stabilize their schools and most important i think for all of us is to educate our students. and the best way to do that is a stable school. >> be sure to join us july 21st and 22nd when we'll feature our visit to alaska. watch "alaska weekend" on c-span, c-span.org, and listen on the free c-span radio app. a senate committee recently held a hearing looking at election infrastructure security and preparedness leading up to this fall's midterm elections. state and local officials talk about steps they were taking to secure the election process, including testing their infrastructure, creating back-up paper ballots, and boosting cybersecurity.

>> the committee on rules and administration will come to order. glad our witnesses are here. glad you had the patience we needed today to get two votes done on the floor, particularly grateful that my fellow missourians are here. secretary of state jay ashcroft, and in the next panel is county clerk shane shoaler from my home county, and both of them happen to hold a job that i once held, so it's particularly good to see you here, and the rest of you on the panel, as we begin our review of federal elections. senator klobuchar and i are in agreement that the best starting point is to start with you. the best starting point is to start with state and local officials, who through the history of the country, have been responsible for election administration, and they are

responsible to the people that choose them to do that job to see that it's done well. clearly, elections are the keystone of democracy, and they are dependent on the efforts of county officials, of election directors, of secretaries of state, and many others. on election day they are dependent on lots of people who essentially figure out how to volunteer for their job at the polling place. during the 2016 election cycle, state and local election officials were tested like they haven't been before by cyberattacks, and we anticipate that these attempts will continue and attempts to interfere with the process will continue. we want to be sure that we're doing what we can to help you thwart these attempts. state and local governments need access to timely and actionable information and technical assistance when they need it. one of our goals today is to find out more about the information sharing that is occurring between federal, state, and local officials, and

to learn more about your concerns and your thoughts on that. january of 2017 the department of homeland security designated our country's election infrastructure to be critical infrastructure. this designation began the formalization of information sharing and collaboration among state, local, and federal governments through the creation of a government coordinating council. some of our witnesses today are already setting on that newly formed council. more recently in the 2008 omnibus, congress appropriated right at $380 million to the u.s. election assistance commission to help states enhance their election infrastructure. as of this week, 38 states have requested $250 million of that money, and about $150 million of it has already been dispersed to the states. finally, the attempts to influence the 2016 election have

spurred many calls for additional laws. i remain open to learning more about where those gaps are and how we approach those gaps in a way that continues to let local officials do their job, but be sure that there's maximum confidence in what happens on election day. glad all of you are here. certainly, it's a pleasure for senator klobuchar and i to get to work together on this and particularly for me to work with her. we have had a long history of working together, but just this year starting to be the top two individuals on this committee, and senator klobuchar, i'd recognize you for your opening statements. >> well, thank you very much, chairman blunt. this committee's jurisdiction is clear. we have jurisdiction over federal elections, and, obviously, there's been a lot of other committees looking into this issue as part of investigations, including judiciary, on which i serve. but in the end if we want to get

something done and make some changes, i think it's really important this committee weigh in and a lot of the bills will actually be going through this committee. so, according to the department of homeland security, you all know this, 21 states elections systems were attempted to be hacked into by a foreign country. that would be russia. and this was established not just by the intelligence heads under president obama, but also by the intelligence heads in sworn testimony under president trump. and i think it was former senator coates, now the director of intelligence for our country, that says he believes they are going to get bolder in the next election. so i don't think we need to get more direction than that to know that we must act. secretary of state pompeo said when he was cia director that he has, quote, every expectation, end quote, that russia will target the u.s. midterm

elections. so those are the facts from our intelligence forces, and rather than just admire this problem, we have to look at what we can do to make things better. and one of the things that we've done, and i appreciate the input from the secretary of state, including my own, steve simon, who is here, thank you. i will note that minnesota has the highest election turnout in the country, nearly every year, including last year. oh, excuse me. illinois. and so we are continuing that record, and a lot of that is the election laws that we have in place for same-day registration and other things that have made that possible. but our subject today is how to protect our elections. how to make them more secure. with the facts that we have, that we allow our state election officials to get information in real time about hacks across the country, because, you know, hack us once, shame on them, hack us

twice, shame on us if we don't do anything about it, because we know it happened, and we know it will happen again. and, in fact, in illinois they got as close as the voter data information. so, we have a bill, senator langford and i, along with senator harris and graham and warner and burr, hinrich and collins. it's a bipartisan bill called the secure elections act, and we have been working to make changes to it along the way and introduce it as amendments, but it really does things, first of all, improves information sharing between local election officials, cybersecurity experts, and national security personnel. second, providing for development and maintenance of cybersecurity best practices. we all know, i think there's five states that don't have back-up paper ballots and there's something like nine more that have partial back-up paper ballots, and while we're not mandating what each state does, and we do not want each state to

have the exact same election equipment, we think that would be a problem and would actually lend -- could potentially lend itself to more break-ins. we think it's really important that we have some floor and standards that we set, that given what we know, i don't think we'd be doing our democracy any good if we didn't share that and we didn't put in some floors. third, the bill will promote better auditing, better back-up systems, which i mentioned, and finally, it's focused on providing election officials with much-needed resources. as you all know, we were able to get $380 million to be immediately distributed to the state. not play money. money that's going out right now to states across the country based on populations. we didn't have some complicated grant process that would have slowed things down. the money went directly to state election officials, as long as the state legislature authorizes

it to get accepted and get to work to update their systems. so, that's what we've been focused on, and we want to thank you for your involvement, and i think we know what the facts are and what the evidence are, and i will end with this, a reminder of what's at stake. in 1923, years before sputnik and the internet, joseph stalin, then general secretary of the soviet communists was asked about a vote in the central committee of his party. stalin was unconcerned about the vote. after all, he explained, that who voted was completely unimportant. what was extraordinarily important, he said, was who would count the votes. so now 95 years later, those words echo in this room, as we realize that this country, or they would say not the people, but the leader of this country,

vladimir putin, was once again really trying to influence who counts the votes and how the votes are counted, by attempting to hack into our systems. we cannot have that happen. i don't care if we're democrat, republican, i don't care who you're for in the presidential race or who you're for in the senate races, this is really about the integrity of our democracy. thank you, senator blunt. >> thank you, senator klobuchar. again, i want to thank the witnesses for joining us today. unfortunately, weather and a flight cancellation made it impossible for secretary lawson's attendance today, but we are glad that she tried to come, and we're glad that you're here. let's turn to our panel. first secretary of state ashcroft from missouri will start and then secretary condos of vermont, secretary simon of minnesota, and finally masterson of the department of homeland security. we have your comments for the record, so you can use as much or as little of that as you want to, and we'll have it for the record no matter what. so secretary ashcroft, glad all

of you are here and eager for you to start. >> thank you, chairman blunt, ranking member klobuchar, and distinguished committee members for the opportunity to join you here today for this important discussion regarding the security of our elections. my name is john ashcroft and it's my distinct privilege and honor to serve as the 40th secretary of state for the great people of the state of missouri, and as was already noted, this was an office administered one time by the chairman of this committee. i decided to run for secretary of state because of my four children. my goal was to ensure their voices and those of future generations who would continue to be heard at the ballot box. one of the priorities of my campaign was to enact legislation that both increased the security of our votes and made sure that every registered voter could vote. simply put, in missouri, if you're registered, you can vote. and your vote will count. elections are the bedrock of our democratic republic, as they are how we the people consent to be governed. the integrity of these elections is of the utmost importance.

every day when i go to my office in jefferson city, and i know my fellow election officials across this country share that same concern and dedication. i welcome today's conversation to talk about election security preparations, but before we move forward, we should briefly look back to the impetus of why we are all here today. allegations that outside actors threatened the integrity of our elections during the 2016 election cycle. while these are serious allegations, it is vitally important to understand that after two years of investigation, there is no credible, and i could strike credible and just put evidence, there is no evidence, that these incidents caused a single vote or a single voter registration to be improperly altered during the 2016 election cycle. it was not our votes or our election systems that were hacked, it was the people's perception of our elections. secondly, every reported cyber

incident in 2016 involving state election systems was first detected by state election authorities, not the federal government. in each case, election authorities brought the incident to the attention of federal authorities, not the other way around. this is not to say that our elections are perfect, that there was no fraud, that there were no unlawful corruptions of votes or vote totals. the evidence indicates that voter fraud is an exponentially greater threat than hacking of our election equipment. in 2010, well before elections being altered rose to the forefront of the public conversation, there was a race for the missouri house in missouri that was decided by one vote. yes, one vote. election authorities conclusively determined in that election that there were two voters, who also happened to be family members of the victorious candidate, who voted illegally. despite the fact that the candidate's relatives admitted, admitted in a court of law, pled guilty to illegally voting, their nephew now serves in the

missouri legislature. consequently, moving forward any meaningful enhancement to election security must take a comprehensive approach to ensure that every legally registered voter is allowed to vote and that their vote is not diluted by any sort of voter fraud, mall feasance or ineptitude. a false sense of security. steps must be taken to improve communication between federal agencies in states regarding cyber threats and election security. states have and will continue to work with federal agencies regardless of any new legislation. since -- as one example, since 2012, the national association of secretaries of state has passed multiple times a resolution calling on the federal government to meet its statutory obligations to share

information with state election officials. while we wish to -- state election officials wish to continue to work in partnership with federal agencies, and one way in which we've done that as states have teamed up in september by having a national elections security summit in st. louis, missouri, and we've requested federal officials, including the secretary of dhs, to join us as state officials, vendors, technology experts, and local election officials get together to improve processes and make sure that people know that our elections are secure. as important as this information sharing is, there are numerous other ways to protect our elections beyond information sharing. proe proposed changes should allow state election officials to remain in control of elections. i have learned that winning an election does not make an expert any more than watching a fourth of july celebration makes you a rocket scientist. i'll close by noting a certain

irony. just over ten years ago, similar individuals were here in washington, d.c., explaining what happened in a federal election, and we were told that the answer was to go electronic. to put it all on computer. and now we're back again. with the utmost respect, i will continue to work and local officials will work with government officials at the federal level, but it takes us all working together and the expertise of individuals that have run elections before. thank you. >> thank you. senator condos. >> good morning, chairman blunt, ranking member klobuchar, and distinguished members of the committee. my name is jim condos, and i am vermont's 38th secretary of state. i'm also the president-elect of the nonpartisan national association of secretaries of state. in addition, i also serve as a member of the department of homeland security's election infrastructure sub sector government coordinating council eis-gcc.

i will become the new president and i have every intention of continuing the positive work of current president secretary connie lawson of indiana and those that served before her. fortunate to have and had leaders, outstanding leaders, and i'm proud to be part of this association. thank you for the chance to appear before you today with my colleagues and for allowing us to address some of the things happening at the national level. some work specific to vermont and also my goals for nas and the election infrastructure governing council, primary elections across this country are well under way with states administering elections in a secure, accurate, and fair manner. state and local election officials and federal government have worked very hard to create a productive relationship since the critical infrastructure designation for election systems in january of 2017. as you may know, nas and its members raise many questions and express serious concerns about

the potential federal overreach into the administration of the elections. clearly, a state and local government responsibility. while we remain vigilant about possible federal overreach, we will work together to ensure that the critical information designation functions in an effective way. thus, we have chosen to actively focus on improving communications between the states and the federal government and to achieve our shared goal of securing elections. in particular, we have utilized the election infrastructure sub sector governing council, which secretary lawson mentions also in her testimony, to open communications channels and guide future collaborative election security endeavors. as i transition to the nas president in less than a month, i will also take secretary lawson's place on the executive committee of the gcc. it is my objective to continue the vital work with this group on behalf of snas. in regards to specific state preparations for 2018 and beyond, i would like to thank you and your colleagues for

appropriating the remaining help america vote act funds to the states in the recent omnibus bill. we truly appreciate this money, and it will go a long way to helping states strengthen and improve their election systems. while our upgrades to equipment and cybersecurity will be an ongoing challenge for many states, the federal funding received will regrettably be insufficient to do all that we want or need. however, we are very grateful for the boost that these federal funds provide us at this time. in vermont we have already requested and received our $3 million grant of how the dollars from the u.s. election system. by the way, the eac has provided this in a very quick way. within three to five days of actually receiving our application, they are getting the money to us. so i want to thank the eac publicly for providing a simple and quick method of getting that money to us. in regards to specific plans and using these new funds, in part

our office in vermont plans to implement prior to the 2018 primary two-factor authentication for our clerks and staff to access our election management system. we have already conducted an additional round of penetration testing on our election management system by an independent vendor this spring and will do so at regular intervals going forward. we also will follow the 2018 general election and every general election going forward with a robust audit of our election results using state of the art auditing technology. this plan is in addition to what we are already currently doing, including mandatory election trainings to our vermont municipal clerks, holding the cyber summit, which we named "defending our democracy." we convened state and local partners to inform of our efforts, build confidence in the integrity, and those partners included the department of homeland security, ms-isac from

the center of internet security, state homeland security, department of public safety, and, of course, our town clerks. some of the acknowledged best practices that vermont is using include paper ballots, post election audits, no internet, daily backup of our voter registration systems, daily monitoring of traffic to our site, blacklisting of known problems, periodic penetration tests, securing the human, and we've actually installed a realtime albert monitor. i lend by just thanking this committee again for inviting me and my peers to testify and for giving me the opportunity to speak about this important matter on behalf of nas in vermont. i look forward to answering your questions. >> thank you, secretary condos. secretary simon? >> thank you, chairman blunt. thank you, ranking member klobuchar. really appreciate the opportunity to be with you today and thank you for your willingness to engage on this very important issue. in my judgment, election

security in general and cybersecurity in particular poses the number one threat to the integrity of our elections, both nationwide and in the state of minnesota. i've been on the job, this job now, for three and a half years, and i get asked once in a while whether it's at a family gathering or someone i bump into on the street, what is your biggest surprise in the job? you've been there for a while now, what is it? and my answer is always the same. my biggest surprise as secretary of state is the extent to which my time and energy and focus is spent on this cybersecurity issue or election security in general. it's something that came up to some people's minds quite suddenly in 2016. that was a big wake-up call, and that is now a central and essential part of the job. the good news is that in 2016, minnesota passed the test. we engaged a lot of different partner its, including our partners at the state and local level, including looking for outside eyes and ears to sort of test our systems, so we passed

the test. we kept out the folks who were trying to get in, and from our vantage point in our office, we don't care who it is. we don't care if it's russia, a foreign government, nongovernmental actor, guy next door. we don't care what their politics they are, this isn't about democrats or republicans. this is about us as americans. and so we passed that test, which is great, but we know and we found out after the election that minnesota was one of the 21 states that was targeted by elements acting at the behest of the russian government. that was the exact phrase the department of homeland security used in briefing us and letting us know about that threat, so we know we have to be vigilant, as we were in 2016, but now we have a lot more information. the good news here, the reason the glass is half full is minnesota, and i believe every other state, is in a far better position now going into this election than we were going into the last election, even though we passed the test in the last election. as senator klobuchar eluded to, minnesota is proudly old school. we have paper ballots, and that

is the bedrock of our system in minnesota, very hard to hack paper, obviously. although there are electronic components further on down the line, we feel that we have those well in hand in terms of state laws and some of the resources we need to attack those things. second, we think that we have benefited from the critical infrastructure designation from the department of homeland security in terms of expertise, in terms of value added, in terms of a good partnership after a rocky start with those folks at the department of homeland security, so that's good, as well. third, dhs has put together, as you've heard, this government coordinating council, which is a fancy term for people sharing information. although that's good, i think it could be even better than it is right now. finally, we have the attention of not only you and your colleagues in congress, but of the national and local media and of other elections administrators around the country, and that is very good. so in minnesota, and i never miss an opportunity to brag about my state, we are number

one in voter turnout in the country again, 74.7% of registered voters or eligible voters, i should say, voted in the last election. we're very proud of that. in some ways that means the stakes are particularly high and it hits particularly close to home for us in minnesota, so we appreciate the federal partnership that we've received so far, and i just want to say once again, i want to thank everyone, including senator klobuchar and others, who were part of getting that $380 million for us, for election administrators at the state. it is critical. it is crucial, and we plan to use every penny of that over the next five years to good effect. it will go a long way. however, i would respectfully request that those in congress consider some ongoing way to provide some resources for us along those same lines, and while we don't want to look a gift horse in the mouth, and we are very grateful, i know i am for that money, this is expensive. and the recommendations that we get from the department of homeland security, while very

helpful, they have a price tag, and that's not always accounted for in state budgets, so i ask you consider that, as well. then on the policy side, i'd be remiss if i didn't put in a word for the secure elections act. i was part of the group invited to advise on the scope of the legislation, and i do think there is a legitimate federal interest in making sure that we do have floors, not ceilings, not micro management, but some federal interest in assuring that the states are talking with one another and that we're not just 50 silos doing our own thing in our own way, although we ultimately retain the authority to do so and would never want that encroached upon by the federal government, there is interest to make sure there is some coordination, even if it's through the states through the gcc or other channels that decides what is best in terms of communication. so if for no other reason than that, i think that's very important. i thank you mr. chair and ranking member klobuchar for your continuing cooperation and we look forward to an even more

robust partnership in the future. >> thank you, secretary simon. mr. masterson. >> thank you, chairman blunt, ranking member klobuchar, and members of the committee. thank you for today's opportunity to testify regarding the department of homeland security's ongoing efforts to assist state and local election officials, those who own and operate election systems, with improving the resilience of elections across america. for over a decade i've worked to advance the use of technology to better serve american voters. for the last three years i served as a commissioner at the united states election assistance commission working to modernize standardins used to tt voting systems, support election officials, and since 2016 respond to threats against our nation's election systems. now i serve as senior adviser at dhs, focused on the work the department is doing to support the thousands of election officials across this country. in this decade of work, i could tell you the absolute best part is working with the dedicated professionals like those seated at the table with me that

administer elections. in the face of real and sophisticated threats, these officials have responded by working with us, state and local resources, the private sector and academia to mitigate risk. election security is a national security issue. our mission at dhs is to ensure the system owners have the necessary information and support to assess risks and protect, detect, and recover from those. this support can come in many forms, whether offering low-cost voluntary technical assistance, or sharing general or specific threat information, dhs stands ready to help and offer tailored support based on state and local needs. through these collective efforts we've already seen significant progress. state and local officials in those private sector partners who support them are at the table working with us. we've created the government coordinating council and private sector councils who collaboratively work to share information, share best practices, and develop strategies to reduce risk.

we have created the election infrastructure information sharing and analysis center with members from almost all states and hundreds of local jurisdictions. this is the fastest growing sector in critical infrastructure. we're sponsoring up to three election officials in each state for security clearances, which will allow officials to receive classified threat information if and when it's necessary. we've increased the ability of free technical assistance across the sector. dhs offers a variety of services such as cybersecurity assessments, intrusion detection capabilities, information sharing and awareness, and incident response. the progress being made is clear, as is evident by the testimony you've already heard today. across the country, secretaries of state, state election directors, and local election officials are taking the steps necessary to respond to this new and evolving threat environment. take, for example, the work of secretary lawson in indiana. in addition to being an engaged and valued partner with us at dhs, she's taken advantage of

our scanning and information sharing services, indiana has taken additional steps to improve their security, including increasing monitoring capabilities and tightening access and controls. in addition, they are working to better secure their counties through implementation of two-factor authentication. this story is true across the country. we've seen firsthand the progress being made at the local level, as well. recently under secretary chris crebs was in orange county, california, where he was briefed on a playbook that includes cyber hygiene practices, more advanced network monitoring and intrusion detection and implementation of more robust efficient post election audits to ensure the accuracy of election results. combine these best practices and security services greatly enhance the resiliences of orange county's election system by publicly communicating them, the county is working to give voters the information they need to have confidence their votes will be counted accurately. elections are run by states and localities.

across the 50 states and five territories, there are over 10,000 jurisdictions that are responsible for elections. the systems, processes, and procedures used vary greatly. the local administration of elections empowers voters to engage directly with the process and those who run it, which brings me to my final point. for those voters who have questions or concerns regarding the security or integrity of the process, i implore you to get involved. become a poll worker. watch pre-election testing of the systems or post election audits. check your registration information before elections. engage with your state and local election officials, and most importantly, go vote. the best response to those who wish to undermine faith in our democracy is to participate and to vote. moving forward, the department will continue to coordinate and support state and local officials to ensure the security of our election infrastructure. cyber actors can come from anywhere, internationally or within u.s. borders, and we are committed to ensuring a coordinated response from all levels of government to help

plan for and mitigate these risks. before i conclude, i want to take a moment to thank congress for the legislative progress thus far in strengthening dhs's cybersecurity and critical infrastructure authorities. specifically, we strongly support the final pass of legislation to create the cybersecurity agency at dhs. this change reflects the important work we carry out every day on behalf of the american people. i look forward to enhancing the security of elections and i thank you and look forward to your questions. >> thank you, mr. masterson. so, we will have a five-minute round. if everybody could stay pretty close to that, and if people have other questions, we'll have another five-minute round. we do have a second panel, but we want to take full advantage of this panel. let me just ask first the three secretaries of state. this is yes or no. should the federal government be required to share information with jurisdictions that are being impacted by known threats?

>> yes. >> yes. >> yes. >> and for the three of you again, should that also -- how would -- should that include both the state -- chief state election official, as well as the specific jurisdiction? i think that's yes or no also. >> i would say yes to that. >> i agree. >> yes. >> and so, mr. masterson, how would you determine -- i know one of the things i believe you mentioned in your testimony was you'd have to have some sense that someone was ready to receive that information in terms of cyber understanding or threat assessment. how would you really actually accomplish that with all the local election jurisdictions in the country once you see they have a threat? who do you think you should notify? >> so, the goal within the department is to ensure broad notification across the sector, which is why we've worked to

create the elections infrastructure information sharing and analysis center, so that there's an avenue by which threat information, risk information can be shared broadly. and then engaging with the government coordinating council, creating those information sharing protocols for the sector. so the number one priority within the coordinating council has been to establish exactly the question you asked, senator, which is how best to share information down to the states and all the way down to the locals to ensure they have what they need and it's done in a way they can take it and it's actionable. they can use it to mitigate threats and protect systems. >> in terms of broadly sharing, you mean you'd also broadly share some information with people that could potentially face this threat, whether they are currently facing the threat or not? >> yes, senator, that's correct. that's typical for how we share information within critical infrastructure, to try to boil down the nature of the threat and the information necessary for systems owners and operators to protect their systems across the sector. >> again, i'm not quite sure i'm

clear on your view of what elected or appointed local official -- what kind of qualification they'd have to have, if any, besides having that job for you to share this information with them. >> so, in order -- senator, in order to receive the information it, they simply need to be local election administrator, state election official, or their support staff. so the i.t. staff are eligible. in fact, we're working within the sector to craft this information sharing such that for executives like the secretaries of state at this table, they have the information they need to make good decisions from a policy and administrative standpoint, but the technical folks also have the technical information they need to respond and protect the systems. >> is it possible you'd be sharing with the technical official, person, something you wouldn't be willing to share with the elected official? >> no, senator. all information is available to any of the election officials. it's just a question of who can

best use that information to effectively protect the systems. >> and on the voter registration side for the secretaries, do you have any sense of how many attempts there are to get into that system? secretary simon mentioned appropriately doesn't really matter who's trying to get in, you don't want them to get in. whether it's a local political operative or a foreign government or somebody just seeing if they can get into that system and manipulate it in some way. is that something that often happens? people are testing the system to see if they can get in? secretary simon, we'll go this way this time. you and then secretary condos. >> mr. chairman, yes, that is something that is known to happen quite often. again, we and all the states here represented did pass that test, which is good, but there are people who are poking and prodding. the analogy that i've come to use in talking with homeland security is imagine a car thief casing a parking lot. and maybe he goes there a day or

two in a row, takes out binoculars and tries to figure out is there a way in. that's what goes on and can go on quite frequently. in the case of all the states represented here, for whatever reason that car thief did not go into the parking lot. we'd like to think it's because of the cyberprotections, but truth be told we might never know the real reason, but we were able to keep them out. there are a lot of people casing a lot of parking lots, and it's up to dhs to tell us who they are, what they are there for, and so far they've done that, belatedly with respect to the 2016 election. we didn't know until ten months afterwards, but they are doing, i think, a better job every day of that. >> secretary condos, is this a common thing people are trying to test these systems? >> every day. we have -- in talking to my i.t. manager, i can't speak specifically just for election management or the voter registration database, but our entire operations we probably

receive several thousand scans per day. >> per day. secretary ashcroft? >> i would say we average 100,000 scans on our systems a day. we cannot say which of those are targeted to elections. we have to treat them all as if they are treated towards elections, because if they find one way in, they'll go from there to elections, so we treat them all attacks on elections. >> i'll come back later to you, mr. masterson and others. how do you think we narrow down which of those should be reported and which should be followed up on? and i'm going to go now to senator klobuchar. >> well, thank you, senator blunt. we're just so pleased we're having this election hearing and i'm going to defer to my colleagues to ask questions first and i'm glad they are here. and i'll start with senator durbin. i wasn't kidding when i said i'd defer to you with questions. i'm just pleased they are here and we're having this important hearing in rules, so why don't you go first, senator durbin and we'll go in order of attendance. i'll go last. >> a few years ago i was on the

senate judiciary committee, chairman of the constitution subcommittee, and there was a lot of talk about voter fraud, voter i.d.s, reducing the time you were allowed to vote, so i took the hearing on the road. we went to ohio, cleveland, ohio, then we went down to florida. we called election officials just like yourselves. both parties, republicans and democrats, elected and appointed, and i asked them the following question, your states just changed voter requirements to require the voters to prove with a voter i.d. to limit the places where you could vote, to limit the time you could vote. what has been the incidence of voter fraud in ohio and florida that led you to conclude you had to put these new burdens on voters, and the answer was none. none. so for the record i'd like each of you election officials, if you would please, pick -- let's pick ten years. would you report to this committee, and you don't have to do it now, but in the last ten

years how many votes have been cast in your state, and how many people have been convicted of voter fraud in either a state or federal court in the same period of time? i don't guess you will know this off the top of your head, so i won't try to put you on the spot, but here's what i've concluded. the statement, secretary ashcroft, that you made is just -- it has to be addressed for the record, and here's what you said. voter fraud is an exponentially greater threat than hacking. exponentially greater. let me tell you what happened in illinois, because we blew the whistle. we were one of the 21 states hacked by the russians. they got into our voter file. somebody left a little worm hole in there and they got into our voter file. they had the capacity, and thank goodness they didn't use it, to change just a digit on each of our addresses and make a chaotic situation at the polling place when people turned up to vote. resulting in hundreds of

thousands of provisional ballots and i don't know how that would have ended. they didn't do it. thank goodness they didn't. but the threat was there. i could count on both hands the cases of voter fraud in the state of illinois in the last several election cycles. and the convictions even fewer. when it comes to this hacking, it is exponentially greater threat to our voting system than voter fraud. exponentially. i'm willing to say that. and i hope that we're ready. we put -- thank you for the $380 million. that's good. we got $13 million in illinois. wish we would have got more. $380 million will help. in 2002, hava produced ten times that amount. $3.8 billion to modernize their voting system. i think the russians are after us again. i hope i'm wrong. i think other countries are after us again. and if we spend all our time worrying about making it more

difficult for honest american citizens to vote instead of worrying about what the russians and others are going to do to invade our election systems, shame on us. i hope that we take this very seriously. i hope thatll the states have a paper trail. ours does, thank goodness. i hope every other state. i think five don't. will do exactly that. secretary simon, in your state of minnesota, what are you going to use the klobuchar funds for? >> well, thank you, senator durbin. we will use the klobuchar funds. we have put in a request to use the first $1.5 million of our $6.6 million to redo what's called our svrs, statewide voter registration system. it goes by other names in other states. it is what it sounds like, the primary database, the very one unfortunately in illinois suffered a breach, and the very one in most of the 21 states i'm aware of was at least the intended target. >> so what they told me in

illinois, the state board of elections, i said what happened, how did the russians get in there? and they said, we left a little opening that we didn't realize was there, and they got in that worm hole and they were in our system. and they had the capacity. there's no evidence that they changed a single registration or a single vote, so i certainly agree with the witnesses who have said that. from an illinois perspective, that was true, too, but the potential was there for a dramatic change. did you see the same potential in terms of your voter information and voting process? >> well, senator durbin, without giving a road map -- >> please don't. >> i don't want to do that, but what i would say is i think every system has some vulnerabilities. we in 2016 did our very best to -- and successfully -- to make sure we took care of those vulnerabilities. we summoned people to find them, we asked for people to probe and poke and pry so we could fix them, which we did. this is what many states have

done, not just minnesota. we managed to repulse or rebuff or turn away those who tried to get in, which is good, but i like to say this is a race without a finish line. there is no end zone where you get to spike the football. there is no tape that you get to cross. you always have to stay one step ahead of the bad guys, and the bad guys get smarter every year, and by the way, some of them are funded by foreign governments will virtually unlimited resources. so, that race without a finish line is something that keeps a number of us awake at night. that takes effort, that takes focus, and it takes money. these things have price tags. >> thanks. thanks. >> senator cortez masto. >> thank you. thank you all for being here. i, too, want to thank you for this important hearing and let me associate myself with senator durbin's comments initially. i was attorney general of nevada from 2007 to 2014, and i can tell you, i can count on one hand the type of voter fraud that we saw. and most importantly, not only did we see it, we caught it and

we prosecuted. so, this idea that somehow there is widespread voter fraud occurring across this country that needs our immediate attention, which engages in voter suppression is false. and i so think that we need to correct the record and use accurate data. but let me open this up to the panel, as well. in nevada, a majority of the counties are rural, and they, obviously, play a significant role in conducting elections in this state. counties don't have the resources that more populous counties have, and they don't have resources like a dedicated i.t. support, so in your states, how have you addressed that unique challenge of election security faced by the rural communities? and what can we do to continue to help them and support them? >> thank you, senator. in vermont we don't have county government, so we go directly from the state level to the towns. and in vermont, we, the state,

is responsible for paying for the equipment. the state is responsible for ensuring that it's working, that it's maintained. we pay for the memory cards. we actually provide a lot of the resources to the towns. it's not a direct payment, because we do the work. and that's how we approached it basically because of the way we are set up. >> senator, in minnesota we have 87 counties. only nine of the 87 counties have full-time, year-round elections staff. in most of the counties, which are rural or nonurban and metropolitan, those folks who run elections also wear many other hats. they do property taxes. they do drainage and ditch work. they do other things, and they don't have the luxury of focusing only on elections. so that's where, i think, if i may, the federal partnership comes in. it costs money to hire people, to have training, to put up the

defenses. so hennepin county, which is minneapolis, they might have the resources to erect these kind of defenses. other counties might not be so fortunate, so that's where, i think, there is a federal role to play, frankly, with money, with resources, to make sure that everyone in every state, regardless of where they live and what kind of community they live, can rest assured that the security in general and cybersecurity in particular is there. >> was that the impetus behind your request for additional funds in your statement? >> yes, it was, in part. making sure we have an even playing field no matter where a voter lives in minnesota is very important. >> thank you. anyone else? >> in missouri we have really 116 election authorities. we have some counties that are split up, we have counties with roughly 2,000 registered voters. they don't have the ability and wherewithal on their own for i.t. staff, so our office works with them. we've had meetings with our directors of elections going around the state to reach out to them on new cybersecurity

initiatives. we're holding a national cybersecurity conference both for secretaries of state, for national officials and local election officials on september 10th and 11th. we are putting all of our effort -- not all of our effort, but most of our effort into making sure they have actionable things they can do and the resources to do it. and i would add one other thing. when we passed voter i.d. in missouri, we actually increased accessibility to the ballot. we actually have individualized individuals that would have been turned away under the old law that were allowed to vote on our new law. i understand illinois doesn't work as well as missouri, but in missouri we can secure our ballots and make sure that every registered voter can participate and their voice is heard. >> thank you, i appreciate those comments. i also think we can do automatic voter registration and still secure elections and make sure everybody has access to vote. let me also say this mr. masterson, i think you need to know this, i worked very closely with the election officials. in fact, i think it's true

everybody should volunteer. i volunteered in clark county when i was assistant county manager, but know this, i want to convey the election officials in nevada have told my office that dhs has been great to work with. extremely helpful, generous with your services and knowledge, so thank you for that. i really appreciate it. one of the things they told me, however, and i'm curious if you're hearing this and if this is true. it's not a negative thing. it's that there's too much information. that they don't have the bandwidth to process the daily dhs updates and have difficulty figuring out what pieces of information are relevant for them and establishing priorities among the information overload. are you hearing the same thing? >> thank you, senator, for the question. i think this may go to chairman blunt's question, as well. we have heard some of that, and part of what we're trying to tackle, you know, as you establish a new sector, this is a new flow of information to election officials, is finding that balance about what is the right amount of information,

tailoring it in a way that prioritizes what they really need to know, but then ensuring that the technical folks or i.t. folks that perhaps need a little more detail and more constant updates have that, as well. so i think we're finding that balance as we work with, so we'll get better as we build that relationship and share that information, but yes, that's something we've heard and are working to get better at. >> thank you, senator. senator udall. >> thank you, chairman blunt. and let me just before i ask a couple of questions, we had a previous secretary of state by the name of diana duran, who made these just widespread accusations about voter fraud. and our state very conscientiously went through thousands and thousands that had been reported. and after review it came down to several. i mean just a handful of

unintentional minor errors. no one was ever prosecuted. there was never any real fraud that was found, and so i think we need to be very, very careful. i mean, she got wonderful headlines, you headlines. for weeks there was all this activity of, oh, there is fraud, there is fraud. and then when it finally trickl trickled out and everybody reviewed it there was nothing there. so i want to focus, again secretary ashcroft, on the quote that senator durbin asked, the evidence indicates that voter fraud is exponentially greater threat than hacking evidence. what evidence academic studies back up that claim? >> well, the senators actually own words back that up. because the senator said that the allegations showed that there were no votes changed, no registration changed by hacking. and yet i gave concrete evidence of an election being changed by

vote fraud. as far as i'm concerned, if elections are changed by fraud, be that individuals in missouri, be that individuals overseas or ineptitude, anything that stops the voice of the voting public from being heard and then making a decision, that's a problem. and what i said in my remarks is still true. we should take a comprehensive approach to make sure that no votes are changed by fraud, malfeasance, criminal actions, or ineptitude. we should make sure that every voter knows their vote will count. >> well, you didn't answer my question. my question was about your statement here, exponentially greater threat. so what proof do you have? i mean, we are all against fraud. nobody wants fraudulent voting. but what proof independent studies to back up your claim that it's exponentially greater?

>> i'll say it as simply as possible. your colleague admitted no votes were changed, no voter registrations were changed by the alleged hacking. i gave you a concrete example proven in a court of law as individuals pled guilty of changing an election. no instances of votes being changed. an instance of an entire election being changed. that's exactly what i'm speaking to. i don't know how i can make it more clearer, sir. >> and this is for all the secretaries here, and mr. master son, if you have anything to add i'd be happy to hear it. secretary lawson's written testimony stated that only 59% of states have drawn down their half va funds. we know every state's election is vulnerable in some way shape or form. and we have also heard elections

are under funded. let me ask each of the secretaries, have you drawn down your funds, a fn not what is presenting you from doing so in it's a pretty simple answer. >> moirz was first one to drawdown hava funds. >> you've drawn them down. go ahead. >> vermont has drawn down their $3 million. >> thank you. mr. simon. >> thank you, we have drawn down our funds. >> do you want more? could you use more? >> if you send it, we will use it, sir. >> same? >> yes, actually i think what we really need is ongoing, if you want to call it maintenance, cybersecurity is evolving science. and it's an evolving practice. and we have continuous needs going forward. >> same mr. simon. >> yes. >> thank you. and in your conversations with other secretaries of state, do you hear reasons why other states aren't drawing down these

funds? >> senator, i would say that some of the states have to deal with legislative action that needs to be taken in order to accept federal grants. so some of the states may be required to do that first. or it could be from their administration, the governor's office may have to approve it before it can be drawn down. i think there are other states who are probably trying to plan out what they are going to be doing with the money just before they get the money. >> mr. ashcroft, did you have a comment on that. >> i would say they did a phenomenal job getting it out quickly. if it had been a week later we would have run into problems with the legislature. >> i want to make a distinction between the initial money and 2003. that we have drawn down. the latest chunk what we have been calling the klobuchar money, unfortunately because of frankly political fight in our legislature we weren't able to get access to the $6.6 million's

now this year. that was totally avoidable outcome and unfortunate one. i think we'll be okay but the sooner we can get the money the better. >> thank you for the courtesies letting me go over, senator blunt. >> senator klobuchar. >> thank you very much. tan just to clarify, secretary simon, you will be able to access that the future, and we want the secretary of state office to get that funding. is that correct? >> that's correct. >> okay. it was just part of a larger fight over something that, as you described it, was unfortunate. it wasn't about the money. so you mentioned, secretary simon, that the bill strikes a right balance, federal government support for states. this is the secure elections act. can you expand on this? >> right. well, i along with my colleagues i think regardless of party will always emphasize the primacy of the role of states in administering elections. and i think there is dare say

anonymity on that score among secretaries of state. but what i like about the balance that the secure election act is striking, and i know it's a work in progress, is this realization that floors not ceilings are okay, even if it's a question of federal interest in making sure something is done, regardless of how the states choose to do it, is important. i highlighted in my testimony here just the communications process. gcc, government kood nating kouj is already coming up with protocols, and my understanding of the latest version of the secure elections act there is an acknowledgment there that that communications can come in many different forms, including and not limited to what the gcc comes up with. but the important thing there is communications up down and side sways, local government, federal governments, maybe some nongovernment actors in some wages. i think that alone is a cause for the federal government to assert some interest in making sure that this communication is going on.

and election attack in minnesota can, perhaps, be linked to or have very real effects on an election attack in vermont or moi missouri or anywhere else. so i this i that communication is important. so i highlighted that aspect but i think recognition of the primacy of the state role coupled with federal general interest in making sure things get done, states can choose how that gets done, i think that strikes the right balance. >> secretary condos, you said they have done a good job of disbursing the ha va funding earlier this year. can you comment on the role that eac has played in improving communications around the cybersecurity issue? >> certainly. they have been a very valued partner with us. they provide information. obviously, we have to submit an approved plan or a plan to them how we are going to spend the money. and i think, you know, i may

different from some of my colleagues, but i think that the eac plays an important role in our elections process across this country and is sorely needs to have the resources it needs to operate. and, also, really badly needs to have congress appoint a full quorum, at least a quorum, so the board or commission can actually operate. >> and you mentioned your support of post election audits earlier. can you expand on the importance of conducting audits and how it relates to voter confidence? >> i think that that's an extremely important piece for all the -- for the integrity of our elections. we in vermont do use paper ballots and do a post election audit within 30 days. when we do it, we do approximately 5% of our towns, and we do 100% of the ballots from that town, 100% of the race

on that ballot. so we do a complete audit of that election. we feel that the confidence level that we have with it is close to 100% as you can be. so it's post election audit is something that i believe should be something that is included in the secure elections act as it is. >> secretary simon, same question, but about paper ballots and how you see them as an advantage. >> it's a huge advantage especially post 2016. i mean the fact that minnesota is proudly old school has served us well. and we have seen how many states who are were once perhaps sold on the paper less future are now understanding that, no, paper is good after all. and are going in the direction of most of the states in having a paper ballot. very hard to hack paper. although in minnesota that paper is fed into a machine, under state law that shall not be connected to the internet. so that's a central part of our

system. >> tan then you've beand then y get results fairly quickly with this system? >> that's right. it does the results on election night very quickly and outstanding partners in making sure we get that information out. >> tok. i can turn to tu and then maybe ask you some questions. >> okay. >> so i'm going to focus on some of the things that have come out here. first of all, i won't go on about voter fraud, but i'll note the decision that came out just yesterday in kansas where a kansas judge struck down kansas voting registration law that they introduced that secretary kobach actually introduced that was very restrictive. and he had made this case that there were -- it was the tip of the iceberg of the people he had found who had somehow fraudulently voted. and the judge here looked at all

the evidence and found that it was a very small number and said that there was in fact no iceberg. this is words. only an icicle largely created by confusion and administrative error. and this was a very thorough review of this. and this is based on my own experience as the county attorney in minnesota's biggest county where we had to review cases that were referred to us from the secretary of state. and i had a full-time investigator, this is right on the frontline, looking at these. i would echo these remarks. because i remember specific cases, the handful of cases people referred to, the couple who is the voting line went right through the school board to their house and that decided that meant each of them could vote in both elections. and asked where they were supposed to vote and we said where they sleep. the wife called back what if we slept on separate beds on two sides of the line. so, i mean this is serious

stuff, but the kind of cases i saw, and we did prosecute a few over a guy who said republican wouldn't have a say in minneapolis, voted twice, told that to our investigator. but those were so rare. and over all we found most of these cases was a dad and a son with the same last name and the same first name and it was confusing, and so when we looked into it we found out they had a total league right to vote. so i do want to remember this decision, which really encapsulates what we have seen in the studies all across the country. and that our efforts should be much more on trying to get people to vote, which sents of state are in such unique positions to do to encourage them to vote. that is what we should be doing and be honest about what's going on here with these numbers. and then the other thing we have

to be honest about is not that the votes were changed in the last election, but they tried and they tried hard, and they got into the illinois data bank and those kinds of thing. and they tried in 21 states. and when our own intelligence people under president trump are telling us that russia is telling us we are at risk, i think we have to pay attention to it, and i appreciate that's why we are having this hearing. so my question of the panel, just a yes or no, the 2018 primaries are already happening across the country. general election 139 days away. you aren 0 the front lines. confirm yes or no do you agree elections are a potential target and therefore you see this as a priority? that's my question. >> primarily elections are a very big priority to us and we have started implementing things. >> but do you see election security? >> i think that's an important topic. that's what we've been working quite a while. >> okay.

>> simply put, yes. >> okay. >> yes. >> okay. >> yes. >> and secretary ashcroft, your testimony sounded like you believe that information sharing from the government to the states is important. and that it should be improved. do you want to elaborate? >> yes, there has been serious problems with prior individuals in dhs. we had a mass meeting last year where dhs reported that they had told states about instances, but they couldn't tell us who they had told. they hadn't told chief election officials. they might have told the chief technology official. they might have told a local election official. we've had problems with things being classified far above what they should be classified so they couldn't tell that though election officials and couldn't respond. >> very good. >> sorry. >> i said i've seen that and that's well put. and must be incredibly frustrating when you are trying to do your job. and we discussed already, secretary condos, the post election audit process. we talked about paper ballots

and how important this money is. and mr. master son, in recent article you wrote about many so of the great work election firms are doing rnds a the country of the do you believe that state and local election officials can benefit from this sharing that we talked about? this is not just the immediate information about the threat that we need to have happen, but also best practices. >> absolutely, yes. >> okay. very good. well, i went through all those because those are the elements of our secure elections act. very tricky, huh. so we are just hoping that we can get this through. and i know senator langford is working very hard to do that. but thank you all. >> thank you, senator klobuchar. let me start back to where i was a minute ago. in the secure election act, which is a work in progress, apparently, that we will take up at some point, one of the requirements there is that if an election agency has reason to

believe that an election cyber incident has occurred with respect to the election system, they are to notify the department, that would be the department of homeland security. that is earlier defined as any incident, any incident involving alexis tem. so clearly from the numbers that have been shared here, that would be an unreasonable thing to do. i think mr. master son, in the interests of time we may have to come back to you and the gcc and say how do we write that in a way that it makes sense? you obviously don't need 1,000 a day or 100,000 a day notices that somebody is trying to get into our system. so we need to figure that out. and you want to comment on that? >> yes, mr. chairman, i'd agree completely. i think finding that balance is something we've been discussing in the gcc. none of these folks or the

locals need notice that their microsoft patches are out of date. they are aware and working on that. so what the balance of notification with regard to threats vulnerabilities and incidents and finding that balance. so happy to report back and work with that. >> exactly. and on the audit trail, do all three of your states require an audit trail? do you require a paper ballot trail? yes or no. >> yes, we do. >> yes, we do. >> yes. >> same response, yes or no, should the federal government make an audit trail, paper audit trail a requirement to have federal assistance? >> i don't think so. >> i do think so. >> i think there is a federal interest in making sure that there is some audit, some audit process. >> well, now, what i'm asking about is should there be a way to recreate the actual election itself. and i don't know quite how to do

that without paper, even if you had a machine that was not accessible to the web. >> i believe states are moving to do that without federal legislation, so that's why i don't think the federal legislation needs to be done on that. >> but in all three of these cases you have that. and on the audit requirement, how specific do you think that needs to be? there is, in this bill, there is i think a specific-tsh y -- you 5%. should that be left up to you or should we tell you how close the election was? >> that's a great question, senator. and i think that really there should be some flexibility in the type of audit as well. i mean, we hear a lot these days about risk limited audits. risk limited audits are a great way of doing it if you have the systems in place that allow you

to do t and right now only a handful of states that can actually do that the system we use, as i said, we are actually talking internally about increasing the 5% to maybe 8% or even 10% of our town's post election. and we feel very confident that it's actually even better than risk limited audit because it actually looks at 100% of the ballots that are cast in a town and 100% of the races. so you are auditing the entire ballot back essentially at that time. >> any comments from the two of you on that? >> when i was teaching, i taught statistics, i think the language should just give probability intervals as opposed to specific percentages. for a close race you can lead at more. if it's an 80/20% race you don't have to look at that. >> senator? >> there are states without throwing under the bus that are not represented here today that

don't really have any meaningful sort of audit. and it strikes me there is it a federal interest in making sure there is some audit process. >> and when you do an audit do you count the ball onts the same way they were count on election day? >> yes. >> how about you? >> we use completely different system. >> but you don't hand count them? you still count them? >> no. and in fact in our experience, hand counting is actually proved to be the most error. >> secretary ashcroft? >> we don't hand count everything, although there are times when we do, and working with the local election authorities on those rules. >> and would you give a direction in that post election audit to election authorities locally and they do the recount or you do the recount? >> the local election authorities do the recount. >> how about with you? >> we do the audit. >> so the ballots come to you in the state capital and you do the audit? >> we do a public audit. we use the auditorium in the

governor's building and we have the ballots delivered to us by the local boards of civil authority from each of the towns that have been randomly selected. and they deliver those ballots to us. we do our work. seal those ball lots back in the bag and get them delivered back to the towns. >> how do you do it secretary simon. >> that is done at the local level not by our office. but we follow up with second step and do a post election review of that audit. >> right. all right. i think there will be more questions for the record. and we certainly, secretary ashcroft and i are really glad all these states have great government conditions. our tradition is not that great. and if you looked at the 2,000 go governor's race in missouri, there is a post election investigation finding out lots

have voted including a dog and we don't know exactly how the dog voted but the dog was the registered voter and the ballot was cast. so, you know, just to get this discussion where i think it should be. the federal government is not about to do things that encourage voter fraud. and the discussion that voter fraud doesn't happen is not really before the committee today, but i look forward to your reports back of what kind of voter fraud you've had. i think secretary ashcroft, within the last year we had one election that was set aside by a court, two elections according to secretary ashcroft set aside by the court, and then he had had to do the election again. was that absentee voter fraud or at the voting place? >> it had to do with absentee ballots. they didn't have to prove the voter fraud there was enough smoke so the courts said redo

it. >> so i guess we have a burden that illinois doesn't have or other states that don't think this is ever a problem. it's a problem. it happens not to be the problem we are dealing with in this bill, in this hearing, or right now. so thank you all of you for coming. we have a vote coming up before too long. so if our next panel will come up, we'll have some questions for our local election officials one of which is from the illinois jurisdiction that somebody actually got into it, as opposed to the 21 jurisdictions that people tried to get into.

>> all right. our two witnesses here are noah pirates who is the director of elections working under cook county clerk david orr. i'm not quite sure but we'll find out if it was your jurisdiction or another one that actually got into, mr. pratt's. and shane shuler from

springfield, maerissouri and vo and has a job i once had. we'll have questions for both of you. >> thank you, charm blunt and ranking member klobuchar. i'm i'm mr. pratt and it's an on to be here. we help choik our elections reflect a trusted and true accounting of voter choices. that legitimacy must be secured. election officials have been working and securing votes and voter records for a very long time. when i started in the business, prior to 2000, we served mostly as logistics managers, like wedding planners, making sure they came together with the right stuff. after bush v gore and the help america vote act, a new era of rules was heralded in and we became legal compliance and i.t.

managers. but the 2016 election and all since show that sophisticated attacks must be expected and we must become cyber security managers. spurred by the need to defend against for ten enemies, officials have been working successfully to find good balance of federal government in elections without tram blipling. good process has been making made. state officials and more stiysts in some states and defending our institution deserve great credit. particularly their lead blocking up to the 2016 election. however, and at the risk of being overly broad, i must underscore today local election officials are the one that control, secure and run elections. we locals, 108 in illinois, and over 8,000 nationally, have on the front lines of this new battlefield. we deploy a variety of network

connected digital services. such as voter registration systems. informational websites. unofficial election results displace. election day command centers. not to mention the less connected vote counting systems. each of these is a target for our adversaries. most of us are simply county officers and facing down shadowry adversaries. we need advice, support and resources of the first for modern defendable technology. tan routine hand counted aud itsd, which can give additional confidence that digital results are accurate. and, second, and more critically today, we have a pressing need for top notch security personnel with the skills to navigate the current cyber mine field. in cook county we have studied this, undertaken significant efforts securing our infrastructure and helping raise awareness broadly through the

ecosystem. we conclude to decrease the likelihood of success full attack, each election official must have access to an election security officer. most election officials don't have that today. we suggest this be handled by a brigade of digital defenders or as homeland security calls them cyber navigators. they should do the mantra, defend, recover. following the specific recommendations for internet security, or the defending digital democracy program at harvard. they'll also help usmah tour our breach detection techniques and help mature our recovery plans for when tachers penetrate the first and second line. to accomplish this, the navigators will secure free support on offer homeland security, state governments, and companies like google and cloud flare. they'll work with state and county i.t. staff, and with vendors who support locals much

of their support. finally, they will help build a culture of security that can adopt to evolving threats. incidentally, illinois lawmakers recently required that half of the ha va funds you realized be spent on navigator program. tan our state election officials are acting aggressively to create one. voters across the country should feel confident we are taking this seriously. but without continued investment in people and products, the possibility of a successful attack increases. some losing candidates are already apalachee to call their defeats in doubt. new digital breach could turn sore losers to cynicism, disbelief, even revolt. that's the reaction the enemies of the united states want. the bottom line is we cannot eliminate every chance of breach. but we can make sure that successful attacks are rare.

and we can provide assurances that we are prepared to recover quickly when they do happen. we can do this with support at the local level. but democracy is not perfect. as churchill noted, it's the worst form of government except for all the torts. we need to protect t and we'll regret it if our democracy is damaged if we fail to look away and fail to support t thank you. and i look forward to any questions. >> thank you. mr. shuler. >> good morning, mr. chairman, ranking member klobuchar hand distinguished members of the committee. thank you for the opportunity to offer testimony this morning. my name is shane shil tear and honored to serve. we are responsible for several administrative duties for the counties. these duties include tax administration and licensing and notary issuance, county payroll and retention and archival

county records, voter registration and election administration. election trags is clearly the most visible duty eye of all that i just mentioned. duty eye that my fellow colleagues take seriously. as we work tirelessly to ensure the correct ballot is given to each voter and correctly tabulated. it's important in the context to recognize that each state is unique in how their elections are administered but not unique for several other administrative duties. this is decentralized state by state and county by county. which is advantage in protecting against cyber attacks on our elections. the advantage is also a challenge. as it relates to cyber security threats to electronic voter regulation data and tabulation of election results on election night. it's fair to say the majority county clerks in the rural areas of maerissouri are depending one

voters, secretary of state's office, and the coordinated efforts of homeland security and the election assistance commission to be their firewall for protection against incoming cyber security threats. i currently serve on the advisory board. i appreciate the continued increasing efforts to provide critical information on security preparedness to state and local election officials. their work with secretary of states is welcome. i'm optimistic these good efforts will continue and further enhance through one of the provisions within the secure elections act that would change the technical guidelines to vote in the committee to the technical advisory board. and because of that include cyber security experts as part of that i believe changes like this are needed to build on the current information sharing that was not in place prior to the 2016 election to continue improving how cyber security information is shared to local election firms and a common sense and productive way to help mitigate possible cyber attacks in future elections. i do want to address one area of

the secure election gs acted that is online 23, lines 3, 4, 5, it says each election result. i strongly suggest paper votes. that does not have the a paper trail is not too great. to this point part of the requirements in our regulatory code requires a manual coat of the paper ballots based on random drawing by bipartisan team not less than 5% of the voting pre-cincinnati on election day. being able to share with voters that the paper ballots they cast were randomly selected to be recounted by hand during the post election was critical to earn confidence that the 2016 general election was accurate. less focus but cannot be over estimated is the cyber attack to alter electronic voter based ross sters that are commonly used in place of paper base when

checking on voters on election day. the benefits of checking in ipad is enormous and something they appreciate wait time reduces. that can become a source of real issues on election day if voters who have not voted are informed on election day that they have already voted. i'm sure you would agree with me this is real chaos to enshoe. as we think through these issues, it's evident that a majority of our local election firms that balance so many administrative duties for their county and often have no resources to monitor, need outside help to help them with stand future cyber attacks. it's for these reasons that i recommend that the dhs in coordination with our secretaries of state assess state by state where the weakest

vulnerabilities are county by county. based on the information learned, i believe the necessary cyber defense protection can be provided where its needed to help ensure the integrity is protected. i firmly believe that elections are the corner storm of our freedom. and we must all work together to protect that freedom and its integrity every time a voter casts his ballot. i believe we are up to the task if we do it together t thank you for hearing today's hearing for election security preparation as we prepare for this november. and i look forward to answering the committee ease questions. >> thank you t how many registered voters practically do you have? >> a little over 189,000. >> how about you? >> 1.5 million. >> and was it your system that was penetrated by hacker? that we believe to have been a russian hacker? >> it was a statewide. >> so the state director of elections would have been the person that we would have seen

on "60 minutes" not too long ago talking about this? >> yes, sir. >> so it was the statewide illinois system. >> that's correct. >> and is it your view that more problems are likely on election day by getting into the registration system than the likelihood of getting into the county system? >> sure. we have a broad threat surface area. we rely on aty number of different systems. the network connectivity voter registration is certainly much greater than voting systems and therefore an easier target for adversaries. >> mr. shuler? >> i would concur and certainly that's an issue that happened at did your um county north carolina in 2016. very small scale, but if you would increase that scale you could easily see the issues it would create on the day of the election. >> and the option of provisional voting as senator durbin suggested earlier would quickly overwhelm the system if you had

all kinds of people trying to cast their ballot? >> correct. we were working in a backup system in that would occur, but clearly that's going to be fairly technical and hard to accomplish. but we are looking at that should that occur. >> if i might point out, in illinois we have election day registration, which in and of itself is highly resilient policy decision that our law make tears made, particularly in the event of an issue with the voter registration database. clearly lines become a problem. we have been modeling our election day registration now is about 10 seconds longer than our normal check in. there are ways to do it, but it's a policy decision that not only helps voters but it makes the security of the whole system much more resilient. >> i assume if you could register in ten seconds, you could also do what you need to to cast a provisional ballot pretty quickly then? >> sure. >> if that same system was designed to to accommodate that. >> yes, sir, absolutely.

and it's ten seconds marginal increase. i would love to get voters through in ten sends bconds. >> and that would not allow that filling out the envelope and all the details going along with that. illinois may be ahead of that in that particular regard. >> do you have way, mr. shoulder to monitor how many people might be able to access your system from outside the system choik. >> that would be through our information systems team. and they keep that information pretty close to the vest. but we are fortunate in green county, we have that type of help available, schoeller. >> and smaller counties, as i was visiting with county clerks before today, and they said we are not prepared if something of this scale would occur to be able to defend themselves. >> now, i was in a location in st. louis a couple of weeks ago where they have really they are the principle provider of the

ipad voting day system. >> yes. >> they were just transitioning 51 counties in minnesota to that system. they just got the entire country of canada as a client. and one of the things they were doing while i was there, they had three summer interns and it would oth would -- and two other people try to get into the systems all the time they are responsible for. so this is somebody who spends all day every day trying to secure a system by trying to penetrate a system. and if they find those spots, so you have people doing that? >> sure. red team attacks are very valuable sort of efforts to ensure that your defenses are holding up as you would expect. homeland security has offered that to all the states and locals. we just had a risk vulnerability assessment through them. and it's quite interesting what

the good guys are capable of as well. >> but the good guys have to be, our whole cyber structure is the good guys have to be successful at time and bad guys only have to be successful once to do great damage. and before i turn to senator klobuchar, mr. shuler, you would like to see a paper ballot as part of a national requirement? >> i would, in terms of if you think of the terms of the measurement that's used. but particularly when visiting with the voter. voter wants to see something tangible. and i think the tangibility of paper will give them much greater confidence. and when it comes to federal elections not just for president but for the balance of congress and the house and senate, being able to give them that assurance, yes we can always go back, and look at a paper trail, versus something that's on a screen that is based inside a system that we have to trust. i think voters are going to appreciate that type of

assurance. certainly when i visit with voters back home, i rarely have a disagreement. as a matter of fact, i can't think of one time voter disagreed with that, regardless of party. >> and when you do a post election audit, you count those by hand or with county equipment? >> we at no less than 5% of the voting pre-cincinnati on the day of the election, we do, and bipartisan teams, they are recounted by hand. and one of the things that i think is important is that even if you do a post-op of the machine, how would you know if something has been compromised if you can't at least kprar the results of the paper ballot. i think that's the assurance it gives. clearly the machine when you have an accurate election does do a better job of counting the ballots. i'm talking about in the case where clearly fraud has occurred, then the paper ballot is going to be the evidence you need in terms of if your system inside that machine was compromised. >> thank you. senator klobuchar. >> thank you very much, mr. chairman. so i think for a while people

were talking about why doesn't everyone vote from home, which is great when you can mail in a ballot, we know that, but vote from home from your computer and that would mean no paper records. can you comment on that? >> i think that's 100% inappropriate for civil elections. >> i find it ironic because this was my first term when i ran for the office in 2014 that was actually a common theme i heard. >> right. i kept hearing about it. and i kept thinking about our state with high voter turnout. >> incredible integrity. >> but it involved people, they could vote by mail, and we made that even easier. but they had actual paper ballots that they did. and fed into this machine to count for auditing. but you are right that's why people are talking about, why can't you do it from your home computer and have no back up, right? >> right. and that was one of the things i had to disagree whether thn tha

viewpoint was put forth. and even when elected i went to a conference and group of speakers all talking about this. and one speaker. >> like voting from facebook. >> correct. >> just kidding. >> but they actually disagreed. and i went up and i think i was the only election official that day, that was prior to 2016, that didn't think it was a good idea. but i think we have evidence now from 2016 that clearly that's a convenience that we can't afford. >> very good. so mr. shuler, in your testimony, you supported the secure elections act increase of cyber security expertise. what is currently the technical guidelines committee. additionally you support more robust auditing provisions. >> yes. >> we talked about that. and so you think that that's very important to have this post election audit? correct? >> i do. and certainly, one thing i want to recognize is when we do these audits they are very trans

parents and open to the public. and that's something that you cannot put a value on par transparent choik. >> and thank you for supporting the secure elections act in your testimony. and i think you must be hard to be used as an example of illinois that they got that close. >> yes. >> but it must make it more of a concern in your state. >> certainly. it hits home. >> very good. and are people aware of it, do you think? >> oh, yeah. i mean, our voters come to us, and we are lucky in illinois because we can tell a strong story, we start at the end of the behave a piece of paper that every voter looked at. choik. so worst case scenario, full attack with melt down of systems, we can recreate a system tried and true. if we were able to talk that way nationally, this would be probably the last hearing of this sort we'll have. i mean, it's very effective

narrative. >> and do voetdeters get worrie about having private data taken? >> sure. >> which is it a different issue of course. >> entirely different issue. >> it could happen at the same time but it's a different concern. >> now, luckily we have the data sets we keep on voters, don't have a tremendous amount of pii, but it's certainly something that we protect. >> and of course we have been talking about the fact that homeland security didn't come forward with the information to the state. when did you find out about that? >> again, it happened at the state level. and i know as much as anybody else from this "60 minutes" story, they shut down the statewide voter registration system sometime in the summer. then we started asking questions. we are a bottom up state. each county in illinois has their own voter registration system then we share data up to the state board of elections. which also is another sort of resilient policy choice. because even if the state board system had been taken down, we

would all have been able to operate pretty seamlessly. >> and there is a secondary concern people are focused on hacking could result in stealing of private voting information? >> of course. >> people's addresses, things like that. so we have been talking about dhs. but you both mentioned eac briefly in your testimony. and could you talk about the role that the election commission has played in improving communications on cyber security? >> well, certainly. so i sit on the executive committee of the government coordinating counsel and sit along the chairman and president of this sort of confederation is working really well for all of us to figure out our lanes. and what's become clear to everybody, including homeland security is vital role that eac

has played. for 15 years they've been a significant partner. they are a trusted source. i think dhs has been able to rely on them significantly. and we have certainly at the local level. >> and, mr. praets, you discuss in your testimony, and mr. shuler mentioned not all authorities have access to protecting them. can you both discuss how they can provide much needed resource and expertise? >> they have a number of white papers and information out there available. they are trying to do all they c can. i think the major issue is oftentimes election official are so over task withed these various administrative duties. they don't have a budget to handle the budget they have. they don't have access to that information just by the logistical way their job occurs

every single day. and that's why i think if we can have programs that are there to help, like noah mentioned this morning, i think that's going to be the type of help that our local election officials appreciate. because they are concerned. they are worried. they realize they don't have the techno background or capabilities or the local help to be able to get that protection they need. and one of the things that when i mentioned i think the other issue is that sometimes they'll go out to somebody there locally to get help. but how do they know if the help they are being provided is what they need. and i think that's another part of helping educate local officials is okay. this is accompany you can trust. we get a lot of information from companies tell us they will help us in terms of cyber security, but what product is actually really needed versus what we would be spending money on that would be frivolous and not really protect us at the end of

the day. >> very good. thank you to both of you. >> my last question for both of you, and there may be questions in writing. do you see any potential for unnecessary duplication with the eac and the new involvement in homeland security? and if you do is there a thoughtful way to deal with it. >> i have no concerns there. i think homeland security has quite a broad plate of responsibilities. now, i'm glad they are able to share some of their cyber specific resources. i think it's critical to have an institution dedicated solely to election support that will not get pulled into other issues. >> mr. shuler? >> i think the issue is broad enough that the coordination is good. and i think the eac in erms it of the other areas they help out with in terms of their clearinghouse for best practices

local election firm, those are the types of things they provide that dhs will not provide. but i think when it comes to protecting themselves in terms of the cyber world i don't think can be too broad at this point. >> and as interface you would be comfortable reporting things to eac then they would report onto homeland security if they decided it's necessary? >> yes. >> that's correct. and the information sharing protocols that they have developed, that's not the exact design, but i have zero doubt that the officials that are working on this will share information appropriately with each other. >> well, thank you all of you. we started a couple of votes that we'll need to go to. but we appreciate you and the other witnesses being with us today. the record will be open for a week from today. and there may be some questions that come to you in writing. and if they do, we'd hope you would respond to those as quickly as possible. the hearing is closed.

>> thank you. >> thank you.

>> i would say that the mo enwe got out early was very important and that's why we got it in the budget and leader mcconnell and schumer agreed we should get out the 380 million dds out there right away. and we did that. and that was probably the most immediate thing we could do. and homeland security has picked up from the complaints from the secretary of state's and the hearings we have seen and judiciary intelligence that they couldn't leave -- they couldn't keep hiding the information from the secretary of state. so you are starting to have some of this happen as you heard from them where people are getting into the right classification so they can get the information. but the secure elections act cements that and also provides

more sharing of data. that's why it may not -- my short answer here is we got the money out. we would like to get more money out. but we got the money out immediately. aen if we don't pass it right before 2018, we can still pass it after. >> and a number of things. what we heard here this morning, it was most of the things that the secure election act would require happen happen in the future appear to be happening right now. and we can improve on that. and we can restructure that communication where it needs to be restructured. but we are probably learning quite a bit by the effort to go ahead and step forward and do these things and then figure out how you more fully define this. hopefully we can get that done before the 2018 election. but as senator klobuchar just said, the responsibility of local officials to conduct elections and the determination of dhs after the election last time that this was critical infrastructure still are

important factors in moving forward. and i think there is heightened awareness of this. heightened focus on what needs to be done here. and i this i we heard a lot of that today. >> just for a second. could you talk about how this compares to 2016, the threats you've seen now in this here? >> i would think we are in la much better place than we were in 2016 just because everybody is more aware, more notice being given in 2016 local officials would be a good thing, but you have to be pretty unaware as a local official things going out that there are things you should be concerned at at a higher level than you have in the past. >> can you -- >> what? >> why none of your republican -- >> senator fisher came and couldn't stay. and i think we got accomplished what we needed to accomplish.

thank you. >> that's okay. >> i was defending them. >> good call. >> very quickly on the sethat, additional funds? >> yes. and i want to make clear we tried to get it done by itself. we tried to get the whole bill on the budget act. and trying and appropriations to see what we can get some of it on there. but realistically if we are unable, it hasn't passed the house either, if we unable to get it done in the next month, there is still reasons to do it. and the fact that we keep pushing on these issues makes homeland security listen to us and we run things by them. and the secretary of state's are negotiating with us on ts language. it all helps for best practices. but in the end you don't want the next homeland security secretary to just make their own decisions about what they are doing. look what happened last time. so what you want is in law that they have to share this information with the states. >> we have seen a lot of that stuff going on now.

but i think secretary simon was saying more money, more money, that would be nice, and that's something they can't do on their own. >> yeah, and you look into company hacks like into sony, come on, so think about all the money they've put into their security and these are actual internet companies that have been hacked. you think about everything that just happened with facebook, all those things. so you have these guys in small counts all over the country, and they are supposed to somehow think that they are all protected when you have major u.s. companies being hacked. that's just not fair to them. and so that's why i don't think it's just for fun that they are here saying they need more resources, including republican secretary of states. and we have a federal obligation. these are federal attacks from another country. this is not one angry person in one county in a state. these are national security attacks. and that's why the federal government has to play a role. >> as far as there is a debate on the act, on the bill, is it over resources and how much

resources should be provided? >> not as much. because we actually got the initial -- i would say that initial bad word, we got the initial amount of money we asked for. but i would say it's more about what is the floor. what should we say even though we want to preserve their individual system so we don't have a nationwide attack, that would be a disaster. as bad as attack, we would rather have it be in one county than the whole country. so we have to figure out the floor we expect of them chlgt and then i think there is debate about that how much we should be able to tell them what they have to do. since we know what happens in one county will hurt the whole country lexus tem. that's what russia is trying to do. even if they pick out one county, it hurts the integrity of our own democracy. hence we should have a floor what we expect states to do. >> the audit, secretary has

range of positions today. what's your po he si what's your position on it? >> literally any audit. i think other people have suggested maybe a risk limited audit. and this position is -- >> we want an audit. beju we just want audits. >> thank you for the interview. thank you for your time.

>> here's what's coming up on c-span3. next commerce secretary wilbur ross explains the administration trade tariff plan to a senate committee. then a review of the recent medicare trustees report and the future of that program. prime time programming starts at 8:00 with the hearing on cambridge analytica and facebook data programs. >> this weekend on american history tv, c-span3, live coverage from the college civil

war. and followed by battle of gettysburg. and later 3:15 wilson green on the battle of the crater during the siege of petersburg. the ba crater. our coverage continues with at 9:00 p.m. eastern on desertion among african-american troops in the civil war. at 10:15 arizona state university's brooks simpson on president april hack lincoln and his relationship with his commanding generals, george mcclellan and ulysses s. grant and then elizabeth warron on a spy ring operated out of richmond. watch this weekend on american history tv on c-span3. commerce secretary wilbur ross defended the administration's tariffs actions at a hearing on capitol hill this week. secretary ross testified before the senate finance