community witnessed this first hand in recent years with a debilitating effects of the wannacry ransomwareack, which spread around the world to the point of seriously affecting emergency care in the united kingdom and then if you look at russia's malware, which is the administration called the most destructive and costly cyber attack to date which crippled ukraine for affecting governments and business on a worldwide basis, and aside from ransomware and malware attacks, we also see different kinds of light activity through the cyber domain. adversaries are conducting persuasive influence efforts that seek to sow division and undermine the democratic values. these form directed efforts manifest themselves in different ways, but the goal is the same. let me give you a couple examples. we continue to see fake online personas created for use on prominent social media platforms to amplify hot button social and political issues. this is often conducted in a coordinated effort using inflammatory rhetoric or to the seeding of this information. the rhetoric might include provocative descriptions of

as we have seen in recent year, cyber attacks, such as wanna cry ransomware, can have significant adverse economic impacts and bring the private sector and government services to a standstill. and since the average response time to detect a cyber attack is measured in months, not minutes or hours, we must improve our abilities to detect and respond to malicious cyber activity. this year, three important cyber strategies were released by the white house, the department of defense and the department of homeland security. these strategies all recognize the importance of a whole of government approach to addressing the challenges posed by securing our nation in cyber space. they will be an important step in building a cohesive u.s. cyber enterprise. and while this hearing today isn't solely about election security, it affords us the timely opportunity to hear about the significant inter-agency efforts recently aimed at ensuring the security of our 2018 midterm elections. protecting the elections required a broad approach, led by the department of homeland security, that included contributions

we continue to see ransomware. .ood practices we will stop hammering the basics when we all get the basics right. what can industry do? industry, recognizing this is a shared responsibility and everybody has a role in this fight, has stepped up over the last couple of months in terms of offering services, free services, to state and local election officials and campaigns. credit should go to industry on this. thing we have to do going forward is make sure we are offering these services in a rationalized manner, something election officials in the run-up to an election can get a good idea of the service i can compare and contrast across services in a way that does not overwhelm them as they approach election day. last, what can the voting public do? when you go home tonight, check your voter registration. check to make sure you know where you are registered to vote so when november 6 rolls around, you know exactly where you are going. know what identification requirements may be. be prepared. the last thing, know your rights. every state does vote provisional ballots a little different. whe

when we have the notion of attacking a community's water system or power system or massively using ransomware to hold hospitals hostage, we have to have enough international norms to say we will have lower rules of attribution but be willing to strike back against those nations in a way to make sure that there is some doctrine of deterrence. and we all need to be thinking through that in a way at a much higher level of what a cyber doctrine would look like going forward, in a world where, frankly, our technological advantages in many ways makes us more vulnerable. shutting down moscow with no power for 24 hours would be problematic. shutting down new york for 24 hours with no power with all of our financial systems connected could be a disaster. and we need that movement in cyber. but we also need to make a movement in the space around social media. now, we have celebrated the enormous growth and positive movements that have taken place with our amazons and googles and facebooks and twitters. but i really think for too long, and frankly people of both political parties and the business press,

i'm thinking of responses to domestic cyber activity like the ransomware attack on atlanta or nsa knowledge about hackers that attacked sony pictures. i guess i want to be clear. are dod elements looping in dhs to ensure cyber security equities are considered before or after the fact? >> as we are going to pathfinder etc., we are very cognizant of the laws. that is why we go through dhs. as it stands, we followed to the letter of the law, and that is much of the discussion you here -- hear between the elements as we go forward. we get requests for support from dhs. and then we turn it over to lawyers on both sides of the street to make sure we are following. any belief that someone is going direct to the department of defense is not what is happening. we work through dhs on all support. >> just to add to that. dhs has domestic protection mission. dod is supporting dhs in form of defense support and civil authorities. we are working closely with dhs. dhs comes to us with needs beyond their capability sets. if we were to employ them, it would be through dhs authorities. >> i appreciate that c

maybe not at the command level and i'm thinking of responses to domestic cyber activity like the ransomware attack on the city of atlanta or nsa's knowledge about hackers that attack sony pictures and are dod elements looping to dhs to ensure civilian cybersecurity equities are considered before or after the fact? >> so i will tell you sir, we are cognizant of all of the laws and we go through dhs as it stands right now, we follow it to the letter of the law and that's much of the discussion that you hear between the two elements as we go forward. we get requests for support from dhs and then we turn it over to lawyers on both sides of the street to make sure that we're following the piece, but any belief that somebody is going direct to the department of defense is not what's happening. we work through d hshg s hs thr of our support. >> dhs has the domestic protection mission and dod is supporting and the civil authorities through dhs' authorities and we're working very closely with dhs and if they've got needs that are beyond what they have with the capability and if we were to employ the

i'm thinking of responses to domestic cyber activity, like the ransomware attack on the city of atlanta or nsa's knowledge about hackers that attacked sony pictures. i guess i want to be real clear. our dod elements looping in dhs to ensure civilian cybersecurity equities are considered before or after the fact? >> i will tell you we are cognizant of all of the laws, we are very cognizant -- that's what why you hear. >> translator: we go to dhs. as it stands right now we follow to the letter of the law and that's much of the discussion you between the two elements as we go forward. we get requests for support from dhs and then we turn over to lawyers on both sides of the strait to make sure we are following the piece, but any belief that somebody is going direct to the department of defense is not what's happening. we work through dhs on all of our support. >> just to add to that, dhs has the domestic protection mission. dod is supporting dhs in the form of defense support to civil authorities to dhs' authorities. so again when working very close with dhs. dhs comes to us if it got need

each has experienced their fair share of ransomware, website defacement by terror groups, and even a voter registration database breach. today's event would not have been possible without the partner ship with the governor's persuasion. the convening and intellectual firepower brought to us by the university of southern california. i'll introduce our panelists and kick off what will be a lively and informative discussion. first, welcome to maggie bruener at the governor's association where she leads their cyber security work. >> thank you, meg, and thank you to the wilson center for putting on this great panel. i want to thank usc for their continued partnership. cyber security is an issue of utmost importance of the state level and to our nation's governors. that's why we're committed to raising the importance of this issue and do it in a participate fashion. we put together the resource center on state cyber security, and that is chaired by two governors, governor snyder, and governor edwards, we're grateful to them for bringing representatives here today. we have working with indi