[Congressional Record Volume 164, Number 121 (Wednesday, July 18, 2018)]
[Senate]
[Pages S5057-S5058]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
Securing Our Elections
Mr. LANKFORD. Mr. President, there has been a lot of conversation
again, of late, about election security. It seems to be a frequent
conversation in the hallways the last couple of days, and it is an
ongoing issue that I think some people have lost track of, but we have
not.
Amy Klobuchar and I and several others have worked very hard for
months on this issue of election security, quietly trying to get the
language right and to work through the process of what it takes to
secure our elections for 2018, 2020, and beyond, learning the lesson
from 2016.
I do want to remind this body that the elections are not something
that happens this November. It is already ongoing. Many States'
primaries have already been conducted. Last night there was a runoff
primary that happened in Alabama. Georgia holds their runoff primaries
next week, and Tennessee is the week after that. Kansas, Michigan,
Missouri, and Washington will be on Tuesday, August 7. It is already
ongoing.
While we watch the indictments that just came down from the Mueller
investigation on GRU officers from Russia who were trying to interfere
in our elections in 2016, as we have seen the sanctions and the
indictments that have come down on some of the oligarchs from Russia
and from the Internet Research Agency for what they were doing in
social media, trying to be able to interfere with our election in 2016,
I think it may be important for us to do a quick lookback at what has
happened and what is still going on and what we are trying to
accomplish in the next few weeks.
Let me just give a quick look at what is happening in my State of
Oklahoma. In Oklahoma, in the 2016 cycle, the FBI and others began to
discover that there were issues with the elections and some
interference from what they, at that time, called ``bad actors'' in
June of 2016. Later that summer, in August of 2016, the FBI issued what
they call a nationwide ``flash alert'' to every State dealing with a
threat from a ``bad actor.''
The Oklahoma State Cyber Command director received that warning, as
did everyone else, but at that time the FBI didn't share any details
because no one in my State was given security clearance to be able to
have that kind of classified conversation with the FBI.
It wasn't until September 22 of 2017, a year and a little bit later,
that DHS actually notified my State and our State election authorities
that we hadn't just been targeted by a bad actor but that we had been
targeted by the Russians--a year later--because no one had clearance
and there was no one engaged.
DHS told Oklahoma State Election Board secretary Paul Ziriax, who is
doing a great job, that there was evidence that the Russians conducted
a surveillance scan looking into vulnerabilities in the State computer
network, but they didn't get into the election board computer network,
and they didn't get into any of our equipment.
They basically came and checked to see if the door was locked, and
they found out that in Oklahoma the door was locked, and the Russians
could not get in. They didn't penetrate into our system, though they
tried.
But it was a year after the elections before we were even notified
that the Russians were trying to penetrate our system. A subtle flash
warning is all that we received in the summer of 2016.
Oklahoma has a great system for elections. Our system is consistent
across every single county. We have optical scanners with a paper
ballot backup so that we can verify the computer count with a hand
count if needed. We have had a very good system. That system was tested
by the Russians when they evaluated the computer networks of our State,
and they were also not able to get in, thanks to the leadership of some
of the cyber and the technology folks who are in Oklahoma.
Not all States have the same practices. In some States, from county
to county their election systems are different. From township to
township they may have different systems with different companies and
different backgrounds. They may not have the same kind of system where
they get a chance to protect their cyber systems.
We saw that in 2016, when the Russians were able to penetrate some of
the States and actually were able to harvest some of their voter
register rolls. They weren't able to change any votes. They weren't
able to affect the voting that day, but they did a tremendous amount of
scanning through systems to be able to see where there were
vulnerabilities, what they could learn on our election systems, and how
they could engage for a future time.
I think we should learn a lesson from that and be aware that the
Russians are trying to penetrate that system and learning as much as
they could.
At the same time that they were hacking into different systems and
testing them out to see if they could get in, a different set of folks
from the Russian group the Internet Research Agency were trying to put
out social media disinformation.
Some 200,000 Oklahomans saw Facebook and Twitter posts that Russians
put out as false information. They weren't all on one candidate. There
were multiple candidates and multiple issues. Sometimes it was on
Hillary Clinton, sometimes on Donald Trump, sometimes on Bernie
Sanders, sometimes on Jill Stein, and sometimes just on ideological
issues. Over 200,000 Oklahomans saw those posts from different
Russians, not knowing they were Russian posts at all. They were
Russians pretending to be Americans, and they were pushing that
information out.
What can we learn from this? One is the most simple of those things:
You shouldn't believe everything you see on the internet. It is not
always an American. It is not always who they post to be, and it is not
always true. It should be the most basic information that we should
learn about what is happening on the internet and what is online,
including Facebook and Twitter.
The other lesson that we need to learn is a little more complicated.
We have to be able to have better communication between the Federal
Government and States, better cybersecurity systems, and the ability to
audit that.
That is why Senator Klobuchar and I have worked for months on a piece
of legislation called the Secure Elections Act. That piece has worked
its way through every State looking at it and their election
authorities. We have worked it through multiple committee hearings. In
fact, recently, just in the last month, there were two different
hearings in the Rules Committee. It is now ready to be marked up and
finalized to try to bring it to this body.
It is a very simple piece. It affirms that States run elections. The
Federal Government should not take over elections nationwide. In fact,
that would make a bad situation worse. States need to be able to run
elections and be able to manage those.
But it qualifies several things. One is that it gives a security
clearance to a person in every single State. If there is a threat from
a hostile actor, there is not some vague warning that comes out. There
is an immediate address about what is happening and a communication
within the intelligence community here on the Federal level to
individuals with a clearance on the State level.
Right now, the DHS, in absence of this legislation, has started
implementing it anyway. Every single State has at least one person with
a security clearance now, including my own. They are working to have at
least three in every State to do a backup system.
We also need to be able to affirm that every State can audit their
elections, that they would do what is called risk-limiting audits after
the election just to check and to make sure that the results are
correct, but also that they have the ability to audit it as the
election is going on so that it is not just counting on a machine but
that there is also some way to back it up. States have a variety of
ways they can actually do that.
If elections are trusting that the electronics are going to work and
not be hacked into and not be affected, we should have learned the
lesson from 2016 that there are outside entities trying to attack these
systems and to find vulnerabilities, and they will.
Some way to be able to back it up, to be able to audit the election
while it is happening, risk-limiting audits after the fact, security
clearances for individuals within States, and rapid communication State
to State and State to
[[Page S5058]]
Federal Government all help to maintain the integrity of our elections.
That is what we do in the Secure Elections Act. I think it is so
important that we try to resolve this as quickly as possible.
I encourage this body to finish the markup in the Rules Committee to
be able to bring it to the floor and to have a consistent bipartisan
vote to be able to support the work that we need to continue to do to
protect our elections in the days ahead.
Our Republic is one that maintains its stability based on the
integrity of our elections. I have zero doubt that the Russians tried
to destabilize our Nation in 2016 by attacking the core of our
democracy. Anyone who believes they will not do it again has missed the
basic information that is out day after day after day in our
intelligence briefings.
The Russians have done it the first time. They showed the rest of the
world the lesson and what could be done. It could be the North Koreans
the next time. It could be the Iranians the next time. It could be a
domestic activist group the next time. We should learn that lesson,
close that vulnerability, and make sure that we protect our systems in
the days ahead.
There is more that can be done, but the States seem to take a lead on
this. This is something that the Federal Government should do, and we
are very close to getting it done. I wanted to be able to tell this
body that we are close. Let us work together to get this done in the
days ahead.
I yield the floor.
I suggest the absence of a quorum.
The PRESIDING OFFICER. The clerk will call the roll.
The assistant bill clerk proceeded to call the roll.
Mr. MORAN. Mr. President, I ask unanimous consent that the order for
the quorum call be rescinded.
The PRESIDING OFFICER. Without objection, it is so ordered.