[Congressional Record Volume 165, Number 85 (Tuesday, May 21, 2019)]
[Senate]
[Pages S3008-S3009]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. WYDEN:
  S. 1569. A bill to amend the Federal Election Campaign Act of 1971 to 
allow certain expenditures for cybersecurity-related services or 
assistance; to the Committee on Rules and Administration.
  Mr. WYDEN. Mr. President, today I am introducing the Federal Campaign 
Cybersecurity Assistance Act of 2019--a bulky name for a bill that 
attempts to do a simply stated thing: protect our democracy from 
foreign cyber attacks. This bill allows the national campaign 
committees to provide much-needed cybersecurity assistance to State 
political parties, Federal campaign offices' staffs, and Federal 
candidates' personal accounts and devices.
  In 2015 and 2016, hackers working for the Russian government 
penetrated the networks of the Democratic National Committee and the 
Democratic Congressional Campaign Committee. The hackers also 
compromised the email account of Senator Hillary Clinton's presidential 
campaign manager, John Podesta. The Russian government subsequently 
leaked and weaponized Democratic party and campaign emails in order to 
influence the outcome of several elections--most publicly, the 
presidential race between Donald Trump and Hillary Clinton, but also 
U.S. House of Representatives races in Illinois, New Hampshire, New 
Mexico, North Carolina, Ohio, and Pennsylvania. Hackers also targeted 
Republicans during the same period, but were less successful in their 
efforts.
  The impact of Russia's hacking-enabled influence campaign was a 
surprise to many. However, this was not the first time that a foreign 
government hacked into the campaign organization of someone running to 
be President of the United States. Senior officials from the 2008 Obama 
and McCain presidential campaigns have publicly confirmed that both 
organizations were compromised by hackers. In an interview with NBC 
News 2013, Dennis Blair, who served as President Obama's Director of 
National Intelligence between 2009 and 2010 stated that ``Based on 
everything I know, this was a case of political cyber-espionage by the 
Chinese government against the two American political parties. They 
were looking for positions on China, surprises that might be rolled out 
by campaigns against China.''
  In recent years, the Republican National Committee, the National 
Republican Senatorial Committee, and the the National Republican 
Congressional Committee have all been hacked, as well as the campaigns 
of Senators Graham and McCain. Both major political parties have 
suffered hacks, and will undoubtedly continue to be targeted by foreign 
governments and other sophisticated hackers.
  Over the past two years, Congress has turned its attention to several 
weaknesses in our democracy that were exploited by Russia including the 
role of social media companies and long-standing flaws in paperless 
voting machines used in several states. While these issues have yet to 
be meaningfully addressed, they have, at least, been the subject of 
oversight hearings and legislative proposals in Congress. In contrast, 
Congress has yet to hold a single hearing on the vulnerability of 
political parties and campaigns to hacking by foreign governments, nor 
has anyone else in Congress introduced legislation to help defend these 
organizations from cyber attacks.
  For the sake of the integrity of the American political process, I 
introduce this bill today to protect those running for office, and the 
organizations that support them, from cyber attacks. Russia's hacking 
and leaking of emails in 2016 is now well documented. Their efforts 
continue. If you think they aren't working towards the 2020 federal 
elections as hard as any cub reporter in Iowa, you'd be sadly mistaken. 
And they are likely NOT alone. Other hostile governments will 
undoubtedly seek to emulate and improve on Russia's tactics.
  Congress has acted in the past to protect those running for office 
from serious threats. After Senator Robert F. Kennedy was assassinated 
in 1968, Congress authorized the Secret Service to protect Presidential 
and Vice Presidential candidates. In extending Secret Service 
protection to candidates, Congress recognized that the threats to 
Presidential and Vice Presidential candidates required professional 
protection. Congress must now take action to protect candidates for 
Federal office--and consequently, our democracy--from another serious 
threat: hacking by foreign governments.
  The political parties are best of the available options to provide 
cybersecurity to campaigns. Politicians are already dependent upon the 
parties for fundraising, advertising, polling, messaging, and other 
forms of support. Giving parties the responsibility to provide 
cybersecurity does not make politicians dependent on help from a new 
entity. Parties are also responsible to politicians they protect, 
moreso at least than any other government, corporate, or non-profit 
entity.
  Quite simply, this bill gives the national campaign committees the 
role of the ``IT Department'' for state parties, campaigns, and 
candidates. The committees will be able to provide these entities with 
securely configured laptops and cellphones, professionally administered 
email, encrypted messaging, and collaboration software, and if 
necessary, hire third-party cybersecurity experts to help in the event 
of a successful hack.
  This bill also permits the national parties to provide this 
assistance with money they raise in their ``building fund.'' The 
building fund is one of three supplementary accounts through which 
Congress permitted the national campaign committees to raise an 
additional $100,000 per individual, per year, to pay for the cost of 
presidential nominating conventions, national party headquarters 
buildings, and election recounts and other legal battles.
  I know that some advocates have serious concerns about the building 
fund and the other supplementary accounts created by Congress in 2014. 
I share these concerns, and have long supported bold reforms of our 
campaign finance system. However, the current Senate is extremely 
unlikely to pass legislation creating public financing of elections 
anytime soon, and so while we have the current system, permitting the 
use of money in the building fund for cybersecurity appears to be the 
least bad option. Most importantly, this approach does not permit the 
parties to raise any new funds--it merely permits a new use of money 
raised through the building fund.
  I am not the only one to recognize the severity of the cyber threat 
aimed at political parties. Earlier this year, the Canadian agency 
responsible for government cybersecurity, the Communications Security 
Establishment, issued a lengthy report on threats to elections, which 
noted that that ``Globally, political parties, candidates, and their 
staff remain attractive targets for cyber threat activity.'' Likewise, 
the Maryland Board of Elections published guidance last week, 
recognizing

[[Page S3009]]

that ``Campaigns are a potential cyber target,'' and consequently 
permitted state political parties to provide additional cybersecurity 
assistance to campaigns.
  November 2020 gets closer by the day. Congress cannot wait any longer 
to protect state parties, campaigns, and the candidates themselves from 
sophisticated cyber attacks. Accordingly, I urge my colleagues to 
promptly act on this legislation, and to secure our democracy from 
cyber threats before it is too late.
                                 ______