[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]


       THE ROAD TO 2020: DEFENDING AGAINST ELECTION INTERFERENCE

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                     CYBERSECURITY, INFRASTRUCTURE
                       PROTECTION, AND INNOVATION

                                 OF THE

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           NOVEMBER 19, 2019

                               __________

                           Serial No. 116-51

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT] 
                                     

        Available via the World Wide Web: http://www.govinfo.gov

                               __________
                               
 
                    U.S. GOVERNMENT PUBLISHING OFFICE                    
40-467 PDF                  WASHINGTON : 2020                     
          
--------------------------------------------------------------------------------------                              
                               

                     COMMITTEE ON HOMELAND SECURITY

               Bennie G. Thompson, Mississippi, Chairman
Sheila Jackson Lee, Texas            Mike Rogers, Alabama
James R. Langevin, Rhode Island      Peter T. King, New York
Cedric L. Richmond, Louisiana        Michael T. McCaul, Texas
Donald M. Payne, Jr., New Jersey     John Katko, New York
Kathleen M. Rice, New York           Mark Walker, North Carolina
J. Luis Correa, California           Clay Higgins, Louisiana
Xochitl Torres Small, New Mexico     Debbie Lesko, Arizona
Max Rose, New York                   Mark Green, Tennessee
Lauren Underwood, Illinois           Van Taylor, Texas
Elissa Slotkin, Michigan             John Joyce, Pennsylvania
Emanuel Cleaver, Missouri            Dan Crenshaw, Texas
Al Green, Texas                      Michael Guest, Mississippi
Yvette D. Clarke, New York           Dan Bishop, North Carolina
Dina Titus, Nevada
Bonnie Watson Coleman, New Jersey
Nanette Diaz Barragan, California
Val Butler Demings, Florida
                       Hope Goins, Staff Director
                 Chris Vieson, Minority Staff Director
                                 ------                                

     SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND 
                               INNOVATION

                Cedric L. Richmond, Louisiana, Chairman
Sheila Jackson Lee, Texas            John Katko, New York, Ranking 
James R. Langevin, Rhode Island          Member
Kathleen M. Rice, New York           Mark Walker, North Carolina
Lauren Underwood, Illinois           Van Taylor, Texas
Elissa Slotkin, Michigan             John Joyce, Pennsylvania
Bennie G. Thompson, Mississippi (ex  Mike Rogers, Alabama (ex officio)
    officio)
               Moira Bergin, Subcommittee Staff Director
           Sarah Moxley, Minority Subcommittee Staff Director
                            
                            
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Cedric L. Richmond, a Representative in Congress 
  From the State of Louisiana, and Chairman, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Innovation:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable John Katko, a Representative in Congress From the 
  State of New York, and Ranking Member, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Innovation:
  Oral Statement.................................................     4
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security:
  Oral Statement.................................................     6
  Prepared Statement.............................................     7
The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas:
  Prepared Statement.............................................     7

                               Witnesses

Mr. Francis X. Taylor, General, U.S. Air Force, Retired, Former 
  Under Secretary for Intelligence and Analysis, U.S. Department 
  of Homeland Security, Board Member, U.S. Cyberdome:
  Oral Statement.................................................    10
  Prepared Statement.............................................    12
Mr. Richard Stengel, Former Under Secretary of State for Public 
  Diplomacy and Public Affairs, U.S. State Department:
  Oral Statement.................................................    14
  Prepared Statement.............................................    16
Mr. Matt Blaze, Ph.D., Mc Devitt Chair of Computer Science and 
  Law, Georgetown University:
  Oral Statement.................................................    18
  Prepared Statement.............................................    20
Ms. Ginny Badanes, Director, Strategic Projects, Defending 
  Democracy Program, Microsoft:
  Oral Statement.................................................    30
  Prepared Statement.............................................    31

                                Appendix

Questions From Chairman Cedric L. Richmond for Francis X. Taylor.    59
Questions From Chairman Cedric L. Richmond for Richard Stengel...    60
Questions From Chairman Cedric L. Richmond for Matt Blaze........    61
Questions From Chairman Cedric L. Richmond for Ginny Badanes.....    61

 
       THE ROAD TO 2020: DEFENDING AGAINST ELECTION INTERFERENCE

                              ----------                              


                       Tuesday, November 19, 2019

             U.S. House of Representatives,
                    Committee on Homeland Security,
                            Subcommittee on Cybersecurity, 
                                 Infrastructure Protection,
                                            and Innovation,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:14 p.m., in 
room 310, Cannon House Office Building, Hon. Cedric L. Richmond 
(Chairman of the subcommittee) presiding.
    Present: Representatives Richmond, Rice, Slotkin, Thompson; 
Katko, Walker, Taylor, and Joyce.
    Mr. Richmond. The Committee on Cybersecurity, 
Infrastructure Protection, and Innovation will come to order. 
The subcommittee is meeting today to receive testimony on 
election security in a hearing titled, ``The Road to 2020: 
Defending Against Election Interference.''
    Good afternoon. I want to welcome the witnesses to today's 
hearing on how we can secure the 2020 election against outside 
interference. Today we will take a broad look at election 
security issues, including efforts from the private sector to 
protect election infrastructure and political campaigns against 
malicious actors.
    This threat is real, and it is personal. Yesterday it was 
reported that my State of Louisiana was the victim of a 
ransomware attack. The attack happened while the Secretary of 
State was awaiting certification of the recent election. While 
State officials activated the State's cybersecurity team in 
response to the attack, this incident highlights the exact 
scenario this committee is trying to prevent in the 2020 
election.
    It is an undisputable fact that in 2016 the Russian 
Government carried out a concerted, sophisticated operation to 
meddle in our Presidential election. The Kremlin leveraged 
sophisticated cyber capabilities to target our election 
infrastructure and amplify divisive, and at times, false 
rhetoric in an unprecedented way to sow discord, undermine the 
public's faith in democratic institutions, and ultimately 
damage the global leadership of the United States.
    The Russian government's covert and malicious foreign 
interference campaign attacked every aspect of our elections. 
It involved engaging in conversations with personnel from a 
U.S. Presidential campaign, hacking a National political 
committee, conducting a phishing attack against a campaign 
chairman, targeting voter registration databases and other 
election infrastructure, and mobilizing bots and fake on-line 
personas to carry out influence operations.
    Today 2 other nation-state actors, China and Iran, are 
following suit, weaponizing new technologies to disrupt our 
democracy, distort the daily news, and compromise our election 
security.
    As we move into the heart of the 2020 election cycle, we 
must set aside party politics and work together to improve 
election security and preserve the integrity of our democracy. 
To that end, I urge the White House to accept the intelligence 
community's unanimous conclusions about 2016 meddling, refrain 
from engaging in conspiracy theories ahead of the 2020 
elections and show some needed leadership on election security. 
Failing to do so will further erode public confidence in our 
election process, and advance Vladimir Putin's goal of 
undermining the U.S.-led liberal democratic order.
    For its part, Senate leadership must pass House-passed 
measures that would make election infrastructure more secure, 
and it should match the House's commitment to funding election 
security grants. Security vulnerabilities and an outdated, 
unsupported election infrastructure could jeopardize the 
accuracy of voter registration databases, or even the tally of 
votes cast. That is simply unacceptable. Voters deserve to know 
that they will be able to vote when they show up, and that 
their vote will be counted accurately.
    To guard against covert, malicious, foreign influence 
campaigns, owners and operators of on-line platforms must 
understand and be candid with the public about how our 
adversaries use their platforms. Also, we need to educate the 
public so that they are informed and have the opportunity to 
distinguish between facts and disinformation. And our party 
organizations and campaigns must take cybersecurity seriously, 
monitor for disinformation, and refuse to take advantage of 
malicious disinformation circulated about their opponents.
    Party and campaign organizations have tremendous power to 
counter efforts by foreign adversaries, simply by rejecting 
opportunities to take the cheap shots based on fake news. 
Together, those truly interested in defending our elections 
from foreign adversaries can make a real difference.
    For example, despite a lack of leadership from the White 
House, the Department of Homeland Security is building 
relationships and providing a full suite of election security 
services to State and local election officials.
    In addition, the Office of the Director of National 
Intelligence, Federal Bureau of Investigation, National 
Security Agency, and U.S. Cyber Command have teams to 
coordinate and integrate election security threat information.
    The private sector is also stepping up. Cybersecurity 
researchers at non-profit and for-profit organizations are 
providing cybersecurity services to campaigns and election 
officials. I commend these efforts.
    I look forward to hearing more from our distinguished panel 
on their efforts and yield back the balance of my time.
    [The statement of Chairman Richmond follows:]
                Statement of Chairman Cedric L. Richmond
    Today, we will take a broad look at election security issues, 
including efforts from the private sector to protect election 
infrastructure and political campaigns against malicious actors. It is 
an undisputable fact that, in 2016, the Russian government carried out 
a concerted, sophisticated operation to meddle in our Presidential 
election. The Kremlin leveraged sophisticated cyber capabilities to 
target our election infrastructure and amplify divisive--and at times 
false--rhetoric in an unprecedented way to sow discord, undermine the 
public's faith in democratic institutions, and ultimately damage the 
global leadership of the United States. The Russian government's covert 
malicious foreign interference campaign attacked every aspect of our 
elections.
    It involved engaging in conversations with personnel from a U.S. 
Presidential campaign, hacking a National political committee, 
conducting a phishing attack against a campaign Chairman, targeting 
voter registration databases and other election infrastructure, and 
mobilizing bots and fake on-line personas to carry out influence 
operations. Today, 2 other nation-state actors, China and Iran, are 
following suit--weaponizing new technologies to disrupt our democracy, 
distort the daily news, and compromise our election security. As we 
move into the heart of the 2020 election cycle, we must set aside party 
politics and work together to improve election security and preserve 
the integrity of our democracy.
    To that end, I urge the White House to accept the intelligence 
community's unanimous conclusions about 2016 meddling, refrain from 
engaging in conspiracy theories ahead of the 2020 elections, and show 
some needed leadership on election security. Failing to do so will 
further erode public confidence in our election process and advance 
Vladimir Putin's goal of undermining the U.S.-led liberal democratic 
order. For its part, Senate leadership must pass House-passed measures 
that would make election infrastructure more secure, and it should 
match the House's commitment to funding election security grants. 
Security vulnerabilities in outdated, unsupported election 
infrastructure could jeopardize the accuracy of voter registration 
databases or even the tally of votes cast. That is simply unacceptable.
    Voters deserve to know that they will be able to vote when they 
show up, and that their vote will be counted accurately. To guard 
against covert malicious foreign influence campaigns, owners and 
operators of on-line platforms must understand and be candid with the 
public about how our adversaries use their platforms. Also, we need to 
educate the public so that they are informed and have the opportunity 
to distinguish between facts and disinformation. And our party 
organizations and campaigns must take cybersecurity seriously, monitor 
for disinformation, and refuse to take advantage of malicious 
disinformation circulated about their opponents. Party and campaign 
organizations have tremendous power to counter efforts by foreign 
adversaries simply by rejecting opportunities to take the cheap shots 
based on fake news.
    Together, those truly interested in defending our elections from 
foreign adversaries can make real progress. For example, despite a lack 
of leadership from the White House, the Department of Homeland Security 
is building relationships and providing a full suite of election 
security services to State and local election officials. In addition, 
Office of the Director of National Intelligence, Federal Bureau of 
Investigation, National Security Agency, and U.S. Cyber Command have 
teams to coordinate and integrate election security threat information. 
The private sector is also stepping up. Cybersecurity researchers at 
non-profit and for-profit organizations are providing cybersecurity 
services to campaigns and election officials. I commend these efforts. 
I look forward to hearing more from our distinguished panel on their 
efforts.

    Mr. Richmond. With that I now recognize the Ranking Member 
of the subcommittee, the gentleman from New York, Mr. Katko, 
for an opening statement.
    Mr. Katko. Thank you, Mr. Chairman. Thank you all for being 
here this afternoon on this very, very important topic.
    Securing our elections remains one of the most pressing 
issues our country faces today. Secure voting systems and the 
accurate reporting of votes is foundational to our democracy. 
Americans should have full confidence in every aspect of our 
election process.
    Unfortunately, our election systems have become the 
principal target of several adversaries. Disinformation 
campaigns engineered by Russia have sown political discord 
within our election process. Social media has become a haven 
for false information regarding Election Day procedures and 
misinformation of candidates. Disinformation campaigns serve to 
confuse voters and undermine their confidence in the electoral 
process.
    While foreign influence has had a measured effect on our 
discourse, election results have, fortunately, remained 
untouched. The success of the 2018 midterms demonstrated the 
progress that the Federal Government and our State and local 
partners have made together. I want to applaud election 
security efforts led by CISA and the partnerships with State 
and local governments that have resulted in a marked 
improvement of information sharing and cohesion.
    Additionally, growing participation within the election 
infrastructure ISAC by local election officials has provided 
thousands of election offices with the cyber resources they 
need to maintain the reliability of their election 
infrastructure. Paper trails for voting systems are now in use 
in all but a few States, providing voters with a tangible, 
incorruptible record of their vote.
    The continued development of auditing techniques confirms 
voting results where voter tallies may be called into question. 
These software independent techniques have become invaluable to 
protecting our election systems from cyber attacks. Software 
independence of our election infrastructure is absolutely 
essential for the integrity of our election systems.
    This progress does not mean our election systems are 
secure. In my district we have seen multiple ransomware attacks 
affecting critical functions of the Syracuse City School 
District, for example, and the Onondaga County Library system. 
One can only imagine the effect of a similar targeted 
ransomware campaign aimed at voter registration databases 
before an election. Such an attack would hijack our election 
process and undermine all voter confidence in election results.
    Furthermore, we must continue to develop our relationships 
with State and local partners to ensure Federal cybersecurity 
resources are being utilized. While participation in the 
alleged election infrastructure ISAC has improved since the 
2016 elections, thousands of local election offices remain 
independent. Local election offices are not equipped to handle 
the cyber threats to their election infrastructure alone. It is 
imperative that the Federal Government makes available its 
cybersecurity resources to every local election office.
    Election security has a history of bipartisan cooperation 
and support. Ensuring that our election process is 
uncompromised must remain a top priority for both sides of the 
aisle. I am confident that we can take the necessary and 
reasonable steps to continue to improve the integrity of our 
election systems.
    I thank the witnesses for providing the committee with 
their testimony and look forward to hearing their ideas on how 
we can further improve the security of our election systems.
    General Taylor, I must say it is nice to see you again, 
sir.
    I want to thank all of you, and Chairman Richmond, and 
everyone here today for calling this important hearing. I yield 
back the balance my time.
    [The statement of Ranking Member Katko follows:]
                 Statement of Ranking Member John Katko
                             Nov. 19, 2019
    Thank you, Mr. Chairman.
    Securing our elections remains one of the most pressing issues our 
country faces. Secure voting systems and the accurate reporting of 
votes is foundational to our democracy. Americans should have full 
confidence in every aspect of our election process.
    Unfortunately, our election systems have also become the principal 
target of several adversaries.
    Disinformation campaigns engineered by Russia have sown political 
discord within our election process. Social media has become a haven 
for false information regarding election day procedures and 
misinformation of candidates. Disinformation campaigns serve to confuse 
voters and undermine their confidence in the electoral process.
    While foreign influence has had a measured effect on our discourse, 
election results have fortunately remained untouched. The success of 
the 2018 midterms demonstrated the progress that the Federal Government 
and our State and local partners have made. I want to applaud election 
security efforts led by CISA and their partnerships with State and 
local governments that have resulted in a marked improvement of 
information sharing and cohesion. Additionally, growing participation 
within the Election Infrastructure ISAC by local election officials has 
provided thousands of election offices with the cyber resources they 
need to maintain the reliability of their election infrastructure.
    Paper trails for voting systems are now in use in all but a few 
States, providing voters with an incorruptible record of their vote. 
The continued development of auditing techniques confirms voting 
results where voter tallies may be called into question. These software 
independent techniques have become invaluable to protecting our 
election systems from cyber attacks. Software independence of our 
election infrastructure is essential for the integrity of our election 
systems.
    This progress does not mean our election systems are secure. In my 
district, we have seen multiple ransomware attacks affecting critical 
functions of the Syracuse City School District and Onondaga County 
Library System. One can imagine the effect of a similar targeted 
ransomware campaign aimed at voter registration database systems before 
an election. Such an attack would hijack our election process and 
undermine all voter confidence in election results.
    Furthermore, we must continue to develop our relationships with 
State and local election partners to ensure Federal cybersecurity 
resources are being utilized. While participation in the Election 
Infrastructure ISAC has improved since the 2016 elections, thousands of 
local election offices remain independent. Local election offices are 
not equipped to handle the cyber threats to their election 
infrastructure alone. It is imperative the Federal Government makes 
available its cybersecurity resources to every local election office.
    Election security has a history of bipartisan cooperation and 
support. Ensuring that our election process is uncompromised must 
remain a top priority for both sides of the aisle. I am confident that 
we can take the necessary reasonable steps to continually improve our 
election systems.
    I thank the witnesses for providing the committee with their 
testimony and I look forward to hearing their ideas on how we can 
further improve the security of our election systems.
    I want to thank Chairman Richmond for calling this important 
hearing and I yield back.

    Mr. Thompson [presiding]. Thank you very much. The Chair 
recognizes himself for 5 minutes for an opening statement.
    Good afternoon to our panel of witnesses. Thank you very 
much for being here.
    Since 2016 officials throughout the intelligence community 
have described in disturbing detail the many ways the Russian 
government sought to meddle in our elections. For the 3 years 
that followed, heads of the Department of Homeland Security, 
the Federal Bureau of Investigation, the Central Intelligence 
Agency, and the National Security Agency, among others, have 
warned that the Russian government will continue its efforts to 
sow discord and undermine confidence in our democracy.
    More disturbing yet, Russia is not alone. According to the 
2019 World-wide Threat Assessment, other adversaries, including 
China and Iran, will pursue opportunities to interfere in our 
elections. The intelligence community assesses that adversaries 
could exploit cyber means to target election infrastructure or 
engage in targeted influence campaigns to manipulate public 
opinion.
    We also know that our adversaries will target political 
campaigns because they have done so in the past. Adversaries 
have hardly kept their desire to undermine the integrity of our 
elections a secret.
    As Members of Congress, we have a duty to act. Today we are 
less than 1 year away from the 2020 Presidential election. The 
question everyone on this dais must ask themselves, is have we 
done enough to secure the 2020 elections from our adversaries?
    Despite multiple efforts led by the House of 
Representatives, Congress has yet to send a single piece of 
comprehensive election security legislation to the President's 
desk. Instead, good pieces of legislation to provide additional 
resources to State and local elections officials and limit 
foreign interference have stalled in the Senate.
    Moreover, despite multiple requests, the White House has 
failed to identify an official to coordinate the election 
security activities at various Federal agencies. In the mean 
time, with just a handful of legislative days left this year, 
and only a limited amount of time for legislative action next 
year, I will be interested to learn from our witnesses how they 
recommend Congress use that time to improve election security 
in advance of the 2020 elections.
    Importantly, I am interested to know how academics and 
private sector can work with State and local election officials 
and campaigns to improve election security in the absence of 
Congressional action. The election security problems we face 
are shared, and we have a shared responsibility to solve them.
    State and local election authorities, with help from the 
Federal Government, must invest in IT departments, train their 
employees, and upgrade and certify their election equipment.
    The private sector, including voting system vendors, must 
take responsibility to secure their equipment, make it user-
friendly, and demonstrate a willingness to admit weakness in 
their systems when examined by third-party cyber professionals.
    Political campaigns must step up, too. They must implement 
robust cybersecurity policies to deprive our adversaries of 
information that can be twisted into a divisive narrative and 
serve as an extra check on disinformation.
    Finally, the American public must also be vigilant and 
scrutinize the information presented to them carefully.
    Before I close, I would also like to note that November is 
Critical Infrastructure Security and Resilience Month. I can 
think of no better way to observe it than to assess our 
preparedness for the 2020 Presidential elections.
    I also thank Chairman Richmond for his steadfast leadership 
on election security, and I look forward to the hearing and 
witnesses' testimony today.
    [The statement of Chairman Thompson follows:]
                Statement of Chairman Bennie G. Thompson
                           November 19, 2019
    I'd like to thank Chairman Richmond for calling today's hearing on 
election security. Since 2016, officials throughout the intelligence 
community have described in disturbing detail the many ways the Russian 
government sought to meddle in our elections. For the 3 years that 
followed, heads of the Department of Homeland Security, the Federal 
Bureau of Investigation, the Central Intelligence Agency, and the 
National Security Agency, among others, have warned that the Russian 
government will continue its efforts to sow discord and undermine 
confidence in our democracy. More disturbing yet, Russia is not alone. 
According to the 2019 Worldwide Threat Assessment, other adversaries, 
including China and Iran, will pursue opportunities to interfere in our 
elections. The intelligence community assesses that adversaries could 
exploit cyber means to target election infrastructure or engage in 
targeted influence campaigns to manipulate public opinion. We also know 
that our adversaries will target political campaigns because they have 
done so in the past. Our adversaries have hardly kept their desire to 
undermine the integrity of our elections a secret. As Members of 
Congress, we have a duty to act.
    Today, we are less than 1 year away from the 2020 Presidential 
election. The question everyone on this dais must ask themselves is: 
``Have we done enough to secure the 2020 elections from our 
adversaries?'' Despite multiple efforts led by the House of 
Representatives, Congress has yet to send a single piece of 
comprehensive election security legislation to the President's desk. 
Instead, good pieces of legislation to provide additional resources to 
State and local election officials and limit foreign interference have 
stalled in the Senate. Moreover, despite multiple requests, the White 
House has failed to identify an official to coordinate the election 
security activities at various Federal agencies. In the mean time, we 
have just a handful of legislative days left this year, and only a 
limited amount of time for legislative action next year. I will be 
interested to learn from our witnesses how they recommend Congress use 
that time to improve election security in advance of the 2020 
elections.
    Importantly, I will be interested to know how academics and the 
private sector can work with State and local elections officials and 
campaigns to improve election security in the absence of Congressional 
action. The election security problems we face are shared, and we have 
a shared responsibility to solve them. State and local election 
authorities--with help from the Federal Government--must invest in IT 
departments, train their employees, and upgrade and certify their 
election equipment. The private sector, including voting system 
vendors, must take responsibility to secure their equipment, make it 
user-friendly, and demonstrate a willingness to admit weaknesses in 
their systems when examined by third-party cybersecurity professionals. 
Political campaigns must step up, too. They must implement robust 
cybersecurity policies to deprive our adversaries of information that 
can be twisted into a divisive narrative and serve as an extra check on 
disinformation.
    Finally, the American public must also be vigilant, and scrutinize 
the information presented to them carefully. Before I close, I would 
also like to note that November is Critical Infrastructure Security and 
Resilience Month. I can think of no better way to observe it than to 
assess our preparedness for the 2020 Presidential elections.

    Chairman Thompson. Other Members of the subcommittee are 
reminded that, under committee rules, opening statements will 
be submitted for the record.
    [The statement of Honorable Jackson Lee follows:]
               Statement of Honorable Sheila Jackson Lee
    Chairman Richmond and Ranking Member Katko, thank you for convening 
today's hearing on ``The Road to 2020: Defending Against Election 
Interference.''
    I thank today's witnesses:
Panel I
    General Frank Taylor (Ret.-U.S. Air Force), former under secretary 
for intelligence and analysis, U.S. Department of Homeland Security; 
executive director (pro tempore), US CyberDome;
    The Hon. Richard Stengel, former under secretary for public 
diplomacy and public affairs, U.S. State Department;
    Dr. Matt Blaze, McDevitt chair of computer science and law, 
Georgetown University; and
    Ms. Ginny Badanes, director, Strategic Projects, Defending 
Democracy Program, Microsoft (Minority Witness).

    I thank each of today's witnesses for bringing their expert view on 
state of election security as the 2020 elections approach.
    The efforts to ensure that every eligible person can register to 
vote, and cast a vote in a public election have spanned generations.
    I have been persistent in my efforts to protect the rights of 
disenfranchised communities in my district of inner-city Houston and 
across the Nation.
    Throughout my tenure in Congress, I have cosponsored dozens of 
bills, amendments, and resolutions seeking to improve voters' rights at 
all stages and levels of the election process.
    This includes legislation aimed at:
    1. Increasing voter outreach and turnout;
    2. Ensuring both early and same-day registration;
    3. Standardizing physical and language accessibility at polling 
        places;
    4. Expanding early voting periods;
    5. Decreasing voter wait times;
    6. Guaranteeing absentee ballots, especially for displaced 
        citizens;
    7. Modernizing voting technologies and strengthening our voter 
        record systems;
    8. Establishing the Federal Election Day as a National holiday; and
    9. Condemning and criminalizing deceptive practices, voter 
        intimidation, and other suppression tactics;
    Along with many of my colleagues in the CBC, I was an original 
cosponsor of H.R. 9, the Fannie Lou Hamer, Rosa Parks, and Coretta 
Scott King Voting Rights Act Reauthorization and Amendments Act, which 
became public law on July 27, 2006.
    I also authored H.R. 745 in the 110th Congress, which added the 
legendary Barbara Jordan to the list of civil rights trailblazers whose 
names honor the Voting Rights Act Reauthorization and Amendments Act.
    This bill strengthened the original Voting Rights Act by replacing 
Federal voting examiners with Federal voting observers--a significant 
distinction that made it easier to safeguard against racially-biased 
voter suppression tactics.
    In the 114th Congress, I introduced H.R. 75, the Coretta Scott King 
Mid-Decade Redistricting Prohibition Act of 2015, which would prohibit 
States whose Congressional districts have been redistricted after a 
decennial census from redrawing their district lines until the next 
census.
    The voting rights struggles of the 20th Century are now joined by 
voting rights threats posed by the 21st Century.
    Russia an adversary of the United States engaged in repeated 
attempts to interfere in the 2016 Presidential election, which prompted 
an unprecedented all-of-Government effort to alert local and State 
election administrators to be aware of the threat.
    Russia targeted our Presidential election according to the report, 
``Background to Assessing Russian Activities and Intentions in Recent 
U.S. Elections: The Analytic Process and Cyber Incident Attribution,'' 
provided by the Office of the Director of National Intelligence's 
National Intelligence Council.
    Russia used every cyber espionage tool available to influence the 
outcome of the Presidential election by using a multifaceted campaign 
that included theft of data; strategically-timed release of stolen 
information; production of fake news; and manipulation of facts to 
avoid blame.
    The Russian General Staff Main Intelligence Directorate (GRU) is 
suspected by our intelligence agencies of having begun cyber operations 
targeting the United States election as early as March 2016.
    They took on the persona of ``Guccifer 2.0,'' ``DCLeaks.com,'' and 
Wikileaks as the identities that would be reported as having 
involvement in the work they had under taken to undermine our Nation's 
Presidential election.
    Russia is blamed for breaching 21 local and State election systems, 
which they studied extensively.
    In February 2018, special counsel Robert Mueller released 
indictments of 13 Russians, at least one of whom has direct ties to 
Russian President Vladimir Putin.
    The 37-page indictment details the actions taken to interfere with 
the U.S. political system, including the 2016 US. Presidential 
election.
    Among the charges, which include charges for obstruction of 
justice, are several especially notable details.
    The indictment states that 13 defendants posed as U.S. persons and 
created false U.S. personas and operated social media pages and groups 
designed to attract U.S. audiences.
    The Russians are not deterred by these indictments and are poised 
to interfere in the 2020 election.
    Russian interference in the 2016 election was a ``calculated and 
brazen assault'' on our democracy.
    In September 2019, Acting Director of National Intelligence Joseph 
Maguire told Congress that ``the greatest challenge that we do have is 
to make sure that we maintain the integrity of our election system.
    ``We know right now that there are foreign powers, not just Russia, 
that are trying to get us to question the validity on whether or not . 
. . our elections are valid.''
    Last month, a senior CISA official renewed the agency's warnings 
about threats to the 2020 elections.
    Unfortunately, these warnings are being met with no response from 
current President and those who support him.
    The current matter under consideration by the House Intelligence 
Committee alleges that the current President sought the assistance of a 
foreign leader to meddle in the 2020 election.
    The committee must prepare the Nation to address the pending Russia 
threat to our Nation's election system, while also preparing to defend 
against threats to our election system posed by other nations.
    The United States has enemies in other corners of the globe who 
would not hesitate to attack our election system if given the chance.
    These foreign adversaries do not share our commitment to democracy, 
liberty, and human rights, or the precious freedoms we hold dear.
    On January 6, 2017, Homeland Security Secretary Johnson, as one of 
his last official acts under the Obama administration, designated 
election systems as critical infrastructure, and created a new 
subsector under the existing Government Facilities Sector designation.
    On January 29, 2019, the director of national intelligence 
testified before the Senate Select Committee on Intelligence that our 
adversaries ``probably already are looking to the 2020 U.S. elections 
as an opportunity to advance their interests.
    The House Committee on Homeland Security has the responsibility of 
providing for the cybersecurity of Federal civilian agencies as well as 
the security of the Nation's 16 critical infrastructure sectors from 
cyber and other threats.
    The Election Infrastructure Subsector covers a wide range of 
physical and electronic assets such as storage facilities, polling 
places, and centralized vote tabulation locations used to support the 
election process, and information and communications technology to 
include voter registration databases, voting machines, and other 
systems to manage the election process and report and display results 
on behalf of State and local governments.
    The work to secure our Nation's election system from cyber threats 
is on-going, which is why this hearing is relevant.
    The U.S. Department of Homeland Security's (DHS) mission in 
cybersecurity and infrastructure protection is focused on enhancing 
greater collaboration on cybersecurity across the 16 critical 
infrastructure sectors and the sharing of cyber threat information 
between the private sector and Federal, State, and local partners.
    This committee will work hand-and-glove with the House Judiciary 
and House Administration Committees as well as the Senate Committees to 
ensure that the tools applied to the current threat to our elections is 
effectively and adequately addressed.
    We know the threats that computing devices and systems face, which 
are almost too numerous to count:
   Internet of things-enabled devices;
   Ransom-ware;
   Mal-ware;
   Denial of Service Attacks;
   Distributed-Denial-of-Service Attacks;
   Pharming;
   Phishing;
   Data Theft;
   Data Breaches;
   SQL Injection;
   Man-in-the-middle attack.
    This hyper cyber-threat environment poses risks to election systems 
because of the nature of Federal elections.
    Elections are date- and time-sensitive, which means any disruption 
or interruption can have catastrophic implications.
    During the 2016 election we learned of new threats from cyber space 
that go far beyond any that would have been considered in previous 
elections.
    This Congress is poised to do the hard work of delving into the 
issue of Russian involvement in our National election and providing 
solutions.
    The work today must focus on election recovery should a serious 
cyber incident occur during an election.
    Vulnerabilities of computing systems are not limited to intentional 
attacks, but can include acts of nature, human error, or technology 
failing to perform as intended.
    I am particularly concerned that so many jurisdictions rely on 
electronic poll books, to check-in voters before issuing them ballots, 
with no paper backups.
    Finally, the use of untrustworthy paperless electronic voting 
machines without enough paper ballot options will come to an end when 
H.R. 1 becomes law.
    The right and better approach to election cybersecurity is to be 
prepared and not need options for voters to cast ballots should voting 
systems fail, rather than being unprepared and needing options for 
voters to cast ballots during an election that are not available.
    We must be steadfast in our resolve to have a strong shield to 
defend civilian and critical infrastructure networks for all threats 
foreign and domestic.
    I look forward to the testimony of today's witnesses.
    Thank you.

    Chairman Thompson. I welcome our panel of witnesses. First, 
I am pleased to welcome back General Frank Taylor, United 
States Air Force, retired. He is a former under secretary for 
intelligence and analysis, and--at the Department of Homeland 
Security, and a board member of the U.S. CyberDome, a non-
profit organization which provides cybersecurity at no cost to 
political parties, elected officials, and candidates across 
party lines.
    Next, we have Mr. Richard Stengel. He is a former under 
secretary of state for public diplomacy and public affairs, 
where he created and oversaw the Global Engagement Center.
    Next, we have Dr. Matt Blaze. He holds the McDevitt chair 
of computer science and law at Georgetown University. He 
works--his work focuses on technology, encryption, and, most 
importantly, election security.
    Finally, we have this Ms. Ginny Badanes. Close? OK. She is 
the director of strategic projects at Microsoft's Defending 
Democracy Program, where she leads a team that works with 
political campaigns to protect against hacking and defend 
against disinformation campaigns.
    Without objection, the witnesses' full statements will be 
inserted in the record.
    I now ask each witness to summarize his or her statement 
for 5 minutes, beginning with General Taylor.

   STATEMENT OF FRANCIS X. TAYLOR, GENERAL, U.S. AIR FORCE, 
RETIRED, FORMER UNDER SECRETARY FOR INTELLIGENCE AND ANALYSIS, 
    U.S. DEPARTMENT OF HOMELAND SECURITY, BOARD MEMBER, US 
                           CYBERDOME

    General Taylor. Thank you, Chairman Thompson, Ranking 
Member Katko. It is a pleasure to appear before this committee, 
this time as the acting executive director of US CyberDome, a 
non-profit organization dedicated to helping to secure Federal 
campaigns against undue influence. Thank you for the 
opportunity to appear and to discuss defending our election 
infrastructure.
    You--both you, Chairman Thompson, and Mr. Katko--have 
outlined what the threat was from 2016. That threat continues 
to manifest itself, so I will not speak further to that.
    But as the executive director of US CyberDome, I have 
talked with many other organizations who are helping campaigns 
with cybersecurity and to protect against disinformation. I 
have been engaged with personnel in the National party 
committees, the Federal campaign committees, as well as 
personnel who have worked for these types of committees in the 
recent past. The observations of this testimony come from those 
dialogs, my professional experience, and the experiences of US 
CyberDome founders and advisors.
    US CyberDome is a 501(c)(4) non-profit organization. Our 
objective is to ensure the integrity of elections and 
confidence in their outcomes. We operate in full alignment with 
the Federal Election Commission Advisory Opinion 201(a)-12, to 
fund qualified vendors using US CyberDome donations. Initial US 
CyberDome activities have focused on the 2020 U.S. Presidential 
and Senatorial campaigns, but over time will apply to other 
campaigns.
    We broker no-cost cybersecurity and disinformation 
protection services from qualified vendors to Federal campaign 
committees, National party committees, think tanks, and non-
Governmental organizations. Using this cybersecurity framework 
as a measure of comprehensive cyber risk management, we have 
identified services for a multi-phase improvement initiative.
    Perhaps not every campaign will need every service. 
However, our objective is to increase the overall level of 
protection across the campaign infrastructure, both within 
campaigns and in the National parties and services they depend 
on, envision services--ones that have a high probability of 
success within the campaigns, offer low disruption--and will 
offer low disruption to campaign workers, and offer the highest 
impact, and address the most urgent threats.
    Our intent is to start with detection and response 
services, to include impostor website monitoring, social media, 
and dark web monitoring. These services are allowed per current 
Federal Election Commission advisory opinions. These services 
will hold the line. These services will hold a line against 
malicious actors. In later phases of our initiative we intend 
to broker more proactive and protective services, such as 
perimeter security management, distributed denial of service, 
and ransomware mitigation services. These will be enabled by an 
FEC opinion request that we are now staffing.
    US CyberDome is comprised of cybersecurity experts who have 
trained and practiced the world's--at the world's largest 
accredited computer forensic and incident response institute in 
the world, the Defense Cyber Crime Center, which I am proud to 
also say I started in 1997, as the commander of OSI, and it 
continues to grow.
    A special note: US CyberDome believes our role is to help 
ensure U.S. political discourse is free from foreign influence, 
but not participate in or affect that discourse.
    Just a couple of observations about campaigns. Our 
assessment is campaigns are underprepared. Their focus is on 
getting their candidate elected, and the investment that is 
required to protect against the more sophisticated threats that 
the campaigns and our election infrastructure face are much 
more expensive than campaigns can afford. Our focus is to 
provide the campaigns with free-of-charge services to protect 
themselves as they pursue the election process.
    With that, Mr. Chairman, I will yield my time.
    [The prepared statement of General Taylor follows:]
                Prepared Statement of Francis X. Taylor
                           November 19, 2019
                              introduction
    Chairman Richmond, Ranking Member Katko, and Members of the 
subcommittee, I am Frank Taylor, the executive director of US 
CyberDome, a non-profit dedicated to securing Federal campaigns against 
undue influence. Thank you for the opportunity to appear before you 
today to discuss defending against election interference.
     us cyberdome's role in defending against election interference
    US CyberDome is a 501(c)(4) non-profit organization. Our objective 
is to ensure the integrity of elections and confidence in their 
outcomes. We broker no-cost cybersecurity and disinformation detection 
services from qualified vendors to Federal campaign committees, 
National party committees, think tanks, and non-governmental 
organizations. Initial US CyberDome activities are focused on the 2020 
U.S. Presidential and Senatorial campaigns, and will apply to other 
campaigns over time. We operate in full alignment with the Federal 
Election Commission's Advisory Opinion 2018-12 to fund qualified 
vendors using US CyberDome donations.
    US CyberDome is comprised of cybersecurity experts who have trained 
and practiced at the world's largest accredited computer forensics and 
incident response institute in the world, the Defense Cyber Crime 
Center, as well as the U.S. Department of Defense and National 
Institute of Standards and Technology. The team was formed by a group 
of cybersecurity experts who became alarmed by increasing cyber threats 
and the lack of protection for campaigns and voters. They formed the 
non-profit organization to absorb the extraordinary cost of providing 
cyber protection to campaigns by working with donors and charitable 
foundations.
    Of special note, US CyberDome believes our role is to help ensure 
U.S. political discourse is free of foreign interference, but not to 
participate in or affect that discourse. For that reason, we are non-
partisan in our approach. Our Board of Advisors represents a variety of 
political parties and beliefs to ensure we are guided in a balanced 
way. Additionally, our services are designed to be delivered fairly and 
equitably, regardless of political party or beliefs.
                      political campaigns in 2019
    Our freedom of speech and democracy are under attack by 
increasingly sophisticated and ever-evolving threats to the election 
process, including purposeful attacks and exploits from foreign 
governments, terrorists, organized crime, foreign corporate spies, and 
others.
    The 2016 U.S. Presidential elections demonstrated that cyber 
attacks and disinformation can be used to manipulate the U.S. election. 
As set forth in the Bob Mueller's Report on the Investigation into 
Russian Interference in the 2016 Presidential Election, ``the Russian 
government interfered in the 2016 Presidential election in sweeping and 
systematic fashion.'' They did so principally through 2 operations. 
First, a Russian entity conducted a sophisticated social media 
campaign, and second, a Russian intelligence service conducted 
computer-intrusion operations against campaign entities, employees, and 
volunteers, and then released stolen documents. Successful and public 
foreign interference in 2016 increased the likelihood that other 
nations will seek to influence in 2020 and beyond.
    Other factors will very likely increase interference in the U.S. 
2020 Presidential election. For instance, as the United States 
increases trade pressures around the world, cyber attacks from affected 
nations have increased. These, and potentially other factors, will 
likely lead to increased attacks on 2020 U.S. Presidential campaigns, 
and Federal campaigns in general.
    In summary, I offer the affirmation of one US CyberDome Advisor, 
former Secretary of the U.S. Department of Homeland Security, Michael 
Chertoff. ``Malign foreign actors continue their efforts to attack our 
democracy, including through the on-line penetration and disruption of 
our candidate and campaign organizations.''
    Even more insidious, some nation-states are busy gathering 
information about U.S. Presidential candidates, Senators, and 
Representatives, that may be used at a moment in time that is 
advantageous to that nation in the future; potentially far beyond 2020.
    Not even the Government can guarantee a 100 percent success rate 
against every attack or exploit from malicious nations or nation-
states. However, we can greatly increase success rates through 
diligence in detecting adversary activity, and expediency in responding 
to and reporting that activity.
    As executive director for US CyberDome, I have talked with many 
other organizations who are helping campaigns with cybersecurity and 
disinformation. Organizations such as Microsoft and Area 1 Security who 
have received positive Advisory Opinions from the FEC and are 
supporting campaigns. Organizations such as the DigiDems who offer on-
site technical personnel to campaigns and currently have over 80 
personnel embedded in those campaigns. I have been engaged with 
personnel in National party committees and Federal campaign committees, 
as well as personnel who have worked for those types of committees in 
the recent past. The observations of this testimony come from those 
dialogs, my professional experiences, and the experiences of the US 
CyberDome founders and Advisors.
                      observations about campaigns
    Campaigns are under-prepared.--They are not adequately resourced to 
defend against many expert, persistent, and well-funded threat actors 
such as nation-states. Most campaigns do not have enough technical 
expertise or historical experience against the myriad threats they 
face. Simply put, if they have not previously detected and responded to 
sophisticated threat actors, they will not be able to. Even campaigns 
with a very knowledgeable cybersecurity professional on-staff are 
hindered. One person cannot hold off the Korean People's Army or the 
Armed Forces of the Islamic Republic of Iran.
    There are very few workplaces in the United States where campaigns 
can find someone with past experience defending against a wide variety 
of nation-state cyber attacks or disinformation. The intelligence 
community and Department of Defense have groups of such individuals. 
Also, the Defense Cyber Crime Center, an organization I commissioned 
while serving as the commander of the Air Force Office of Special 
Investigations also employs and trains some of these cyber specialists. 
Without this type of field-tested past experience, even well-skilled 
information technologists and cybersecurity professionals are ill-
prepared to detect and respond to nation-state actors. Again, if they 
have not previously detected and responded to sophisticated threat 
actors, they likely will be unable to successfully do so.
    Additionally, U.S. political campaigns are unlike any corporate or 
Government entity. They are essentially start-ups that can endure for 
weeks or years. The short tenure of personnel--both volunteers and 
employees--diminishes the effect of cybersecurity measures used 
successfully in corporate America. For instance, anti-phishing training 
has been demonstrated to reduce the effectiveness of phishing attacks 
in corporate America. Campaigns have less long-term effect from similar 
training, because their personnel are relatively short-tenure.
    Campaigns are isolated.--Our democracy is rooted in the separation 
of powers--Executive, Legislative, Judicial. Our election process is a 
key component that must be independent. This very independence tends to 
isolate the election community from some of the core National security 
apparatus that it needs to protect it.
    The United States Government has the best intelligence, law 
enforcement, National security, and cybersecurity capabilities in the 
world, but conditions isolate campaigns from U.S. Federal Government 
resources.
    Campaign personnel may be concerned about the interests of for-
profit organizations. Specifically, campaigns wonder how they can trust 
the advice of an organization that stands to profit on that advice. In 
particular, product vendors following common sales practice only 
represent their own products. This can inadvertently lead campaigns to 
a less-than-comprehensive cybersecurity solutions.
    Campaigns focus.--Their singular focus is to get elected. Any 
effort not directly in support of getting elected, is not funded or 
underfunded. For election campaigns, every dollar spent on services 
like cybersecurity is a dollar that is not being spent on their core 
mission. Even proactive candidates may think twice about spending 
effort and money on cybersecurity, for fear this diversion of resources 
will result in less votes than their competitors. This results in a 
lack of incentive for campaigns to address cybersecurity more fully, 
despite the imminent threat.
    Last mile cybersecurity.--In addition to the above campaign 
observations, I offer a technical one. We still struggle with the 
``last mile'' of cybersecurity within our communities--getting 
actionable security intelligence in the hands of those who need to 
defend themselves. There are at least two aggravating circumstances. 
First, the classification level of threat information slows down the 
flow of actionable threat intelligence. Second, threat information is 
mainly conveyed in formats that cannot be automatically processed by 
computers. In cyber space, the pace of engagement is extremely fast. It 
far outpaces the rate of de-classification and re-formatting threat 
intelligence. We are fighting an asymmetrical war on the cyber front, 
and we must adjust.
                             what can we do
    Capitalize on the non-profit model.--Non-profit organizations are 
uniquely positioned and scoped to support campaigns. Specifically, non-
profits avoid misgivings campaigns may have about utilizing Federal 
Government and for-profit resources directly. When non-profits engage 
campaigns, it reduces risks they may face, and we all face, if those 
campaigns are isolated. Non-profits are not a part of the Executive 
branch of Government, therefore they are not affiliated with a 
competing candidate. Non-profits less prone to the financial conflicts 
of interest faced by a for-profit. At the same time, non-profits can 
still play an integral role in brokering the resources of the Federal 
Government and for-profit organizations. For instance, non-profits may 
offer an indirect way to disseminate cyber threat information (and do 
so in formats that can be immediately utilized by campaigns). For all 
of these reasons, I believe non-profit organizations are well-suited to 
support political committees and campaigns with on-going and proactive 
measures.
    Specify minimum standards for campaign cybersecurity.--Campaigns 
may have greater incentive to spend effort and funds on cyber 
protections if they know their competitors are obligated to the same 
expenditures.
    Here is a similar circumstance from recent history. In the past, US 
CyberDome personnel helped create the DoD-Defense Collaborative 
Information Sharing Environment (DCISE). The DCISE stemmed from the 
Comprehensive National Cybersecurity Initiative to be one of the first 
successful examples of ``need to share'' in America. The DCISE used 
specific methodologies and techniques to anonymously share intelligence 
and law enforcement information with the defense industrial base (DIB), 
and share that information with the Federal Government. In the DIB, 
there existed similar competitive pressures about the effort and time 
spent on participation in DCISE. Ultimately, the Defense Federal 
Acquisition Regulation incorporated requirements for DIB organizations 
to participate in the DCISE, thus ``leveling the playing field'' for 
all DIB organizations to participate. This propelled the DCISE to a 
well-utilized and effective solution for threat information sharing in 
the DIB. Similar requirements for Federal campaign committees would 
likely prove useful.
    Focus on key technical challenges.--Congress should consider 
mandating that all U.S. Government threat intelligence be disseminated 
in computer-readable formats, in addition to prose. This simple 
requirement would go a long way to ensuring that action can be taken 
swiftly once threat intelligence information is received. I do not 
espouse a specific format. I would leave that up to the experts. 
Expressing all threat information in computer-readable formats will be 
a big step forward.
    Challenges like de-classification are more complex to solve. Over-
classification is something that intelligence organizations should 
evaluate for themselves. In other words, is it possible that certain 
aspects of the threat information never needed to be Classified to 
begin with? Accelerating de-classification should also be considered. 
We are living in an age where machine learning is broadly applied, and 
artificial intelligence is starting to be well-understood. These 
technologies hold significant promise to automate large portions of the 
de-classification process.
                               conclusion
    US CyberDome is defending against election interference by working 
with Federal campaign committees, National party committees, think 
tanks, and non-Governmental organizations. Our status as a non-profit 
affords us unique insights and opportunities to help the community. 
Thank you for the opportunity to testify. I am happy to answer any 
questions you may have.

    Chairman Thompson. General Taylor, let me thank you for 
your testimony. I now recognize Mr. Stengel for his opening 
statement.

 STATEMENT OF RICHARD STENGEL, FORMER UNDER SECRETARY OF STATE 
 FOR PUBLIC DIPLOMACY AND PUBLIC AFFAIRS, U.S. STATE DEPARTMENT

    Mr. Stengel. Thank you, Mr. Chairman. I said thank you, Mr. 
Chairman. I feel very comfortable here today, because I spent 
so much time sitting next to General Taylor in Government.
    So the consent of the governed, that is the basis of our 
democracy. If that consent is acquired through deception, the 
powers derived from it are not just. That is why disinformation 
is so dangerous to our democracy. Disinformation is 
deliberately false information designed to deceive or mislead. 
Misinformation is simply false information, whether deliberate 
or not. Disinformation is the much greater threat, because it 
is on the rise around the world and at home, particularly here 
at home.
    Disinformation is asymmetric warfare. You might not be able 
to afford an F-35, but you can certainly hire some people with 
laptops who act as trolls. Yet it is often a weapon used by the 
strong against the weak, because authoritarian leaders have 
understood that they can repress free speech at home and spew 
disinformation on state media.
    It is difficult to fight, because it is hidden in plain 
sight. It uses all the same principles of behavioral economics 
and the tools of the big social media companies to find a 
targeted audience. It is as old as humanity, but social media 
has made it exponentially easier to create, deliver, and 
instantly find large audiences.
    I spent 3 years at the State Department, attempting to 
combat ISIS propaganda and Russian disinformation. In fact, we 
started the first counter-Russian group at the State 
Department, which eventually became the Global Engagement 
Center. I came to the State Department after 7 years as the 
editor of Time, where I understood media. What I found was that 
fighting ISIS was a lot more direct than fighting the Russians. 
ISIS at least said who they were. The Russians masqueraded as 
Americans to insert their poison into our digital bloodstream. 
We saw from the State Department the first wave of Russian 
disinformation around Putin's illegal invasion of Ukraine in 
2014. Then the Russians took what they learned in the periphery 
and brought it here to our election in 2016.
    But in attempting to counter Russian disinformation, I came 
to the conclusion that Government wasn't the answer. I saw that 
countering disinformation was often counter-productive. After 
all, we were the enemy. A tweet from the under secretary of 
state to someone was not going to change their mind.
    Democracies aren't actually very good at combating 
disinformation. Why is that? In part, because our opponents use 
our freedoms against us. They exploit freedom of speech to 
create false speech, which is protected by the First Amendment. 
They use the same tools of microtargeting that advertisers use 
to sell us sneakers and phones, to sell us false narratives and 
conspiracy theories.
    The truth is disinformation doesn't so much create division 
as amplify it. Even though I don't think Government has a 
direct role in countering disinformation through creating 
content or taking it down, I do think Government has a clear 
role in creating resilience to disinformation.
    First, Congress can impose stricter regulations on the 
platforms that host all of this disinformation. Right now the 
law, the Communications and Decency Act, doesn't treat them as 
publishers, and they have complete immunity from liability for 
all this content on their platforms.
    Take it from me. Not only are these companies publishers, 
they are the biggest publishers in the history of the world. To 
be sure, they can't have the same liability that I had when I 
was editor of Time. But they need to have some more liability 
for content that is on their platforms that is demonstrably 
false, that is created by robots, that attacks people on the 
basis of race, religion, ethnicity, gender, or sexual 
orientation, that is created by foreign actors to deceive 
American voters. They need to be much more accountable for 
making a good-faith effort to remove that content.
    So as 2020 approaches, we see a host of new problems, deep 
fakes, data manipulation, where they--bad actors don't just 
steal data but manipulate it. The professionalization of 
interference, where private companies teach people how to do 
disinformation for profit, and the rise of home-grown 
disinformation and the recruitment of Americans as witting or 
unwitting agents of disinformation.
    I actually think the platform companies need to embrace is 
what I call the five Ds of combating disinformation: Detection, 
demotion, deletion, disclosure, and digital literacy. They not 
only need to remove foreign influence; they need to publicize 
it.
    I do think the one entity in Government that I mentioned 
before, the Global Engagement Center, which was created to 
combat global disinformation, can help with this election, too. 
I would urge the passing of the Honest Ads Act, which would 
bring a lot more transparency in political advertising.
    As I have often said, we don't have a fake news problem, we 
have a media literacy problem. There was a poll this past week 
that showed that 47 percent of Americans say they find it 
difficult to evaluate whether the information they are getting 
is true. We need to teach deep media literacy and digital 
literacy in the schools. I can't think of anyone better to pay 
for that than the platform companies.
    Ultimately, the problem of disinformation is not so much 
that people will come to believe what is false. The greatest 
problem is that they will doubt what is true.
    I am honored to be here today, and I welcome your 
questions. Thank you very much.
    [The prepared statement of Mr. Stengel follows:]
                 Prepared Statement of Richard Stengel
                           November 19, 2019
    ``Governments are instituted among men,'' the Declaration declares, 
``deriving their just powers from the consent of the governed.'' In a 
democracy, how do we obtain that consent? Through information, the 
Framers said, true information. The rise of disinformation is a threat 
to our democracy because it undermines our consent. If that consent is 
acquired through deception and disinformation, the powers derived from 
it are not just.
    Disinformation is deliberately false information designed to 
deceive or mislead. Misinformation is simply false information that is 
not deliberate or designed to mislead. Disinformation is the much 
greater threat and it is on the rise around the world and at home. In 
the realm of politics, it is the promulgation of false narratives to 
undermine democracy.
    Disinformation is asymmetric warfare: You might not be able to 
afford an F35, but you can always hire a few trolls with laptops. Yet 
it is often a weapon used by the strong against the weak: Authoritarian 
leaders have learned that they can repress free speech at home and spew 
disinformation on state media. That's a dangerous combination for the 
future of democracy. Disinformation is difficult to fight because it is 
hidden in plain sight. It uses all the principles of behavioral 
economics--and the tools of the big social media companies--to find a 
targeted audience. Disinformation is as old as information, but social 
media has made it exponentially easier to create, deliver, and 
instantly find large and receptive audiences.
    My book Information Wars is the story of how we attempted to fight 
Russian and ISIS disinformation from the State Department during the 
last 3 years of the Obama administration. I went into Government after 
7 years as the editor of TIME and I thought I understood media. ISIS 
was something new in terrorism: A non-state actor as adept at social 
media as barbaric killings. But ISIS's digital jihadis did not pretend 
to be anyone else other than who they were--unlike the Russians, that 
is. The Russians adopted other identities and masqueraded as Americans 
to insert their poison into our digital bloodstream. From the State 
Department, we first saw Russia create a wave of social media 
disinformation in the Russian periphery around Putin's illegal invasion 
of Ukraine in 2014--and then the Russians took what they learned there 
and aimed it squarely at our election space in 2016.
    What also makes disinformation effective is that there is often a 
kernel of truth in it. What united ISIS and Russian disinformation was 
what I called the weaponization of grievance. ISIS weaponized the 
grievances of Sunni Muslims who felt left out by modernity and 
repressed by their rulers. Putin weaponized the grievances of Russians 
who mourned the loss of the Soviet Union and never adapted to the 
modern world. If ISIS had a slogan, it was Make Islam Great Again. If 
Putin had a slogan, it would be Make Russia Great Again. They had their 
mantras long before we heard about making America great again. This 
global weaponization of grievance is the unified theory behind the rise 
of nationalism and right-wing strongmen across the globe.
    But the ultimate threat is here at home. It's easier and more 
comfortable for us to see this problem as a threat from the outside, 
from foreign influence operations. And, indeed, they remain a grave 
National security threat. But the scale and range of domestic 
disinformation--created and spread by Americans to other Americans--
dwarfs any foreign threat or troll factory. Our foreign adversaries 
seek to engage Americans and do so, but our home-grown disinformation 
overwhelms what our adversaries produce. Our internal challenge is far 
greater and more dangerous than any external one.
    In attempting to counter Russian and ISIS disinformation I came to 
see that Government was not the answer. I saw that ``countering'' 
disinformation was often counter-productive. When we tried to create 
content ourselves, we very often played into our adversaries' hands. 
After all, we were the enemy. It's very hard for a tweet from the U.S. 
State Department to persuade someone of our point of view if we are 
seen as the cause of the problem. They see our efforts to rebut them as 
confirmation that they are right and that their strategy is working.
    Democracies just aren't very good at combatting disinformation. Why 
is that? One reason is that our opponents not only use our freedoms 
against us, but our technology. They exploit freedom of speech to 
create dangerous and false speech, which is protected by the First 
Amendment. They utilize the same tools of micro-targeting that 
advertisers use to market sneakers and phones but they use them to sell 
us false narratives and conspiracy theories. Disinformation is hard to 
fight because it's not just a supply problem, it's a demand problem. 
People embrace it when it seems to confirm their beliefs. It's a 
missile that hits its target because the target welcomes it. The truth 
is, disinformation doesn't create divisions so much as widen them.
    At the end of last year, the initial Senate Select Committee on 
Intelligence report on Russian interference in the 2016 election said 
the Internet Research Agency in St. Petersburg had created more than 10 
million tweets--of which 6 million were original--across 4,000 
accounts; more than 100,000 Instagram posts; and more than 50,000 
Facebook posts. The second Senate Intelligence Committee report that 
came out last month reported that the Russians had done more since the 
election than they did before it. Now, as then, it's a whole-of-
Government effort which includes Russian intelligence services, 
conventional Russian media, and even the foreign ministry. The Russians 
are shrewd about using our own biases against us. In 2016, they sought 
out groups who were afraid of immigrants and Muslims and stoked their 
fears. They targeted African American voters and told them voting was a 
waste of time. After Twitter and Facebook removed many on-line assets 
attributed to Russia in 2017, the Russians returned with a more 
tailored focus to activist communities who were susceptible to 
disinformation. With a focus on 2020, the Russians will again seek out 
cultural and social divisions and try to magnify them. As with 2016, 
they will often amplify both sides of divisive issues. Anything to 
create chaos and disunity and doubt about the integrity of our 
political process.
    Even though I don't think Government has much of a role in 
countering disinformation through creating content or taking it down, I 
do think there is a clear Government role in raising awareness and 
creating resilience to disinformation. Combatting disinformation is a 
cross-cutting issue that has implications for a wide range of different 
agencies and committees. First, I think Government has a role in 
regulating the platforms that host disinformation. Currently, there is 
an alignment of economic interests between the disinformationists and 
the platforms: The social media companies make money when 
disinformation goes viral. Right now, the law doesn't treat the 
platform companies as publishers and they have complete immunity from 
liability for the content on their platforms. Not only are these 
companies publishers, they are the biggest publishers in the history of 
the world. No, they don't have human editors, but as a former editor 
I'm here to tell you that algorithms and content recommendation engines 
are editors--the fastest and most efficient editors in history.
    To be sure, these companies cannot have the same liability that I 
used to have as editor of TIME. But they need to have some liability 
for content that is on their platform that is demonstrably false, that 
is created by robots, that attacks others on the basis of race, 
religion, ethnicity, gender or sexual orientation, that is created by 
foreign actors to deceive American voters. They need to be legally 
accountable for making a good-faith effort to remove such content from 
their platforms.
    As the 2020 election approaches, there are a host of new problems: 
Deep fakes; data manipulation, where bad actors don't steal data but 
manipulate it; the professionalization of interference, as private 
companies hire out their services to create disinformation; the rise of 
domestic disinformation and the recruiting of Americans as witting or 
unwitting agents of disinformation.
    Combatting these new efforts requires the detection and removal of 
foreign influence in our election, greater ad transparency, more 
accountability for the platform companies, and greater data protection. 
I would endorse the Senate Intelligence Committee's recommendations for 
fighting disinformation, and in particular the timely sharing of 
information between the private and public sector of real-time threats. 
I believe the tech companies would welcome that too. I'd also recommend 
the Five D's of combatting disinformation: Detection, demotion, 
deletion, disclosure, and digital literacy. The empowering of the 
Global Engagement Center, which was created at the end of 2016, to 
truly help fight all kinds of disinformation could be a vital effort of 
the Government. It is important to pass the Honest Ads Act, which would 
provide for more transparency in political advertising. All of this in 
addition to giving the content companies more liability for publishing 
proscribed content would help but not remedy the flood of 
disinformation. I've often said we don't have a fake news problem, we 
have a media literacy problem. Media and digital literacy need to be 
taught and the schools, and I can't think of a better source of that 
funding than the platform companies. We also need a privacy bill of 
rights that protects our information as part of a new digital social 
contract. The ownership of one's personal information is an unalienable 
right.
    The disinformationists know that it's far easier to create 
confusion rather than clarity, to confuse rather than persuade. They 
want people to see empirical facts as an elitist conspiracy. Citizens 
have trouble discerning fact from fiction and we need to teach media 
and digital literacy in the schools from an early age. In a new poll 
from this past week, 47 percent of Americans say they find it difficult 
to know whether the information they encounter is true. The public 
needs to see that countering disinformation is a civic duty for which 
we all are responsible. Ultimately, the problem of disinformation is 
not so much that people will come to believe what is false. The 
greatest problem is that they it will cause them to question what is 
true.

    Mr. Richmond [presiding]. Thank you. I will now recognize 
Dr. Blaze for 5 minutes to summarize his statement.

  STATEMENT OF MATT BLAZE, PH.D., MC DEVITT CHAIR OF COMPUTER 
             SCIENCE AND LAW, GEORGETOWN UNIVERSITY

    Mr. Blaze. Thank you, Chairman Thompson, Chairman Richmond, 
and Ranking Member Katko for convening this hearing on the 
vitally important topic of securing American elections against 
foreign interference.
    I am here today as an academic and technologist who studies 
particularly election system security. As I know you are well 
aware, the integrity of elections across the United States 
today depends heavily on the integrity of the computers and 
software systems embedded across our election infrastructure. 
Complex software lies at the heart of not just the vote-casting 
equipment used at polling places, but also the information 
systems used by local authorities to manage everything from 
voter registration records, to the tallying and reporting of 
election results, to the dissemination of authoritative 
information to voters.
    Unfortunately, much of this information--much of this 
infrastructure has proven dangerously vulnerable to tampering 
and attack, in some cases in ways that can't easily be detected 
or corrected after the fact. These vulnerabilities create 
practical avenues for our adversaries to do everything from 
cause large-scale disruption on Election Day, disenfranchise 
large numbers of voters, create uncertainty as to the 
legitimate winners of election, or even to undetectably alter 
election outcomes.
    Now, for the purpose of our discussion, it is helpful to 
consider voting machines and election management infrastructure 
separately. They have different properties and different 
mitigations. So let me begin with the voting equipment used at 
polling places first.
    To be blunt, it is a widely recognized and indisputable 
fact that every piece of computerized voting equipment used at 
polling places today can be easily compromised in ways that 
have the potential to disrupt election operations, compromise 
the firmware and software in these devices, and alter vote 
tallies that get reported by county offices. Now, this is 
partly a consequence of poor design and implementation by 
equipment vendors, which is a notorious problem, but it is also 
ultimately a reflection of the nature of complex software.
    It is simply beyond the state-of-the-art to build software 
systems that can reliably withstand a targeted attack by a 
determined adversary in a high-stakes environment like voting. 
The vulnerabilities are real. They are serious and, absent a 
surprising breakthrough in technology and computer science, 
probably inevitable for quite some time to come.
    Now, fortunately, there is now also overwhelming consensus 
among experts who have studied this problem on how we can 
conduct reliable elections, despite the inherent unreliability 
of the underlying hardware and software that we use to cast our 
votes.
    This requires 2 things, 2 properties of the equipment and 
processes.
    The first is that the voting technology must retain a paper 
record that reliably reflects the voter's intended choices. 
Now, fortunately, equipment with this property already exists 
and is in use in many jurisdictions throughout the Nation. It 
has the added virtue of being relatively simple and 
inexpensive, compared to other alternative voting technologies 
that we use and have been using. I am referring here to paper 
ballots, preferably marked by hand, that are fed into optical 
scan ballot readers at the time that the vote is cast by the 
voter.
    Now, paper ballots alone are not sufficient to accomplish 
reliable elections in the face of tampering, since the software 
in ballot scanners themselves all are vulnerable to tampering 
and to error. So there is a second requirement, and that is 
that the election be reliably audited to ensure that the 
software is reporting the correct outcome of each race.
    Now, there is a statistically rigorous technique recently 
invented called risk limiting audits that can accomplish this 
efficiently and quickly. But it must be done routinely after 
every election in order to provide meaningful assurance that 
election outcomes are correct.
    Unfortunately, here and now, only a handful of States 
currently conduct risk limiting audits, although it is 
encouraging that more and more States are experimenting with 
them.
    So the second technology at risk is the election management 
infrastructure that is used by local jurisdictions. While 
voting--vote casting equipment has justifiably gained a great 
deal of attention, there is more to this than just the voting 
machines. Each of the more than 5,000 local jurisdictions 
responsible for running elections has to maintain a number of 
critical information systems that are attractive targets for 
disruption by adversary. Most prominently are the voter 
registration databases that determine who is allowed to vote on 
Election Day.
    Now, all of the 5,000 different local jurisdictions 
responsible for running these systems have different resources, 
practices, and regulations that govern them, but they have in 
common that they are targets of some of the world's most 
sophisticated intelligence services, and they are at the front 
line of our Nation's defense against election disruption.
    There is no simple fix here, but--except the provisioning 
of significant additional resources to protect these systems. 
We don't expect the local sheriff to single-handedly defend 
against military ground invasions, and we should not expect 
county election IT managers to defend against cyber attacks by 
foreign intelligence agencies, yet that is what we effectively 
ask them to do.
    So thank you again for your attention to these important 
issues.
    [The prepared statement of Mr. Blaze follows:]
                  Prepared Statement of Matt Blaze \1\
---------------------------------------------------------------------------
    \1\ Professor and McDevitt chair of computer science and law, 
Georgetown University, 600 New Jersey Ave NW, Washington, DC 20001. 
[email protected] Affiliation for identification only.
---------------------------------------------------------------------------
                           November 19, 2019
                              introduction
    Thank you for the opportunity to offer testimony on the important 
questions raised by the security of the technology used for elections 
in the United States.
    For more than 25 years, my research and scholarship has focused on 
security and privacy in computing and communications systems, 
especially as we rely on insecure platforms such as the internet for 
increasingly critical applications. My work has focused particularly on 
the intersection of this technology with public policy issues. For 
example, in 2007, I led several of the teams that evaluated the 
security of computerized election systems from several vendors on 
behalf of the States of California and Ohio.
    I am currently the McDevitt chair of computer science and law at 
Georgetown University. From 2004 to 2018, I was a professor of computer 
and information science at the University of Pennsylvania. From 1992 to 
2004, I was a research scientist at AT&T Bell Laboratories. I hold a 
PhD in computer science from Princeton University, an MS in computer 
science from Columbia University, and a BS from the City University of 
New York. This testimony is not offered on behalf of any organization 
or agency.
    In this testimony, I will give an overview of the security risks 
facing elections in the United States today, with emphasis on 
vulnerabilities inherent in electronic voting machines, as well as the 
exposure of our election infrastructure to disruption by National 
security adversaries. I have attempted, to the extent possible, to 
represent the current consensus of experts in the field, but space and 
time constraints limit my ability to be comprehensive or complete. An 
especially valuable resource, with comprehensive discussion and 
recommendations. is the recent National Academies ``Securing the Vote'' 
consensus study report.\2\
---------------------------------------------------------------------------
    \2\ https://www.nap.edu/catalog/25120/securing-the-vote-protecting-
american-democracy.
---------------------------------------------------------------------------
    I offer 3 specific recommendations:
   Paperless (``DRE'') voting machines should be phased out 
        from U.S. elections immediately, and urgently replaced with 
        precinct-counted optical scan ballots that leave a direct 
        artifact of voters' choices.
   Statistically rigorous ``risk-limiting audits'' should be 
        routinely conducted after every election, in every 
        jurisdiction, to detect and correct software failures and 
        attacks.
   State and local voting officials should receive access to 
        significant additional resources, infrastructure, and training 
        to help them protect their election management IT systems 
        against increasingly sophisticated adversaries.
                   i. elections and software security
    A consequence of our Federalist system is that U.S. elections are 
in practice highly decentralized, with each State responsible for 
setting its own standards and procedures for registering voters, 
casting ballots, and counting votes. The Federal Government has set 
only broad standards for such issues as accessibility, but has 
historically been largely uninvolved in day-to-day election operations. 
In most States, the majority of election management functions are 
delegated to local county and town governments, which are responsible 
for registering voters, procuring voting equipment, creating ballots, 
setting up and managing local polling places, counting votes, and 
reporting the results of each contest. Consequently, thousands of 
individual local election offices shoulder the burden of managing and 
securing the voting process for most of the American electorate.
    Elections in the United States are among the most operationally and 
logistically complex in the world. Many jurisdictions have large 
numbers of geographically-dispersed voters, and most elections involve 
multiple ballot contests and referenda. Baseline election security must 
account for sophisticated adversaries, ballot secrecy, fair access to 
the polls, and accurate reporting of results, making secure election 
management one of the most formidable--and potentially fragile--
information technology problems in government.
    Computers and software play central roles in almost every aspect of 
our election process: Managing voter registration records, defining 
ballots, provisioning voting machines, tallying and reporting results, 
and controlling electronic voting machines used at polling places.\3\ 
The integrity and security of our elections are thus inexorably tied to 
the integrity and security of the computers and software that we rely 
on for these many functions.
---------------------------------------------------------------------------
    \3\ A typical election administration office is much like any 
modern enterprise, with local computer networks tying together desktop 
computers, printers, servers, and internet access. This increasing 
connectivity served as a critical avenue in 2016 for what U.S. 
intelligence agencies have identified as attacks by Russian military 
intelligence.
---------------------------------------------------------------------------
    The passage of the Help America Vote Act (HAVA) in 2002 accelerated 
the computerization of voting systems, particularly with respect to the 
ways in which voters cast their ballots at local polling stations. HAVA 
provided funds for States to replace precinct voting equipment with 
``accessible'' technology. As implemented, however, some of this new 
technology has had the unfortunate unintended consequence of 
increasing, rather than decreasing, the risk of our elections being 
compromised by malicious actors.
A. Election Software and Hardware
    A typical \4\ county election office today depends on computerized 
systems and software for virtually every aspect of registering voters 
and conducting elections. Generally, an election office workflow will 
include at least the following pre- and post-election functions:
---------------------------------------------------------------------------
    \4\ The precise nature of the systems used and how they interact 
with one another will vary somewhat depending on the vendors from which 
the systems were purchased and the practices of the local jurisdiction.
---------------------------------------------------------------------------
    Voter registration.--The on-going maintenance of an authoritative 
database of registered voters in the jurisdiction, including the 
precinct-by-precinct ``poll books'' of voters (which might be on paper 
or in electronic form) that are used to check in voters at precinct 
polling stations.
    Ballot definition.--The pre-election process of creating data files 
that list the various contests, candidates, and rules (e.g., number of 
permitted choices per race) that will appear on the ballot. The ballot 
definition is used to print paper ballots, to define what is displayed 
on touchscreen voting terminals, and to control the vote tallying and 
reporting software. Local races (such as school boards) may sometimes 
require that different ballot definitions be created for different 
precincts within a county in any given election.
    Voting machine provisioning.--The pre-election process of 
configuring the individual precinct voting machines for an election. 
This typically includes resetting internal memory and loading the 
appropriate ballot definition for each precinct. Depending on the model 
of voting machine, provisioning typically involves using a computer to 
write removable memory cards that are installed in each machine.
    Absentee and early voting ballot processing.--The process of 
reading and tabulating ballots received by mail and from early voting 
polling places. Mail votes are typically processed in bulk by high-
volume optical scan ballot reading equipment.
    Tallying and reporting.--The post-election process of tabulating 
the results for each race received from each precinct and reporting the 
overall election outcomes. This process typically involves using a 
computer to read memory card media retrieved from precinct voting 
machines.
    Each of the above ``back end'' functions employs specialized 
election management software running on computers. Depending on the 
size and practices of the county, the same computers may be used for 
more than one function (e.g., the ballot definition computer might also 
serve as the tallying and reporting computer). These computers are 
typically off-the-shelf desktop machines running a standard operating 
system (such as Microsoft Windows), often equipped with electronic mail 
and web browser software along with the specialized voting software. 
Election office computers are typically connected to one another via a 
wired or wireless local area network, which may have a direct or 
indirect connection (sometimes via a firewall) to the internet.
    In some jurisdictions, some of these election management functions 
(most often those concerned with voter registration databases and 
ballot definition), may be outsourced by a county or State to an 
election services contractor. These contractors provide jurisdictions 
with specialized assistance with such tasks as creating ballots in the 
correct format, managing voter registration databases, creating 
precinct poll books, and maintaining voting machines. The degree to 
which jurisdictions rely on outside contractors varies widely across 
the Nation.
    Much of the voting equipment used at precincts is computerized as 
well, although it is generally packaged in specialized hardware. This 
equipment includes:
    Direct Recording Electronic (DRE) Voting Machines.--DRE machines 
are special-purpose computers that display ballot choices to the voter 
(based on the ballot definition) and record voter choices. Both the 
ballot definition configuration and the vote count are typically stored 
on removable memory media.\5\
---------------------------------------------------------------------------
    \5\ Some models of DRE can be equipped with a Voter Verified Paper 
Audit Trail (VVPAT) option in which the voters' selections are printed 
on a paper tape roll that is visible to the voter. VVPATs can assist 
with determining the voter's intent during a recount, but their 
efficacy depends on each voter's diligence in confirming that their 
choices are correctly recorded on the paper tape before they leave the 
voting booth. Research consistently suggests that, in practice, very 
few voters successfully perform this confirmation step.
---------------------------------------------------------------------------
    Optical Scan Ballot Readers.--Optical scan ballot readers are 
specialized computers that read voter-marked paper ballots. The ballot 
is read according to the ballot definition configuration (typically on 
removable memory media), and a tally is maintained in memory (also 
typically on removable media). The machine also captures the scanned 
ballots and stores them in a mechanically-secured ballot box.
    Ballot-Marking Devices (BMDs).--Ballot-marking devices are an 
assistive technology used in optical scan systems to allow visually or 
mobility impaired voters to create ballots for subsequent scanning. 
BMDs are similar in appearance to DRE machines in that they display (or 
read aloud) the ballot electronically, based on a ballot definition 
configuration, and accept voter choices for each race. However, instead 
of recording those choices in computer memory as DREs do, BMDs print a 
marked paper ballot that can then be submitted through an optical scan 
ballot reader.
    Electronic Poll Books.--These devices are typically tablet-style 
computers that contain an authoritative copy of the database of 
registered voters at each precinct. Electronic poll books are not used 
directly by voters, but rather by precinct poll workers as voters are 
checked in at their polling place. They are not used in all 
jurisdictions.
B. Software and Election Security
    Securing complex software systems is notoriously difficult, and 
those that perform the various functions described above are no 
exception.\6\ There are several avenues of vulnerability in such 
systems. Common software ``bugs'' often introduce vulnerabilities that 
can be exploited by an adversary to silently compromise the integrity 
of data or make unauthorized (and difficult to detect) changes to the 
behavior of systems. Configuration and system management errors (such 
as the use of vulnerable out-of-date platforms and weak passwords) can 
further compromise security. Computer networks (which are not generally 
used by precinct voting machines themselves but are commonly connected 
to back end systems in election offices) compound these risks by 
introducing the possibility of remote attack over the internet.
---------------------------------------------------------------------------
    \6\ The fact that software systems can be, and often are, 
vulnerable to attack is not unique to election systems, of course. 
Serious data breaches are literally daily events across the public and 
private sectors, and cybersecurity is widely recognized to be a serious 
law enforcement and National security problem. To the extent that 
elections depend on software or are administered by networked computing 
systems, they are subject to all the same risks.
---------------------------------------------------------------------------
    The integrity of the vote today thus increasingly depends on the 
integrity of the software systems--running on voting machines and on 
county election office networks--over which elections are conducted. 
Any security weakness in any component of any of these systems can 
serve as a ``weak link'' that can allow a malicious actor to disrupt 
election operations, alter tally results, or disenfranchise voters.
    In many electronic voting systems used today, a successful attack 
that exploits a software flaw might leave behind little or no forensic 
evidence. This can make it effectively impossible to determine the true 
outcome of an election or even that a compromise has occurred.
    Unfortunately, these risks are not merely hypothetical or 
speculative. Many of the software and hardware technologies that 
support U.S. elections today have been shown to suffer from serious and 
easily exploitable security vulnerabilities that could be used by an 
adversary to alter vote tallies or cast doubt on the integrity of 
election results.
ii. current electronic voting systems have proven vulnerable to a range 
                  of known, exploitable security flaws
A. Risks in Various Election Components
    Security concerns about computerized voting systems have been 
raised from almost the moment such systems were first proposed. Most of 
these concerns have focused on electronic voting equipment used at 
polling stations, although the ``back end'' election management 
software used to manage voter registration, provision voting machines, 
and tally are at least equally critical to the integrity of the vote.
    To be clear, all electronic voting technology can and does suffer 
from security vulnerabilities. The consequences of these 
vulnerabilities being successfully exploited, however, depends on the 
particular class of device and whether the technology permits effective 
post-election auditing to validate or recover correct election results.
            1. Election Management IT Systems
    As noted above, local jurisdictions rely on computers for almost 
every aspect of election administration. Official information for 
voters is distributed on public-facing websites. Voter registration 
records, used on election day to determine who is permitted to vote, 
are maintained in computerized databases. Ballots forms are created and 
edited on computers. Absentee ballot mailings are managed by computer. 
Preliminary and official election results are maintained and 
disseminated by computer. Specialized ``Election Management'' software 
(generally provided by the vendor of the voting equipment) is used to 
configure ballots and read results from precienct voting machines.
    In most cases, the computers used for election administration 
employ the same hardware, operating systems, and networking platforms 
employed by other enterprises, and are connected, directly or 
indirectly, to the internet. Election management systems are exposed to 
the same risks of compromise by malicious actors that cause the 
commonplace ``data breaches'' in other private- and public-sector 
domains that have become regular fixtures of on-line life.
    Many jurisdictions outsource some of their election management 
tasks to outside vendors or contractors. This further amplifies the 
exposure of local election systems to external tampering.
    Disruption or compromise of any local election administration 
functions can have grave and often non-recoverable consequences for the 
integrity of elections. Compromise of voter registration databases can 
be exploited by adversaries to cause long lines at polling places 
(forcing large numbers of voters to cast provisional ballots) and can 
selectively disenfranchise voters to favor particular candidates. 
Provisioning of voting machines with incorrect ballot definitions can 
prevent correct ballots from being cast. Errors in in unofficial or 
final tallies can cast doubt on the legitimacy of entire elections. In 
some cases, successful attacks may not be discovered until long after 
polls have closed, or may never be discovered at all.
    The IT and security administration of election management computers 
varies widely from jurisdiction to jurisdiction. In the best cases, 
there may be a full-time staff devoted to securing and managing 
election computers and networks. In a more typical case, computer 
security is relegated to the general county IT staff, which may have 
only limited resources relative to the threat. In all cases, however, 
even the best defensive cybersecurity resources of a local county are 
of only limited value against a foreign state adversary.
    Local election management computers and networks are especially 
attractive targets for foreign tampering and interference. They can 
often be attacked remotely, without the need for physical presence in 
the targeted jurisdiction, and successful attacks may be rewarded with 
partial or complete control over a county's voter registration 
databases, voting machine configuration, and results reporting 
infrastructure.
            2. Electronic Poll Books
    Electronic poll books, which are not used in every jurisdiction, 
perform the initial voter ``check-in'' function at polling places on 
election day. They must, by nature of their function, have reliable 
access to an authoritative list of the voters registered to vote at 
each polling places. This may be accomplished either with an internal 
copy of the voter registration database or by on-line remote access to 
a central computer. In either configuration, electronic poll books 
perform an essential election function and must be reliably secured 
against tampering. If poll books are unavailable or if their databases 
are corrupted, voters will not be able to cast ballots (except by 
provisional ballot, to the extent that is a viable option).
    Electronic poll books have received much less scrutiny than other 
precinct voting equipment, but are subject to all the same risks and 
attack vectors as other electronic devices. In many jurisdictions, they 
are largely unregulated and require little or no outside certification 
or audit.
            3. Optical Scan Ballot Readers
    Optical scan ballot readers are specialized computers that scan and 
retain printed ballots and record on electronic storage media the tally 
of votes cast in each race. They depend on the integrity of their 
software and hardware for their ability to correctly interpret ballots 
and to correctly record votes. They are exposed to physical access by 
poll workers, and, in many cases, individual voters.
    Ballot scanners can be compromised in a number of practical ways, 
any one of which can compromise the recorded vote tally. However, 
because they retain the physical paper ballots marked by voters, it is 
possible to recover from such a compromise if it is detected. A 
technique called ``risk-limiting audits'' can reliably detect and 
recover from defective or compromised ballot scanners and is discussed 
in the sections that follow.
            4. Ballot Marking Devices
    Originally, Ballot Marking Devices (BMDs) were conceived of 
narrowly, as an assistive technology for use by voters with 
disabilities to assist them in marking optical scan paper ballots, 
(bringing such systems into compliance with Help America Vote Act 
(HAVA) requirements for accessible voting). However, certain recent 
voting products greatly expand the use of BMD technology by integrating 
a BMD into the voting process for all voters, whether they require 
assistive technology or not.
    BMD-based voting systems are controversial, since, by virtue of 
their design, the correctness of their behavior cannot be effectively 
audited except by every individual voter carefully verifying his or her 
printed ballot before it is cast. A maliciously compromised BMD could 
subtly mismark candidate selections on ballots in a way that might not 
be noticed by most voters. If BMDs fail or must be rebooted at a 
polling place, there may be no way for voters to create marked ballots, 
making BMDs a potential bottleneck or single point of failure on 
election day.
    As a relatively new technology, BMD-based systems have not yet been 
widely examined by independent researchers and have been largely absent 
from practical election security research studies. However, even with 
relatively little scrutiny, exploitable weaknesses and usability flaws 
have been found in these systems, This underscores the need for more 
comprehensive studies and for caution before these systems are 
purchased by local jurisdictions or widely deployed.
            5. Direct Recording Electronic (DRE) Voting Machines
    From a security perspective, by far the most problematic and risky 
class of electronic voting systems are those that employ Direct 
Recording-Electronic (DRE) machines. DRE machines are special purpose 
computers programmed to present the ballot to the voter and record the 
voter's choices on an internal digital medium such as a memory card. At 
the end of the election day, the memory card containing the vote 
tallies for each race is generally removed or electronically read from 
the machine and delivered to the county election office, where the 
tallies from each precinct are recorded by the county tallying 
software. DRE machines are sometimes informally called ``touchscreen'' 
voting machines, although not all DRE models use actual touchscreen 
displays (nor are all election devices that employ touchscreens DREs).
    The design of DREs makes them inherently difficult to secure and 
yet also makes it especially imperative that they be secure. This is 
because the accuracy and integrity of the recorded vote tally depends 
completely on the correctness and security of the machine's hardware, 
software, and data. Every aspect of a DRE's behavior, from the ballot 
displayed to the voter to the recording and reporting of votes, is 
under control of the DRE hardware and software. Any security 
vulnerability in this hardware or software, or any ability for an 
attacker to alter (or re-load new and maliciously behaving) software 
running on the machine, not only has the potential to alter the vote 
tally, but can make it impossible to conduct a meaningful recount (or 
even to detect that an attack has occurred) after the fact. If a DRE is 
compromised at any time before or during an election, any votes cast on 
it are irreparably compromised as well.
    DRE-based systems introduce several avenues for attack that are 
generally not present (or are not as security-critical) in other voting 
technologies:
   Alteration or deletion of vote tallies stored in internal 
        memory or removable media
   Alteration or deletion of ballot definition parameters 
        displayed to voters \7\
---------------------------------------------------------------------------
    \7\ An incorrect (or maliciously altered) DRE ballot definition can 
make it impossible to determine the true election results even without 
any malicious software exploitation. For example, in York County, PA, a 
DRE ballot definition programming error in the 2017 general election 
appears to have allowed candidates in some local races to be voted for 
twice, with the possible consequence that the election will have to be 
invalidated and redone. See http://www.ydr.com/story/news/2017/11/08/
voting-machine-problems-what-york-countys-options/843423001/. Paper-
based systems, in contrast, are more robust against such errors. For 
example, the 2000 general election in Bernalillo County, NM had a 
similar error in their punch card-counting software, but was later able 
to correct the error without a new election; see https://www.wsj.com/
articles/SB976838091124686673.
---------------------------------------------------------------------------
   Alteration or deletion of electronic log files used for 
        post-election audits and detecting unauthorized tampering.
    Attacks might be carried out in any of several ways, each of which 
must be reliably defended against by the DRE hardware and software:
   Direct tampering with data files stored on memory cards or 
        accessible through external interface ports
   Surreptitious replacement of the certified software running 
        on the device with a maliciously altered version
   Exploitation of a pre-existing vulnerability in the 
        certified software.
    Successfully exploiting just one of these avenues of attack can be 
sufficient to undetectably compromise an election. The design of DREs 
makes it necessary not only that their hardware be highly secure 
against unauthorized tampering, but that the software running on them 
not suffer from any vulnerabilities that could be exploited by a 
malicious actor. This makes the security requirements for DREs more 
stringent--and also more easily defeated--than for any other currently-
deployed election technology.
    Unfortunately, the DRE-based systems purchased by and used in 
various States under HAVA have repeatedly been found to suffer from 
exactly these kinds of exploitable hardware and software 
vulnerabilities.
B. The 2007 California and Ohio Studies
    To date, the most extensive independent studies of the security of 
electronic voting systems were commissioned 10 years ago by the 
Secretaries of State of California and Ohio. Expert review teams were 
given access to the voting machine hardware and software source code of 
every system certified for use in those States. The systems used in 
California and Ohio were also certified for use in most of the rest of 
the country, so these studies effectively covered a large fraction of 
available electronic voting equipment and software. I led the teams 
that reviewed the Sequoia products (for the State of California) and 
the ES&S products (for the State of Ohio); other teams in these studies 
reviewed the Diebold/Premier and Hart InterCivic products.\8\
---------------------------------------------------------------------------
    \8\ The various final reports of the California ``Top-To-Bottom 
Review'' studies can be found at http://www.sos.ca.gov/elections/
voting-systems/oversight/top-bottom-review/. The final report of the 
Ohio ``Project EVEREST'' study can be found at https://www.eac.gov/
assets/1/28/EVEREST.pdf.
---------------------------------------------------------------------------
    In both studies, every team found and reported serious exploitable 
vulnerabilities in almost every component examined. In most cases, 
these vulnerabilities could be exploited by a single individual, who 
would need no more access than an ordinary poll worker or voter. Such 
an attacker would be able to alter vote tallies, load malicious 
software, or erase audit logs. Some of the vulnerabilities found were 
the consequence of software bugs, while others were caused by 
fundamental architectural properties of the system architecture and 
design. In some cases, compromise of a single system component (such as 
a precinct voting machine) was sufficient to compromise not just the 
vote tally on that machine, but to compromise the entire county back-
end system.
    In response, California and Ohio ordered some equipment decertified 
and some election-day procedures modified. However, all the vulnerable 
equipment and software remained certified for use in at least some 
other States.
    Some equipment vendors and local voting officials claimed at the 
time that the findings of the California and Ohio studies were 
irrelevant or overstated, that any problems identified could be easily 
fixed, and that it would be difficult or impossible for anyone but an 
expert with extensive experience and access to privileged information 
(such as source code) to exploit vulnerabilities in practice. However, 
as exercises such as the DEFCON Voting Village (described below) have 
demonstrated, not only do these systems remain vulnerable, but they can 
be readily exploited by people with no more than ordinary computer 
science experience and expertise and without access to any secret or 
proprietary information.
C. The DEFCON Voting Village Exercise
    The DEFCON conference is one of the world's largest and best-known 
computer security ``hacker'' conferences. This year's DEFCON was held 
August 8-10, 2019, in Las Vegas, NV, and drew more than 25,000 
participants from around the world. DEFCON participants have broad 
interest in technology, and include security researchers from industry, 
Government, and academia, as well as individual hobbyists.
    For the last 3 years, DEFCON has featured a Voting Machine Hacking 
Village (``Voting Village'') to give participants an opportunity to 
examine and get hands-on experience with the security technology used 
in U.S. elections, including voting machines, voter registration 
databases, and election office networks. I am one of the organizers of 
the Voting Village.\9\
---------------------------------------------------------------------------
    \9\ Organizers of the DEFCON Voting Village include the author as 
well as Harri Hursti, Margaret MacAlpine, and Jeff Moss.
---------------------------------------------------------------------------
    The voting machines available in the Voting Village included a 
variety of DRE, optical scan readers, ballot marking devices and 
electronic poll books from a range of commercial vendors. We acquired 
(from the surplus market) and made available to participants a sampling 
of different pieces of election hardware, including both DRE and 
optical scan voting machines as well as ``poll book'' devices used by 
used by precinct workers to verify and check in voters at polling 
places. Every model machine currently at the Voting Village is still 
certified for use in U.S. elections in at least one jurisdiction today.
    The DEFCON Voting Village is not intended to be a formal security 
assessment or test, but rather an opportunity for a general audience of 
technologists to examine election equipment and systems. However, 
participants are encouraged to critically examine and probe the 
equipment and software for vulnerabilities, and to seek practical ways 
to compromise security mechanisms. No proprietary information or 
computer source code is made available.
    The results of the Voting Village are summarized each year in 
detail in a report.\10\ It is notable that participants, who 
overwhelmingly do not have any previous special expertise in voting 
machines or access to any proprietary information about them, have been 
very quickly able to find ways to compromise every piece of equipment 
in the Village by the end of the weekend. Depending on the individual 
model of machine, participants have found ways to load malicious 
software, gain access to administrator passwords, compromise recorded 
votes and audit logs, or cause equipment to fail. In most cases, these 
attacks could be carried out from the ordinary interfaces that are 
exposed to voters and precinct poll workers.
---------------------------------------------------------------------------
    \10\ The current Voting Village final report is available at: 
https://media.defcon.org/DEF%20CON%2027/voting-village-report-
defcon27.pdf.
---------------------------------------------------------------------------
    The ease with which participants compromise equipment in the Voting 
Village should be regarded as at once alarming and yet also 
unsurprising. It is alarming because the very same equipment is in use 
in polling places around the United States, relied on for the integrity 
of real elections. But it is also ultimately unsurprising. Versions of 
many of the machines at DEFCON had been examined in the 2007 studies 
and found to suffer from basic, exploitable security vulnerabilities. 
It should not come as any surprise that, given access and motivation, 
people of ordinary skill in computer security would be able to 
replicate and expand on these results. It is, in fact, precisely what 
the previous studies of these devices warned would happen.
    In summary, the DEFCON Voting Village demonstrates that much of the 
voting technology used in the United States is vulnerable not just to 
hypothetical expert attack in a laboratory environment, but also to 
practical analysis, manipulation, and exploitation by non-specialists 
with only very modest resources.
    iii. us election systems are not engineered to resist national 
                              adversaries
    The traditional ``threat model'' against which electronic voting 
systems have been evaluated has been largely focused on resisting 
traditional election fraud, in which domestic conspirators, perhaps 
assisted by corrupt poll workers or election officials, attempt to 
``rig'' an election to favor a preferred candidate in a local, State, 
or National contest. Fraud might be accomplished by altering votes, 
adding favorable votes, deleting unfavorable votes, or otherwise 
compromising the security mechanisms that protect the ballot and tally.
    While virtually every study of electronic voting technology has 
raised questions about the ability of current systems to resist serious 
efforts at fraud, traditional election fraud is not the only kind of 
threat, or even the most serious threat, that a voting systems must 
resist today.
    Electronic voting systems must resist not only fraud from corrupt 
candidates and supporters, but also election disruption from hostile 
nation-state adversaries. This is a much more formidable threat, and 
one that current systems are far less equipped to resist.
    The most obvious difference between traditional election fraud by 
corrupt domestic actors and disruption by hostile state actors is the 
expected resources and capabilities available to each. The intelligence 
services of even small nations can marshal far greater financial, 
technical, and operational resources than would be available to even 
highly sophisticated criminal conspiracies. For example, intelligence 
services can feasibly conduct advance operations against the voting 
system supply chain. In such operations, the aim might be to obtain 
confidential source code or to secure surreptitious access to equipment 
before it is even shipped to local election officials. Hostile 
intelligence services can exploit information and other assets 
developed broadly over extended periods of time, often starting well 
before any specific operation or attack has been planned.
    But their greater resources are not the most important way that 
hostile state actors can be a more formidable threat than corrupt 
candidates or poll workers. They also enjoy easier goals. The aim of 
traditional ``retail'' election fraud is to tilt the outcome in favor 
of a particular candidate. That is, to succeed, the attacker must 
generally alter the reported vote count or add, change, or delete 
votes. But a hostile state actor--via an intelligence service such as 
Russia's GRU--might be satisfied with merely disrupting an election or 
calling into question the legitimacy of the official outcome. With 
election systems so heavily dependent on demonstrably insecure software 
and voting equipment, this kind of disruption could be comparatively 
simple to accomplish, even at a National scale.
    A hostile state actor who can compromise even a handful of county 
networks might not need to alter any actual votes to create widespread 
uncertainty about an election outcome's legitimacy. It may be 
sufficient to simply plant suspicious (and detectable) malicious 
software on a few voting machines or election management computers, 
create some suspicious audit logs, delete registered voters from the 
rolls, or add some obviously spurious names to the voter rolls. If the 
preferred candidate wins, they can simply do nothing (or, ideally, use 
their previously-arranged access to restore the compromised networks to 
their original states, erasing any evidence of compromise). If the 
``wrong'' candidate wins, however, they could covertly reveal evidence 
that county election systems had been compromised, creating public 
doubt about whether the election had been ``rigged''. This could easily 
impair the ability of the true winner to effectively govern, at least 
for a period of time.
    Electronic voting machines and vote tallies are not the only 
potential targets for such attacks. Of particular concern are the back-
end systems that manage voter registration, ballot definition, and 
other election management tasks. Compromising any of these systems 
(which are often connected, directly or indirectly, to the internet and 
therefore potentially remotely accessible) can be sufficient to disrupt 
an election while the polls are open or cast doubt on the legitimacy of 
the reported result. The decentralization of election operations, 
managed by thousands of individual local offices throughout the Nation 
(with widely-varying resources) is sometimes cited as a strength of our 
electoral process. However, this decentralization can be turned to the 
adversary's advantage. An attacker can choose arbitrarily from among 
whatever counties have the weakest systems--those with the least secure 
software or most poorly defended networks and procedures--to target.
    It is beyond the scope of my testimony to speculate on specific 
intrusions that occurred against State and local election management 
systems in the 2016 U.S. general election, much of which remains 
Classified or under investigation. It has been reported that voter 
registration management systems in at least several States were 
targeted for exploitation and access. It is unclear whether voting 
machines or tallying systems were also targeted. However, targeting and 
exploiting such systems would have been well within the capability of 
any major rival intelligence service.\11\
---------------------------------------------------------------------------
    \11\ For a comprehensive discussion of technical attacks against 
our election infrastructure in 2016, see the Report of the Select 
Committee on Intelligence, US Senate on Russian Active Measures in the 
2016 US Election, Vol 1. https://www.intelligence.senate.gov/sites/
default/files/documents/Report_Volume1.pdf
---------------------------------------------------------------------------
    In summary, the architecture of many current electronic voting 
systems, especially those that employ DRE voting machines, makes 
disruption attacks an especially attractive option for our foreign 
adversaries--and especially difficult one to effectively defend 
against. These systems can give hostile actors interested in disruption 
an even easier task than that facing corrupt candidates seeking to 
steal even a small local office. And the consequences of election 
disruption strike at the very heart of our National democracy.
iv. recommendations: all u.s. elections should employ paper ballots and 
                          risk-limiting audits
    It is perhaps tempting to conclude pessimistically that election 
technology in the United States is fatally flawed, leaving our Nation 
irreparably vulnerable to election fraud and foreign meddling. But 
while it is true that the current situation exposes us to significant 
risk, it is by no means hopeless or beyond repair. Relatively simple, 
and available, technologies can be deployed that render our elections 
significantly more robust against attack.
    While electronic voting machines do indeed suffer demonstrably 
fundamental weaknesses, some electronic voting technologies are 
significantly more resilient in the face of compromise than others. The 
most important feature required is that there be a reliable record of 
each voter's true ballot selections that can be used as the basis for a 
post-election audit to detect and recover from failure or compromise of 
the software or hardware.
    Among currently available, HAVA-compliant voting products, the only 
systems that meet this requirement are those that employ optical scan 
paper ballot technology. In such systems, the voter fills out a 
machine-readable paper ballot form (possibly with the aid of an 
assistive ballot marking device for language-, visually- and mobility-
impaired voters), that is then deposited into a ballot scanning device 
that reads the ballot choices, maintains an electronic tally, and 
retains and secures the marked paper ballots for subsequent audit. 
After the polls close, the electronic tally records are read from each 
ballot scanner and preliminary results calculated.
    The paper records of votes that precinct-counted optical-scan 
systems provide are a necessary, but not by themselves sufficient, 
safeguard against software. As noted above, even non-DRE systems can 
suffer from flaws and exploitable vulnerabilities in the voting machine 
and back-end software. The second essential safeguard is a systematic 
and reliable process for detecting whether the software has reported 
incorrect results, and to recover the true results if so.
    The most reliable and well-understood method to achieve this is 
through an approach called risk-limiting audits.\12\ In a risk-limiting 
audit, a statistically significant randomized sample of ballots are 
manually checked by hand and the results compared with the electronic 
tally. (This must be done for every contest, not just those with close 
results that might otherwise call for a traditional ``recount''.) If 
discrepancies are discovered between the manual and electronic tallies, 
additional manual counts are conducted. The effect of risk-limiting 
audits is not to eliminate software vulnerabilities, but to ensure that 
the integrity of the election outcome does not depend on the herculean 
task of securing every software component in the system. This important 
property is called strong software independence.\13\
---------------------------------------------------------------------------
    \12\ A good introduction to the theory and practice of risk-
limiting audits in elections can be found at https://
www.stat.berkeley.edu/?stark/Preprints/RLAwhitepaper12.pdf.
    \13\ See Ron Rivest. ``On the notion of `software independence' in 
voting systems''. Phil. Trans Royal Society A. Volume 366 Issue 1881. 
October 28, 2008. http://rsta.royalsocietypublishing.org/content/366/
1881/3759.
---------------------------------------------------------------------------
    Optical scan paper ballots and risk-limiting audits comprise a 
critical, and readily deployable, safeguard against both traditional 
election fraud and nation-state disruption. Taken together, they permit 
us to more safely enjoy the benefits of computerized election 
management, without introducing significant new costs or requiring the 
development of speculative new technology. The technology required for 
this is available today, from multiple vendors, and is already in use 
in many States.
    As important as paper ballots and risk-limiting audits are, 
however, they are not panaceas that solve every threat to our 
elections. It is also critical that the State and county back-end 
computer networks and systems used for election management and voter 
registration be vigilantly protected against compromise. As we saw in 
2016, hostile adversaries might attempt to breach not just voting 
machines, but also back-end election management systems and voter 
registration database systems, which are often connected, directly or 
indirectly, to the internet.
    It is no exaggeration to observe that State and local election 
officials serve on the front lines of our National cybersecurity 
defense. They must be given sufficient resources, infrastructure, and 
training to help them effectively defend their systems against an 
increasingly sophisticated--and increasingly aggressive--threat 
environment. It is notable that the budgets for election administration 
often must compete for resources with essential local services such as 
fire protection and road maintenance. Election management represents 
only a miniscule fraction of the total National spending on political 
campaigns. Additional investment here will pay significant dividends 
for our security.
    By analogy, we do not make the county sheriff responsible for 
defending against ground invasions by foreign military forces. Yet that 
is precisely the role into which we have placed our local county IT 
administrations in defending our election infrastructure against 
electronic attacks. Just by doing so, we have set them up for failure.
    Simply put, much of our election infrastructure remains vulnerable 
to practical attack, with threats that range from traditional election 
tampering in local races to large-scale disruption by National 
adversaries. We should take no comfort if such attacks have not yet 
been widely detected. At best, it is only because, for whatever reason, 
serious attempts have not yet been made. Given the potential rewards to 
our adversaries, it is only a matter of time before they will.
    National-level investment in safeguards such as those described 
above serve our democracy in critically important ways. They can 
provide a significant improvement to election security, both in our 
ability to resist attack and in our ability to recover from attacks 
when they occur. Perhaps most importantly, they provide meaningful 
assurance to voters that their ballots truly count and that their 
elected officials are governing truly legitimately. Our republic cannot 
long survive without the confidence that comes from that assurance.

    Mr. Richmond. Thank you, Dr. Blaze.
    We have votes that have been called. There is a minute and 
48 seconds left on us to vote. There is still 282 people who 
have not voted.
    But what we will do is we will go into recess right now; we 
will go vote. There is probably going to be 1 vote--at most, 2 
votes. So we will come back and resume immediately when votes 
are over.
    So with that we will stand in recess.
    [Recess.]
    Mr. Richmond. I will now call the committee back to order, 
and I will recognize Ms. Badanes for 5 minutes to summarize her 
testimony.
    Thank you for your patience.

   STATEMENT OF GINNY BADANES, DIRECTOR, STRATEGIC PROJECTS, 
             DEFENDING DEMOCRACY PROGRAM, MICROSOFT

    Ms. Badanes. Absolutely. Chairman Richmond, Ranking Member 
Katko, and Members of the subcommittee, thank you for the 
opportunity to testify today on the important topic of campaign 
security. My name is Ginny Badanes, and I am the director of 
strategic projects for Microsoft's Defending Democracy Program.
    Our team works globally with a variety of stakeholders to 
preserve and protect electoral processes, protect campaign 
organizations from cyber-enabled threats, and defend against 
disinformation campaigns.
    Microsoft has several initiatives to achieve these goals. 
But my testimony today will focus on our efforts to increase 
the cybersecurity and resilience of campaign organizations.
    To address how campaigns can protect themselves, it is 
helpful to first understand the threats that they are up 
against. Campaigns face a unique challenge when it comes to 
securing themselves. Most campaigns have limited budgets, and 
even more limited cybersecurity expertise. Yet they can face 
outsize threats and a symmetry that can harm our democratic 
process.
    Microsoft's work to protect campaign organizations builds 
upon our broader experience in assessing and tracking 
cybersecurity threats. The Microsoft Threat Intelligence 
Center, known as MSTIC, has focused on tracking nation-state 
adversaries for more than a decade. We provide notification to 
customers when an on-line service account has been targeted or 
compromised by a nation-state actor that we are tracking.
    As a technology provider with many customers in this space, 
we believe we have an obligation to do more to support 
campaign's efforts to protect themselves. For that reason, we 
now offer services specifically designed to assist the campaign 
community.
    In August of last year we began offering a free service 
called Account Guard, which provides campaign customers of our 
email and productivity tools with additional security support. 
We did this for 2 reasons.
    First, we wanted to address the reality that threat actors 
do not only attack the enterprise accounts of their targets. 
They go after personal accounts of staff, as well. For that 
reason, Account Guard customers have the option to also enroll 
their personal Microsoft email accounts, such as Hotmail or 
Outlook. This optional enrollment provides our threat 
monitoring team with valuable information about what might 
otherwise appear to be a standard consumer account. More 
importantly, it allows us to notify the individual and the 
organization quickly if we identify a threat actor targeting 
that personal account.
    Second, we recognize that campaigns might not be equipped 
to receive a nation-state attack notification. While the 
information can be very valuable, it doesn't serve much purpose 
if the recipient isn't sure what to do with the information 
that they receive. For that reason, in addition to informing 
the customer about an attack, we also include information about 
what to do next, especially if the attack resulted in a breach. 
This additional communication ensures that notifications reach 
the right person within the organization, and that they can 
turn that information into action.
    We have also created a new version of our email and 
productivity tools just for campaigns. We did this based on 
feedback that sophisticated security tools aren't realistic on 
a campaign budget, and that setting them up was too difficult 
for the typical campaign IT staff. So we made Microsoft 365 for 
Campaigns available this past summer. This allows campaigns to 
access security tools at a much lower cost, and provides non-
technical users with, essentially, an easy button to turn on 
key security features.
    While new tools and free services are helpful, they don't 
address the most impactful thing that campaigns can do to 
protect themselves, and that is to educate their team about 
cybersecurity hygiene. That is why we provide a variety of 
cybersecurity trainings in person, as well as on-line, tailored 
to the specific needs of the campaign community. We encourage 
campaigns to do the basics, such as turn on two-factor 
authentication, use better password management, use a cloud 
service provider, and use secure communication platforms.
    In conclusion, Congress plays a critical role in securing 
our campaign organizations and elections. In addition to the 
recommendations made by my fellow witnesses, Congress also can 
contribute to a multi-stakeholder approach that addresses the 
threats themselves. We believe that combating attacks at the 
root will require a joint effort, from private-sector actors 
such as Microsoft, as well as State, local, and Federal 
Governments, civil society, academia, and campaign 
organizations themselves.
    Campaigns face the threat of capable, well-funded, and 
agile adversaries. While there is much they can do to protect 
themselves, we have seen first-hand that they benefit from 
assistance from the private sector, and they would certainly 
benefit from Congressional and Executive branch leadership and 
multi-stakeholder engagement, especially around establishing 
international norms to discourage nation-state attacks against 
our democratic institutions.
    Thank you, and I look forward to your questions.
    [The prepared statement of Ms. Badanes follows:]
                  Prepared Statement of Ginny Badanes
                           November 19, 2019
    Chairman Richmond, Ranking Member Katko, Members of the 
subcommittee, thank you for the opportunity to testify today on the 
important topic of campaign security.
    My name is Ginny Badanes and I am the director of strategic 
projects for Microsoft's Defending Democracy program. We focus on 
advocating for and contributing to the stability and security of 
democratic institutions globally. In a non-partisan manner, our team 
works with a variety of governmental and non-governmental stakeholders 
in democratic countries to achieve the following goals:
   Explore technological solutions to preserve and protect 
        electoral processes and engage with Federal, State, and local 
        officials to identify and remediate cyber threats;
   Protect campaign organizations from hacking through 
        increased cyber resilience measures, accessible and affordable 
        security tools, and incident response capabilities; and,
   Defend against disinformation campaigns in partnership with 
        leading academic institutions and think tanks dedicated to 
        countering state-sponsored digital propaganda and falsehoods.
    Though the Defending Democracy team undertakes several initiatives 
in pursuit of these goals, my testimony today will focus on our efforts 
to increase the cybersecurity and resilience of campaign organizations.
                   threats to campaign organizations
    To address how campaign organizations can protect themselves, it is 
helpful to first understand the threats that they are up against. 
Campaign organizations face uniquely challenging circumstances when it 
comes to securing themselves. Outside of a handful of Presidential 
campaigns, many campaign organizations often have limited technology 
budgets and usually even more limited cybersecurity expertise. Yet, 
they can face outsized threats, an asymmetry that can have detrimental 
effects on our democratic processes. Campaign organizations are like 
technology startups with enterprise cybersecurity needs.
    Microsoft's work to protect campaign organizations and democratic 
institutions broadly builds upon the company's experience in assessing 
and tracking cybersecurity threats. The Microsoft Threat Intelligence 
Center (MSTIC) has focused on tracking nation-state actors for more 
than a decade. We provide notification to customers, including 
election-sensitive customers, when an on-line service account has been 
targeted or compromised by a nation-state actor that we are tracking. 
We continuously track these global threats, building this intelligence 
into our security products to protect customers and using it in support 
of our efforts to disrupt threat actor activities through direct legal 
action or in collaboration with law enforcement. But let's be clear--
cyber attacks continue to be a significant weapon wielded in cyber 
space. In some instances, those attacks appear to be related to on-
going efforts to attack the democratic process.
    In the past year, Microsoft notified nearly 10,000 customers, 
including campaign organizations,\1\ that they have been targeted or 
compromised by nation-state attacks. About 84 percent of these attacks 
targeted our enterprise customers, and about 16 percent targeted 
consumer personal email accounts. This data demonstrates the 
significant extent to which nation-states continue to rely on cyber 
attacks as a tool to gain intelligence, influence geopolitics, or 
achieve other objectives.
---------------------------------------------------------------------------
    \1\ New Cybersecurity Threats require new ways to protect 
democracy. https://blogs.microsoft.com/on-the-issues/2019/07/17/new-
cyberthreats-require-new-ways-to-protect-democracy/.
---------------------------------------------------------------------------
    Based upon the threats we are tracking, most of the nation-state 
activity in recent months originated from actors in 3 countries--
Iran,\2\ North Korea, and Russia.\3\ We have also seen activity by 
actors operating from China, but not at the same volume as the actors 
in these 3 nations. These actors have targeted a variety of industries 
including a number of stakeholders that are important to political 
dialog and democratic processes, including think tanks, universities, 
diplomatic entities, journalists, current and former Government 
officials, and campaign staff.
---------------------------------------------------------------------------
    \2\ Recent Cyberattacks Require Us All To Be Vigilant. https://
blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-
require-us-all-to-be-vigilant/.
    \3\ New Cyberattacks Targeting Sporting and Anti-Doping 
Organizations. https://blogs.microsoft.com/on-the-issues/2019/10/28/
cyberattacks-sporting-anti-doping/.
---------------------------------------------------------------------------
                     microsoft & campaign security
    Recognizing the unique needs of campaign organizations, Microsoft 
offers services to help them increase their cybersecurity and 
resilience.
   On-line account security protection
   Security guidance, on-going education, and training
   Microsoft 365 for Campaigns
                  on-line account security protection
    In August 2018, Microsoft instituted enhanced cybersecurity 
services for campaign users of Office 365 and free consumer email 
services. With more than 60 million users of its paid Office365 (O365) 
cloud-based productivity software and free Outlook.com and Hotmail.com 
web-based e-mail services, Microsoft found itself in a unique position 
to protect election-sensitive users of its products against such 
hacking. To that end, Microsoft requested and received an advisory 
opinion from the Federal Election Commission (FEC) confirming that 
Microsoft may offer a package of free enhanced on-line account security 
protections at no additional charge on a nonpartisan basis to its 
election-sensitive customers. The Advisory Opinion concluded that the 
provision of such services is not a prohibited in-kind contribution 
under campaign finance law.\4\
---------------------------------------------------------------------------
    \4\ FEC Advisory Opinion 2018-11, https://www.fec.gov/files/legal/
aos/2018-11/2018-11.pdf.
---------------------------------------------------------------------------
    Until this advisory opinion, the FEC had not robustly addressed the 
provision of cybersecurity services to political campaigns and National 
committees. In response, this advisory opinion sparked a series of 
similar requests for approval \5\ from cybersecurity firms to provide 
cybersecurity services to Members of Congress, political campaigns, and 
National committees at reduced costs or at no cost at all.
---------------------------------------------------------------------------
    \5\ FEC Advisory Opinion 2018-15 (approving Senator Wyden's request 
to use campaign funds for cybersecurity expenses), https://www.fec.gov/
data/legal/advisory-opinions/2018-15/; FEC Advisory Opinion 2018-12 
(approving the provision of free cybersecurity resources to candidates 
and political party committees, by nonprofit corporation and its 
private-sector sponsors and partners), https://www.fec.gov/files/legal/
aos/2018-12/2018-12.pdf.
---------------------------------------------------------------------------
    The Microsoft service is called AccountGuard,\6\ and it serves 2 
primary functions.
---------------------------------------------------------------------------
    \6\ Microsoft AccountGuard, https://www.microsoftaccountguard.com/
en-us/.
---------------------------------------------------------------------------
    (1) Cross-Account Notifications.--We recognize that threat actors 
        do not only attack the enterprise accounts of their targets, 
        they go after the target's personal accounts as well. We 
        provide AccountGuard customers with the ability to enroll the 
        personal Microsoft email accounts (Hotmail.com, Outlook.com) of 
        staff and other affiliates of their organization. This optional 
        enrollment provides our threat monitoring team with valuable 
        information about what might otherwise appear to be a typical 
        consumer account. More importantly, it allows us to notify the 
        individual and organization quickly if we identify a threat-
        actor targeting that personal account.
    (2) Nation-State Attack Enhanced Monitoring.--If an AccountGuard 
        customer is targeted by a nation-state actor that we track, the 
        team provides customers with additional services and 
        notification. In addition to informing them about the attack, 
        we include information about what to do next, especially if the 
        attack resulted in a breach. This additional communication 
        ensures that notifications reach the right person within an 
        organization.
    Since the launch of AccountGuard we have uncovered attacks 
specifically targeting organizations that are fundamental to democracy. 
We have steadily expanded AccountGuard to political campaigns, 
political parties, think tanks, and democracy-focused non-governmental 
organizations (NGO's), in 26 countries across 4 continents. While this 
service is relatively new, we've already made over 900 notifications of 
nation-state attacks targeting organizations participating in 
AccountGuard. This data shows that democracy-focused organizations in 
the United States should be particularly concerned as 95 percent of 
these attacks have targeted U.S.-based organizations. By nature, these 
organizations are critical to society but have fewer resources to 
protect against cyber attacks than large enterprises.
    Many of the democracy-focused attacks we've seen recently target 
NGO's and think tanks and reflect a pattern that we also observed in 
the early stages of some previous elections. In that pattern, a spike 
in attacks on NGO's and think tanks that work closely with candidates 
and political parties, or work on issues central to their campaigns, 
typically serves as a precursor to direct attacks on campaign 
organizations and election systems themselves. Similar attacks occurred 
in the U.S. Presidential election in 2016 and in the last French 
Presidential election. In 2018 we detected attacks targeting, among 
others, U.S. Senate offices, and think tanks associated with key issues 
at the time.\7\ Earlier this year we saw attacks targeting democracy-
focused NGO's in Europe close to European elections.\8\ As we head into 
the 2020 elections, given both the broad reliance on cyber attacks by 
nation-states and the use of cyber attacks to specifically target 
democratic processes, we anticipate potential attacks targeting U.S. 
election systems, campaign organizations, or NGO's that work closely 
with campaign organizations.
---------------------------------------------------------------------------
    \7\ ``Microsoft Says It Stopped Cyberattacks on Three 2018 
Congressional Candidates'', Time, July 19, 2018: https://time.com/
5343585/microsoft-candidate-cyberattacks/.
    \8\ ``New steps to protect Europe from continued cyber threats'', 
Feb. 20, 2019,
https://blogs.microsoft.com/eupolicy/2019/02/20/accountguard-expands-
to-europe/.
---------------------------------------------------------------------------
    Our adversaries have a stated goal of seeking to diminish the 
confidence of our citizens in the processes that are at the very core 
of our democracy. We should anticipate that we will see more attacks on 
our election processes in 2020 in furtherance of this goal.
            security guidance, on-going education & training
    Informed by our observations about campaign challenges, Microsoft 
provides in-person cybersecurity trainings tailored to the specific 
needs of the campaign community regardless of whether there is any 
formal relationship with Microsoft.\9\ These trainings cover the basics 
of cybersecurity hygiene and highlight many of the best practices 
recommended by our partners at Harvard Belfer Center in their 
Cybersecurity Campaign Playbook.\10\ To date, we've trained over 1,000 
political professionals in 13 countries with our security workshop 
trainings.
---------------------------------------------------------------------------
    \9\ We acknowledge these security solutions and on-going trainings 
depend on the campaign organizations and individuals having access to a 
smart phone or to broadband connectivity. Microsoft notes that 
broadband connectivity is also an urgent National problem that we are 
committed to helping solve. We've contributed to this effort through 
our Microsoft Airband Initiative, a 5-year commitment to bring 
broadband access to 3 million unserved Americans living in rural 
communities by July 2022. Microsoft is partnering with a number of 
local providers across the United States to offer new broadband 
services where there is no option or affordable alternative.
    \10\ Cybersecurity Campaign Playbook, https://www.hks.harvard.edu/
publications/cybersecurity-campaign-playbook.
---------------------------------------------------------------------------
    In addition to the in-person trainings, we conduct webinars focused 
on specific cybersecurity topics of interest to campaign organizations. 
Just this week, for example, Microsoft security experts are hosting 2 
webinars representative of our training efforts in this area. One helps 
non-technical election-sensitive customers learn how to protect their 
user accounts. We will cover topics such as common attack vectors, 
multi-factor authentication, credential hygiene, and identity best 
practices. The other webinar helps information technology (IT) 
professionals in the election-sensitive space learn technical best 
practices and tools available to them to secure their organization's 
environment.
    Finally, all our AccountGuard customers receive monthly guidance 
from us. This guidance highlights stories of relevance, provides best 
practices, and promotes better cybersecurity hygiene across their 
organization.
                      microsoft 365 for campaigns
    Campaign organizations are fast-moving environments that face 
significant security threats from nation-state actors and criminal 
scammers--much like large enterprises. However, unlike enterprises, 
campaign organizations often must ramp up and down quickly, vary in 
their ability to hire dedicated and experienced IT staff, and have 
unpredictable budgets.
    While the AccountGuard service is a step in the right direction to 
help protect campaign organizations facing these challenges, we 
recognized that we could do more to provide this community with access 
to secure, reliable, accessible, and affordable software. For those 
reasons, Microsoft recently announced the availability of Microsoft 365 
for Campaigns.\11\
---------------------------------------------------------------------------
    \11\ ``Protecting political campaigns from hacking'', May 6, 2019: 
https://blogs.microsoft.com/on-the-issues/2019/05/06/protecting-
political-campaigns-from-hacking/.
---------------------------------------------------------------------------
    First, to address the constrained budgets of campaign 
organizations, we have used our non-profit pricing model for this 
offering so campaign organizations can get access to software at a 
significantly reduced rate.
    Second, to address the problem of ease of use for non-technical 
users, we have streamlined the configuration and set-up of high-impact 
security settings. With only a click or two, customers can now turn on 
recommended security features to create a secure baseline from which to 
operate their campaign organization.
    Just a few examples of the settings that can now be automated--
   Enabling multi-factor authentication.--A second layer of 
        security for sign-ins.
   Turning on Office 365 Advanced Threat Protection.--A service 
        that protects emails, links, and files from phishing and 
        malware attacks.
   Providing device protection.--Secures access to sensitive 
        data on mobile devices using a service called Microsoft 
        Intune.\12\
---------------------------------------------------------------------------
    \12\ Microsoft InTune, https://www.microsoft.com/en-us/microsoft-
365/enterprise-mobility-security/microsoft-intune.
---------------------------------------------------------------------------
    This offering derives from our Microsoft 365 Business product, 
which is tailored to small and medium businesses. That means campaign 
customers can now access the high-end security capabilities typically 
leveraged by enterprise customers, enjoy easier deployment of those 
features, and do so at an affordable rate.
        other ways campaign organizations can protect themselves
    While we encourage innovation in this area, campaign organizations 
can best protect themselves by employing basic hygiene.\13\ A few 
examples of how that can be achieved:
---------------------------------------------------------------------------
    \13\ Your Pa$$word Doesn't Matter. https://
techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-
word-doesn-t-matter/ba-p/731984.
---------------------------------------------------------------------------
   Password management.--In 2016, Microsoft saw over 10 million 
        username/password pair attacks every day. This gives us a 
        unique vantage point to understand the role of passwords in 
        account takeovers.\14\ Despite general awareness of the 
        importance of using unique passwords to secure data, users 
        admitted to reusing the same password 62 percent of the time 
        for multiple accounts as recently as a year ago.\15\ As a 
        result, we train campaign organizations to use strong unique 
        passwords and more importantly, to use password managers to 
        generate them.
---------------------------------------------------------------------------
    \14\ Microsoft Password Guidance by the Microsoft Identity 
Protection Team. https://www.microsoft.com/en-us/research/wp-content/
uploads/2016/06/Microsoft_Password_Gui- dance-1.pdf.
    \15\ See eg. Passwords Reuse Abound Recent Survey Shows. https://
www.darkreading.com/informationweek-home/password-reuse-abounds-new-
survey-shows/d/d-id/1331689.
---------------------------------------------------------------------------
   Two-factor authentication.--We encourage campaign 
        organizations to use a 2-step authentication source like a 
        phone app or a physical key for all accounts.
   Using a cloud service provider.--We encourage campaign 
        organizations to leverage cloud services for email, documents, 
        and infrastructure and avoid public or anonymous sharing.
   Using a secure communications platform.--For sensitive data, 
        Microsoft encourages campaign organizations to use encrypted 
        communications channels and avoid using public Wireless 
        Fidelity (Wi-Fi) channels for accessing sensitive information.
                            emerging threats
    Earlier this fall, director of the Cybersecurity and Infrastructure 
Security Agency (CISA), Chris Krebs drew attention to the threat of 
ransomware attacks against our local governments and the impact that 
could have on our elections if executed against voter registration 
systems close to, or on, election day.\16\ We agree this is a risk that 
deserves attention from all election security stakeholders. Voter 
registration databases (some of the same systems targeted in 2016), are 
vulnerable because they are some of the only election sensitive systems 
that are regularly connected to the internet. We are currently 
exploring how we can work with Government and others in the tech 
community to continue to raise awareness of this threat while also 
providing additional solutions to protect against ransomware. Basic 
security recommendations in this context include using modern 
technology, setting up two-factor authentication for all relevant 
accounts, creating secure back-ups, and engaging in exercises to ensure 
rapid restoration of data in the event of an attack.
---------------------------------------------------------------------------
    \16\ ``CISA Director's Outlook on Ransomware'', Aug 23, 2019: 
https://www.politico.com/newsletters/morning-cybersecurity/2019/08/23/
cisa-directors-outlook-on-ransomware-5g-more-727286.
---------------------------------------------------------------------------
    An additional emerging threat is the increased potential for bad 
actors to use artificial intelligence to create malicious synthetic 
media, better known as ``Deepfakes''. Advances in synthetic media have 
created clear benefits; for example, synthetic voice can be a powerful 
accessibility technology, and synthetic video can be used in film 
production, criminal forensics, and artistic expression. However, as 
access to synthetic media technology increases, so too does the risk of 
exploitation. Deepfakes can be used to damage reputations, fabricate 
evidence, and undermine trust in our democratic institutions. To help 
guard against this challenge, Microsoft has established clear 
principles that govern its use and deployment of synthetic media and 
other artificial intelligence, including fairness, inclusiveness, 
reliability & safety, transparency, privacy & security, and 
accountability. Furthermore, Microsoft has engaged with partners in 
academia, civil society, and industry to work together to advance best 
practices for the ethical use of AI. One such effort includes a recent 
``Deepfakes Detection Challenge'' we helped launch together with 
Facebook and the Partnership on AI, a technology industry consortium 
focused on best practices for AI systems, which invites researchers to 
build new technologies that can help detect deepfakes and manipulated 
media.
                          what congress can do
    When conducting trainings for political parties and campaign 
organizations in democracies around the world, we always encourage 
leadership of those organizations to attend the sessions alongside 
their teams. While leaders may not have a technical background, they 
play an incredibly important role when it comes to their organization's 
cyber health: Setting the culture.
    Similarly, Congress plays a critical role in securing our campaign 
organizations and elections. By holding this hearing on the 
cybersecurity health of campaign organizations and the election space 
more broadly, the committee is contributing to the culture of security 
that is necessary to ensure a more secure environment.
    Beyond culture-setting, Congress also can contribute to a multi-
stakeholder approach to addressing the threats themselves. We believe 
that combatting attacks will require a joint effort from private-sector 
actors such as Microsoft, as well as State, local, and Federal 
Governments, civil society, academia, and campaign organizations 
themselves.
    Cyber attacks, especially ransomware attacks, are increasingly 
targeting State and local authorities, including for example, Atlanta 
(GA), Baltimore (MD), Cleveland (OH), Greenville (NC), Imperial County 
(CA), Stuart (FL), Augusta (ME), Lynn (MA), Cartersville (GA). Most 
recently there was an attack on over 20 government entities in Texas. 
Overall, we can reasonably expect that the situation will only get 
worse. Importantly, these and other attacks are increasingly leveraging 
sophisticated tools that are developed by governments, creating a 
dangerous ecosystem of cyber weapons and requiring adoption of 
international norms for responsible behavior on-line. Microsoft 
advances support for the adoption and observance of such norms.
    Microsoft supports the multi-stakeholder approach taken by the 
Paris Call for Trust and Security in Cyber Space.\17\ It reaffirms a 
number of norms and principles established in other forums, including 
at the U.N. Group of Governmental Experts on Developments in the Field 
of Information and Telecommunications in the Context of International 
Security (UN-GGE), and at the G7 and G20, respectively. Importantly, 
the Paris Call includes a comparatively new principle to protect 
electoral processes from foreign interference--``Strengthen our 
capacity to prevent malign interference by foreign actors aimed at 
undermining electoral processes through malicious cyber activities.''
---------------------------------------------------------------------------
    \7\ Paris Call for Trust & Security in Cyber Space: https://
www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/
france-and-cyber-security/article/cybersecurity-paris-call-of-12-
november-2018-for-trust-and-security-in.
---------------------------------------------------------------------------
    However, what truly distinguishes the Paris Call is that it 
recognizes that a multi-stakeholder approach is essential to achieve 
success. The Call has so far been endorsed by over 1,000 signatories, 
the largest coalition of signatories ever in support of a cybersecurity 
document: 74 governments, 357 civil society and public sector 
organizations, and 607 industry members all agreeing to 9 core 
principles to govern conduct in cyber space. Microsoft was one of the 
private-sector signatories and we will continue to advocate that all 
governments agree to observe the 9 principles of the Call.
    While we are here today to discuss campaign organizations, we'd be 
remiss not to address other ways Congress can support securing our 
elections. In our discussions with voting officials around the country 
we have learned that consistent and reliable funding over time will 
best enable election officials to plan ahead, purchase new equipment 
rather than letting outdated systems remain active, and invest in the 
kind of cybersecurity training and staffing that we expect of all 
critical infrastructure owners and operators. Our adversaries are 
relentless and well-resourced. To ensure we can maintain defenses, our 
State and local voting officials need a durable source of Federal 
financial support so that the most secure technology can be deployed 
rapidly to ensure our vote is protected. The stewardship of our 
democracy demands nothing less.
                               conclusion
    Campaign organizations face the threat of capable, well-funded, and 
agile adversaries. Organizations of any size would struggle to be 
prepared for these challenges, but the size and nature of campaign 
organizations makes them especially vulnerable. There is a lot that 
campaign organizations can do to protect themselves. They can create a 
culture of cyber awareness, encourage everyone associated with the 
campaign organization to turn on two-factor authentication on all their 
accounts (personal as well as organizational), and be aware of phishing 
campaigns. These are the most important actions campaign organizations 
can take to protect themselves. But they need additional help. They 
will benefit from industry partners providing access to tools that 
support these efforts. They will benefit from NGO's like Defending 
Digital Campaigns and Cyberdome who can help filter and provide tools 
at affordable rates. And finally, they would benefit from Congressional 
and Executive branch leadership in multi-stakeholder engagement, 
especially around establishing international norms to discourage 
nation-state attacks against our democratic institutions.

    Mr. Richmond. The gentlelady yields back. Thank--I want to 
thank the witnesses for your testimony.
    I will remind each Member that he or she will have 5 
minutes to question the panel. I will now recognize myself for 
opening questions.
    Let me start where we just finished, with Ms. Badanes. You 
heard me mention the Louisiana ransomware attack on our 
secretary of state, and it appears it was the business side of 
that office, as opposed to the election side.
    But you mentioned in your testimony that ransomware attacks 
against election infrastructure--how has Microsoft seen this 
threat grow, No. 1?
    No. 2, how can the private sector assist our local 
governments in securing sensitive election systems?
    You mentioned the campaign, so--the infrastructure.
    Ms. Badanes. Thank you for the question. This is a topic 
that Microsoft has been aware of for a long time, ransomware, 
generally, an issue. We tend to agree with Director Krebs of 
CISA, who has pointed out recently that ransomware attacks, if 
timed a couple weeks before an election or, indeed, the week of 
an election, could have dramatic effects on the results of the 
election.
    As you discussed in your opening statements, it could do 
things like tying up the voter registration database, sowing 
chaos when people go to try and vote. It could also, depending 
on the timing, make it difficult or impossible to deliver 
ballots, or the ballot formats in the right--at the right time. 
So it is a real concern.
    The reason that we address it--and why I believe Director 
Krebs has, as well--as a potential emerging threat, is because 
we have seen it happen in large and small cities in the recent 
past. So clearly, we have seen this in Baltimore and Atlanta, 
and lots of other places. Then, of course, the information that 
just came out this morning about what was happening in 
Louisiana.
    So it is a big concern. It is one that we are working with 
our partners in Government, DHS in particular, to think through 
what steps can be taken to form a resilient response. Because 
the reality is these systems will remain vulnerable, as long as 
there are people trying to attack it. But if they have 
resilient plans in place, they can respond accordingly.
    Mr. Richmond. Thank you.
    General Taylor, over the last couple years, since 2016, we 
have put an enormous amount of time from this committee into 
looking at our election infrastructure. We learned in 2016 that 
our adversaries can exploit cybersecurity vulnerabilities in 
campaign organizations to steal information and spin a divisive 
narrative.
    How can campaigns help serve as a line of defense against 
foreign influence in our elections?
    General Taylor. Well, thank you for the question, Mr. 
Chairman.
    I think the important thing is recognizing that they are a 
target, first, and that they need to invest in cybersecurity. 
Part of what U.S. CyberDome is attempting to provide to them 
free of charge is expert-level capability to protect 
themselves.
    As I mentioned in my remarks, campaigns are not built to--
with cybersecurity expertise. They--and the nature of the 
threat that is coming at them requires a very sophisticated 
understanding of how that threat is manifesting itself. That 
can only be done by security experts, cybersecurity experts, 
and campaigns just don't have those kinds of people, routinely. 
They are startups only together for 1 or 2 years, at most, and 
can't invest in those kinds of capabilities.
    Mr. Richmond. Thank you. Mr. Stengel, in the beginning of 
your book you stated that disinformation doesn't create 
divisions, it amplifies them. We know the Russians' influence 
of campaigns fed off of conflict, manipulating discussions on 
race relations, gun control, global warming, among others, to 
turn Americans against each other.
    How do we equip voters to understand when public debate is 
being manipulated by the Russians or some other adversary to 
undermine U.S. interests?
    Then the second part of that would be how can we de-
politicize the conversation about disinformation and foreign-
influenced campaigns all together?
    Mr. Stengel. Thank you for that question, Mr. Chairman. In 
my book I talk about what the Internet Research Agency did in 
the last few weeks, in particular before the election, where 
they focused on African American voters.
    What I meant about that disinformation doesn't create 
division, it amplifies it, they were trying to get African 
American voters not to vote. There was a bunch of tweets to 
people who followed the site that they created, called 
Blacktivist, which was created, of course, from St. Petersburg, 
to black voters saying, ``Don't wait in line to vote, vote at 
home.'' They were trying to get black voters not to vote. They 
were trying to get voters to vote for minority candidates. Joel 
Stein, for example.
    So they can suppress people's votes, they can increase 
enthusiasm or decrease it. They are not really going to change 
people's minds.
    Again, the issue of disinformation is one that people have 
to be aware of. The first line of defense is the fact that we 
are actually talking about it now, and that people have to be 
skeptical of the information that they get, and they need to 
have some kind of media literacy, where they check the 
information against other sources. Ultimately, that is what the 
Russians try to do, not so much get people to believe their 
point of view, which they don't have, but to make them doubt 
the voracity of everybody else.
    Mr. Richmond. Thank you. My time is up. I will yield back, 
and I will now recognize the Ranking Member of the 
subcommittee, the gentleman from New York, Mr. Katko.
    Mr. Katko. Thank you, Mr. Chairman, and thank you all. I 
have about 30 minutes of questions, but I know I only have 5, 
so I will get through as much as I can.
    Ms. Badanes, a lot of questions I would like to ask you, 
but first of all, on your computer laptop you have a sticker 
that says, ``Protect 2020.'' Could you briefly explain what 
that represents? Because I know what it does. What was 
Microsoft's interaction with 2020, if anything?
    Ms. Badanes. Sure. Well, I have a couple stickers here that 
were actually produced by DHS with CISA. Protect 2020 
represents an initiative by lots of different stakeholders. To 
protect our elections we need participation from governments, 
private sector, academics. It is really going to be a 
collaborative effort.
    So they are very generous with giving out their stickers, 
so that all of us who are part of that effort can display how 
much we care about this.
    Mr. Katko. What is Microsoft's role in that effort?
    Ms. Badanes. We have a variety of initiatives. We have some 
security initiatives, obviously, for campaigns, as I mentioned 
in my opening statement. But we also do work around election 
security. We actually have an open source software development 
kit, where we are inviting people to come in and use it in 
their elections, to ensure that a voter's vote makes it all the 
way through. So we have several initiatives that we are doing.
    We try and identify places where Microsoft fits, where our 
resources and our knowledge and people are a good fit to fill 
some gaps.
    Mr. Katko. It is a free tool that local election officials 
can use. But is it fair to say we only have about 25 percent of 
the local official agency--election agencies using that tool?
    Ms. Badanes. Currently, it is not used by anyone. It is an 
open source, and we want to have some pilots.
    Mr. Katko. I am thinking of something else, then, I am 
sorry.
    Ms. Badanes. OK.
    Mr. Katko. Whatever it is. But I know something with CISA, 
where 25 percent of the people are not taking up with CISA's 
free assistance----
    Ms. Badanes. Oh----
    Mr. Katko [continuing]. To give them assistance with their 
local elections. That--I am concerned that--why they wouldn't 
be taking up--it is a free advice, and they get free 
notification updates as to security vulnerabilities, and they 
are not using them. I just--for the life of me, I can't 
understand why.
    Ms. Badanes. I am not sure.
    Mr. Katko. Yes, OK. Well, Mr. Blaze, I know we have had 
some discussions with you in the past, and you have described 
the election security vulnerabilities as follows. Basically, no 
matter what we do, it is never going to be perfectly secure, 
but there is ways you can minimize the risks.
    So obviously, making sure the machines that actually do the 
tabulation are off-line, and they have a separate, verifiable 
way--usually it is through paper, but maybe some other ways, as 
well, but generally through paper--so we have a recording of 
the actual vote.
    Then, you want--I think you said in your testimony, and I 
have heard you say it before--the risk-limiting audit is a 
great tool to go back and do. Now, the concern I have is 
something General Taylor mentioned, and some others alluded to. 
A lot of these local election agencies don't have the funding 
to do what we need them to do. So I would like to hear from you 
all as to what we should be doing in that regard, because 
whether it is a risk-limiting audit or other types of audits 
you can do afterward, having the paper trail and going back and 
doing the spot checks, to me, is the only way to really ensure 
the integrity of the numbers and the tabulations.
    Some jurisdictions are better than others. But again, a lot 
of them do not participate--are not able to do this. So what 
can we do to fill that gap? I would like to hear from any of 
you.
    Mr. Blaze. So I will start off by saying that I agree with 
you completely, and there is wide variance among the thousands 
of election administrators throughout the country in capability 
and funding and interest.
    You know, one thing that we can do is, you know, infuse 
funding specifically to replace voting equipment with those 
that use paper ballots to conduct risk-limiting audits, to 
share experience----
    Mr. Katko. The problem is, I think--I don't want to 
interrupt you, because we are short on time, but--a lot of 
jurisdictions will get the funding, but they will choose not to 
do risk-limiting audits, they will put it into hardware.
    So what--just briefly, if you can, I want to give the 
others an opportunity, as well--what can we do?
    Mr. Blaze. Right.
    Mr. Katko. What should we be doing?
    Mr. Blaze. Well, we have to recognize in any funding 
initiative that the audit step is at least equally important.
    Mr. Katko. OK, OK.
    Mr. Blaze. That is absolutely critical.
    Mr. Katko. OK. Mr. Stengel, General? Anybody want to add 
anything to that?
    Mr. Stengel. No, go ahead.
    General Taylor. You know, I think of this, Mr. Katko, as--I 
look at the defense industrial base and how long it took that 
organization, those organizations to really kind-of realize 
what the threat is. I don't think--I think this is a long-term 
strategy. I think the investment that you have made in funding 
for CISA's election security is a huge step in the right 
direction.
    I think they have done an excellent job of getting the 
confidence of the Secretaries of State. I think, over time, 
that will filter down. But it is a long, tedious process. But 
as we set the standards and best practices, I am confident it 
will roll to the--to every level of our election 
infrastructure.
    Mr. Katko. OK. Anybody like to offer----
    Mr. Stengel. I would only say I am the disinformation guy, 
not the campaign security guy.
    [Laughter.]
    Mr. Stengel. While you can harden election voting systems, 
it is very hard to harden anything to prevent disinformation, 
in part because people welcome it. It is part of confirmation 
bias.
    Mr. Katko. Right. That is part of the problem here. People 
have to understand that there is election interference, but 
that--which we know is going on right now, and that is what you 
are trying to stop.
    But then we also have what we are all concerned with, is 
them actually hacking into the tabulations. We haven't seen 
that yet, and that is what we are trying to guard against. They 
are certainly trying to do it, and that is why we need to have 
these risk-auditing procedures, to make sure that those numbers 
have integrity.
    But I thank you all and yield back the balance of my time.
    Mr. Richmond. The gentleman from New York yields back. I 
will now recognize the gentleman from Rhode Island, Mr. 
Langevin, for 5 minutes.
    Mr. Langevin. Thank you, Mr. Chairman. I want to thank our 
witnesses for your testimony today.
    There is certainly no greater responsibility we have than 
to protect our elections, if we are going to protect our 
democracy. I appreciate the work you are doing in helping us to 
get to a better place.
    Mr. Stengel, I will start with you, if I could. In your 
testimony you mentioned that--the rise of domestic 
disinformation is becoming an even greater threat than external 
disinformation campaigns, as we approach 2020.
    So I wanted to ask you, and you can please elaborate, on 
why you are saying domestic disinformation is becoming a threat 
now, and why you assess it a greater threat and scope than the 
external campaigns like the Russian interference that much of 
the focus has been on.
    Mr. Stengel. So one of the organizations that I am 
affiliated with is the Digital Forensics Lab at the Atlantic 
Council, and they evaluate that there has been a very large 
increase in domestic disinformation.
    When you think about it, even if you talk about the 100,000 
items that the Internet Research Agency placed on Facebook, or 
the more than 10 million tweets, it--they--it gets leverage, 
and it gets virality from Americans, not from other Russians. 
Yes, the Russians have a bunch of bots, but all of this is 
picked up by American users, and then it is amplified, and that 
creates the volume, domestically, which is actually larger than 
the disinformation that is created by the Russians and other 
actors.
    Mr. Langevin. But was it started externally and just--are 
you saying amplified it internally, or are you talking about it 
is----
    Mr. Stengel. Yes, so----
    Mr. Langevin. Generated by some organized internal effort?
    Mr. Stengel. It is--the foreign stuff is started 
externally, and then it is amplified internally. But there is 
plenty of domestic disinformation from all kinds of fringe 
groups on the right and the left, and a lot of experts believe 
that the domestic space--domestic disinformationists will 
actually ultimately dwarf the foreign disinformationists.
    Mr. Langevin. So in your testimony--continuing on with you, 
Mr. Stengel--you testified that democracies just aren't very 
good at combating disinformation. I certainly--I agree. One of 
the things that I focused on, along with one of our new Members 
of the subcommittee, Ms. Slotkin, is building resilience to 
disinformation, much as we have built resilience to cyber 
attacks or acts of terror.
    So can you please elaborate on how you believe we can build 
resilience? What does digital literacy education look like? How 
can we teach digital literacy to Americans of all ages, 
including older Americans who are already out of school?
    You know, I understand the idea of, you know, debate and 
discourse, but this is something different than we are talking 
about. How do we build in this resilience to disinformation?
    Mr. Stengel. Yes, I mean, the--I agree with the thrust of 
your question.
    One of the things I found in Government, as a person who 
used to create content, is that countering content by us is 
often counter-productive. People are not receptive to it, and 
we are the enemy that they are already attacking.
    I do think digital literacy and information literacy is 
something that should be taught in the schools. I suggest that, 
actually, the platform companies should be financing those 
kinds of lesson plans. There are a number of organizations, 
non-profits, that teach digital literacy and media literacy. I 
think, in the future, we will look at the fact that we didn't 
teach this in schools as silly as not teaching computer 
programming.
    So part of it is this--the resilience is to make people a 
little bit more skeptical. I think the fact that we are talking 
about it, about disinformation in general, is the first line of 
defense because it makes people a little bit wary of the 
information that they do get. That is, in fact, a good thing.
    Mr. Langevin. Critical thinking is the--I think the key 
here. But thank you for that perspective.
    Dr. Blaze, Professor Blaze, good to see you again. You 
mentioned in your testimony that hostile state actors can be 
particularly formidable, because their goal may simply be to 
disrupt an election or call into question its legitimacy, 
instead of electing a particular candidate. I agree with that 
concern.
    Unfortunately, we know that Russia succeeded in causing 
voters to lose confidence in the election system in 2016. What 
steps can we take to maintain voters' confidence in our 
elections, even in the case of disruption? How can we restore 
lost confidence in our system? Are these solutions largely 
technical, or are there policy or strategic communications 
avenues that we should be pursuing?
    Mr. Blaze. Well, certainly there are, you know, policy 
components to all of this. My expertise is on the technological 
things we need to do.
    What I would strongly advocate is that we harden the 
systems as best we can so that, by the use of things like hand-
marked paper ballots and risk-limiting audits conducted 
routinely, election officials have a good answer when people 
question the legitimacy of the outcome. We can say we are doing 
rigorous techniques that give us high assurance and high 
confidence in the outcome of the election, in spite of the 
inevitable weaknesses and inevitable attacks against them.
    Similarly, we need to harden things like voter registration 
databases, procedures for handling provisional ballots and so 
forth, so that when disruptions occur, we can recover from them 
quickly enough so that there is no question about whether 
people were able to vote in the first place. Those are, you 
know, critical technical safeguards that serve as a foundation 
for the policy initiatives that you discussed.
    Mr. Langevin. Thank you. I know my time has expired, but 
thank you all for your testimony here today. Your perspective 
is very helpful.
    Thank you, Mr. Chairman. I yield back.
    Mr. Richmond. The gentleman from Rhode Island has yielded 
back. The gentleman from Texas, Mr. Taylor, is now recognized 
for 5 minutes.
    Mr. Taylor. Thank you, Mr. Chairman. I appreciate the 
witnesses being here.
    Professor Blaze, I really appreciated your testimony. I 
just wanted to ask one question. So you are recommending that 
we go to a paperless--recommend we get rid of paperless DRE 
voting machines and go to precinct-counted optical scan 
ballots. So that is your recommendation, right?
    Mr. Blaze. That is correct. I should point out that is not 
merely my recommendation.
    Mr. Taylor. Oh, sure.
    Mr. Blaze. A National Academies report represents the 
consensus of experts on this, the foundation of that----
    Mr. Taylor. If--what is a realistic projection to try to 
implement that at the Federal level? I mean, is that something 
we could do for the next--for the primaries in March? Is that 
something we could do for the general election next fall? Is 
that something that we could do over a 4-year period, 6-year 
period? Do you have any projection for kind-of what would be a 
reasonable time frame to get that done?
    Mr. Blaze. Some States are already using the technology 
that is needed, so that is great. Other States are not. There 
is certainly some lead time in--for purchasing, for training, 
and for ultimate deployment.
    You know, I think, certainly, the primaries--for any State 
not using that equipment right now, the primaries are a pretty 
aggressive goal to have.
    The general election is also an aggressive goal, but it is 
not one that is out of the question to achieve, if we have a--
if we have, as we should, a strong interest in doing so.
    Mr. Taylor. But--OK. Maybe--if you haven't put pen to 
paper, I am not trying to put you in a box. Have you put pen to 
paper on this, or is this just kind of a recommendation?
    Mr. Blaze. Well, it is--you know, it is highly variable 
from jurisdiction to jurisdiction. So it is hard to generalize 
about how to deploy it----
    Mr. Taylor. You are fine. Again, I am not trying to put you 
in a box. Just--different people have different ideas on how 
long it takes to do these--some of these things, and some of 
them are really--it is a big ask, right, to do every voting 
machine in America and change it over?
    I appreciate that you haven't--I think it is probably fair 
you don't know, which is fine. I don't know, either. But I 
think I would certainly want to give it a few years to try to 
do something of this magnitude.
    Your comments on voter registration on page 3 of your 
written testimony, there is an implicit supposition within a 
voter registration--that you are saying that voter registration 
is important. Is that a fair statement?
    Mr. Blaze. Certainly the integrity of the voter 
registration databases is absolutely critical to conducting----
    Mr. Taylor. OK.
    Mr. Blaze [continuing]. High-integrity elections.
    Mr. Taylor. So, you know, in my home State of Texas, we 
require--people can mail in voter registration, but they 
actually have to vote in person and be verified that it really 
is a human being, and not, you know, someone trying to steal an 
election by mailing in 100 voter registrations and get 100 
mail-in ballots, and then fill those back in.
    So a system of voter--so we have voter registrars in Texas. 
We--so we have a series of checks to try to make sure there 
isn't fraud, which I assume you would believe would--fraud 
undermines a belief in the election system. Is that a fair 
statement?
    Mr. Blaze. Absolutely. I think we are fortunate that 
studies have shown that fraud at the individual voter level is, 
fortunately, quite rare.
    Mr. Taylor. Well, that may be your experience, but 
certainly not mine.
    So what I--but just going back to trying to stop fraud, so 
again, in Texas we have a very--a system for trying to stop 
fraud on a voter registration basis. Do you think we should 
throw out that system? Should we throw out the voter 
registration systems in all the States, and sort-of let people 
register however they would choose?
    Mr. Blaze. Well, you know, I certainly think that making it 
easy for people who are authorized to vote to become part of 
the voter rolls is a critical function of any election system.
    Mr. Taylor. Does it make sense to have----
    Mr. Blaze. And----
    Mr. Taylor [continuing]. Some mechanism----
    Mr. Blaze. And----
    Mr. Taylor. Does it make sense to have a mechanism to make 
sure that voters are really voters, and not people trying to 
steal elections?
    Mr. Blaze. That is certainly one of the roles of each 
State, to----
    Mr. Taylor. So that is a yes?
    Mr. Blaze [continuing]. To perform.
    Mr. Taylor. It makes sense to stop people from stealing 
elections, or we should just throw open--get rid of the 
registrar system in this country and let anybody who wants--let 
anybody register anybody?
    Mr. Blaze. Well, it ultimately is a risk management 
question. So I think, in order to properly answer that--and it 
is, you know, a bit outside of my own expertise--we would have 
to, you know, weigh the expected amount of fraud, which, as I 
understand it, is relatively small, but that is, again, not my 
area, against the benefit of making it easier for people to 
vote.
    Mr. Taylor. So should we get rid of States' provisions for 
protecting the voter registration system or not?
    Mr. Blaze. Well, the--you know, I think----
    Mr. Taylor. That is a yes-or-no question.
    Mr. Blaze. I will defer to the National Academies study on 
the precise recommendation----
    Mr. Taylor. So you don't know?
    Mr. Blaze. [continuing]. Managing voter registration 
databases.
    Mr. Taylor. What do you----
    Mr. Blaze. I am here to discuss--and my expertise is on--
the technical protections----
    Mr. Taylor. But your--you are testifying in writing that 
you think that voter registration is important to protect, 
right?
    Mr. Blaze. Absolutely.
    Mr. Taylor. OK. Should we have laws to protect that, or 
not?
    Mr. Blaze. Well, of course, we should have laws to protect 
that.
    Mr. Taylor. Thank you.
    Thank you, Mr. Chairman. I yield back.
    Mr. Richmond. The gentleman's time has expired. I now 
recognize the gentlewoman from Illinois, Ms. Underwood.
    Ms. Underwood. Thank you, Mr. Chairman. I am really excited 
to take part in this committee's third hearing this Congress 
centered on election security. I greatly appreciate the 
commitment and leadership shown by both Chairman Thompson and 
Chairman Richmond, who recognize the present and growing threat 
foreign adversaries pose to our most sacred democratic 
institutions.
    On-line disinformation is one of those growing threats as 
we approach the 2020 election. Last year, for the first time 
ever, more Americans got their news from social media than they 
did from print newspapers.
    So to Mr. Stengel, what should social media companies be 
doing to prevent attempts to sow disinformation on their 
platforms, and are they doing it?
    Mr. Stengel. Yes, I would just note that you can get news 
from the New York Times and the Washington Post on your phone, 
as well.
    But I do recommend--and I wasn't explicit about it in my 
testimony, but I think amending the Communications Decency Act, 
particularly section 230, to give the platform companies 
liability for the content that they publish.
    Right now they are not considered publishers. They have 
complete immunity from everything that they have. As I say, 
they can't have the same liability that a newspaper has, or a 
magazine, just in part because of the volume. But they need to 
make a good-faith effort, a reasonable effort, to take off 
different types of content that violate their terms of service. 
I would argue hate speech, demonstrably false speech, deep 
fakes don't have a role in our elections.
    Ms. Underwood. And----
    Mr. Stengel. They need to have liability for taking that 
stuff down.
    Ms. Underwood. OK. So my constituents, like many others in 
the country, want to learn more about how they can increase 
their social media literacy. So could you answer this question 
that was submitted by one of my constituents?
    Can you clearly describe the difference between 
misinformation and disinformation?
    Mr. Stengel. Yes. I would define the difference as follows: 
Disinformation is deliberately false information meant to 
deceive; misinformation can be just a mistake. It is not 
necessarily deliberate, although it can be. Disinformation is 
the much more dangerous and damaging version of that.
    Ms. Underwood. From your point of view, it is the 
disinformation that is being used by the foreign adversaries on 
the social media platforms.
    Mr. Stengel. Yes, the Russian disinformation, which we are 
very familiar with, was false information designed to deceive. 
Part of the reason disinformation is effective is it often has 
a kernel of truth in it. It is not completely made up out of 
whole cloth, it is a combination of fact and fiction.
    Ms. Underwood. Mr. Blaze, thank you and DEFCON Voting 
Village for organizing the informational briefing last month 
for Members of Congress. I appreciate your efforts to call 
attention to the security gaps present in way too many of our 
voting machines used across the country.
    What more do you believe voting equipment vendors need to 
be doing to reduce vulnerabilities?
    Mr. Blaze. Well, first of all, thank you so much for having 
us.
    The--you know, ultimately, vendors have 2 roles here. First 
is it is critically important that they be responsive, and 
welcome reports of vulnerabilities and reports of bugs and 
problems in their system, and rapidly turn that around into 
defenses against those well-known vulnerabilities. We have seen 
the--since 2007, the same vulnerabilities present in deployed 
systems used for live elections, and there is really no reason 
that those cannot have been fixed by now.
    But second, vendors--I would urge vendors to produce 
systems in accordance with the recommendations of the National 
Academies study, which very firmly reject DRE technology that 
is still being produced, still being sold by the major voting 
vendors, even though we understand that it cannot be adequately 
secured, and we cannot perform risk-limiting audits on it.
    Ms. Underwood. Thank you.
    Mr. Stengel, as a former senior State Department official, 
you have been on the front lines of dissecting and analyzing 
how foreign governments and other non-state actors are 
weaponizing information. We also just heard the Ranking Member 
inquire about the appropriations, and how much money the 
Federal Government is appropriating.
    In a field hearing in my district last month we had an 
expert sitting on a panel like this testify that the United 
States would need to spend $2.2 billion in order to properly 
secure Federal elections ahead of 2020, and we have seen news 
reports of Senator McConnell being willing to appropriate 10 
percent of that, $250 million.
    Based on your expertise, do you feel this administration's 
response and preparations for the upcoming 2020 election are 
sufficient? If not, what improvements would need to be made?
    Mr. Stengel. Again, I am not an expert in election 
security, but from--even from the premise of your question, I 
think we don't spend nearly enough on election security. In 
fact, we don't make elections easy for people to vote in, 
whether that is changing the date to a weekend, whether that is 
opening several days.
    I do think it is quite extraordinary, when you think of 
the--you know, the marketing budget of a company like Proctor 
and Gamble, it is probably $25 billion, and we spend less than 
$1 billion on our own election, it shows what we value and what 
we don't value.
    Ms. Underwood. Sure. The 2020 election is now less than a 
year away, and we must not be caught off guard. I appreciate 
all the witnesses for being here today to offer your 
recommendations and work to ensure elections are secure.
    I yield back.
    Mr. Richmond. The gentlelady from Illinois has now yielded 
back. I will now recognize the gentlewoman from Texas, Ms. 
Jackson Lee.
    Ms. Jackson Lee. Thank you, Mr. Chairman, and thank you to 
the full committee Chair, Ranking Member, subcommittee Ranking 
Member. This is a very important hearing.
    It is good to see you again, Mr. Stengel, and thank all of 
you for your work here in the--here at the--in the Government, 
Federal Government, that some of you have worked in in the 
past.
    Let me say how serious this hearing is. Probably to ensure 
that democracy thrives, we probably need to have these meetings 
almost every other day.
    Let me frame my questions from the perspective of 2 points 
that I want to make. It is general knowledge, and in the recent 
impeachment investigations even stated, that Russia intends to 
investigate--excuse me, to interfere with the 2020 elections.
    Mr. Stengel, I just want to go to you, having experience in 
the State Department, and being an avid expert on international 
issues. Do you have any knowledge of Ukraine's involvement in 
the 2016 election?
    Mr. Stengel. I do not.
    Ms. Jackson Lee. Do you have knowledge of the--in the 
general arena of information--that the intelligence community 
documented that Russia interfered in the 2016 election?
    Mr. Stengel. Yes. I mean that is absolutely indisputable, 
and we saw that both from Classified sources and non-Classified 
sources.
    Ms. Jackson Lee. So let me go to General Taylor. Thank you 
very much. Let me go to General Taylor.
    Thank you, welcome. It is good to see you again. I have 
been on this committee since the heinous act of 9/11. I have 
seen superior [sic] and consistent Secretaries of Homeland 
Security. We may have had a policy difference here and there, 
but I have seen the Department take its rightful role in 
securing the Nation.
    Certainly we know that we can improve from 2016, but tell 
me what the state of DHS is as we go into the 2020 elections, 
in terms of its capability, staffing, leadership on this very 
vital issue of election security, in your opinion.
    General Taylor. In my opinion, Congresswoman, the most 
heartening thing I see in DHS around this issue of election 
security is CISA, and the investment that this committee has 
made in making CISA more capable of addressing this issue, and 
the work that CISA has done to build confidence in the 
secretaries of state, and down to the State and local election 
officials. So----
    Ms. Jackson Lee. Do we have the staffing and the 
orderliness that we need, going into 2020, in this Department 
now?
    General Taylor. I think we have a huge start. But as you 
have mentioned, this is--to me, this is the same issue we face 
as we left 9/11. This is not going to happen overnight. It is 
going to happen with consistent investment over time, and 
confidence-building in our State and local officials that the 
Federal Government is here to help, not necessarily to get in 
the way.
    We have done that on counterterrorism. It has taken 15 
years. We can do it on election security. I think CISA is well 
on its way to getting that----
    Ms. Jackson Lee. You feel the staffing presently--I don't 
know if you have access to----
    General Taylor. I do not.
    Ms. Jackson Lee. So you cannot comment on the staffing that 
we presently have in DHS----
    General Taylor. I can only comment on the investment this 
committee----
    Ms. Jackson Lee. Right.
    General Taylor [continuing]. Has made----
    Ms. Jackson Lee. But not on the implementation.
    General Taylor. Correct.
    Ms. Jackson Lee. Thank you. Let me--thank you very much.
    Let me--Dr. Blaze, your expertise in what could happen, let 
me ask you whether you feel comfortable as to whether or not we 
are actually prepared for a disruption that we might not 
expect.
    I am introducing something called the failsafe elections 
bill that deals with paper ballots and other issues. But, in 
particular, it is to secure the technology, the attentiveness 
to the question of what could happen that were not expected. If 
you would--if I could yield to you on that question.
    Mr. Blaze. Well, I will say that, of course, we don't know 
what we don't know.
    But I will say that one thing we do know is that if there 
has not been a large-scale disruption or attack against our 
election infrastructure that has been successful, it is not 
because our systems are robust, but rather because nobody has 
seriously tried to do it.
    I think it is only a matter of time before our national 
adversaries turn their resources in earnest on us, and----
    Ms. Jackson Lee. Give us one thing--and so 2020 might be 
the year. We don't know. Give us your 1 or 2 that we really 
need to deal with in this short period of time, as we move to 
2020.
    Mr. Blaze. Vastly increased resources to protect State and 
local election infrastructure, rapid deployment of paper ballot 
voting machines, and risk-limiting audits.
    Ms. Jackson Lee. Mr. Stengel, my last point on the 
disinformation, I just want to be clear on what you said, 
because, as you well know, in past elections African Americans 
have been told that the election day is on Saturday, and in 
actuality it was on Tuesday. Absolutely disinformation to 
oppress, suppress the vote.
    Did you say that disinformation, the provider's obligation 
to take it down, they should be liable for it? Was that what 
you were saying, or----
    Mr. Stengel. I think disinformation----
    Mr. Richmond. The gentlelady is out of time. I will permit 
you to answer the question.
    Mr. Stengel. I think disinformation, which is deliberately 
false information that is meant to deceive, if it is proven 
false, if it is indisputably false and meant to deceive, yes, 
the platform company should take that down.
    Ms. Jackson Lee. Thank you so very much. I yield back.
    Mr. Richmond. The gentlelady yields back. We will do a 
second round of questioning, and I will yield 5 minutes to 
myself.
    General Taylor, Congresswoman Underwood asked the question 
of if we are doing enough, or if the administration and the 
Federal Government is doing enough on election security. Would 
you like to weigh in on that?
    General Taylor. As I said in answering Ms. Jackson Lee's 
question, I think we have begun a process that is going to take 
time to build the confidence in State and local election 
officials that we can benchmark each other and improve the 
cybersecurity status of our election systems.
    I have a great deal of confidence in Mr. Masterson over at 
CISA, and the work that he has done since he has been leading 
the election security effort there. I think it is developing 
good fruit. It is not--nowhere near where it needs to be over 
time.
    I don't think this is one--again, I think of it from a war 
on terrorism point of view, and it took us almost 15 years to 
develop the capacity to do what we have done here since 9/11. 
So I see it in that vein.
    Mr. Richmond. Ms. Badanes, let me ask you. In October 
Microsoft reported significant cyber activity by a threat group 
you called Phosphorous, which targeted a U.S. Presidential 
campaign. Can you tell us more about that cyber activity? No. 
1, how Microsoft found out about it, and No. 2, what did you do 
with that information?
    Ms. Badanes. Sure. There is a group at Microsoft called 
Microsoft Threat Intelligence Center. We call them MSTIC. For 
the last 10 years they have been, essentially, hunting nation-
state adversaries. They track a lot of their behavior and 
identify if they are attempting to target any of our customers.
    So recently they noticed that a group that we call 
Phosphorous, as you noted, who operates out of Iran, was 
targeting the individual personal consumer accounts of a lot of 
very interesting targets. They were current and former 
Government officials, members of the media, and, as you 
mentioned, a staffer for a Presidential campaign.
    Once they were able to confirm that information, and make 
sure that what they were seeing checked out with a few other 
sources, they then started notifying. So we notified the 
individuals who had been attacked, provided them with 
actionable information--in many cases, things that they could 
do to check their own logs themselves. Then we notified our 
friends and colleagues in Government to let them know the 
activity we were seeing.
    Then, the final step we took was actually talk about it 
publicly. We put out a blog post, where we described the action 
we were seeing, because we thought it was very important to be 
transparent when we see that kind of activity, especially the 
kinds of customers they were targeting.
    Mr. Richmond. Thank you. Let me ask the panel just some 
general questions. If you could just say yes or no, it would be 
very helpful.
    No. 1, it is universally agreed without much contradiction 
that Russia did, in fact, meddle in the 2016 Presidential 
election. Would you agree?
    General Taylor. Yes, sir.
    Ms. Badanes. Yes.
    Mr. Blaze. Yes.
    Mr. Stengel. They didn't meddle; they attacked our 
infrastructure and the core of our democracy.
    Mr. Richmond. Agreed. Second, and there are nation-state 
actors, and there are a lot of people out there that are trying 
to affect the 2020 election, from infrastructure to 
disinformation to our very voting machines. Would you agree 
with that?
    General Taylor. Yes.
    Mr. Blaze. Undoubtedly.
    Ms. Badanes. Yes.
    Mr. Stengel. Yes, and the Senate Intelligence Committee 
report said the Russians have done more since 2016 than they 
did leading up to 2016.
    Mr. Richmond. Would you also universally agree that the 
Federal Government has not put the resources there to combat 
and protect our very democracy that depends on fair, free 
elections, where every vote matters?
    Mr. Stengel. Yes.
    General Taylor. Yes.
    Mr. Blaze. Yes.
    Ms. Badanes. More could certainly be done.
    Mr. Richmond. Then let me ask you another question, because 
it always comes up from people about this rampant action by 
individual citizens to go vote who are not voters, and that 
there is some alleged rampant election fraud perpetrated by 
individuals.
    Has anyone seen or aware of a rampant effort by U.S. 
citizens to vote who may not be qualified to vote, or election 
fraud?
    Mr. Stengel. No.
    General Taylor. Not that I have seen.
    Mr. Blaze. Not that I am aware of.
    Ms. Badanes. It is not my area of expertise, but no.
    Mr. Richmond. I will just close with this. It is very 
important for the people in this country to believe in the 
elections that we have, and that the person who wins is the 
person who was supposed to win, and received the most votes in 
the regular election, or, in the case of a President, did in 
fact win the State so that they could win the electoral 
college.
    I want to thank you all for what you all are doing, the 
effort that you are putting forward, to make sure that you 
offer your subject-matter expertise to how we protect our 
elections, how to make sure they are fair, how to make sure the 
winner is the winner. So I just want to thank you all for 
coming.
    With that I will yield back and yield to the Ranking Member 
of the full committee, Mr. Katko.
    Mr. Katko. Thank you, Mr. Richmond. Those are great 
questions, I think, and they establish how serious the 
predicament we are in right now.
    A couple of quick questions for Mr. Blaze. If you can keep 
your answers really short, then I got a question for everybody. 
Mr. Blaze, just a point of clarification. About what percentage 
of voters in the United States have a paper ballot to--back-up 
system?
    Mr. Blaze. That number has, fortunately, been increasing. I 
don't have the precise number at my fingertips. I believe there 
are something like 19 States, currently, that don't use any 
form of paper.
    Mr. Katko. OK, all right. I wanted to just have you briefly 
explain what a risk-limiting audit is, and what the costs are 
involved in a risk-limiting audit.
    Mr. Blaze. All right. I will be as brief as I can. 
Essentially, a risk-limiting audit is a statistical technique 
for sampling ballots and comparing, by a human observation----
    Mr. Katko. After the election----
    Mr. Blaze. After the election, comparing by human 
observation what is printed on the ballot with what was 
recorded.
    To the--as you see more ballots that match, you gain more 
confidence that the machine tally showed you the correct 
election outcome. If you see mismatches you have to look at 
more ballots and compare them.
    Mr. Katko. The risk, of course--the problem is a lot of the 
local election districts simply don't have the manpower or the 
funds to do that. Correct?
    Mr. Blaze. That is right. Manpower, funds, experience, and 
mandate.
    Mr. Katko. OK. Now I want to ask a question for all of you, 
and I think I will start with Mr. Stengel, because you kind-of 
alluded to this a little bit, that Russia is, in particular, is 
refining their efforts in this regard.
    How has Russia's strategies evolved with respect to 
election interference in 2016, and what should we be most 
concerned with with what they are doing now that they didn't do 
in 2016?
    Mr. Stengel. Yes, I don't know the answer to the question 
of how--of what--of how the Russian strategy has evolved. What 
I do know is that the platform companies have taken down 
extraordinary amounts of content.
    There was an extraordinary story this past week that 
Facebook had eliminated 5.4 billion--that is B, with a B--fake 
accounts. I don't know how many of those were Russians, but 
certainly a significant number.
    The reporting that I have read about this--and I don't have 
access to the same intelligence I used to have--is that they 
are doing more microtargeting this time. They are looking at 
voters where there is already existing divisions, and trying to 
widen them and, again, sowing doubt about the integrity of the 
election. That is their ultimate goal.
    Mr. Katko. OK. Anybody else want to add to that?
    General.
    General Taylor. I agree. I think the one thing I learned in 
40 years of intelligence, if something works well, keep at it 
and get better at it. I think that is what the Russians learned 
in 2016, and they have--their efforts have continued to evolve 
to get more sophisticated and more effective.
    Mr. Katko. OK. Ms. Badanes, anything you want to add to 
that, or----
    Ms. Badanes. All I would add is it is important to note 
that they are likely not the only player in the game this time 
around. So, while the strategies of one adversary are 
important, from the protection standpoint the tactics are a lot 
of what we look at, how campaigns and election officials 
protect themselves regardless of who is coming after them.
    Mr. Katko. OK. So what have we done better that we didn't 
do in 2016? What have we done--we, being the election officials 
in the Federal Government--to help with the election officials? 
What have we done better?
    What--and then, last, what else can we do? So you can add 
that----
    General Taylor. I will start. When Secretary Johnson 
indicated that the election infrastructure would be part of 
our--critical infrastructure was the first step. I think the 
investment that Congress has made in CISA and CISA's 
activities, and the confidence that they built among state--
secretaries of state has been a huge step forward from where we 
started.
    I think you will recall when Secretary Johnson first 
designated elections as critical infrastructure, the pushback 
from the States was pretty significant. I think we have built a 
lot more confidence that the Federal Government is truly here 
to help, not to dictate how elections are run.
    Mr. Katko. Anybody else want to add to that?
    Ms. Badanes. I would just add that the communication 
amongst all the stakeholders has vastly improved. We recognize 
that in 2016, a lot of time, if something happened in a 
municipality, they didn't know who to call. They didn't know 
who to call at the FBI, DHS. If it was a platform company or a 
tech company, they weren't sure who to reach out to.
    Those communication lines are much stronger. There have 
been many tabletop exercises and other activities to ensure 
that people know how to respond if and when something does 
occur.
    Mr. Blaze. I will add to that that there is now consensus 
from technical experts on precisely what to do that didn't 
exist at the time the Help America Vote Act was passed. We 
are--have the benefit of pretty clear guidance from the 
National Academies report, for example, on precisely how to 
introduce new resources to better protect our elections.
    Mr. Stengel. I would only say that, in combating 
disinformation, which is different than what we are talking 
about here, I am not aware of anything that Congress or the 
Federal Government has done to combat disinformation.
    Mr. Katko. OK. I would yield back the balance of my time. 
Thank you.
    Mr. Richmond. The gentleman from New York yields back. I 
now recognize the gentlewoman from Illinois, Ms. Underwood, for 
5 minutes.
    Ms. Underwood. Thank you, Mr. Chairman.
    In Dr. Blaze's written testimony, you outlined a series of 
technical observations about the election infrastructure that 
we have in our country. I just wanted to just drill down on 
this point.
    Which do you think is the most vulnerable, ahead of 2020?
    Mr. Blaze. Well----
    Ms. Underwood. For a cyber attack.
    Mr. Blaze. Right. So I think the--aside from the voting 
machines, which have been discussed quite a bit, the protection 
of back-end infrastructure, particularly the voter registration 
databases that are used to produce the poll books that voters 
check in with on Election Day, are utterly critical to protect, 
and we have, literally, thousands of different election 
administrators all protecting them in slightly different ways.
    Ms. Underwood. That is so alarming to me. I am from 
Illinois. I represent a community in northern Illinois. That 
was exactly what got hacked for us in 2016. It was the on-line 
voter registration systems and some 76,000 Illinois voters, 
whose information was compromised.
    OK. So in General Taylor's written testimony, you went into 
some minimum standards for campaign cybersecurity. In your 
written testimony you said that there should be an incentive to 
spend certain dollars across the board amongst campaigns to 
incentivize each campaign to make those investments.
    I am just wondering if you wanted to expand for the 
committee about what you think that type of incentive should 
look like, or what those campaigns should be investing in, more 
specifically.
    General Taylor. Well, specifically, what I am referring to 
there is the fact that campaigns, by and large, are start-ups, 
and don't have the expertise or--to do sophisticated 
cybersecurity against the adversaries that they face.
    Ms. Underwood. Right.
    General Taylor. So the encouragement would be for them to 
work with a company or an organization like U.S. CyberDome to 
provide that expertise in a systematic way with funding from 
donors to our 401--501(c)(4) organization.
    So it is the investment in organizations like Microsoft or 
CyberDome that will provide those services free of charge to 
the campaigns that will raise the level of security that they 
will have, moving forward.
    Ms. Underwood. OK. Then also in your testimony, sir, your 
written testimony, you described how there is a bit of a 
shortage in qualified workers that have the experience required 
to do this type of sophisticated cyber defense on behalf of the 
United States electoral process. Just wondering if you wanted 
to comment on that.
    General Taylor. Certainly. It takes years of expertise to 
build the understanding of how the adversary works, and how to 
apply the tools of cybersecurity. A college graduate in 
cybersecurity is not going to have that expertise, and that is 
why we have tried to bring together folks with that kind of 
expertise to apply it to individual campaigns in a systematic 
way, as opposed to a haphazard way.
    Ms. Underwood. With experience, then, in playing cyber 
defense----
    General Taylor. And----
    Ms. Underwood [continuing]. Against the Russians, the 
Chinese, the Iranians----
    General Taylor. Exactly.
    Ms. Underwood [continuing]. And the other foreign actors 
that threaten our elections.
    General Taylor. Who have very significant experience in the 
defense area of cybersecurity and have applied those tools very 
successfully over the years.
    Ms. Underwood. So, with that in mind--thank you, General 
Taylor--Ms. Badanes--OK, yes, Badanes--could you comment, then, 
on Microsoft's ability to source that talent, given the 
relative lack of availability around the country?
    Do you feel that your company was able to recruit the 
individuals that do have the ability to play that type of cyber 
defense that the general was describing?
    Ms. Badanes. Sure. Microsoft is, actually, one of the most 
attacked companies in the world. So, when it comes to 
cybersecurity, it is something that we have had to take 
seriously for our own protection.
    We have been able to take our learnings from protecting 
ourselves, and also apply those to protecting our customers. 
That includes recruiting the talent that we need to both 
protect ourselves and also go into that front-line role of 
protecting our customers.
    Ms. Underwood. So those individuals, your cybersecurity 
professionals, then would have had previous experience?
    Ms. Badanes. In many cases. We have a lot of--real quick, 
previous experience?
    Ms. Underwood. Against these foreign adversaries that 
General Taylor was outlining, right?
    Ms. Badanes. Sure----
    Ms. Underwood. The Chinese, the Iranians, the Russians that 
have--are the known foreign actors that threaten----
    Ms. Badanes. Yes----
    Ms. Underwood [continuing]. Our election system.
    Ms. Badanes. In particular, the MSTIC team that we work 
with very closely recruits a lot of individuals from previous 
Government experience, where they faced similar threats.
    Ms. Underwood. Thank you. So, I mean, it is clear to me 
that if large technology companies like Microsoft have to go 
out and recruit these types of very experienced, talented 
individuals, that campaigns are not going to be able to do 
that. Certainly, States that barely have an IT person to manage 
the whole system dedicated to their board of elections or 
whatever, a secretary of state, they are not going to be able 
to recruit those people, too.
    So it sounds to me like we have a real work force issue, in 
addition to a lack of some standards and requirements.
    General Taylor. I think there is a work force issue across 
the board, in terms of cybersecurity, for the country. But more 
specifically, from our perspective, we believe that we can 
harness the expertise of the cybersecurity community, focus on 
campaigns----
    Ms. Underwood. Right.
    General Taylor [continuing]. And do so in a systematic way, 
which will provide better protection than hiring a--you know, a 
college graduate to be your cybersecurity person trying to take 
on the Russians.
    Ms. Underwood. Thank you for your testimony. I yield back.
    Mr. Richmond. The gentlelady from Illinois yields back. The 
gentlewoman from Texas, Ms. Jackson Lee, is recognized for 5 
minutes.
    Ms. Jackson Lee. Let me--again, let me thank the witnesses, 
and let me share with you these points if you can listen to 
this fact--points, and then I will raise some questions.
    The Russian General Staff Main Intelligence Director, GRU, 
is suspected by our intelligence agencies of having begun cyber 
operations targeting United States elections as early as March 
2016. They took on the persona of Guccifer 2.0, DCLeaks.com, 
and Wikileaks as the identities that would be reported as 
having involvement in the work that they had undertaken to 
undermine our Nation's Presidential election.
    Russia is blamed for breaching 21 local and State election 
systems, which they have studied extensively. In February 2018 
Special Counsel Robert Mueller released indictments of 13 
Russians, at least one of whom has direct ties to Russian 
President Vladimir Putin. The 37-page indictment details the 
actions taken to interfere with the U.S. political system, 
including the 2016 U.S. Presidential election.
    Among the charges, which include charges for obstruction of 
justice, are several especially notable details. The indictment 
states that 13 defendants posed as U.S. persons and created 
false U.S. personas and operated social media pages and groups 
designed to attract U.S. audiences.
    Dr. Blaze, are we better off now than we were pre-2016 and 
into 2016, as it relates to the operatives that we might 
expect--Iran, Russia, China?
    Mr. Blaze. Well, I think, in some sense, we are better off 
because we are discussing it, the fact that we are having these 
hearings. But on the other hand, 2016 could be seen as a 
demonstration of how successful this approach can be with very 
limited resources.
    So I think, in particular, this is--the experience of 2016 
provides great encouragement to even smaller National 
adversaries than the--those with the GRU at their disposal.
    Ms. Jackson Lee. Do you believe, when information counters 
documented intelligence reports that Russia was the entity that 
interfered in 2016, and representations from government 
officials keep utilizing Ukraine as having a server, or having 
been involved, does that give a sign of victory to our 
adversaries, when that kind of dialog is still going on?
    Mr. Blaze. If you are asking me, I think it is, you know, 
very important that our intelligence services be fully 
utilized, and their expertise listened to in building our 
defenses. So to the extent that we are distracted about these 
things, that only weakens us.
    Ms. Jackson Lee. Do you still maintain that we need to ramp 
up the monetary investment quickly to be able to be prepared 
for what we may not suspect might happen in 2020?
    Mr. Blaze. I think this is an urgent priority.
    Ms. Jackson Lee. Your comment, I think, 19 or 20 States 
don't have paper ballots?
    Mr. Blaze. That is right. I don't have the precise numbers 
at my disposal, but there are voters in a large number of 
States who still don't use paper----
    Ms. Jackson Lee. I count that as a crisis. That is about 
one-third of the 50 States that don't have paper ballots, that 
something disruptive could occur and they have no record.
    Mr. Blaze. I think we are--we have been very fortunate if 
something hasn't occurred yet.
    Ms. Jackson Lee. Secretary Stengel, again, we have, I 
think, operatives that think they are successful because, in 
the public sphere, there is a comment that Ukraine may have had 
a server, may have had something to do with 2016. Do you count 
that as disinformation at its paramount level? What else could 
be said, going into 2020?
    Mr. Stengel. Yes, Congresswoman, I think that is an example 
of disinformation. To go to your previous question, I think our 
adversaries regard it as a victory when they can get that kind 
of information in the digital bloodstream of the United States, 
and you have people in the Government not believing what our 
intelligence sources say is absolutely indisputable, and 
going--having recourse to some of this disinformation and 
strange theories that is--are not proven at all. I think our 
adversaries see that as a victory.
    Ms. Jackson Lee. With that in mind, let me just say--and 
let me thank the witness from Microsoft. Let me just quickly 
ask.
    You continue to shore up your system to protect against 
those who want to attack Microsoft, right? It is a daily, 
everyday basis.
    Ms. Badanes. Absolutely. It is a race without a finish 
line.
    Ms. Jackson Lee. So let me just say I think CISA is a very 
important new entity. But listening to all of the witnesses, I 
am almost saying that we should declare a war room. We are a 
couple of months out from the major Presidential primaries, 
with one party having any number of candidates. That is the 
crux of our democracy for the highest office in the land.
    I appreciate Dr. Krebs and his work, but I really believe 
that we need an effective war room working on behalf of the 
Federal Government and working with all the States. This is--
stakes are high, and this is going to be serious in 2020.
    I thank you all for the contribution you have made today.
    I yield back.
    Mr. Richmond. The gentlelady from Texas yields back. I will 
now recognize the gentleman from Ohio, Mr. Roy--Joyce.
    Mr. Joyce. I love Ohio, but I am from Pennsylvania.
    Mr. Richmond. Oh, I am sorry.
    Mr. Joyce. That is all right.
    Ms. Badanes, I think it is important that you, representing 
Microsoft, are here today. You discuss the work on protecting 
campaigns. But in your written testimony you mentioned that you 
work on election integrity. Can you elaborate on that work, 
please?
    Ms. Badanes. Yes, sure. Thank you for the question. So, as 
I mentioned in the testimony, our program is focused on 3 
pillars, which are actually quite similar to the hearing today. 
We focus on campaign security, disinformation defense, and 
election security.
    So when we approach that space, as I said earlier, one of 
the things we were looking for was identifying ways that our 
company uniquely could fit in and make a contribution. One 
thing that we have done is to encourage the work of Dr. Josh 
Benaloh, who actually contributed to the National Academies 
report, and is well-known in the election security community. 
He is a senior cryptographer in Microsoft Research, and he has 
created a concept called end-to-end verifiability in elections.
    So we have built out the code for that. It is now 
available, open-source, on what is called GitHub, which is a 
site where open source code lives, and we have invited vendors 
new and old to take that code and use it to make their system 
stronger. We are working with them actively to identify pilots 
where we can test that kind of application.
    Mr. Joyce. You also mentioned Account Guard and Microsoft 
365 for campaigns. Can you tell us about Election Guard, 
please?
    Ms. Badanes. Sure. So I actually didn't reference that the 
open-source software development kit is called Election Guard.
    Mr. Joyce. It is called Election Guard.
    Ms. Badanes. Yes, yes.
    Mr. Joyce. Can you go into some more details of how you can 
see that impacting the 2020 elections?
    Ms. Badanes. It will be difficult for it to be rolled out 
in time for the 2020 election in any notable way, other than a 
few pilots. However, the way that it impacts voters--and that 
is what we are really focused on--it comes down to that 
question of was my vote counted, can I trust that my vote made 
it all the way through?
    What end-to-end verifiability enables is a voter to cast 
their vote, take a tracking number back with them. That vote is 
now encrypted. Whether it is through a ballot marking device, 
or whether it is through hand-marked paper ballots into a 
scanner, it can be applied in lots of different ways.
    But the voter, at the end of the election, can check and 
make sure that their vote actually made it into the final 
tally. So it really is, ultimately, about voter confidence.
    Mr. Joyce. Can you elaborate on research and development at 
Microsoft? Do you consider this to be a field of development 
that Microsoft is committed to?
    Ms. Badanes. So, interestingly, where Dr. Benaloh sits 
within the company is within Microsoft Research. So, as a team, 
the Defending Democracy Program, we are actually quite small. 
But what we are able to do is work across the company, in 
particular, with our researchers, identify projects they are 
working on that could be applicable in the election and 
campaign space, and where there is a good fit we can then work 
with them to make that research real and be part of the 
commercial offerings.
    Mr. Joyce. Thank you. My next questions are for Dr. Blaze.
    Pennsylvania recently launched a risk-limiting audit pilot 
project. Can you speak of how that project has been perceived, 
and how that was rolled out in 2 different communities in 
Pennsylvania?
    Mr. Blaze. Right. If I understand, Philadelphia, my former 
home town, was one of those cities. You know, it is vitally 
important that States and local jurisdictions get experience 
with risk-limiting audits.
    You know, I think the--Pennsylvania needs to be applauded 
for doing this. The experience from Pennsylvania is going to be 
extremely valuable to both Pennsylvania and other 
jurisdictions, looking forward. So this is, you know, a very 
positive thing, in my view.
    Mr. Joyce. Conversely, Dr. Blaze, do you see any potential 
disadvantages utilizing risk-limiting audits?
    Mr. Blaze. No. We simply have to do them. I think the 
biggest disadvantage we face is that if there isn't a National 
standard for doing them, they are being rolled out very slowly 
and, you know, this needs to be accelerated with things like 
the Pennsylvania pilot project.
    Mr. Joyce. Thank you, and I thank all of the witnesses for 
being here today. I yield my time.
    Mr. Richmond. The gentleman yields back. I just want to 
echo the sentiment of my colleague from Pennsylvania and thank 
you all for being here and covering such an important topic. I 
believe that it is bipartisan, that we want to protect our 
elections and protect our democracy, and make sure that every 
vote matters.
    So, with that, the Members of the committee may have 
additional questions for the witnesses. We ask that you respond 
expeditiously in writing to those questions.
    Without objection, the committee record shall be kept open 
for 10 days.
    Hearing no further business, the committee stands 
adjourned.
    [Whereupon, at 4:24 p.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

    Questions From Chairman Cedric L. Richmond for Francis X. Taylor
    Question 1. Political campaigns, with their limited resources and 
staff, are a rich target for adversaries. Are political campaigns doing 
enough to defend themselves from cyber attack? What more is needed?
    Answer. Generally, campaigns are not doing enough to defend 
themselves from cyber attack. Campaigns are not adequately resourced to 
defend against many expert, persistent, and well-funded threat actors 
such as nation-states. Most campaigns do not have enough technical 
expertise or historical experience against the myriad threats they 
face. Simply put, if they have not previously detected and responded to 
sophisticated threat actors, they will not be able to. Even campaigns 
with a very knowledgeable cybersecurity professional on-staff are 
hindered. One person alone cannot repel the Korean People's Army or the 
Armed Forces of the Islamic Republic of Iran.
    Congress should consider specifying minimum cybersecurity standards 
for Federal candidate committees. Campaigns may have greater incentive 
to spend effort and funds on cyber protections if they know their 
competitors are obligated to the same expenditures. Today, a campaign's 
singular focus is to get elected. Any effort not directly in support of 
getting elected, is not funded or underfunded. For election campaigns, 
every dollar spent on services like cybersecurity is a dollar that is 
not being spent on their core mission. Even proactive candidates may 
think twice about spending effort and money on cybersecurity, for fear 
this diversion of resources will result in less votes than their 
competitors. This results in a lack of incentive for campaigns to 
address cybersecurity more fully, despite the imminent threat.
    A minimum standard would ``level the playing field'' and also 
ensure foundational cybersecurity safeguards are implemented across 
committees. The specific cybersecurity standards need not be authored 
from scratch. A large catalog of U.S. Federal cybersecurity 
publications exists now and might be adapted specifically for political 
campaigns. Finally, given the relationship between Federal candidate 
committees and National party committees, Congress should also consider 
specifying minimum cybersecurity standards for National party 
committees.
    Congress should consider mandating that all U.S. Government cyber 
threat intelligence be disseminated in computer-readable formats, in 
addition to prose. This simple requirement would go along way to 
ensuring that action can be taken swiftly once cyber threat 
intelligence information is received. Today, cyber threat information 
is mainly conveyed in formats that cannot be automatically processed by 
computers. In cyber space, the pace of engagement is extremely fast. It 
far outpaces the rate of re-formatting threat intelligence. We are 
fighting an asymmetrical war on the cyber front, and we must adjust. I 
do not espouse a specific format. I would leave that up to the experts. 
Expressing all threat information in computer-readable formats will be 
a big step forward.
    Congress should consider funding efforts to automate de-
classification. De-classification processes also cost cyber defenders 
critical time. However, these challenges are more complex to solve. 
Over-classification is something that intelligence organizations should 
evaluate for themselves. In other words, is it possible that certain 
aspects of the threat information never needed to be classified to 
begin with? Accelerating de-classification should also be considered. 
We are living in an age where machine learning is broadly applied, and 
artificial intelligence is starting to be well-understood. These 
technologies hold significant promise to automate large portions of the 
de-classification process.
    It's noteworthy that computer-readable formats and de-
classification of cyber threat intelligence are also big challenges to 
the U.S. Federal Government sharing information with private sector, 
whether in the interest of protecting critical infrastructure or for 
other reasons. I urge careful consideration of these topics, given 
their importance at-large.
    Question 2. Recent reports suggest that foreign governments like 
Russia are ramping up influence operations in places with fledgling 
democracies or more fragile economies, such as Africa, and using 
increasingly aggressive tactics.
    What is the next frontier of foreign influence operations, and how 
might it matter for U.S. National security?
    Answer. A RAND blog from June 2019 does a very good job in 
summarizing what I believe to be the next frontier in foreign influence 
operations. The author states what many of us have been seeing for some 
time, ``nation-state cyber wars are already well under way.'' The lack 
of international norms means that cyber attacks fall into gray areas 
below total war. Nation-state actors (e.g. Russia, Iran, and China) 
exploit that uncertainty and pose serious risks to U.S. National 
security. Their exploits threaten critical infrastructure, including 
transportation, food delivery, utilities, and commerce in general.
    The Department of Homeland Security (DHS) has provided solid 
guidance (published May 15, 2018) toward developing a more robust 
cybersecurity strategy for the homeland that focuses on better 
defenses. DHS proposed that the United States seek to build deeper 
partnerships with industry to foster an aligned cybersecurity ecosystem 
to enable more effective collaboration and information sharing.
    DHS has encouraged the accelerated use of innovative and emerging 
technologies such as artificial intelligence and machine learning, with 
an eye toward protecting critical infrastructure. DHS has determined 
that the effects of cyber attacks against critical infrastructure could 
be better mitigated through the creation of comprehensive playbooks to 
unify Government actions across defense, homeland security, law 
enforcement, intelligence, and State agencies. This could drive 
uniformity in action across the National security enterprise for 
defensive measures.
    Question 3. The Obama administration filled the position of 
National Security Council's cybersecurity coordinator, who coordinated 
Federal efforts related to cybersecurity. Do you believe such a role is 
necessary in the coordination of the various agencies' responses to 
election security?
    Answer. The increasing reliance of our Nation on technology means 
the cybersecurity coordinator role has never been more important. Not 
only is the cybersecurity coordinator critical for coordination of 
Federal efforts related to cybersecurity, but this role must also 
oversee alignment of Federal efforts with those of private sector and 
other levels of government. This alignment is vital for areas such as 
critical infrastructure, to include election security, where the 
majority of our critical infrastructure exists outside of the Federal 
Government.
     Questions From Chairman Cedric L. Richmond for Richard Stengel
    Question 1. Political campaigns, with their limited resources and 
staff, are a rich target for adversaries. Are political campaigns doing 
enough to defend themselves from cyber attack? What more is needed?
    Answer. While I am not an expert on cybersecurity and I do not have 
any data on what the political campaigns are doing, I would suspect 
that they are not doing nearly enough. They are ripe targets. We saw 
that in 2016; it will be even more true in 2020. Moreover, there are 
new methods that have been developed since 2016 that make campaigns 
more vulnerable. Deep fakes and the manipulation of data, in addition 
to cyber hacking and disinformation are now among the many things 
campaigns need to be concerned about. In information war, offensive 
weapons are more sophisticated than defensive weapons. Campaigns should 
have full-time teams dedicated to defending themselves in the cyber 
realm.
    Question 2. Recent reports suggest that foreign governments like 
Russia are ramping up influence operations in places with fledgling 
democracies or more fragile economies, such as Africa, and using 
increasingly aggressive tactics.
    What is the next frontier of foreign influence operations, and how 
might it matter for U.S. National security?
    Answer. The recent New York Times story about Russian influence 
operations in Madagascar (Nov. 11, 2019) illustrates the concerns 
contained in the question. In that story, the Russians were trying to 
sway a political campaign to help Russian business. Their interests are 
always unscrupulous: To help Russian interests and to undermine 
democracy. The Russians, especially outside the United States, combine 
political influence operations with commercial ones. The Chinese tend 
to concentrate only on commercial ones. In the case of the Chinese, 
they believe commercial ties will lead to political ones. In both 
cases, they seek to erode the strength of American alliances abroad--
and that is a long-term threat to U.S. National security.
    Question 3. What do you mean when you say that the primary weapons 
in the global information war are ``weaponized information and 
grievance?'' How were these weapons used in the 2016 Presidential 
election?
    Answer. The weaponization of information and the weaponization of 
grievance are two different things. The former is a description of 
global information war, in which bad actors both steal information and 
distort it to influence and deceive their targets. The weaponization of 
grievance is a fancy way of saying that some politicians and leaders 
magnify and exploit voters' frustrations and unhappiness instead of 
proposing solutions and policy. In the case of weaponizing information, 
the Internet Research Agency in St. Petersburg created false narratives 
about U.S. Presidential candidates. The Russians also stoked resentment 
among both white conservative voters and African-American voters with 
false claims and deceptive advice.
       Questions From Chairman Cedric L. Richmond for Matt Blaze
    Question 1. Political campaigns, with their limited resources and 
staff, are a rich target for adversaries. Are political campaigns doing 
enough to defend themselves from cyber attack? What more is needed?
    Answer. Response was not received at the time of publication.
    Question 2. Recent reports suggest that foreign governments like 
Russia are ramping up influence operations in places with fledgling 
democracies or more fragile economies, such as Africa, and using 
increasingly aggressive tactics.
    What is the next frontier of foreign influence operations, and how 
might it matter for U.S. National security?
    Answer. Response was not received at the time of publication.
    Question 3. As one of the organizers of the DEFCON voting village, 
you have been able to hack voting machines, vote scanners, and ballot 
marking devices. What do you see as the greatest strength and weakness 
in our election infrastructure?
    What technical threats to election infrastructure are most 
concerning to you in 2020?
    Answer. Response was not received at the time of publication.
    Question 4. This month, The Brennan Center for Justice issued a 
report calling on Congress to establish a framework for Federal 
certification of election vendors, the private companies that 
manufacture voting equipment and maintain voter registration databases, 
which would include the establishment of Federal standards and the 
ability for Federal officials to monitor compliance and address 
violations.
    Are vendors doing enough to defend voting systems? What more is 
needed?
    Answer. Response was not received at the time of publication.
    Question 5. Although you have disclosed these vulnerabilities to 
vendors, many of these devices will still be in use for the 2020 
National election. How have vendors responded to your disclosures?
    And do jurisdictions that use these machines face a high risk of 
being compromised?
    Do you believe that election vendors are well-situated to withstand 
attacks from nation-state actors?
    Are there supply chain security certifications that must met for 
vendors to be able to participate in National elections?
    Answer. Response was not received at the time of publication.
      Questions From Chairman Cedric L. Richmond for Ginny Badanes
    Question 1. Political campaigns, with their limited resources and 
staff, are a rich target for adversaries. Are political campaigns doing 
enough to defend themselves from cyber attack? What more is needed?
    Answer. Political campaigns in the United States range from a small 
thousand-dollar budget operation with a single staff member to a large 
multi-million-dollar budget organization with hundreds of staff. No 
matter their size or resources, all face the potential threat of attack 
from well-funded adversaries. Many campaigns are taking fundamental 
steps to protect themselves, but more can always be done.
    The most impactful thing a political campaign can do to protect 
itself is to train members of the team on the importance of basic cyber 
hygiene. These trainings should promote practices such as using a 
password management tool, turning two-factor authentication on all 
their accounts, and using a secure communications platform for 
sensitive messages.
    Such trainings will not alter the behavior of staff unless campaign 
leadership first creates a culture of cybersecurity awareness within 
the organization. When the candidate, campaign manager, and other 
prominent officials demonstrate a commitment to cybersecurity with 
their own devices and accounts, prioritize trainings, and provide 
secure software for the team to use, they demonstrate that 
cybersecurity is something everyone on the team is expected to care 
about.
    However, campaigns can only do so much to protect themselves. There 
is a role for the private sector to play in supporting these efforts as 
well. For example, at Microsoft we have made top-tier communications 
and productivity tools (M365 for Campaigns) available at non-profit 
pricing so that campaigns can access the security features they need at 
a price that is reflective of their budget reality. Similar initiatives 
being spear-headed by organizations such as Defending Digital Campaigns 
and CyberDome will continue to provide campaigns with the kind of 
support they need to defend themselves against sophisticated 
adversaries.
    Question 2. Recent reports suggest that foreign governments like 
Russia are ramping up influence operations in places with fledgling 
democracies or more fragile economies, such as Africa, and using 
increasingly aggressive tactics.
    What is the next frontier of foreign influence operations, and how 
might it matter for U.S. National security?
    Answer. Identifying the kind of influence operations our 
adversaries will try next is a challenge that many in both the private 
and public sector are aggressively investigating. There has emerged 
consensus on a few things, specifically: (1) Adversaries have already 
begun and will continue influence operations targeting the 2020 U.S. 
elections, and (2) adversaries will not follow the same playbook they 
ran in 2016.
    While a multi-stakeholder approach is under way to identify and 
combat these operations, it should be noted that key participants in 
that process are the voters themselves. An informed public is one of 
the best defenses that can be used against such operations. A good 
example of arming citizens with information that is helpful to this 
effort is the recent infographic created by the Cyber & Infrastructure 
Security Agency (CISA) within the Department of Homeland Security 
(DHS). This infographic clearly demonstrates how disinformation is 
constructed and spread by adversaries, using the clever topic of 
whether pineapple belongs on pizza.\1\ Additional engagement with the 
public using tools like this is a helpful step toward preparing the 
public for these on-going influence operations.
---------------------------------------------------------------------------
    \1\ CISA Disinformation Infographic--https://www.dhs.gov/sites/
default/files/publications/19_0717_cisa_the-war-on-pineapple-
understanding-foreign-interference-in-5-steps.pdf.
---------------------------------------------------------------------------
    As researchers look into what other tactics might be used in future 
influence operations, one emerging threat that is gaining attention is 
the increased potential for bad actors to use artificial intelligence 
to create malicious synthetic media, better known as ``Deepfakes''. 
While advances in synthetic media have clear benefits (such as 
synthetic voice used to improve accessibility technology), the 
increased access to synthetic media technology also leads to the risk 
of exploitation.
    Stakeholders from academia, civil society, and industry are 
currently working together to advance best practices for the ethical 
use of AI. One such effort includes a recent ``Deepfakes Detection 
Challenge'' Microsoft helped launch together with Facebook and the 
Partnership on AI, a technology industry consortium focused on best 
practices for AI systems, which invites researchers to build new 
technologies that can help detect deepfakes and manipulated media.
    The emergence of deepfakes is just one possible avenue our 
adversaries will pursue in their efforts to disrupt the 2020 U.S. 
elections, and there is more to be done to combat this possible threat 
as well as others. Microsoft remains committed to working with other 
stakeholders to contribute to solutions as these and other threats 
emerge.

                                 [all]