basis and we want to make sure that the DHS and others are 
better at sharing information and you get those classified 
briefings that you deserve.
    Chairman Burr. Senator Risch.
    Senator Risch. Thank you very much.
    Mr. Sandvoss, July 12th was the date that you first 
discovered that you had issues, is that right?
    Mr. Sandvoss. Yes, that's correct.
    Senator Risch. And that was a result of a high-volume 
spike. Is that correct?
    Mr. Sandvoss. Yes, that is correct.
    Senator Risch. Then when you looked at it, you found out 
that the intrusion attempts actually had started June 23rd, is 
that correct?
    Mr. Sandvoss. Yes.
    Senator Risch. So--and those were low-volume spikes, 
starting on June 23rd?
    Mr. Sandvoss. Yes.
    Senator Risch. All right. So if they had never cranked up 
the volume, is it fair to say you would have never discovered 
it or probably wouldn't have discovered it?
    Mr. Sandvoss. I would say it would probably not have been 
discovered, certainly not right away. And if it was--the volume 
was low enough, even an analysis of our server logs might not 
catch something like that, because it wouldn't stand out. So I 
think the answer to your question is yes.
    Senator Risch. Then you said 12--or seven days later, the 
19th, you notified the Attorney General. Is that right?
    Mr. Sandvoss. Yes, correct.
    Senator Risch. That was the Illinois Attorney General, not 
the U.S. Attorney General, is that correct?
    Mr. Sandvoss. Yes. State law requires that we notify the 
Attorney General in these instances.
    Senator Risch. So then the next thing that happened is you 
were contacted by the FBI. Is that correct?
    Mr. Sandvoss. Yes.
    Senator Risch. All right. So the question I've got--I'm 
just trying to get an understanding of the facts--are you 
assuming that the Illinois AG contacted the FBI, or do you know 
that or not know that, or----
    Mr. Sandvoss. I don't know that for sure, but I would 
suspect that they probably did, because how else would the FBI 
    Senator Risch. Right. Well, and that's kind of where I was 
getting, is that was not the result of some Federal analysis, 
that there wasn't a Federal analysis of this that turned up 
what had actually happened. Is that a fair statement?
    Mr. Sandvoss. I believe so, yes.
    Senator Risch. Okay. You then did some things to try to 
mitigate what had happened. Have you shared this with other 
states as to what you had done, in order to, I don't know, 
develop a best practices, if you would?
    Mr. Sandvoss. We didn't have any formal notification to all 
50 states, no. I think our focus at that time was trying to 
repair the damage and assess, you know, what needed to be done, 
especially with respect to the voters who had their information 
    I believe that once the FBI became aware of this, I know 
they contacted the different states. I don't believe our 
Attorney General's office did, although I don't know that for 
certain. But we did not have any formal communication with all 
50 states regarding this.
    Senator Risch. And do you believe that you have developed a 
best-practices action after this attack that you've described 
for us?
    Mr. Sandvoss. I believe so, yes.
    Senator Risch. Do you think it would be appropriate for you 
to get that out through the secretary of states organization or 
other organizations, so that other states could have that?
    Mr. Sandvoss. Certainly. Absolutely.
    Senator Risch. Okay.
    Mr. Halderman, Your hacking that you've described for us, 
would your ability--if you were sitting in Russia right now and 
wanted to do the same thing that you had done, would that 
ability be dependent upon the machines or whatever system is 
used being connected to the Internet?
    Dr. Halderman. That ability would depend on whether pieces 
of election IT equipment, IT offices that are where the 
election programming is prepared, are ever connected to 
Internet. The machines themselves don't have to be directly 
connected to the Internet for a remote attacker to target them.
    Senator Risch. So would you recommend that the voting 
system be disconnected from the Internet, that it be a 
standalone system that can't be accessed from the outside?
    Dr. Halderman. It's a best practice, certainly, to isolate 
vote tabulation equipment as much as possible from the 
Internet, including isolating the systems that are used to 
program it.
    But other pieces of election infrastructure that are 
critical, such as electronic poll books or online registration 
systems, do sometimes need to be connected to Internet--to 
systems that have Internet access.
    Senator Risch. But that wouldn't necessarily require that 
it be connected to the Internet for the actual voting process. 
Is that right?
    Dr. Halderman. That's right.
    Senator Risch. And then the extrication of that information 
off of the voting machine, would that be fair?
    Dr. Halderman. I think that's fair to say.
    Senator Risch. Thank you.
    Mr. Chairman, I think all of this really needs to be 
drilled down a little bit further, because it seems to me, with 
this experience, there's probably some pretty good information 
where you could put a firewall in place to stop it, or at least 
minimize it.
    Thank you.
    Chairman Burr. Senator Wyden.
    Senator Wyden. Thank you, Mr. Chairman. And thank all of 
    I want to start with you, Professor Halderman. What are the 
dangers of manipulation of voter registration databases, 
particularly if it isn't apparent until Election Day when 
people show up at the polls to vote?
    Dr. Halderman. I'm concerned that manipulating voter 
registration databases could be used to try to sabotage the 
election process on Election Day. If voters are removed from 
the registration database and then they show up on Election 
Day, that's going to cause problems. If voters are added to the 
voter registration database, that could be used to conduct 
further attacks.
    Senator Wyden. Let me ask--and this can be directed at any 
of you. I'm trying to get my arms around this role of 
contractors and subcontractors and vendors who are involved in 
elections. Any idea, even a ball park number, of how many of 
these people there are? 10, 70, 200?
    Dr. Halderman. Vendors that host the voter registration 
    Vice Chairman Warner. Yes.
    Dr. Halderman. I'm sorry, Senator, I don't have a number.
    Ms. Lawson. Sir, I don't have an exact number either, but I 
will tell you, in Indiana, for an example, we have six 
different voting system types. Counties make that decision on 
their own. But they are all certified by our voting system 
technical oversight program.
    Senator Wyden. That was my main question. So somebody is 
doing certification over these contractors and subcontractors 
and equipment vendors and the like? Does that include voting 
machines, by the way?
    Ms. Lawson. It does. Most states will have a mechanism to 
certify the voting machines that they're using, the electronic 
poll books they're using, the tabulation machines that they're 
using, making sure that they comply with Federal and State law, 
and making sure that they have the audit processes in place.
    Senator Wyden. So do you all have a high degree of 
confidence that these certification processes are not leaving 
this other world of subcontractors and the like vulnerable?
    Dr. Halderman. I have several concerns about the 
certification processes, including that some states do not 
require certification to Federal standards; that the Federal 
standards that we have are unfortunately long overdue for an 
update and have significant gaps when it comes to security; and 
that the certification process doesn't necessarily cover all of 
the actors that are involved in that process, including the 
day-to-day operations of companies that do pre-election 
    Senator Wyden. One last question. We Oregonians and a 
number of my colleagues are supportive of our efforts to take 
vote-by-mail national. And we've had it. I was in effect the 
country's first Senator elected by vote-by-mail in 1996. We've 
got a paper trail. We've got air gap computers. We've got 
plenty of time to correct voter registration problems if there 
are any.
    Aren't those the key elements of trying to get on top of 
this? Because it seems to me, particularly the paper trail--if 
you want to send a message to the people who are putting at 
risk the integrity of our electoral institutions, having a 
paper trail is just fundamental to being able to have the 
backup we need.
    I think you're nodding affirmatively, Professor Halderman, 
so I'm kind of inclined--or one of you two at the end were 
nodding affirmatively, and I'll quit while I'm ahead if that 
was the case. But would either of you like to take that on?
    Dr. Halderman. Vote-by-mail has significant cybersecurity 
benefits. It's very difficult to hack a vote-by-mail system 
from an office in Moscow. Whether vote-by-mail is appropriate 
for every State in every context is in our system of course a 
matter for the states, but I think it offers positive security 
    Senator Wyden. All right.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator Blunt.
    Senator Blunt. Dr. Halderman, on that last answer to that 
last question, how do you count vote-by-mail ballots?
    Dr. Halderman. Generally, they would be counted using 
optical scanners.
    Senator Blunt. Exactly. So you count them the same way you 
count ballots that aren't vote-by-mail in almost every 
    Dr. Halderman. If the optical scan ballots are subsequently 
audited, you can get high security from that process, but yes.
    Senator Blunt. Well that's a different--that's a different 
question. Your question there is do you prefer paper ballots 
and an audit trail, and I do too. But let's not assume that the 
vote-by-mail ballots are counted any differently. They're 
counted probably at a more central location, but that doesn't 
mean that all the manipulation you talked about that we need to 
protect against wouldn't happen in a vote-by-mail election. 
You've got a way to go back and you've got a paper trail to 
    Dr. Halderman. That's correct. There are three things you 
need: paper, auditing, and otherwise good security practices.
    Senator Blunt. While I've got you there, on auditing, how 
would you audit a non-paper system? If it's a touchscreen 
system--you mentioned Colorado, and New Mexico already did a 
required sample audit, which I'm certainly not opposed to that 
if that's what states want to do, or it's the best thing to do. 
How would you do a non-paper audit?
    Dr. Halderman. Senator, I think it would be difficult or 
impossible to audit non-paper systems with the technology that 
we use in the United States to a high level of assurance.
    Senator Blunt. So even if you--if you don't have something 
to audit, it's pretty hard to audit a system that counted--that 
didn't leave a trail.
    Dr. Halderman. It's basically impossible.
    Senator Blunt. So, Mr. Sandvoss, in Illinois do you certify 
counting systems?
    Mr. Sandvoss. Yes, we do.
    Senator Blunt. And Secretary Lawson, do you certify 
counting systems?
    Ms. Lawson. Yes, sir.
    Senator Blunt. Mr. Haas, in your, your jurisdiction, 
somebody is certifying those systems that you use?
    Mr. Haas. We both rely on the EAC certification and then 
our commission does a testing protocol and then approves the 
equipment to be used in the State of Wisconsin.
    Senator Blunt. And back in Illinois, do you then monitor in 
any way that counting system while it's doing the actual 
    Mr. Sandvoss. No, the actual counting done on Election Day, 
Election Night rather, is done locally at the county clerk's 
offices or board of election commissioner offices. We certify 
the voting equipment. They have to apply for certification and 
approval, which we conduct a fairly rigorous test of the voting 
equipment. But then in actual practice, other than--we do 
conduct pre-election tests of the voting equipment on a random 
basis before each election, but there--it's a limited number of 
    Senator Blunt. And do you do that in a way that allows you 
from your central office to get into the local system? Or do 
you go to the local jurisdictions or just monitor how they 
count that--how they, how they check that counting system?
    Mr. Sandvoss. When we do our pre-election tests, we 
actually visit the jurisdiction.
    Senator Blunt. All right.
    Secretary Lawson, similar?
    Ms. Lawson. Similar. However, the State does not go into 
the counties, but the counties are required to do a public test 
and, as I mentioned, it's public. And so they're required to do 
testing on the machines, the tabulation. There's a bipartisan 
election board that's there----
    Senator Blunt. I guess the point I'd want to drive home 
there is that not opening that door to the counting system--if 
you don't have the door, nobody else can get through that door 
as well. But there's monitoring, there's local testing.
    I don't suggest at all that Dr. Halderman's comments aren't 
important or something we should guard against. I was an 
election official for 20 years, including the chief election 
official for 8 of those, and something--as we were 
transitioning to these systems, something I was always 
concerned about is what could possibly be done that could be 
done and undetected.
    One of the reasons I always liked the audit trail--that 
obviously, Dr. Halderman, you do, you do too, is that you do 
have something to go back, if you have a reason to go back, and 
really determine what happened on Election Day.
    Let's talk for just a moment about the much more open 
registration system. Secretary Lawson, you said you had 15,500 
logins. I believe that was--talk about logging--what are they 
logging into there? The statewide voter registration system 
that you maintain a copy of?
    Ms. Lawson. The 92 county clerks in Indiana are connected 
to the statewide voter registration system, and that 15,500,000 
logins reflected the work that they did that year.
    Senator Blunt. 15,500,000?
    Ms. Lawson. 15,500,000.
    Senator Blunt. So obviously that's a system that has lots 
of people coming in and out of that system all the time. Do 
local jurisdictions, like if the library does registration, do 
you have counties where they can also put those registrations 
directly into the system?
    Ms. Lawson. Other than the counties, no, sir. But we do 
have Indianavoters.com, where a voter can go on and register 
themselves. And it's a record that is compared to the DMV 
record, and then the counties will find that information in 
their hopper the next day. And then they will--or their 
computer system, and then the next day they will have the 
ability to determine whether or not the application is correct.
    Senator Blunt. Do all of your jurisdictions, the three 
jurisdictions here reflected, have some kind of provisional 
voting? If you get to the voting place on Election Day and your 
address is wrong, or your name is wrong, or it doesn't occur--
it doesn't appear at all, do you have a way somebody can cast a 
ballot before they leave?
    Ms. Lawson. Yes, sir.
    Senator Blunt. And in Illinois?
    Mr. Sandvoss. Yes, we do.
    Mr. Haas. We have provisional ballots, but they are very 
limited. We are not an NVRA State. And we also have Election 
Day registration, so people can register at the polls.
    Senator Blunt. So, the failure to have your name properly 
on the--I understand, Chairman, and I also noticed the time on 
others. But just, the registration system is much more open 
than the tallying system, that doesn't mean the tallying system 
doesn't need to be further protected. But the registration 
system, the idea that somebody gets into the registration 
system--there are plenty of ways to do that. Unfortunately, we 
think now other countries and governments may be doing that as 
    Chairman Burr. Senator King.
    Senator King. Thank you, Mr. Chairman.
    Dr. Halderman, you're pretty good at hacking voting 
machines, by your testimony. Do you think the Russians are as 
good as you?
    Dr. Halderman. The Russians have the resources of a nation 
state. I would say their capabilities would significantly 
exceed mine.
    Senator King. I expected that was going to be your answer, 
but I wasn't sure whether your modesty would--but I think 
that's an important point, because you testified here today 
that you were able to hack into a voting machine in 48 hours, 
change the results, and nobody knew you had done it. And if you 
could do it, I think the point is the Russians could do it if 
they chose.
    And we've been talking a lot about registrations lists. My 
understanding is that quite often a voter registration list at 
some point in the process is linked up with--the computer that 
has the voter registration list is linked up with configuring 
the voting machines, and perhaps even tallying votes. Is that 
true? Can any of you----
    Ms. Lawson. No, sir.
    Senator King. There's no connection between the 
registration list and the voting machines?
    Ms. Lawson. No.
    Senator King. Illinois? Is that----
    Mr. Sandvoss. Not in Illinois, no.
    Senator King. Okay.
    Mr. Haas. That's correct.
    Senator King. Then I was mistaken.
    Yes, Dr. Halderman?
    Dr. Halderman. I believe that depends on the specific 
equipment involved. There may be some designs of voting systems 
where the sign-in and the vote counting system are linked.
    Senator King. But of course, if, as you testified I think, 
if the voting registration list is tampered with in some way on 
Election Day, it would be chaos if names disappeared, people 
arrived at the polls and their names weren't on the list. Isn't 
that correct, Ms. Lawson?
    Ms. Lawson. If a person showed up at the polls to vote and 
their name wasn't on the list, if they were expecting they 
would be given a provisional ballot, I think the biggest danger 
is that the lines at the polls would increase significantly if 
there was a large number of folks who had to do that in each 
    Senator King. Right, that was what I was referring to.
    On August 1 of 2016, press reports have indicated that 
there was an FBI notification to all of their field offices 
about the danger of cyber intrusions into voting systems. 
Supposedly, those were passed on to State election systems. Did 
you three get something from the FBI around August 1st that 
gave IP addresses and some warnings about what should be done?
    Mr. Sandvoss. Yes, we did receive an FBI flash. It was in 
August, and you're saying the 1st. I believe that was it.
    Senator King. That was, yes, I understand that was the date 
of it. Ms. Lawson, did you receive that?
    Ms. Lawson. Yes, Indiana received a notice from the FBI.
    Mr. Haas. We did as well.
    Senator King. So there is some interconnection. I mean, one 
of the things that I'm sort of hearing, and I'm frankly 
appreciative and happy that you all did receive that notice, 
but there seems to be a lack of information-sharing that goes 
on that we really need to be sure that--for example, if you 
learn--if something happens in Illinois, some system whereby 
you can alert your colleagues across the country to look out 
for this. And if we learn things here in Washington, if the FBI 
learns things, that they can alert people around the country, 
because the best time to deal with this is before the election. 
After the election or on Election Day is much more difficult.
    Dr. Halderman.
    Dr. Halderman. Yes, I would support further information 
    Senator King. And then finally, we've talked about what we 
do about this. Paper trails has come up. Is that the principal 
defense? Is that--Dr. Halderman, what if--I asked the question 
to the prior panel. What would you tell my elections clerk in 
Brunswick, Maine, would be the three things most important that 
they should do, or my Secretary of State in Maine, to protect 
themselves against a threat we know is coming?
    Dr. Halderman. The most important things are to make sure 
we have votes recorded on paper, paper ballots, which just 
cannot be changed in a cyber attack, that we look at enough of 
that paper in a post-election, risk-limiting audit, to know 
that they haven't--the electronic records haven't been changed; 
and then, to make sure we are generally increasing the level of 
our cyber security practice. Information-sharing is an example 
of a good and recommended practice, as are firewalling systems 
and other things that have been suggested.
    Senator King. One final question. Is it possible--and there 
are some press reports about this--a cyber attack on the 
vendors of these machines, to somehow tamper with the machines 
before they go out to the states. Is that a risk?
    Dr. Halderman. I would be concerned about that. And in fact 
the small number of vendors is an example of how our system in 
practice is not quite as decentralized as it may appear, that 
attacks spreading via vendors or from vendors to their 
customers could be a way to reach voting equipment over a very 
large area.
    Senator King. And there have been press reports that that 
in fact, was attempted in 2016.
    Dr. Halderman. Yes, that's correct.
    Senator King. Thank you, Mr. Chairman. Mr. Chairman, I want 
to thank you for holding this hearing. This is such important 
information for the public and for our democracy. I appreciate 
your work here.
    Chairman Burr. Thank you, Senator.
    Senator Harris.
    Senator Harris. Thank you.
    So there's a saying that I'm sure many of you have heard, 
which is the you know the difference between being hacked and 
not being hacked, is knowing you've been hacked. And so I 
appreciate, Dr. Halderman, the recommendations that you and 
your colleagues have made, because it also seems to cover the 
various elements of what we need to do to protect ourselves as 
a country in terms of our elections, which is prevention, and 
then there's the issue of detection and also resilience. Once 
we--if we discover that we've been manipulated, let's have the 
ability to stand back up as quickly as possible.
    So I have a few questions in that regard. First of all, 
have each of you--you received for the states, received a 
notification from the FBI? Is that correct?
    Ms. Lawson. Yes, ma'am.
    Mr. Haas. Yes, yes.
    Mr. Sandvoss. Yes.
    Senator Harris. And were any of you also notified by DHS? 
Mr. Sandvoss?
    Mr. Sandvoss. We've had communications with DHS. I don't 
recall how they were initiated. But I do know that there have 
been some conference calls with them, and it may have been 
through the FBI that that occurred.
    Senator Harris. And I'm speaking of before the 2016 
    Mr. Sandvoss. Yes.
    Senator Harris. Yes.
    Mr. Sandvoss. Yes.
    Senator Harris. Secretary Lawson.
    Ms. Lawson. Yes, we had--we did have conversations with 
Department of Homeland Security. However, it was through our 
national association. It was not a direct contact with the 
    Senator Harris. Thank you.
    Mr. Haas. We were one of the states that took up DHS on 
their offers to do the cyber hygiene scan. We did have a number 
of communications with, I believe, a point person in their 
Chicago office. The FBI alert I think was about a specific 
incident, but our communications with DHS were more about 
general steps that could be taken to protect our systems.
    Senator Harris. So as a follow-up to this hearing, if each 
of you, to the extent that you can recall the nature of those 
conversations with DHS before the election, if you could share 
that with the Committee that would be helpful, so we can figure 
out how notifications might be more helpful to you in the 
future. Hopefully they're not necessary, but if necessary.
    Can you, Ms. Lawson, tell me--Secretary Lawson--what in 
your opinion are the pros and cons of requiring states to 
report to the Federal Government if there's been a breach or a 
hack? What can you imagine would be the pros and cons of a 
policy that would require that?
    Ms. Lawson. Well, the pro would be that if there--if, for 
an example, the FBI or the Department of Homeland Security has 
better ways to counter those attacks, or to make sure that the 
reconnaissance that's done after such an attack is more 
sophisticated than the states, then obviously that would be a 
    Indiana did not take the opportunity to have DHS do our 
cyber cleaning because we felt that we were in better shape 
than what they could provide for us, so that would be the con.
    Senator Harris. Okay.
    And can you, Professor Halderman, tell me--you know, before 
this last election cycle, there had been a lot of talk through 
the years in various states--Senator Blunt, I'm sure you were 
part of those discussions--about the efficacy of online voting, 
because it would bring convenience, speed, efficiency, 
accuracy. And now we can see that there will be great, 
potentially, vulnerabilities by doing that. So can you talk 
with me a little about, just in terms of policy, is the day of 
discussing the need for online voting, has that day passed 
because of the vulnerabilities that are associated with that?
    Dr. Halderman. I think that online voting, unfortunately, 
would be painting a bullseye on our election system. Today's 
technology just does not provide the level of security 
assurance for an online election that you would need in order 
for voters to have high confidence.
    And I say that having myself done--hacked an online voting 
system that was about to be used in real elections, having 
found vulnerabilities in online voting systems that are used in 
other countries. The technology just isn't ready for use.
    Senator Harris. And isn't that the irony, that the 
professor of computer engineering and I, who always believed 
that we need to do more to adopt technology, that government 
needs to adopt technology, I think we're advocating the good 
old days of paper voting are the way to go, or at least an 
emphasis on that, instead of using technology to vote.
    Can you tell me also--any of you, if you know--it's my 
understanding that some of the election system vendors have 
required states to sign agreements that prevent or inhibit 
independent security testing. Are you familiar with that?
    Dr. Halderman. That certainly had been something that 
inhibited attempts by researchers like me to study election 
systems in the past.
    Senator Harris. And do you believe that that's a practice 
that is continuing?
    Dr. Halderman. I do not--I don't know the answer to that 
    Senator Harris. Have any of you had that experience with 
any of your vendors?
    Mr. Sandvoss. In Illinois, no, we have not. And I don't 
think Illinois law would allow such an agreement.
    Ms. Lawson. I don't believe that would happen in Indiana 
either, Senator, because in order to sell voting equipment in 
the State of Indiana it has to be certified.
    Senator Harris. Right, which would require testing.
    Ms. Lawson. Yes, which requires testing.
    Senator Harris. Thank you.
    Thank you, Mr. Chairman. Thank you.
    Chairman Burr. Thank you, Senator Harris.
    Does any Senators seek additional questions or time?
    [No response.]
    Seeing none, let me wrap up. I want to thank all of you for 
your testimony today.
    Secretary Lawson, to you. I really encourage you, as the 
next representative of secretaries of states, to remain engaged 
with the Federal Government, specifically the Department of 
Homeland Security. And I think with any transition of an 
administration there is a handoff and a ramp-up. And I've been 
extremely impressed with our witness from DHS, who not only was 
here today, but she has taken the bull by the horns on this 
issue. And I think you'll see those guidelines very quickly, 
and I hope that there will be some interaction between 
secretaries of states, since in 40 states you control the 
voting process, and you can find a system of Federal guidance 
and collaboration that works comfortably with every secretary 
of state in your organization.
    I think it is absolutely critical that we have not only a 
collaboration, but a communication, between the Federal 
Government and the states as it relates to our voting systems. 
If not, I fear that there would be an attempt to in some way, 
shape, or form nationalize that. That is not the answer.
    And I'll continue to point, Mr. Sandvoss, to Illinois as a 
great example of a State that apparently focused on the IT 
infrastructure and staff, and didn't wait for the Federal 
Government to knock on the door and say, hey, you got a 
problem. You identified your problem, you began to remediate 
it. At some point, the Federal Government came in as a partner. 
And I think where we see our greatest strength is to work with 
states and to chase people like you, Dr. Halderman, who like to 
break into--no, I'm just kidding with you.
    Listen, I think what you did is important. And I think the 
questions that you raised about the fact that you really can 
target to make the impact of what you're trying to do very, 
very effective. And that's clearly what campaigns do every day. 
So we shouldn't be surprised if the Russians actually looked at 
that or anybody else who wants to intrude into our voting 
system and our democracy in this country.
    I've got to admit that the variation of voting methods, six 
in Indiana, where I don't know how many counties you've got--
I've got 100 counties in North Carolina. It may be that I find 
out that every county in North Carolina has the power to 
determine what voting machines, what voting software they have.
    This can get extremely complicated. Short of trying to 
standardize everything, which I don't think is the answer, is 
how do we create the mechanism for the Federal Government to 
collaborate directly with those heads of election systems in 
the states and understand up front what we bring to the table 
and how we bring it, so that we're all looking at the same 
thing--the integrity of every vote going to exactly who it was 
intended to do.
    So, yes, we're going to have debates on paper or 
electronic. We're going to have debates on what should the 
Federal role be. At the end of the day, if we haven't got 
cooperation and collaboration and communication, I will assure 
you we will be here with another Congress, with another makeup 
of the Committee, asking the same questions, because we won't 
have fixed it.
    But I think that what Dr. Halderman has said to us is, 
there are some ways that we can collectively approach this to 
where our certainty of intrusions in the future can go down and 
the accuracy of the vote totals can be certified.
    So I thank all the four of you for being here today in our 
second panel. This hearing is now adjourned.
    [Whereupon, at 12:36 p.m., the hearing was adjourned.]

                         Supplemental Material