announcer: as part of our alaska weekend coverage, michael doyle talks about federal proposals to change hunting regulations in alaska. amy carter on climate change and how it is affecting alaska and other parts of the united states. be sure to watch c-span's washington journal saturday morning. join the discussion. coming up tonight, "newsmakers" is next with jim condos. , a look at telecommunications and health care innovation in alaska.

later, former president barack obama talks about democratic principles, while honoring the life and legacy of nelson mandela in south africa. susan: jim condos is here to talk about security in the 2018 elections. that means reduce the two reporters. reid wilson for the hill coming back to "newsmakers." making his first appearance as politico cyber security reporter. on your twitter feed is a statement your office released after the summit between mr. putin and president trump come and some strong criticism of the president.

some of what you said is his words make the secretaries of state job harder and the president has left the viper into the sandbox. can you tell us how the president's words in finland makes your job harder? is, first thing i would say as we all know, vladimir putin and russia are adversaries of the united states. russias no question that through their military and cyber security attack our democracy , we have a tax by soldiers, but this was an attack by cyber. , it is really against everything we do as secretaries of state. we come from red states and blue states, but we are all concerned about the attacks that have occurred.

reid: the vast majority of secretaries of state are the chief administrators in their state. how concerned are you about the possibility of more cyber attacks ahead in the november midterm elections? jim: the briefings we have had and what has and reported is that the russians will attack us again. i don't see any reason why they wouldn't. we had secretary nielsen speak to us in philadelphia. she said the same thing. as secretaries of state across the country, we have been issues to overcome the around cyber security. top in mind that prior august 2016, cyber security, we were concerned about, but nothing like what happened after

august 2016. since that time come all 50 states have been focused. there are five states that use of electronic voting machines that do not have a paper record. those states told us they are not going to be replacing those machines before the midterm elections. they don't have time, even with the federal money they have. what would you say to the secretaries in those states moving forward about getting rid of those machines? jim: let me be clear, i will be speaking as a vermont secretary of state. believe thate paper ballots are the correct way to go. we do a post-election audit within 30 days of the general election. we will continue to work that way. a best practice is to have some kind of paper trail, paper ballots or some other form of paper trail. about the steps you

have taken in vermont and other's dates have taken. reid: what are the best practices to respond to cyber attacks going forward as secretary of state? jim: let me start by saying we started in 2013. i asked my i.t. director how we were set up for cyber security. he said he thought we were in pretty good shape, but it would not hurt to have a separate set of eyes. we hired a state-approved vendor to do a complete vulnerability ,ssessment on our physical cyber risk assessment. as a result of that, we have been ramping up ever since. said, we have paper ballots, post-election audits, back up our voter registration database on a daily basis, so

even if we were hacked, we could go back 24 hours and reset it. we also have same-day voter registration which allows any voter to be able to vote on election day. even if there was a problem, we would still get people to vote. on top of that, we have all the usual stuff, web application to monitora monitor all incoming traffic from the internet to our site, and it is a real-time monitor, the information goes back to the center for internet security and they can tell us within 15 minutes if we are under attack or not. we have shored up every one of .ur portals into our site we are continuing to look at different things we can do. , we are adding two factor authentication as we speak.

we are just about to roll it out. it will be in place before our statewide primary on august 14. susan: has the system detected any attempt at hacking? we have not had any attempts. let's be honest, every website in the country is getting scanned every day. the question is are you putting up enough defenses to defend against them. received up toe 2 million scans a day. 40%, 800,000, are what we consider unauthorized. we blacklist those so they can't get back through. there is a constant upgrade we have to do. cyber security is a race without a finish line. we have to continuously evolve and try to stay ahead of the bad actors.

what they tried yesterday, they will try a different way today and a different way tomorrow, so it is incumbent on us to focus and stay vigilant on our systems. i think most estates are doing that now. reid: there is the secure elections act from james lankford and another senator that would institute information sharing, get security clearances for state officials, really streamline the process. has been bill significantly changed in consultation with other secretaries. what is your position on the bill? jim: as i testified, i support the bill as is. i was a former legislator. i know it changes from day to day, but i support what we saw before. the only thing i would like to s some kind of

funding mechanism reinstated or they pulled it out when we receive the omnibus bill. -- when they pulled it. committeeked by the to voice our support. it was myself, secretary simon for minnesota, and secretary ashcroft from missouri. the three of us were there. has allocated $380 million to upgrade voting system. -- systems. reid: how are you spending that money in vermont? jim: we received the money already. we received about $3 million. part of it is being spent right now on a new, accessible voting system as we speak. we are adding to our portfolio. this will allow anybody with a physical impairment to help us

meet the mandate of the ada and be compliant with it. we are using it for the two factor authentication. done some penetration testing. we will continue to do penetration testing. recent penetration test was completed at the end of april. we received the report in the beginning of june. it basically labeled us as one of the leaders in the country in this area of cyber security. they could not find any real problems with it. or mainhe main factors recommendations was to add two factor authentication, which we were already in process. reid: is $380 million from congress and of to fix the problem? jim: no. to put it bluntly. keep in mind that in 2002, when passed, $3.9

billion. this $380 million is what was left that had not been appropriated. it had been approved in 2002, but not appropriated since then. we ask our senators to help us. i asked senator leahy to do what he could to help us get that money. if we were waiting for the hasre elections act, that not even passed yet. if we were waiting for that, the money would have been absolutely no good. many states are using this for cyber security issues. think theequipment, i estimate is $1.4 billion to replace all of the equipment in the country, but it is an ongoing battle. we will continually move forward. i think congress needs to come up with some type of funding mechanism that is sustainable year income year out, not once

every 10 years. eric: the head of the cyber wing of dhs was at a washington post event and said if states ask for more money they need to be clear what they're going to use it for. they need to present us with an outline of how they plan to spend it. as a general rule, do think that is fair that state should come to washington and say this is how we plan to spend the money before they say give it to us? jim: as part of this money we just received, we had to file by earlier this week basically a narrative with a spreadsheet showing how we are going to spend the money we just received, so i have no issue with that. there are plenty of things we could do with the money. we do plan to put new machines 2020.ace before our original schedule was 2022, but once are received this $3

million, we decided we could move ford and step it up. every state is different. there is one state right now that has not received the ok from their legislature or governor's administration to accept that money, so every state has different rules for excepting grants from the federal government, and the same goes for the cure meant. procurement. it can take up to three months to get a contract in place, and maybe longer. for any of these states that are not able to move forward on actual equipment, it does not surprise me because the procurement rules will be something that gets in the way. before the 2016 elections, the obama administration proposed making election infrastructure critical

national infrastructure, involving the feds in what had been entirely state-run election systems. there was a lot of pushback from secretaries of state across the country. i wonder if you could describe those tensions. does that tension still exist? jim: well, let me be clear. those pushing back in august of 2016 when it was first brought to our attention. part of the reason is we were not told -- we kept asking what is critical infrastructure? does that designation mean? and we were not getting satisfactory answers. red states and blue states. this was not a partisan issue. we were absolutely struggling to understand what it was that it was going to mean to us. it did seem to me that they were

looking to take over our elections, which have been for a long time considered a state function. i am of the camp that we should have some national standards on things. that is why i have been a supporter of the election assistance commission. unconscionable that .he funding has been reduced i think that is one area we could do better on, that congress could do better on, that the president has to do better on. i'm curious if you would like to speak to the question of whether the white house should be coordinating strategy. when i talk to people at dhs and the state level, they say they we are not seeing white house leadership on the issue. does that need to be here, or is it sufficient to have these folks at dhs? jim: all these federal agencies

report to the president. and the president administration have to take a leadership role in this. we havehe discussions had with dhs and the fbi over of thet two years, one things that has become clear to us is we have all these agencies, the intelligence communities, united, unanimous that the russians attacked us, that the russians will attack us again. we have to be able to work together. unfortunately the person at the top has not been supportive and has sent mixed messages, and that makes it difficult on us as secretaries. democratic andk, republican members of the house at the letter to the president suggesting the creation of an election securities coordinator, or in washington parlance, as

tsar who would bring together all the stakeholders in this. do you see that as a viable proposition? jim: this is the first i have heard of it. i cannot answer the question. we ought to utilize the services of these agencies. they have in the past done testing, approvals, certifications of voting equipment. need aw, again, they quorum and need of funding to do their job letter, but we have the mechanism in place. havedit utilize what we instead of creating something different. however, i don't know how they were talking about this tsar.ions i dhs had a difficult time in the beginning. communications were not great. you willst year or so,

find most of the secretaries will save the communication level has improved and increased. we are now on the same page. we have a governing council for the election infrastructure. that governing council oversees the policies we are going to follow. i on that committee. information,ions infrastructure committee as well, which is separate. so we have the frameworks in place. we just need to work together. dhs has been supportive in providing resources to us. one of the things that vermont has been doing since the fall of 2016 is a weekly cyber hygiene scan where they take a look at us every week and provider report to see what they find. they have other resources as ,ell, penetration testing

vulnerability assessments, and many other projects as well. they are providing these at no cost to the states. it is lost in the discussion, say they, i would elections community is in far better shape than it was in 2016. susan: we have six minutes left. couple of elements, the voter registration side of things. reid: then the voter tabulation side, where you are counting the votes in deciding who won. the voter registration side that has been vulnerable to these attacks and scans from russia and outside actors. how concerned are you that those scans, attacks might impact the voter tabulation side. can someone go in and change the numbers in an election? jim: as far as votes, you mean?

reid: yeah. get i don't think they can in and change the votes themselves. in 2016, the report was that not one vote was changed, and we did not find any state that had a disagreement. fallacies --f the it literally took several months before dhs had understood that our election equipment, voting equipment, is actually attached to the internet. they are not connected by the internet, wi-fi, hardwired. they are not connected. they are separate, standalone units. that is what makes our systems what i think much more secure because they are decentralized. however, we have our election management systems, and that is where we find the registration database, election night reporting, and other things.

so those are the areas that we really need to shore up. we have done think that already in vermont. i believe my colleagues across the country have been working to do that. told in august 20 16 that there were 21 states that had been attacked, there was only one state that had actually been breached. , the report's this past week were saying it was one state that had been breached. is the what gets lost media has been very clear about focusing on that one state. what i think gets lost is those other 20 states fended off the attacks. that's what we hope everybody is doing. anding off these attacks is constant battle, ever-changing, every evolving, and we will continue to be focused on it. you're saying the election

night reporting might be vulnerable to an attack, so the numbers that come in on election night might not be the actual numbers that you didn't report on a secure system that is not attached to the internet? well, let me be clear, election night reporting, i believe in every state -- i can't say that for sure -- but in vermont and every other state i know of that has election night reporting, the website actually says if you go to the website, it will say these are unofficial numbers, unofficial results. we domont, for instance, not certify the election and tell seven days after the election has occurred, and that is when we actually do that. so the election night reporting site is not interactive with the vote counting site. they are separate sites and they have a separate portal. companies about the

that make voting machines and election management systems? they are making products for critical infrastructure, not unlike power plant controllers. it is considered critical infrastructure. do you think those companies should be regulated more tightly the way other companies making critical infrastructure are regulated, independent testing, certifications? there is a certification system, but it is voluntary for states to adopt. their vendors can sell products that don't meet those standards. would you like to see those vendors regulated more closely? jim: i think there ought to be more regulation. i don't know to what level. in for my, the statutes give me the power, but we have rulemaking, and our rules state we will use a uniform machine, tabulator, throughout the state. we now have strict guidelines for how that machine, that have, is chosen, and one of them is

that it these certified. i get to review the certification. to review thatts certification before we make a choice. we will be making a choice probably in the next year for a new system. two things i can guarantee you. one, it will be a certified machine. two, it will be able to accept paper ballots, and we will have some kind of paper ballot system. susan: we have one minute. either of you have a final question? reid: a few years ago before the russians got involved, the trend was england somewhere towards internet voting. there are some states that deal with internet voting for the military and people overseas. do you want to see internet voting in the future if it can be totally secured? -- i will never

say never. frankly, i don't think it will be in my lifetime. i think that internet voting -- i know a lot of millennials and young adults would love to be able to vote on their telephone, cell phones, but that one not happen in the near future. i think there are ways it can be done. one way that is being tested right now, piloted in west virginia, is using block chain for overseas and military votes. there are also ways we are looking at, a secure web portal that you have to have passwords, password-protected, to get into to process your votes. we do send ballots overseas by email. we will pdf a ballot across the oceans to make sure we get there as quickly as we can. keep in mind, the vermont law,

and many states, have a law that requires the ballots be received by the close of business on election night, so for vermont, 7:00 p.m. on election night. if someone calls us on a friday before the election, the chances of them to get a ballot back to us from overseas are pretty slim. a way toif we can find tothat, we would be open reviewing it, but security will be of the utmost importance. i think we will continue to look at that. we have, in vermont, well, first let me say, the federal law says we must provide, be able to tovide balance to -- ballots our overseas and military voters 45 days prior to the election. 2009, we extended our early vote period to all

vermonters to 45 days. ofbelieve offering that is the utmost importance and convenience for our voters. to be ablefind a way to get those ballots back. we have looked at ways. one way we are looking at is a comeg system where people the acceptable voting system we are looking at right now is really called a ballot marking device. it can take an actual ballot and market. when someone votes on a screen, on a tablet, they can actually see it ise ballot and exactly what they wanted. susan: that is it for our time. , thank you fors being our guest. jim condos, the brand-new president of the national association of secretaries of state. we appreciate you being with us on "newsmakers." jim: thank you very much. susan: there is a debate about

election funding on thursday. we want to bring our viewers up-to-date on where this idea of more funds going to states for election security -- stateshis is something have been working on, asking for funding to update ballot systems , ballot boxes, the actual machines on which we vote. this was a debate we were having in the 2000 election, and it has not gotten much better sense. the machines the states bought after the 2000 elections, we are still using them today. technology evolves and things like that, so congress is still debating whether we will be funding the states and their efforts to upgrade their equipment. we have seen states taking advantage of this $380 million. secretary condos mention that. the secretary state of maine just got his yesterday or .ednesday this week

here we are 112 days from election day and they are only now getting this money. that tells me that these systems will not be completely upgraded by election day. , what does geller this bipartisan senate bill you reference to other than funding? eric: the funding mechanism would be set up separately, but it mostly focuses on kind of process, so does not have regulation, as i was asking the secretary about four voting vendors. it does not tell them they have to stop using paperless systems. it focuses on making governments feel like the federal government is listening to them. it sets up a grant program they can apply for. it expects security clearances. it's really focused on making sure that the federal government is saying, "we hear you" to

states. because they have for a long time felt like washington wasn't. >> everyone is focused on russian interference, but what does the broader threat? eric: there are a lot of ways you can disrupt an election without attacking the voting machines. adversaries right now seeking to find ways into the tower grid equipment. if you can take down the lights in a city while they are voting, you have disrupted the election, even if you have not touched voting machines. the vulnerability of critical infrastructure that is kind of around the election process but is not part of it directly, folks need to think more about and what measures are in place. in washington, d.c., i vote. i don't know what would happen if the lights went off in terms of how the election would proceed. ultimately, that is the question -- how can you scare the most people, disrupting the election

by all means necessary? >> we heard a bit of good news/bad news. the dhs is working better with the states, but five states have not filled out the paper trail for their ballots. have we made? ss aftergress has been slow the 2015 election, but it is happening, especially at the of the oldersome machines are being replaced and a lot of states, and states now are sort of unnoticed with this no paper trail approach, that it will not be acceptable or sustainable in the long run. we face this fascinating juxtaposition of couple of ways. first of all, we are the only western democracy in the world that does not have a centralized election held. it's not just that we have 51 different areas, jurisdictions operating the elections in 50 states and d.c., even beyond that, the state of wisconsin has

literally hundreds of election administrators responsible for all of that. thoseength is that disparate systems mean someone trying to hack it does not have one place to go back in and change the numbers. they got to be present in 3000 places, especially when these machines are not connected to the internet. weakness is you do not have the same standards state-by-state. you don't have training budgets. have a lot of infrastructure for cyber security. one of the things eric mentioned was this notion of people getting top-secret clearances, people in the secretary of state's office getting top-secret clearances at the federal level. they've never had to do that before. how do they do it? who gets it? all these rules have to be written. it's a fascinating juxtaposition on the strength that our system brings in the diffusion of power but the weakness and herons -- the weakness inherent in the system. >> thanks for being here.

nice to see you. >> c-span, where history unfolds daily. in 1979, c-span was created as a public service by america's cable television companies. today, we continue to bring you unfiltered coverage of congress. the white house, the supreme court, and public policy events in washington, d.c., and around the country. c-span is brought to you by your cable or satellite provider. here on c-span, "the communicators" is next with a look at telecommunication and health care innovation in the state of alaska. that's followed by former president barack obama speaking in africa about the life and legacy of nelson mandela. later, the national governors associio