>> the senate intelligence committee today takes a look at ways to improve election security. with homeland security kirstjen nielsen. of jeh johnson, who was head dhs during the obama administration. that hearing will include testimony from state officials. 9:30ll have coverage at a.m. eastern on c-span3. as always, you can watch online that c-span or or listen on the free c-span radio app. members of these studded intelligence committee spoke with members of the election security board yesterday. from capitol hill, this is just over 30 minutes. mr. burr: good morning. afternoon, excuse me. i want to thank everybody for being here.

if you have the flight over the potomac i did this morning, you are think it was, too. i want to thank my colleagues especially who are with mark and i this morning. i think it's safe to say that the senate select committee of intelligence has been focused on completing an investigation since its beginning. we haven't set artificial time lines. we haven't made promises to anybody. what we said and the vice chairman and i said the same thing. we would go wherever the facts led us. we are now at a point where we have wrapped up one piece of our investigation which deals with selection security. i think it's safe to say that our team has done an unbelievably thorough job. they spoke to nearly all the affected states, the white house, the department of homeland security, the f.b.i.

and other intelligence community agencies. they've secured and analyzed countless intelligence products, both raw and finished assessments. let me say this with great deal of confidence. it is clear the russian government was looking for the vulnerabilities in our election system, highlighted -- and highlighted some of the key gaps. there's no evidence that any vote was changed. russia attempted to penetrate 21 states. we know they were successful in penetrating at least one voter database. department of homeland security and the f.b.i. alerted states to the threat. the warnings did not provide enough information or go to the right person in every case. alerts were actionable. they provided malicious internet

protocol i.p. address to i.t. professionals. but no clear reason for states to take this threat more seriously were given. russia was trying to undermine the confidence of our election system. we're here to express concerns, but also confidence in our state and local governments. now, i think what's important to understand is that tomorrow we will have an open hearing specifically on election security. and i'll be -- we'll be joined by four of our members who are taking the lead on the recommendations that we will post, i think they have -- maybe in the last five minutes gone out. but they will officially be public today. let me distinguish. we very much support state control of the election process. we think there are ways the federal government can support those states. but clearly we've got to get

some standards in place that assure every state that at the end of the day they can certify their vote totals. so i think what members will share with you today are the recommendations that we will come with. they're not recommendations that you should expect legislative action from our committee. we have no jurisdiction. it just happens to be part of the investigation. jurisdiction within the congress is probably the rules committee in the united states senate and we will work very closely on them sharing all the information that we possibly can so they can process our recommendations, add to it, delete from it. but also with the agencies that are most appropriate, to make sure they bring the resources and the partnerships to the states and localities and the individuals that are single most important to the election process. let me draw a few conclusions. we need to be more effective at deterring our adversaries. the federal government should partner with the states to truly secure their systems. that will also be in possible

grant funding. d.h.s. and f.b.i. have made great strides, but they must do more. d.h.s. offers a cybersecurity assistance but they heard they did not have the resources to fulfill all the requests. we will work with appropriators and authorizers to see if in fact we can't fill that gap. we need to take a hard look at the equipment that actually records and reports votes. we need to -- we all agree that all votes should have an auditable paper trail. and in 2016 five states used only electronic machines with no paper trails. nine used at least some of these

machines. we realize all of this security costs money. and we want to make sure that the federal government not only says we're a partner, that we are a partner. and i hope that will be expressed maybe as early as the omnibus spending bill. with that, let me turn to the vice chairman for any comments he might make. >> thank you. i think it's also an indication of who has better eye sight that you can read this and i have to read off of this. let me thank all of the members for being here. and the way this committee has performed to date and i think will continue to perform. you're going to hear from four members who have worked actively on this issue of election security. mr. warner: but i want to point out as well that senator rubio has some very important legislation with senator van hollen. that i think bears consideration as well. and i want to acknowledge senator klobuchar who has been active in the piece of legislation that we're working on. i think one of the consensus that we all came up with was we were all disappointed that states, the federal government, and the department of homeland security was not more on their game in advance of the 2016 elections. as the chairman's indicated, there were 21 states that were

-- attempted to be an intervention in. at least one state that was full hacking through the protections. and one of the most frustrating things were that in the aftermath of this information coming out, it took the department of homeland security nearly nine months to notify the top election officials that their states had -- systems had been messed with. i want to again thank the chairman and the whole committee. i think our hearing last june was an impetus to the department, to communicate better with the states. and the reason that somehow the top election officials didn't have appropriate security clearances, i don't believe in an era where we have to

communicate more quickly, more fullsomely, was an appropriate response. some of the legislation that's going to be proposed will help deal with that. the truth is in the ensuing months, i think d.h.s. has picked up its game. but there's still much more to do. as the chairman pointed out. there were still 40 states that were operating with election and equipment that was more than a decade old and much of that equipment had outdated software that you weren't even able to upgrade, even if you chose to. in 14 states used voting equipment that had no auditable paper trail. in the aftermath of our hearing, you i discovered that my state, will virginia, did not have a full system with every state having a paper trail. in having a paper trail. now, we had to act quickly because we had state elections last year. we had 23 jurisdictions where we had to change our machines.

it took a real scramble but that scramble was appropriate to try to give virginians the confidence that our systems were going to be secure in our state elections last year. the challenge and the problem at this point is that in 2016, it was the russians. and we've seen evidence of russian intervention in other election systems around the west. this is a tool now, the tool kit is available, it's available not only to russians but other potential adversaries as well. so the recommendations of this committee, and i look forward to joining the colleagues who have legislation and co-sponsorship of their efforts. it's terribly important. i think tomorrow's hearing is terribly important. even with the snow coming. we all ought to be there. because maintaining the integrity of our voting systems and, more importantly, the public's faith that their votes will be counted in a fair and accurate way is extraordinarily

critical. so with that let me turn it over to senator collins who will start to outline some of these recommendations. ms. collins: let me begin by commending the chairman and the vice chairman for leading a truly bipartisan investigation into interference in our elections. while our investigation is still ongoing, one conclusion is clear. the russians were relentless in attempting to meddle in the 2016 elections. and they will continue their efforts to undermine public confidence in western democracies and in the legitimacy of our elections. the leaders shift of the -- leadership in the intelligence community is unanimous in their assessment that the russians

continue to undertake sophisticated attacks to exacerbate the divisions in our country. in the 2016 election, the fact is that the russian scanned election-related systems of at least 21 states. we may never know the full extent of the russian malicious attacks. to counter this serious challenge, i want to briefly discuss some what have happened in 2016 and the need for better communication and intelligence sharing between the federal government and state governments. there were several problems with the approach taken in 2016, as the chairman and the vice chairman have outlined. although the f.b.i. sent out a warning to state officials, the alert was not clear in specifying that vulnerabilities

in state election systems were being exploited by a foreign adversary, nor did it specify just how serious the threat was. another problem was that state officials were deeply concerned that public warnings might promote the precise impression that they were trying to dispel, that their voting systems were insecure, thus helping the russians achieve their goal of undermining public confidence in the election results. yet in france and germany, we have seen that greater public disclosure has had beneficial effects. a third major problem was the lack of security clearances for top state election officials. as of june, 2017, nearly eight months after the 2016 elections,

not a single chief election official at the state level had received a security clearance. that is clearly unacceptable. and while d.h.s. recently sponsored a one-day classified briefing, it received decidedly mixed reviews from state election officials. we must assist states in hardening their defenses against foreign adversaries, including passing much-needed legislation, providing funding and authorizing appropriate security clearances to top election officials. we must also immediately ensure robust communication and information sharing in both directions, between the federal government and state election agencies on cybersecurity

threats. we are already in an election year. the need to act now is urgent. >> thank you, senator collins. i want to start as well by saying how proud i am of our entire committee and our leadership of chairman burr and vice chairman warner. how they've taken on this task of getting to the bottom of what happened with russia's influence and interference in 2016. mr. heinrich: i think we all recognize that our democracy fundamentally hinges on protecting americans' ability to fairly and accurately choose their own leaders. and until we set up stronger protections of our own election system and take the necessary steps to prevent future foreign intervention, our nation's democratic institutions will remain vulnerable to attack. i'd like to echo what senator collins just said about the importance of ensuring our state

election offices, that they are equipped to respond to these threats and keep our voting systems secure. i think all of us are in agreement in the importance of the leadership at the state level with regard to these elections. as we've been working to address election security, one of the things that i found particularly helpful is the consultation that i've had with new mexico's secretary of state, maggie. she runs our state elections but she's also been a national leader in securing local voting systems against cyberthreats. state election officials like her should have the security clearances and the support from federal agencies that they need so, that they can respond to these threats in realtime. not months later. the federal government also needs to work to attribute cyberattacks more quickly, and with more confidence. foreign adversaries and bad

actors engage in cyberattacks, precisely because they are easy to deny. and we cannot allow that deniability to shield those hostile actors from accountability. we have no doubt that russia and other foreign adversaries and malicious actors will continue to target our elections and try to undermine our democracy. we must be able to call them out, we must be able to make it clear that these actions are unacceptable. and finally, i believe that states should consider implementing more divide spread systemically sound audits of election results. americans need to be confident that their votes and only their votes are what counts in electing our public leaders. audits and risk limiting audits in particular go a long way to make sure that our voting systems are working as they should, that the integrity of our elections is protected, and risk-limiting audits also create public confidence in the vote. the very quality that hostile cyber actors like the russian state seek to undermine.

as we approach the midterm elections, and the next presidential election cycle, we need to act quickly to pass bipartisan, pragmatic recommendations into law, to protect the integrity of the entire voting process. with that, i'll wrap up my comments and turn it over to senator lankford. mr. lankford: i think what you'll hear from this group is a commitment to several key facts. one of them is there's no question the russians were trying to meddle in our elections. and there's also no question that states operate their own elections. this is not a federal responsibility, it requires a partnership between the states and the federal government to be able to get as much information as we possibly can. we've worked on legislation along with other members. to put together some basic recommendations. today and what tomorrow's hear

focus in on is getting as much of that information out as we to be articulate these issues because the last time it was the russians. it may not be the russians the next time. they've set a pattern others can follow. it could be the north koreans, the iranians, domestic group that uses that same playbook to try to seed chaos. it's protecting our elections period. and to try to be able to work through that process. as vulnerabilities have been identified, it's entirely reasonable to be able to close those vulnerabilities and work with states as they try to be able to determine what weaknesses they may have so they can have those addressed in the days ahead. >> i want to echo the comments of my colleagues, and in particular thank the chairman

and vice chairman for conducting this committee and its work in such a bipartisan way. i think that it's not only about bipartisanship. we all who have been working on this issue know that certain issues are nonpartisan and this is one of those. ms. harris: in terms of recommendations, one is outdated equipment. technology has changed the way the world works. it has upended standing business models a weekend need to be aware of the best practices and the best equipment that's available and we have found that many states have outdated equipment. so one of our recommendations is that we figure out how to audit and figure out which states are using what kind of equipment in a way that is helpful to them when they request that help. and doing what we can to give them the support and the funding that is necessary for them to update their equipment. but what we do know for sure is that we have to provide this kind of support to states, many of whom cannot afford to update their equipment. and update it in a way that we can assure that they have the ability to audit their elections when necessary and do that through paper trails. so that is one of the best practices that we are also

talking about. the other is bringing best practices in terms of making sure that voter registration websites and poll workers and all of the other folks who are negotiating the election process are doing it in way that they have all of the best practices that are available based on the research and the work that we have done. for example, we have talked about the need for a panel of leading experts to establish election cybersecurity guidelines and provide financial assistance to the states so that

they can implement these best practices. and i'll just close by saying that the urgency clear. the work that this committee has been doing is certainly looking at what happened in the past. but it is also about addressing the fact that currently we have an election upon us, states have already started voting. and the past tells us that the future will probably hold another set of threats, if we are not prepared to meet those threats. thank you. >> i thank my colleagues and i'll call them back to the podium to take some of your questions. let me remind you, this press conference and the report we will put out in the hearing is on election security. so i'd ask all of you to limit your questions to election security. we're not prepared to talk about any of the rest of the investigation. once again, reiterate the fact that we do have a schedule and that schedule's to close out those areas of the investigation that we feel we have exhausted both the staff and the members' needs. mr. burr: we've identified four of those areas and we should be about one month apart as we launch the next three. that's not concluding the entire investigation. but that's taking a lot off of

the deck and allowing our staff to finish interviews and to finish more importantly the investigation. but this is one that members have been hands-on and that's why they're taking the lead on this. so if i can i'd like to turn the podium back over to these four and let them take some questions. reporter: -- told your committees and other committees they have the tools to fight back against the interference in the elections. but that they have not been specifically asked to do so by trump. do you have -- what should president trump be doing and what kind of authority should he be giving these officials?

[laughter] >> i think there are a number of different committees on working on these issues. but there is an awareness and a bipartisan awareness that i think we need a more transparent cyber doctrine so other nation states are on notice and i think i'll just leave it there. reporter: you talked about trying to be assisting the states to make these changes. especially when it comes to replacing -- [inaudible] distribute number we're talking about right now in the omnibus is around $380 million. and i've heard people tell me that's not enough to do what these recommendations are i wonder if you could lay out where you think the next step is to go for actually finding the money and what the figure is it would take to do the things you're recommending be done. >> let me reiterate again. mr. lankford: elections are state responsibilities. most of the states in the united states have auditable election systems. the concern that we have is some states that have chosen not to have auditable election systems, to help incentivize them. it's not our desire to fully fund the elections within individual states. that is a state responsibility. if there are incentives we can put in place to help spur them, the people of those states going to their state leaders and saying, we want our election to be secure and to be able to take care of it in their own state.

that will be the primary piece. there's not enough funding that we could provide nor should provide to every county, every state in america to be able to oversee all their election equipment. some election equipment, as senator harris mentioned, is very old. but it's still very reliable. and very consistent. and fully auditable. just the age of equipment, just saying we want to update our stuff is not appropriate. we need to find the balance on what cannot be audited and help incentivize them to get it done. reporter: you said it's not about russia. it could be north korea, it hacktivists. do you think the white house gets that sense of urgency? mr. lankford: i do actually think. it's not about russia, it's not only about russia. clearly russia could come back and do this again. i do because the department of homeland security has stepped up significantly in the past year. working with states, trying to develop security clearances. helping them with critical audits.

>> at another question, were talking about election integrity here. can you comment on the idea the president called to congratulate putin on his election. you repeatedly stressed the urgent need to act here. given the midterms right around the corner, are the systems any safer now than they were in 2016? >> we are working on that. we just received an update from dhs and i and --

believe through this lasted they have increasingly prioritized this as an issue that requires are made in attention and action. we have witnessed and seen improvements and the resources they are putting in and the thought they are putting into what can be creative workarounds prevention and detection. a lot of the work has to be focused on these various pieces. it is not only about deterrence, that is what we are recommending that we put in equipment that will do for. it detection leads to another issue, if there are systems that have been hacked what can we do for resilience so we cannot attack that immediately, share and respond as quickly as possible and reduce or mitigate damage. a very important part of the work that is happening the courts of last year's recognize

that needs to be greater communication between the intelligence community and the state. so that is why you have seen a lot of focus on what we need to do to give clearances to state officials so they can have access to close abide information that will allow them they need to what do not only to set of systems to what they can do around best practices and best machinery. we are talking to them about the fact that it is probably best not to have the election system connected to the internet because that will create your own abilities. look at where we are in the share of our lord 2018, talking about paper ballots but that might be one of the star systems, going back to the day when we get up something tangible that we can hold on to because russia cannot hack a piece of april like they can i computer system connected to the internet.

of paper like they can i computer system connected to the internet. >> i think it is important to underscore that we have discovered no evidence that votes were changed in the last election. but, it is nevertheless troubling that the russians made the efforts to probe election systems. and, there are also in the beginning -- there were such mistrust between the states and dhs that information that should've been shared, that would have caused the states to act more aggressively, was not shared. i agree that has improved but i think we still have long ways to go. i do believe, however, there is far greater public awareness and awareness amongst state election officials about the need to be

alert to their vulnerabilities. to allow for cyber security hygiene scams of their equipment, and that guidelines need to be established and a common lexicon established as well so everybody knows what all parties are talking about. >> i want to add this is about maintaining confidence people have in their vote. , givenould be confident what we shared about 2016. the whole thing about what you're hearing repeatedly about a paper trail end audit is being able to match up your physical record with your electronic those, and as long as things can continue to match up then you can have every confidence that your vote is accurate. >> am going to bring things to a net. let miss a conclusion because i'll be raised a question about what else did happen.

if you have and 10, you have a threat. as i think senator lankford said, russia is not the only one that has the capabilities and probably not the only one that has intent. the russians had intent to cause chaos in the u.s. election system and then the capabilities to do it and it is all of the above. we work with states to try to implement. it is the ability for the federal government to look inside the cyber system and see what attacks take place. i would remind you, as conscious as they private sector as of cyber security, their companies in america, public and private, that are penetrated every day. so i don't know i can look at the election system and say anything different other than this is like a company with one mission. we're trying to get them focused on how they built around that one thing, which is the voting process.

there is a hearing tomorrow. rain or shine or snow. if you can make it in in the snow come i can assure you we won't make it in in the snow and will have a hearing. your snapper to need to hear from secretaries, the technical and topd other experts state officials. i'm not sure there is a platform we can present that would give you a more clear picture of whether our assessment is right and whether our recommendations are right than the hearing were going cap tomorrow. that hearing will be followed up ,t some point with the report first as a declassified overview and depending on how long it takes for me declassified, then we would make available an entire report with

whatever documentation we can provide. >> to quit points. i went to thank the members who spoke. they've been doing a lot of work. seven other members of the committee. i mentioned senator rubio as well. this is meant an all hands on deck effort. been an all hands on deck effort. next week, three panels on a hearing. i would echoes some of the earlier questions about security. i can tell you in my state, even though it was a scramble, to make sure every voting machine in the 2017 elections had that auditable paper trail lent a lot of that ability. we did not have the kind of content set have been raised, frankly, in the past. send the jump to everybody. some of these recommendations i

do hope will be turned into legislation and we do need to act on it with urgency. to a very much. -- thank you very much. announcer: you can hear more about election security later this morning when the senate intelligence committee holds a hearing with homeland security secretary kiersten nelson and former dhs secretary jeh johnson. --t is on c-span throughout .-span3 at 9:30 a.m. eastern you can also listen on the free c-span radio app. coming up on today's washington journal, talking about the government funding deadline this friday and what is in the 1.2 trillion dollar omnibus spending throughmaking its way

congress. then, republican representative chris stewart of utah and later democratic congressman ride chairman of california joins us to discuss the russian investigation and his thoughts on trumps russian national security team. ♪ this is the washington the 21st.r march the federal trade commission will investigate facebook over the harvesting of data by cambridge analytica. the social media's company deceiving over privacy protection. the required facebook to notify when their data was shared. president trump broke with advisers when he spoke to president putin buried not elected he congratulate him -- not only did he congratulate him on his