american history tv on c-span3. enjoy the rest of your weekend. [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] [captions copyright national cable satellite corp. 2018] ♪ >> here on c-span, newsmakers this next with vermont secretary of state jim condos talking about election security ahead of the 2018 midterm elections. that is followed by president trump and russian president vladimir putin holding a joint news conference after their summit in helsinki. later, the confirmation hearing for the nominee for the consumer financial protection bureau.

susan: on your screen is jim condos. he has been since 2011 vermont secretary of state and just recently in philadelphia was elected president of the national association of secretaries of state. he is here to talk with us about security going into the 2018 midterm elections. let me introduce our two reporters asking questions today. reid wilson for the hill coming back to "newsmakers." nice to see you. eric geller making his first appearance is politico cyber security reporter. as we get started on your , twitter feed is a statement your office released after the summit between mr. putin and president trump and some strong criticism of the president. some of what you said is his words make the secretaries of state job harder and the president has let the viper into the sandbox. can you tell us how the president's words in finland

makes your job harder? jim: first thing i would say is, as we all know, vladimir putin and russia are adversaries of the united states. there is no question that russia through their military and cyber security attacked our democracy and essentially we have attacks by soldiers, but this was an attack by cyber. frankly, it is really against everything we do as secretaries of state. we come from red states and blue states, but we are all concerned about the attacks that have occurred. reid: the vast majority of secretaries of state across the country are the chief election administrators in their state. how concerned are you about the possibility of more cyber

attacks ahead in the november midterm elections? jim: the briefings we have had and what has and reported is that the russians will attack us again. i don't see any reason why they wouldn't. we had secretary nielsen speak to us at a luncheon in philadelphia. she said the same thing. for us as secretaries of state across the country, we have been focused and working to overcome the issues around cyber security. keep in mind prior to august 2016, cyber security -- we were concerned about, but nothing like what happened after august of 2016. since that time i think all 50 states have been focused. eric: there are five states that completely use electronic voting machines that do not have a paper record.

those states have told us for a story we recently published that they are not going to be replacing those machines before the midterm elections. they don't have time, even with the federal money that they have. do you consider that a concern and what would you say to those secretaries in those states moving forward about getting rid of those machines? jim: let me be clear, i will be speaking not as a nas president but as a vermont secretary of state. in vermont, we believe that paper ballots are the correct way to go. we do a post-election audit immediately within 30 days of the general election. we will continue to work that way. i think that a best practice is to have some kind of paper trail, paper ballots or some other form of paper trail. jim: talk about the steps you have taken in vermont and other

states have taken. what can you do to secure your state? jim: let me start by saying we started in 2013. i asked my i.t. director how we were set up for cyber security. he said he thought we were in pretty good shape, but it would not hurt to have a separate set of eyes. we hired a state-approved vendor to do a complete vulnerability assessment on our physical, cyber risk assessment. as a result of that, we have been ramping up ever since. we have put in place -- as i said, we have paper ballots, post-election audits, back up our voter registration database on a daily basis, so even if we were hacked, we could go back 24 hours and reset it. we also have same-day voter registration which allows any voter that shows up at the polls

on election day to be able to vote. even if there was a problem, we would still get people to vote. on top of that, we have all the usual stuff. we have web application firewalls, a monitor to monitor all incoming traffic from the internet to our site, and it is a real-time monitor. the information goes back to the center for internet security and they can tell us within 15 minutes if we are under attack or not. we have shored up every one of our portals into our site. we are continuing to look at different things we can do. for instance, we are adding two factor authentication as we speak. we are just about to roll it out. it has been in testing in the last two weeks. it will be in place before our statewide primary on august 14. susan: has the system detected any attempts at hacking?

jim: we have not had any attempts. let's be honest, every website in the country is getting scanned every day. the question is, are you putting up enough defenses to defend against them? for instance, we received up to 2 million scans a day. we estimate that about 40% 800,000, are what we consider , unauthorized. we blacklist a lot of those so they can't get back through. there is a constant upgrade we have to do. remember, cyber security is a race without a finish line. we have to continuously evolve and try to stay ahead of the bad actors. what they tried yesterday, they will try a different way today and a different way tomorrow, so it is really incumbent on us to focus and stay vigilant on our systems.

i think most states are doing that now. reid: there is the secure elections act from james lankford and another senator that would institute information sharing, get security clearances for state officials, really try to streamline the process. i know the bill has been significantly changed in consultation with other secretaries. what is your position on the bill? jim: as i testified, i support the bill as is. whatever that means. i was a former legislator. i know it changes from day to day or could change from day to day but i support what we saw before. the only thing i would like to see is some kind of funding mechanism reinstated. they originally had money in there but pulled it out under received the omnibus bill. it was really left over money from 2002. i do support the bill. there are certain things in the bill that are good for all

states. we were asked by the committee to voice our support. it was myself, secretary simon from minnesota, and secretary ashcroft from missouri. the three of us were there. jim: congress has allocated $380 million to states around the country to upgrade voting systems. how are you spending that money in vermont? jim: we received our money already. we were in the first group that received its money. we received about $3 million. part of it is being spent right now on a new accessible voting system as we speak. again we are adding to our , portfolio. this will allow anybody with a physical impairment to help us meet the mandate of the ada and be compliant with it. we also are using it for the two factor authentication. we have done some penetration testing. we will continue to do ongoing penetration testing.

the most recent penetration test was completed at the end of april. we received our port in the beginning of june. it basically labeled us as one of the leaders in the country in this area of cyber security. they could not find any real problems with it. one of the main factors or main recommendations was to add two-factor authentication, which we were already in process. reid: is $380 million from congress enough to fix the problem? jim: no. to put it bluntly. let's keep in mind, back in 2002, when the act was passed, there was $3.9 billion. this $380 million is what was left that had not been appropriated. it had been approved in 2002, but not appropriated since then. we had asked our senators to

help us. i asked senator leahy, the number two on appropriations to help us get that money. if we were waiting for the secure elections act, that has not even passed yet. if we were waiting for that, the money would have been absolutely no good. many states are using this for cyber security issues. as far as equipment, i think the estimate is somewhere around $1.2 billion or $1.4 billion to replace all of the equipment in the country, but it is an ongoing battle. we will continually move forward. i think congress needs to come up with some kind of funding mechanism that is sustainable out not onceear , every 10 years. eric: the head of the cyber wing of dhs was at a washington post event and said if states ask for more money, they need to be clear what they're going to use

it for. they can't just ask for more money. they need to present us with an outline of how they plan to spend it. as a general rule, do think that is fair that state should come to washington and say this is how we plan to spend the money before they say give it to us? jim: as part of this money we just received, we had to file by earlier this week basically a narrative with a spreadsheet showing how we are going to spend the money we just received, so i have no issue with that. there are plenty of things we could do with the money. we do plan to put new machines in place -- our hope is before 2020. our original schedule was 2022, but once are received this $3 million, we decided we could move forward and step it up. keep in mind every state is , different. i think there is at least one state right now that has not received the ok from their legislature or governor's administration to accept that

money, so every state has different rules for excepting grants from the federal government, and the same goes for procurement. once you have written your rfp it can take up to three months , to get a contract in place, and maybe even longer. for any of these states that are not able to move forward on actual equipment, it does not surprise me because the procurement rules will be something that gets in the way. reid: before the 2016 elections, the obama administration proposed making election infrastructure -- critical national infrastructure, involving the feds in what had been entirely state-run election systems. there was a lot of pushback from secretaries of state across the country. democrats and republicans alike. i wonder if you could describe

those tensions. why wouldn't people want election infrastructure to be monitored by the feds? does that tension still exist? jim: well, let me be clear. i was one of those pushing back in august of 2016 when it was first brought to our attention. part of the reason is we were not told what a critical -- -- we kept asking what is critical infrastructure? what does that designation mean? we were not getting satisfactory answers. again, you said it red states , and blue states. this was not a partisan issue. we were absolutely struggling to understand what it was that it was going to mean to us. it did seem to us that they were looking to take over our elections, which have been for a long time considered a state function. i am of the camp that we should have some national standards on things. that is why i have been a supporter of the election assistance commission.

to me, it is unconscionable that it does not have a quorum. it is unconscionable that the eac has beenhe reduced. i think that is one area we could do better on, that congress could do better on, that the president has to do better on. eric: i'm curious if you would like to speak to the question of whether the white house should be coordinating strategy. obviously dhs has and working closely with you another states. when i talk to people at dhs and the state level, they say they we are not seeing white house leadership on the issue. do you think that needs to also be there or is it sufficient to have these folks at dhs? jim: all these federal agencies report to the president. yes, i do think the president and the administration have to take a leadership role in this. in all the discussions we have

had with dhs and the fbi over the last two years, one of the things that has become clear to us is we have all these agencies, the intelligence communities that are united unanimous that the russians , attacked us, that the russians will attack us again. we have to be able to work together. unfortunately the person at the top has not been supportive and has sent mixed messages, and that makes it difficult on us as secretaries. susan: this week, democratic and republican members of the house sent a letter to the president suggesting the creation of an election securities coordinator, or in washington parlance, a tsar who would bring together all the stakeholders in this. do you see that as a viable proposition? jim: this is the first i have heard of it.

no, i cannot answer the question. we have the eac in place. we ought to utilize their services. they have in the past done testing, approvals, and certifications of voting equipment. you know, again, they need a quorum and need funding to do their job letter, but we have the mechanism in place. we have the structure in place. we ought to utilize what we have instead of creating something different. however, i don't know how they were talking about this elections tsar. i want to say -- department of homeland security, we had a difficult time in the beginning. communications were not great. but in the last year or so, you will find most of the secretaries will save the communication level has improved and increased. we are now on the same page. we have a governing council for the election infrastructure. that governing council oversees

the policies basically we are going to follow. i on that committee. am we have elections information infrastructure committee as well, which is separate. sub to the governing council. so we have the frameworks in place. we just need to work together. department of homeland security has been very supportive in providing resources to us. one of the things that vermont has been doing since the fall of 2016 is a weekly cyber hygiene scan where they take a look at us every week and provider -- provide us a report to see what they find. they have other resources as well, penetration testing, vulnerability assessments, and there are many other projects they can do for us as well. they are providing these at no cost to the states. i think it is something that gets lost in the discussion.

today, i would say the elections community is in far better shape than it was in 2016. susan: we have six minutes left. eric: there are a couple of elements to any secretary of state's job. the voter registration side of things. the voter tabulation side where you are counting the votes in deciding who won. as i understand it it is the , voter registration side that has been vulnerable to these attacks and scans from russia and other outside actors. how concerned are you that those scan attacks might impact the voter tabulation side? can someone go in and change the numbers in an election? jim: as far as votes, you mean? reid: yeah. jim: i don't think they can get in and change the votes themselves. in fact in 2016, the report was , that not one vote was changed,

kelly agreed with that. we did not find any state that had a disagreement. i think one of the fallacies -- it literally took several months before dhs had understood that none of our election equipment, our voting equipment, is actually attached to the internet. they are not connected by the internet, wi-fi, hardwired. they are not connected. they are separate, standalone units. that is what makes our systems what i think much more secure because they are decentralized. however, we have our election management systems, and that is where we usually find the voter database, the registration database, election night reporting and other things. so those are the areas that we really need to shore up. as i said, we think we have done that already in vermont. i believe my colleagues across the country have been working to do that.

when we were told in august of 2016 that there were 21 states that had been attacked, there was only one state that had actually been breached. to this day, the report this past week was saying there was one state that had been breached. i think what gets lost is the media has been very clear about focusing on that one state. but what i think it's lost is the other 20 states actually fended off the attacks. that's what we hope everybody is doing. fending off these attacks is a constant battle, it's ever-changing, every evolving, and we will continue to be focused on it. reid: you're saying the election night reporting might be vulnerable to an attack, so the numbers that come in on election night might not be the actual numbers that you then report on a secure system that is not attached to the internet?

jim: well, let me be clear. election night reporting, i believe in every state -- i can't say that for sure -- but i know in vermont and every other state i know of that has election night reporting, the website actually says if you go to the website, it will say these are unofficial numbers, unofficial results. in vermont, for instance, we do not certify the election and -- until seven days after the election has occurred, and that is when we actually do that. so the election night reporting site is not interactive with the vote counting site. they are separate sites and they have a separate portal. eric: what about the companies that make voting machines and election management systems? they are making products for critical infrastructure, not unlike companies that make power plant controllers. it is considered critical infrastructure now. do you think those companies

should be regulated more tightly the way other companies making critical infrastructure are regulated for you have to have an independent testing or certifications question now right now the eac has a certification system, but it is voluntary for states to adopt. their vendors can sell products that don't meet those standards. would you like to see those vendors regulated more closely? jim: i think there ought to be a little more regulation of it. i don't know to what level. i will tell you in vermont, the statutes give me the power, but we have rulemaking and our rules state we will use a uniform machine, a tabulator throughout the state. we now have strict guidelines for how that machine, how that tabulator is chosen. one of them is that it these certified. i get to review the certification. my i.t. team gets to review that certification before we make a choice.

we will be making a choice probably in the next year for a new system. two things i can guarantee you. one, it will be a certified machine. two, it will be able to accept paper ballots, and we will have some kind of a paper ballot system. susan: we have one minute. either of you have a final question? reid: a few years ago before the russians got involved, the trend was angling somewhere towards internet voting. there are some states that deal with internet voting for the -- for people who live overseas and in the military. does this impact they move towards internet voting? do you want to see internet voting in the future if it can be totally secured? jim: well, i will never say never. frankly, i don't think it will be in my lifetime. i think that internet voting -- i know a lot of millennials and young adults would love to be

able to vote on their telephone, cell phones, but that one not going to happen in the near future. i think there are ways it can be done. one way that is being tested right now, piloted in west virginia, is using block chain for overseas and military votes. there are also ways we are looking at a secure web portal that you have to have passwords, gets password-protected, to get into to process your votes. we do send ballots overseas by email. we will pdf a ballot across the oceans to make sure we get there as quickly as we can. keep in mind, the vermont law, and i think many of the states have a law that requires the ballots be received by the close of business on election night, so for vermont, 7:00 p.m. on election night. if someone calls us on a friday

before the election, the chances of them being able to get a valid -- ballot back to us from overseas are pretty slim. however, if we can find a way to do that, we would be open to reviewing it. again security will be of the , utmost importance. i think we will continue to look at that. we have, in vermont -- well, first let me say, the federal law says we must provide -- be able to provide ballots to our overseas and military voters 45 days prior to the election. in vermont in 2009, we extended our early vote period for all vermonters to 45 days. we believe offering that is of the utmost importance and convenience for our voters. we have to find a way to be able to get those ballots back.

we have looked at ways. one way we are looking at is a voting system where people come the acceptable voting system we are looking at right now is really called a ballot marking device. it can take an actual ballot and mark it. when someone votes on a screen, on a tablet, they can actually look at the ballot and see it is exactly what they wanted. susan: that is it for our time. secretary condos, thank you for being our guest. jim condos, the brand-new president of the national association of secretaries of state. we appreciate you being with us on "newsmakers." jim: thank you very much. susan: there is a testy debate about election funding on thursday of this week. we want to bring our viewers up-to-date on where this idea of more funds going to states for election security.

reid: this is something states have been working on for quite a while. asking for funding to update ballot systems, ballot boxes, the actual machines on which we vote. this was a debate we were having overhanging cha -- over hanging chads in the 2000 election, and it has not gotten much better sense. the machines the states bought after the 2000 elections, we are still using them today. technology evolves and things like that, so congress is still debating whether we will be funding these states and their efforts to upgrade their equipment. we have seen states taking advantage of this $380 million. secretary condos mention that. the secretary state of maine just got his yesterday or wednesday or thursday of this week. here we are 112 days from election day and they are only now getting this money. that tells me that these systems are not going to be completely upgraded by election day. susan: eric geller, what does

this bipartisan senate bill you referenced in this discussion do other than funding? eric: it sets up a grant program, but the funding mechanism would have to be dealt with separately. it mostly focuses on profits, so it doesn't have regulation, as i was asking the secretary about. it doesn't tell them that they paperless systems. it focuses on making the secretary feel that the federal government is listening to them. ramets up again a grant or that they can apply for. clearancess security . it's really focused on making sure that the federal government is saying that here you to the states because for a long time they felt like washington was listening. is your beach. everyone is thinking about russian interference right now, broader threat

facing the american election decides corruption -- the russians? >> guest: -- our power grid is very vulnerable. adversaries right now are seeking to find ways into power grid equipment. if you can take down the lights in the city while they are voting, you have disrupted the election without touching the voting genes. we were talking about critical infrastructure before. the vulnerability of critical infrastructure around the election process, folks need to think a lot more about that. certainly here in washington, d.c., i don't know what would happen if the lights went off in terms of how the election would proceed. a lot of people would be panicked and that is ultimately the question, how can you scare the most people? disrupting the election by all means necessary. host: we heard a bit of good news bad news. the dhs is working with the states.

how much would you assess in your reporting about the concerns going into this, how much progress we have made? >> progress have been -- has been slow. but the progress is happening especially at the margins. some of the older machines are being replaced in a lot of states. states are sort of on notice that this no paper trail approach is really not going to be acceptable or sustainable in the long run. i think we face a fascinating juxtaposition. first of all, we're are the only western democracy in the world that doesn't have a centralized election hub. it's not just that we have 51 different jurisdictions operating elections. the state ofhat, wisconsin has hundreds of administrators responsible for all of this. there is a strength and a weakness in that. all of those disparate symptoms -- systems mean that someone who

is trying to hack in doesn't have one place, they have got to ,e present in 3000 places especially when the machines are not connected to the internet. the weakness is you don't have the same standard's state-by-state. you don't have training budgets. you don't have a lot of infrastructure for cyber security. one of the things that eric mentioned was this notion of people getting top-secret clearances. people in the secretary of state office getting top-secret clearances at the federal level, they have never had to do that before. it's a fascinating juxtaposition between the uniqueness of our system, the strength that it brings in diffusing power and the weakness that that sort of inherently provides the system. host: thank you very much. please come back again. nice to see you again. [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] [captions copyright national cable satellite corp. 2018]

>> tonight on "q&a," grace can and more nikki discusses her memoir, daughter of the cold war. >> i met vladimir putin in 1991 in st. petersburg. he was the deputy mayor and i was running my business consultant firm. i had a client that wanted something to do with the port at st. petersburg. i had a meeting with the real mayor. he was called away and they substituted the deputy mayor, vladimir putin. i was annoyed that i wasn't meeting with the mayor. i knew that vladimir putin had been kgb and i was sort of negative about it all. he came in and he was equally negative. he didn't want to meet with some american woman who claimed to run a business. i think he was very suspicious of women. he had no gallantry. and's -- theld coldest eyes i have ever seen. very egg, blue cold eyes.

il i can think of was -- wonder what would happen if you was interrogating me. >> tonight at 8 p.m. eastern on "q&a." >> finale national park and preserve is home to the highest peak in north america.

>> the c-span bus recently made the long journey to juneau, alaska. this weekend on c-span on book tv and american history tv, we will feature our stops across alaska, showing you the state's natural beauty, delving into its unique history and literary culture. >> this past week the u.s. and russia held formal talks in finland that included a one-on-one meeting between president trump and russian president vladimir.