[Congressional Record Volume 164, Number 121 (Wednesday, July 18, 2018)]
[Senate]
[Pages S5057-S5058]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]



                         Securing Our Elections

  Mr. LANKFORD. Mr. President, there has been a lot of conversation 
again, of late, about election security. It seems to be a frequent 
conversation in the hallways the last couple of days, and it is an 
ongoing issue that I think some people have lost track of, but we have 
not.
  Amy Klobuchar and I and several others have worked very hard for 
months on this issue of election security, quietly trying to get the 
language right and to work through the process of what it takes to 
secure our elections for 2018, 2020, and beyond, learning the lesson 
from 2016.
  I do want to remind this body that the elections are not something 
that happens this November. It is already ongoing. Many States' 
primaries have already been conducted. Last night there was a runoff 
primary that happened in Alabama. Georgia holds their runoff primaries 
next week, and Tennessee is the week after that. Kansas, Michigan, 
Missouri, and Washington will be on Tuesday, August 7. It is already 
ongoing.
  While we watch the indictments that just came down from the Mueller 
investigation on GRU officers from Russia who were trying to interfere 
in our elections in 2016, as we have seen the sanctions and the 
indictments that have come down on some of the oligarchs from Russia 
and from the Internet Research Agency for what they were doing in 
social media, trying to be able to interfere with our election in 2016, 
I think it may be important for us to do a quick lookback at what has 
happened and what is still going on and what we are trying to 
accomplish in the next few weeks.
  Let me just give a quick look at what is happening in my State of 
Oklahoma. In Oklahoma, in the 2016 cycle, the FBI and others began to 
discover that there were issues with the elections and some 
interference from what they, at that time, called ``bad actors'' in 
June of 2016. Later that summer, in August of 2016, the FBI issued what 
they call a nationwide ``flash alert'' to every State dealing with a 
threat from a ``bad actor.''
  The Oklahoma State Cyber Command director received that warning, as 
did everyone else, but at that time the FBI didn't share any details 
because no one in my State was given security clearance to be able to 
have that kind of classified conversation with the FBI.
  It wasn't until September 22 of 2017, a year and a little bit later, 
that DHS actually notified my State and our State election authorities 
that we hadn't just been targeted by a bad actor but that we had been 
targeted by the Russians--a year later--because no one had clearance 
and there was no one engaged.
  DHS told Oklahoma State Election Board secretary Paul Ziriax, who is 
doing a great job, that there was evidence that the Russians conducted 
a surveillance scan looking into vulnerabilities in the State computer 
network, but they didn't get into the election board computer network, 
and they didn't get into any of our equipment.
  They basically came and checked to see if the door was locked, and 
they found out that in Oklahoma the door was locked, and the Russians 
could not get in. They didn't penetrate into our system, though they 
tried.
  But it was a year after the elections before we were even notified 
that the Russians were trying to penetrate our system. A subtle flash 
warning is all that we received in the summer of 2016.
  Oklahoma has a great system for elections. Our system is consistent 
across every single county. We have optical scanners with a paper 
ballot backup so that we can verify the computer count with a hand 
count if needed. We have had a very good system. That system was tested 
by the Russians when they evaluated the computer networks of our State, 
and they were also not able to get in, thanks to the leadership of some 
of the cyber and the technology folks who are in Oklahoma.
  Not all States have the same practices. In some States, from county 
to county their election systems are different. From township to 
township they may have different systems with different companies and 
different backgrounds. They may not have the same kind of system where 
they get a chance to protect their cyber systems.
  We saw that in 2016, when the Russians were able to penetrate some of 
the States and actually were able to harvest some of their voter 
register rolls. They weren't able to change any votes. They weren't 
able to affect the voting that day, but they did a tremendous amount of 
scanning through systems to be able to see where there were 
vulnerabilities, what they could learn on our election systems, and how 
they could engage for a future time.
  I think we should learn a lesson from that and be aware that the 
Russians are trying to penetrate that system and learning as much as 
they could.
  At the same time that they were hacking into different systems and 
testing them out to see if they could get in, a different set of folks 
from the Russian group the Internet Research Agency were trying to put 
out social media disinformation.
  Some 200,000 Oklahomans saw Facebook and Twitter posts that Russians 
put out as false information. They weren't all on one candidate. There 
were multiple candidates and multiple issues. Sometimes it was on 
Hillary Clinton, sometimes on Donald Trump, sometimes on Bernie 
Sanders, sometimes on Jill Stein, and sometimes just on ideological 
issues. Over 200,000 Oklahomans saw those posts from different 
Russians, not knowing they were Russian posts at all. They were 
Russians pretending to be Americans, and they were pushing that 
information out.
  What can we learn from this? One is the most simple of those things: 
You shouldn't believe everything you see on the internet. It is not 
always an American. It is not always who they post to be, and it is not 
always true. It should be the most basic information that we should 
learn about what is happening on the internet and what is online, 
including Facebook and Twitter.
  The other lesson that we need to learn is a little more complicated. 
We have to be able to have better communication between the Federal 
Government and States, better cybersecurity systems, and the ability to 
audit that.
  That is why Senator Klobuchar and I have worked for months on a piece 
of legislation called the Secure Elections Act. That piece has worked 
its way through every State looking at it and their election 
authorities. We have worked it through multiple committee hearings. In 
fact, recently, just in the last month, there were two different 
hearings in the Rules Committee. It is now ready to be marked up and 
finalized to try to bring it to this body.
  It is a very simple piece. It affirms that States run elections. The 
Federal Government should not take over elections nationwide. In fact, 
that would make a bad situation worse. States need to be able to run 
elections and be able to manage those.
  But it qualifies several things. One is that it gives a security 
clearance to a person in every single State. If there is a threat from 
a hostile actor, there is not some vague warning that comes out. There 
is an immediate address about what is happening and a communication 
within the intelligence community here on the Federal level to 
individuals with a clearance on the State level.
  Right now, the DHS, in absence of this legislation, has started 
implementing it anyway. Every single State has at least one person with 
a security clearance now, including my own. They are working to have at 
least three in every State to do a backup system.
  We also need to be able to affirm that every State can audit their 
elections, that they would do what is called risk-limiting audits after 
the election just to check and to make sure that the results are 
correct, but also that they have the ability to audit it as the 
election is going on so that it is not just counting on a machine but 
that there is also some way to back it up. States have a variety of 
ways they can actually do that.
  If elections are trusting that the electronics are going to work and 
not be hacked into and not be affected, we should have learned the 
lesson from 2016 that there are outside entities trying to attack these 
systems and to find vulnerabilities, and they will.
  Some way to be able to back it up, to be able to audit the election 
while it is happening, risk-limiting audits after the fact, security 
clearances for individuals within States, and rapid communication State 
to State and State to

[[Page S5058]]

Federal Government all help to maintain the integrity of our elections.
  That is what we do in the Secure Elections Act. I think it is so 
important that we try to resolve this as quickly as possible.
  I encourage this body to finish the markup in the Rules Committee to 
be able to bring it to the floor and to have a consistent bipartisan 
vote to be able to support the work that we need to continue to do to 
protect our elections in the days ahead.
  Our Republic is one that maintains its stability based on the 
integrity of our elections. I have zero doubt that the Russians tried 
to destabilize our Nation in 2016 by attacking the core of our 
democracy. Anyone who believes they will not do it again has missed the 
basic information that is out day after day after day in our 
intelligence briefings.
  The Russians have done it the first time. They showed the rest of the 
world the lesson and what could be done. It could be the North Koreans 
the next time. It could be the Iranians the next time. It could be a 
domestic activist group the next time. We should learn that lesson, 
close that vulnerability, and make sure that we protect our systems in 
the days ahead.
  There is more that can be done, but the States seem to take a lead on 
this. This is something that the Federal Government should do, and we 
are very close to getting it done. I wanted to be able to tell this 
body that we are close. Let us work together to get this done in the 
days ahead.
  I yield the floor.
  I suggest the absence of a quorum.
  The PRESIDING OFFICER. The clerk will call the roll.
  The assistant bill clerk proceeded to call the roll.
  Mr. MORAN. Mr. President, I ask unanimous consent that the order for 
the quorum call be rescinded.
  The PRESIDING OFFICER. Without objection, it is so ordered.