[House Hearing, 116 Congress] [From the U.S. Government Publishing Office] THE ROAD TO 2020: DEFENDING AGAINST ELECTION INTERFERENCE ======================================================================= HEARING BEFORE THE SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND INNOVATION OF THE COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTEENTH CONGRESS FIRST SESSION __________ NOVEMBER 19, 2019 __________ Serial No. 116-51 __________ Printed for the use of the Committee on Homeland Security [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.govinfo.gov __________ U.S. GOVERNMENT PUBLISHING OFFICE 40-467 PDF WASHINGTON : 2020 -------------------------------------------------------------------------------------- COMMITTEE ON HOMELAND SECURITY Bennie G. Thompson, Mississippi, Chairman Sheila Jackson Lee, Texas Mike Rogers, Alabama James R. Langevin, Rhode Island Peter T. King, New York Cedric L. Richmond, Louisiana Michael T. McCaul, Texas Donald M. Payne, Jr., New Jersey John Katko, New York Kathleen M. Rice, New York Mark Walker, North Carolina J. Luis Correa, California Clay Higgins, Louisiana Xochitl Torres Small, New Mexico Debbie Lesko, Arizona Max Rose, New York Mark Green, Tennessee Lauren Underwood, Illinois Van Taylor, Texas Elissa Slotkin, Michigan John Joyce, Pennsylvania Emanuel Cleaver, Missouri Dan Crenshaw, Texas Al Green, Texas Michael Guest, Mississippi Yvette D. Clarke, New York Dan Bishop, North Carolina Dina Titus, Nevada Bonnie Watson Coleman, New Jersey Nanette Diaz Barragan, California Val Butler Demings, Florida Hope Goins, Staff Director Chris Vieson, Minority Staff Director ------ SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND INNOVATION Cedric L. Richmond, Louisiana, Chairman Sheila Jackson Lee, Texas John Katko, New York, Ranking James R. Langevin, Rhode Island Member Kathleen M. Rice, New York Mark Walker, North Carolina Lauren Underwood, Illinois Van Taylor, Texas Elissa Slotkin, Michigan John Joyce, Pennsylvania Bennie G. Thompson, Mississippi (ex Mike Rogers, Alabama (ex officio) officio) Moira Bergin, Subcommittee Staff Director Sarah Moxley, Minority Subcommittee Staff Director C O N T E N T S ---------- Page Statements The Honorable Cedric L. Richmond, a Representative in Congress From the State of Louisiana, and Chairman, Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation: Oral Statement................................................. 1 Prepared Statement............................................. 3 The Honorable John Katko, a Representative in Congress From the State of New York, and Ranking Member, Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation: Oral Statement................................................. 4 Prepared Statement............................................. 5 The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Chairman, Committee on Homeland Security: Oral Statement................................................. 6 Prepared Statement............................................. 7 The Honorable Sheila Jackson Lee, a Representative in Congress From the State of Texas: Prepared Statement............................................. 7 Witnesses Mr. Francis X. Taylor, General, U.S. Air Force, Retired, Former Under Secretary for Intelligence and Analysis, U.S. Department of Homeland Security, Board Member, U.S. Cyberdome: Oral Statement................................................. 10 Prepared Statement............................................. 12 Mr. Richard Stengel, Former Under Secretary of State for Public Diplomacy and Public Affairs, U.S. State Department: Oral Statement................................................. 14 Prepared Statement............................................. 16 Mr. Matt Blaze, Ph.D., Mc Devitt Chair of Computer Science and Law, Georgetown University: Oral Statement................................................. 18 Prepared Statement............................................. 20 Ms. Ginny Badanes, Director, Strategic Projects, Defending Democracy Program, Microsoft: Oral Statement................................................. 30 Prepared Statement............................................. 31 Appendix Questions From Chairman Cedric L. Richmond for Francis X. Taylor. 59 Questions From Chairman Cedric L. Richmond for Richard Stengel... 60 Questions From Chairman Cedric L. Richmond for Matt Blaze........ 61 Questions From Chairman Cedric L. Richmond for Ginny Badanes..... 61 THE ROAD TO 2020: DEFENDING AGAINST ELECTION INTERFERENCE ---------- Tuesday, November 19, 2019 U.S. House of Representatives, Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation, Washington, DC. The subcommittee met, pursuant to notice, at 2:14 p.m., in room 310, Cannon House Office Building, Hon. Cedric L. Richmond (Chairman of the subcommittee) presiding. Present: Representatives Richmond, Rice, Slotkin, Thompson; Katko, Walker, Taylor, and Joyce. Mr. Richmond. The Committee on Cybersecurity, Infrastructure Protection, and Innovation will come to order. The subcommittee is meeting today to receive testimony on election security in a hearing titled, ``The Road to 2020: Defending Against Election Interference.'' Good afternoon. I want to welcome the witnesses to today's hearing on how we can secure the 2020 election against outside interference. Today we will take a broad look at election security issues, including efforts from the private sector to protect election infrastructure and political campaigns against malicious actors. This threat is real, and it is personal. Yesterday it was reported that my State of Louisiana was the victim of a ransomware attack. The attack happened while the Secretary of State was awaiting certification of the recent election. While State officials activated the State's cybersecurity team in response to the attack, this incident highlights the exact scenario this committee is trying to prevent in the 2020 election. It is an undisputable fact that in 2016 the Russian Government carried out a concerted, sophisticated operation to meddle in our Presidential election. The Kremlin leveraged sophisticated cyber capabilities to target our election infrastructure and amplify divisive, and at times, false rhetoric in an unprecedented way to sow discord, undermine the public's faith in democratic institutions, and ultimately damage the global leadership of the United States. The Russian government's covert and malicious foreign interference campaign attacked every aspect of our elections. It involved engaging in conversations with personnel from a U.S. Presidential campaign, hacking a National political committee, conducting a phishing attack against a campaign chairman, targeting voter registration databases and other election infrastructure, and mobilizing bots and fake on-line personas to carry out influence operations. Today 2 other nation-state actors, China and Iran, are following suit, weaponizing new technologies to disrupt our democracy, distort the daily news, and compromise our election security. As we move into the heart of the 2020 election cycle, we must set aside party politics and work together to improve election security and preserve the integrity of our democracy. To that end, I urge the White House to accept the intelligence community's unanimous conclusions about 2016 meddling, refrain from engaging in conspiracy theories ahead of the 2020 elections and show some needed leadership on election security. Failing to do so will further erode public confidence in our election process, and advance Vladimir Putin's goal of undermining the U.S.-led liberal democratic order. For its part, Senate leadership must pass House-passed measures that would make election infrastructure more secure, and it should match the House's commitment to funding election security grants. Security vulnerabilities and an outdated, unsupported election infrastructure could jeopardize the accuracy of voter registration databases, or even the tally of votes cast. That is simply unacceptable. Voters deserve to know that they will be able to vote when they show up, and that their vote will be counted accurately. To guard against covert, malicious, foreign influence campaigns, owners and operators of on-line platforms must understand and be candid with the public about how our adversaries use their platforms. Also, we need to educate the public so that they are informed and have the opportunity to distinguish between facts and disinformation. And our party organizations and campaigns must take cybersecurity seriously, monitor for disinformation, and refuse to take advantage of malicious disinformation circulated about their opponents. Party and campaign organizations have tremendous power to counter efforts by foreign adversaries, simply by rejecting opportunities to take the cheap shots based on fake news. Together, those truly interested in defending our elections from foreign adversaries can make a real difference. For example, despite a lack of leadership from the White House, the Department of Homeland Security is building relationships and providing a full suite of election security services to State and local election officials. In addition, the Office of the Director of National Intelligence, Federal Bureau of Investigation, National Security Agency, and U.S. Cyber Command have teams to coordinate and integrate election security threat information. The private sector is also stepping up. Cybersecurity researchers at non-profit and for-profit organizations are providing cybersecurity services to campaigns and election officials. I commend these efforts. I look forward to hearing more from our distinguished panel on their efforts and yield back the balance of my time. [The statement of Chairman Richmond follows:] Statement of Chairman Cedric L. Richmond Today, we will take a broad look at election security issues, including efforts from the private sector to protect election infrastructure and political campaigns against malicious actors. It is an undisputable fact that, in 2016, the Russian government carried out a concerted, sophisticated operation to meddle in our Presidential election. The Kremlin leveraged sophisticated cyber capabilities to target our election infrastructure and amplify divisive--and at times false--rhetoric in an unprecedented way to sow discord, undermine the public's faith in democratic institutions, and ultimately damage the global leadership of the United States. The Russian government's covert malicious foreign interference campaign attacked every aspect of our elections. It involved engaging in conversations with personnel from a U.S. Presidential campaign, hacking a National political committee, conducting a phishing attack against a campaign Chairman, targeting voter registration databases and other election infrastructure, and mobilizing bots and fake on-line personas to carry out influence operations. Today, 2 other nation-state actors, China and Iran, are following suit--weaponizing new technologies to disrupt our democracy, distort the daily news, and compromise our election security. As we move into the heart of the 2020 election cycle, we must set aside party politics and work together to improve election security and preserve the integrity of our democracy. To that end, I urge the White House to accept the intelligence community's unanimous conclusions about 2016 meddling, refrain from engaging in conspiracy theories ahead of the 2020 elections, and show some needed leadership on election security. Failing to do so will further erode public confidence in our election process and advance Vladimir Putin's goal of undermining the U.S.-led liberal democratic order. For its part, Senate leadership must pass House-passed measures that would make election infrastructure more secure, and it should match the House's commitment to funding election security grants. Security vulnerabilities in outdated, unsupported election infrastructure could jeopardize the accuracy of voter registration databases or even the tally of votes cast. That is simply unacceptable. Voters deserve to know that they will be able to vote when they show up, and that their vote will be counted accurately. To guard against covert malicious foreign influence campaigns, owners and operators of on-line platforms must understand and be candid with the public about how our adversaries use their platforms. Also, we need to educate the public so that they are informed and have the opportunity to distinguish between facts and disinformation. And our party organizations and campaigns must take cybersecurity seriously, monitor for disinformation, and refuse to take advantage of malicious disinformation circulated about their opponents. Party and campaign organizations have tremendous power to counter efforts by foreign adversaries simply by rejecting opportunities to take the cheap shots based on fake news. Together, those truly interested in defending our elections from foreign adversaries can make real progress. For example, despite a lack of leadership from the White House, the Department of Homeland Security is building relationships and providing a full suite of election security services to State and local election officials. In addition, Office of the Director of National Intelligence, Federal Bureau of Investigation, National Security Agency, and U.S. Cyber Command have teams to coordinate and integrate election security threat information. The private sector is also stepping up. Cybersecurity researchers at non-profit and for-profit organizations are providing cybersecurity services to campaigns and election officials. I commend these efforts. I look forward to hearing more from our distinguished panel on their efforts. Mr. Richmond. With that I now recognize the Ranking Member of the subcommittee, the gentleman from New York, Mr. Katko, for an opening statement. Mr. Katko. Thank you, Mr. Chairman. Thank you all for being here this afternoon on this very, very important topic. Securing our elections remains one of the most pressing issues our country faces today. Secure voting systems and the accurate reporting of votes is foundational to our democracy. Americans should have full confidence in every aspect of our election process. Unfortunately, our election systems have become the principal target of several adversaries. Disinformation campaigns engineered by Russia have sown political discord within our election process. Social media has become a haven for false information regarding Election Day procedures and misinformation of candidates. Disinformation campaigns serve to confuse voters and undermine their confidence in the electoral process. While foreign influence has had a measured effect on our discourse, election results have, fortunately, remained untouched. The success of the 2018 midterms demonstrated the progress that the Federal Government and our State and local partners have made together. I want to applaud election security efforts led by CISA and the partnerships with State and local governments that have resulted in a marked improvement of information sharing and cohesion. Additionally, growing participation within the election infrastructure ISAC by local election officials has provided thousands of election offices with the cyber resources they need to maintain the reliability of their election infrastructure. Paper trails for voting systems are now in use in all but a few States, providing voters with a tangible, incorruptible record of their vote. The continued development of auditing techniques confirms voting results where voter tallies may be called into question. These software independent techniques have become invaluable to protecting our election systems from cyber attacks. Software independence of our election infrastructure is absolutely essential for the integrity of our election systems. This progress does not mean our election systems are secure. In my district we have seen multiple ransomware attacks affecting critical functions of the Syracuse City School District, for example, and the Onondaga County Library system. One can only imagine the effect of a similar targeted ransomware campaign aimed at voter registration databases before an election. Such an attack would hijack our election process and undermine all voter confidence in election results. Furthermore, we must continue to develop our relationships with State and local partners to ensure Federal cybersecurity resources are being utilized. While participation in the alleged election infrastructure ISAC has improved since the 2016 elections, thousands of local election offices remain independent. Local election offices are not equipped to handle the cyber threats to their election infrastructure alone. It is imperative that the Federal Government makes available its cybersecurity resources to every local election office. Election security has a history of bipartisan cooperation and support. Ensuring that our election process is uncompromised must remain a top priority for both sides of the aisle. I am confident that we can take the necessary and reasonable steps to continue to improve the integrity of our election systems. I thank the witnesses for providing the committee with their testimony and look forward to hearing their ideas on how we can further improve the security of our election systems. General Taylor, I must say it is nice to see you again, sir. I want to thank all of you, and Chairman Richmond, and everyone here today for calling this important hearing. I yield back the balance my time. [The statement of Ranking Member Katko follows:] Statement of Ranking Member John Katko Nov. 19, 2019 Thank you, Mr. Chairman. Securing our elections remains one of the most pressing issues our country faces. Secure voting systems and the accurate reporting of votes is foundational to our democracy. Americans should have full confidence in every aspect of our election process. Unfortunately, our election systems have also become the principal target of several adversaries. Disinformation campaigns engineered by Russia have sown political discord within our election process. Social media has become a haven for false information regarding election day procedures and misinformation of candidates. Disinformation campaigns serve to confuse voters and undermine their confidence in the electoral process. While foreign influence has had a measured effect on our discourse, election results have fortunately remained untouched. The success of the 2018 midterms demonstrated the progress that the Federal Government and our State and local partners have made. I want to applaud election security efforts led by CISA and their partnerships with State and local governments that have resulted in a marked improvement of information sharing and cohesion. Additionally, growing participation within the Election Infrastructure ISAC by local election officials has provided thousands of election offices with the cyber resources they need to maintain the reliability of their election infrastructure. Paper trails for voting systems are now in use in all but a few States, providing voters with an incorruptible record of their vote. The continued development of auditing techniques confirms voting results where voter tallies may be called into question. These software independent techniques have become invaluable to protecting our election systems from cyber attacks. Software independence of our election infrastructure is essential for the integrity of our election systems. This progress does not mean our election systems are secure. In my district, we have seen multiple ransomware attacks affecting critical functions of the Syracuse City School District and Onondaga County Library System. One can imagine the effect of a similar targeted ransomware campaign aimed at voter registration database systems before an election. Such an attack would hijack our election process and undermine all voter confidence in election results. Furthermore, we must continue to develop our relationships with State and local election partners to ensure Federal cybersecurity resources are being utilized. While participation in the Election Infrastructure ISAC has improved since the 2016 elections, thousands of local election offices remain independent. Local election offices are not equipped to handle the cyber threats to their election infrastructure alone. It is imperative the Federal Government makes available its cybersecurity resources to every local election office. Election security has a history of bipartisan cooperation and support. Ensuring that our election process is uncompromised must remain a top priority for both sides of the aisle. I am confident that we can take the necessary reasonable steps to continually improve our election systems. I thank the witnesses for providing the committee with their testimony and I look forward to hearing their ideas on how we can further improve the security of our election systems. I want to thank Chairman Richmond for calling this important hearing and I yield back. Mr. Thompson [presiding]. Thank you very much. The Chair recognizes himself for 5 minutes for an opening statement. Good afternoon to our panel of witnesses. Thank you very much for being here. Since 2016 officials throughout the intelligence community have described in disturbing detail the many ways the Russian government sought to meddle in our elections. For the 3 years that followed, heads of the Department of Homeland Security, the Federal Bureau of Investigation, the Central Intelligence Agency, and the National Security Agency, among others, have warned that the Russian government will continue its efforts to sow discord and undermine confidence in our democracy. More disturbing yet, Russia is not alone. According to the 2019 World-wide Threat Assessment, other adversaries, including China and Iran, will pursue opportunities to interfere in our elections. The intelligence community assesses that adversaries could exploit cyber means to target election infrastructure or engage in targeted influence campaigns to manipulate public opinion. We also know that our adversaries will target political campaigns because they have done so in the past. Adversaries have hardly kept their desire to undermine the integrity of our elections a secret. As Members of Congress, we have a duty to act. Today we are less than 1 year away from the 2020 Presidential election. The question everyone on this dais must ask themselves, is have we done enough to secure the 2020 elections from our adversaries? Despite multiple efforts led by the House of Representatives, Congress has yet to send a single piece of comprehensive election security legislation to the President's desk. Instead, good pieces of legislation to provide additional resources to State and local elections officials and limit foreign interference have stalled in the Senate. Moreover, despite multiple requests, the White House has failed to identify an official to coordinate the election security activities at various Federal agencies. In the mean time, with just a handful of legislative days left this year, and only a limited amount of time for legislative action next year, I will be interested to learn from our witnesses how they recommend Congress use that time to improve election security in advance of the 2020 elections. Importantly, I am interested to know how academics and private sector can work with State and local election officials and campaigns to improve election security in the absence of Congressional action. The election security problems we face are shared, and we have a shared responsibility to solve them. State and local election authorities, with help from the Federal Government, must invest in IT departments, train their employees, and upgrade and certify their election equipment. The private sector, including voting system vendors, must take responsibility to secure their equipment, make it user- friendly, and demonstrate a willingness to admit weakness in their systems when examined by third-party cyber professionals. Political campaigns must step up, too. They must implement robust cybersecurity policies to deprive our adversaries of information that can be twisted into a divisive narrative and serve as an extra check on disinformation. Finally, the American public must also be vigilant and scrutinize the information presented to them carefully. Before I close, I would also like to note that November is Critical Infrastructure Security and Resilience Month. I can think of no better way to observe it than to assess our preparedness for the 2020 Presidential elections. I also thank Chairman Richmond for his steadfast leadership on election security, and I look forward to the hearing and witnesses' testimony today. [The statement of Chairman Thompson follows:] Statement of Chairman Bennie G. Thompson November 19, 2019 I'd like to thank Chairman Richmond for calling today's hearing on election security. Since 2016, officials throughout the intelligence community have described in disturbing detail the many ways the Russian government sought to meddle in our elections. For the 3 years that followed, heads of the Department of Homeland Security, the Federal Bureau of Investigation, the Central Intelligence Agency, and the National Security Agency, among others, have warned that the Russian government will continue its efforts to sow discord and undermine confidence in our democracy. More disturbing yet, Russia is not alone. According to the 2019 Worldwide Threat Assessment, other adversaries, including China and Iran, will pursue opportunities to interfere in our elections. The intelligence community assesses that adversaries could exploit cyber means to target election infrastructure or engage in targeted influence campaigns to manipulate public opinion. We also know that our adversaries will target political campaigns because they have done so in the past. Our adversaries have hardly kept their desire to undermine the integrity of our elections a secret. As Members of Congress, we have a duty to act. Today, we are less than 1 year away from the 2020 Presidential election. The question everyone on this dais must ask themselves is: ``Have we done enough to secure the 2020 elections from our adversaries?'' Despite multiple efforts led by the House of Representatives, Congress has yet to send a single piece of comprehensive election security legislation to the President's desk. Instead, good pieces of legislation to provide additional resources to State and local election officials and limit foreign interference have stalled in the Senate. Moreover, despite multiple requests, the White House has failed to identify an official to coordinate the election security activities at various Federal agencies. In the mean time, we have just a handful of legislative days left this year, and only a limited amount of time for legislative action next year. I will be interested to learn from our witnesses how they recommend Congress use that time to improve election security in advance of the 2020 elections. Importantly, I will be interested to know how academics and the private sector can work with State and local elections officials and campaigns to improve election security in the absence of Congressional action. The election security problems we face are shared, and we have a shared responsibility to solve them. State and local election authorities--with help from the Federal Government--must invest in IT departments, train their employees, and upgrade and certify their election equipment. The private sector, including voting system vendors, must take responsibility to secure their equipment, make it user-friendly, and demonstrate a willingness to admit weaknesses in their systems when examined by third-party cybersecurity professionals. Political campaigns must step up, too. They must implement robust cybersecurity policies to deprive our adversaries of information that can be twisted into a divisive narrative and serve as an extra check on disinformation. Finally, the American public must also be vigilant, and scrutinize the information presented to them carefully. Before I close, I would also like to note that November is Critical Infrastructure Security and Resilience Month. I can think of no better way to observe it than to assess our preparedness for the 2020 Presidential elections. Chairman Thompson. Other Members of the subcommittee are reminded that, under committee rules, opening statements will be submitted for the record. [The statement of Honorable Jackson Lee follows:] Statement of Honorable Sheila Jackson Lee Chairman Richmond and Ranking Member Katko, thank you for convening today's hearing on ``The Road to 2020: Defending Against Election Interference.'' I thank today's witnesses: Panel I General Frank Taylor (Ret.-U.S. Air Force), former under secretary for intelligence and analysis, U.S. Department of Homeland Security; executive director (pro tempore), US CyberDome; The Hon. Richard Stengel, former under secretary for public diplomacy and public affairs, U.S. State Department; Dr. Matt Blaze, McDevitt chair of computer science and law, Georgetown University; and Ms. Ginny Badanes, director, Strategic Projects, Defending Democracy Program, Microsoft (Minority Witness). I thank each of today's witnesses for bringing their expert view on state of election security as the 2020 elections approach. The efforts to ensure that every eligible person can register to vote, and cast a vote in a public election have spanned generations. I have been persistent in my efforts to protect the rights of disenfranchised communities in my district of inner-city Houston and across the Nation. Throughout my tenure in Congress, I have cosponsored dozens of bills, amendments, and resolutions seeking to improve voters' rights at all stages and levels of the election process. This includes legislation aimed at: 1. Increasing voter outreach and turnout; 2. Ensuring both early and same-day registration; 3. Standardizing physical and language accessibility at polling places; 4. Expanding early voting periods; 5. Decreasing voter wait times; 6. Guaranteeing absentee ballots, especially for displaced citizens; 7. Modernizing voting technologies and strengthening our voter record systems; 8. Establishing the Federal Election Day as a National holiday; and 9. Condemning and criminalizing deceptive practices, voter intimidation, and other suppression tactics; Along with many of my colleagues in the CBC, I was an original cosponsor of H.R. 9, the Fannie Lou Hamer, Rosa Parks, and Coretta Scott King Voting Rights Act Reauthorization and Amendments Act, which became public law on July 27, 2006. I also authored H.R. 745 in the 110th Congress, which added the legendary Barbara Jordan to the list of civil rights trailblazers whose names honor the Voting Rights Act Reauthorization and Amendments Act. This bill strengthened the original Voting Rights Act by replacing Federal voting examiners with Federal voting observers--a significant distinction that made it easier to safeguard against racially-biased voter suppression tactics. In the 114th Congress, I introduced H.R. 75, the Coretta Scott King Mid-Decade Redistricting Prohibition Act of 2015, which would prohibit States whose Congressional districts have been redistricted after a decennial census from redrawing their district lines until the next census. The voting rights struggles of the 20th Century are now joined by voting rights threats posed by the 21st Century. Russia an adversary of the United States engaged in repeated attempts to interfere in the 2016 Presidential election, which prompted an unprecedented all-of-Government effort to alert local and State election administrators to be aware of the threat. Russia targeted our Presidential election according to the report, ``Background to Assessing Russian Activities and Intentions in Recent U.S. Elections: The Analytic Process and Cyber Incident Attribution,'' provided by the Office of the Director of National Intelligence's National Intelligence Council. Russia used every cyber espionage tool available to influence the outcome of the Presidential election by using a multifaceted campaign that included theft of data; strategically-timed release of stolen information; production of fake news; and manipulation of facts to avoid blame. The Russian General Staff Main Intelligence Directorate (GRU) is suspected by our intelligence agencies of having begun cyber operations targeting the United States election as early as March 2016. They took on the persona of ``Guccifer 2.0,'' ``DCLeaks.com,'' and Wikileaks as the identities that would be reported as having involvement in the work they had under taken to undermine our Nation's Presidential election. Russia is blamed for breaching 21 local and State election systems, which they studied extensively. In February 2018, special counsel Robert Mueller released indictments of 13 Russians, at least one of whom has direct ties to Russian President Vladimir Putin. The 37-page indictment details the actions taken to interfere with the U.S. political system, including the 2016 US. Presidential election. Among the charges, which include charges for obstruction of justice, are several especially notable details. The indictment states that 13 defendants posed as U.S. persons and created false U.S. personas and operated social media pages and groups designed to attract U.S. audiences. The Russians are not deterred by these indictments and are poised to interfere in the 2020 election. Russian interference in the 2016 election was a ``calculated and brazen assault'' on our democracy. In September 2019, Acting Director of National Intelligence Joseph Maguire told Congress that ``the greatest challenge that we do have is to make sure that we maintain the integrity of our election system. ``We know right now that there are foreign powers, not just Russia, that are trying to get us to question the validity on whether or not . . . our elections are valid.'' Last month, a senior CISA official renewed the agency's warnings about threats to the 2020 elections. Unfortunately, these warnings are being met with no response from current President and those who support him. The current matter under consideration by the House Intelligence Committee alleges that the current President sought the assistance of a foreign leader to meddle in the 2020 election. The committee must prepare the Nation to address the pending Russia threat to our Nation's election system, while also preparing to defend against threats to our election system posed by other nations. The United States has enemies in other corners of the globe who would not hesitate to attack our election system if given the chance. These foreign adversaries do not share our commitment to democracy, liberty, and human rights, or the precious freedoms we hold dear. On January 6, 2017, Homeland Security Secretary Johnson, as one of his last official acts under the Obama administration, designated election systems as critical infrastructure, and created a new subsector under the existing Government Facilities Sector designation. On January 29, 2019, the director of national intelligence testified before the Senate Select Committee on Intelligence that our adversaries ``probably already are looking to the 2020 U.S. elections as an opportunity to advance their interests. The House Committee on Homeland Security has the responsibility of providing for the cybersecurity of Federal civilian agencies as well as the security of the Nation's 16 critical infrastructure sectors from cyber and other threats. The Election Infrastructure Subsector covers a wide range of physical and electronic assets such as storage facilities, polling places, and centralized vote tabulation locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of State and local governments. The work to secure our Nation's election system from cyber threats is on-going, which is why this hearing is relevant. The U.S. Department of Homeland Security's (DHS) mission in cybersecurity and infrastructure protection is focused on enhancing greater collaboration on cybersecurity across the 16 critical infrastructure sectors and the sharing of cyber threat information between the private sector and Federal, State, and local partners. This committee will work hand-and-glove with the House Judiciary and House Administration Committees as well as the Senate Committees to ensure that the tools applied to the current threat to our elections is effectively and adequately addressed. We know the threats that computing devices and systems face, which are almost too numerous to count:Internet of things-enabled devices; Ransom-ware; Mal-ware; Denial of Service Attacks; Distributed-Denial-of-Service Attacks; Pharming; Phishing; Data Theft; Data Breaches; SQL Injection; Man-in-the-middle attack. This hyper cyber-threat environment poses risks to election systems because of the nature of Federal elections. Elections are date- and time-sensitive, which means any disruption or interruption can have catastrophic implications. During the 2016 election we learned of new threats from cyber space that go far beyond any that would have been considered in previous elections. This Congress is poised to do the hard work of delving into the issue of Russian involvement in our National election and providing solutions. The work today must focus on election recovery should a serious cyber incident occur during an election. Vulnerabilities of computing systems are not limited to intentional attacks, but can include acts of nature, human error, or technology failing to perform as intended. I am particularly concerned that so many jurisdictions rely on electronic poll books, to check-in voters before issuing them ballots, with no paper backups. Finally, the use of untrustworthy paperless electronic voting machines without enough paper ballot options will come to an end when H.R. 1 becomes law. The right and better approach to election cybersecurity is to be prepared and not need options for voters to cast ballots should voting systems fail, rather than being unprepared and needing options for voters to cast ballots during an election that are not available. We must be steadfast in our resolve to have a strong shield to defend civilian and critical infrastructure networks for all threats foreign and domestic. I look forward to the testimony of today's witnesses. Thank you. Chairman Thompson. I welcome our panel of witnesses. First, I am pleased to welcome back General Frank Taylor, United States Air Force, retired. He is a former under secretary for intelligence and analysis, and--at the Department of Homeland Security, and a board member of the U.S. CyberDome, a non- profit organization which provides cybersecurity at no cost to political parties, elected officials, and candidates across party lines. Next, we have Mr. Richard Stengel. He is a former under secretary of state for public diplomacy and public affairs, where he created and oversaw the Global Engagement Center. Next, we have Dr. Matt Blaze. He holds the McDevitt chair of computer science and law at Georgetown University. He works--his work focuses on technology, encryption, and, most importantly, election security. Finally, we have this Ms. Ginny Badanes. Close? OK. She is the director of strategic projects at Microsoft's Defending Democracy Program, where she leads a team that works with political campaigns to protect against hacking and defend against disinformation campaigns. Without objection, the witnesses' full statements will be inserted in the record. I now ask each witness to summarize his or her statement for 5 minutes, beginning with General Taylor. STATEMENT OF FRANCIS X. TAYLOR, GENERAL, U.S. AIR FORCE, RETIRED, FORMER UNDER SECRETARY FOR INTELLIGENCE AND ANALYSIS, U.S. DEPARTMENT OF HOMELAND SECURITY, BOARD MEMBER, US CYBERDOME General Taylor. Thank you, Chairman Thompson, Ranking Member Katko. It is a pleasure to appear before this committee, this time as the acting executive director of US CyberDome, a non-profit organization dedicated to helping to secure Federal campaigns against undue influence. Thank you for the opportunity to appear and to discuss defending our election infrastructure. You--both you, Chairman Thompson, and Mr. Katko--have outlined what the threat was from 2016. That threat continues to manifest itself, so I will not speak further to that. But as the executive director of US CyberDome, I have talked with many other organizations who are helping campaigns with cybersecurity and to protect against disinformation. I have been engaged with personnel in the National party committees, the Federal campaign committees, as well as personnel who have worked for these types of committees in the recent past. The observations of this testimony come from those dialogs, my professional experience, and the experiences of US CyberDome founders and advisors. US CyberDome is a 501(c)(4) non-profit organization. Our objective is to ensure the integrity of elections and confidence in their outcomes. We operate in full alignment with the Federal Election Commission Advisory Opinion 201(a)-12, to fund qualified vendors using US CyberDome donations. Initial US CyberDome activities have focused on the 2020 U.S. Presidential and Senatorial campaigns, but over time will apply to other campaigns. We broker no-cost cybersecurity and disinformation protection services from qualified vendors to Federal campaign committees, National party committees, think tanks, and non- Governmental organizations. Using this cybersecurity framework as a measure of comprehensive cyber risk management, we have identified services for a multi-phase improvement initiative. Perhaps not every campaign will need every service. However, our objective is to increase the overall level of protection across the campaign infrastructure, both within campaigns and in the National parties and services they depend on, envision services--ones that have a high probability of success within the campaigns, offer low disruption--and will offer low disruption to campaign workers, and offer the highest impact, and address the most urgent threats. Our intent is to start with detection and response services, to include impostor website monitoring, social media, and dark web monitoring. These services are allowed per current Federal Election Commission advisory opinions. These services will hold the line. These services will hold a line against malicious actors. In later phases of our initiative we intend to broker more proactive and protective services, such as perimeter security management, distributed denial of service, and ransomware mitigation services. These will be enabled by an FEC opinion request that we are now staffing. US CyberDome is comprised of cybersecurity experts who have trained and practiced the world's--at the world's largest accredited computer forensic and incident response institute in the world, the Defense Cyber Crime Center, which I am proud to also say I started in 1997, as the commander of OSI, and it continues to grow. A special note: US CyberDome believes our role is to help ensure U.S. political discourse is free from foreign influence, but not participate in or affect that discourse. Just a couple of observations about campaigns. Our assessment is campaigns are underprepared. Their focus is on getting their candidate elected, and the investment that is required to protect against the more sophisticated threats that the campaigns and our election infrastructure face are much more expensive than campaigns can afford. Our focus is to provide the campaigns with free-of-charge services to protect themselves as they pursue the election process. With that, Mr. Chairman, I will yield my time. [The prepared statement of General Taylor follows:] Prepared Statement of Francis X. Taylor November 19, 2019 introduction Chairman Richmond, Ranking Member Katko, and Members of the subcommittee, I am Frank Taylor, the executive director of US CyberDome, a non-profit dedicated to securing Federal campaigns against undue influence. Thank you for the opportunity to appear before you today to discuss defending against election interference. us cyberdome's role in defending against election interference US CyberDome is a 501(c)(4) non-profit organization. Our objective is to ensure the integrity of elections and confidence in their outcomes. We broker no-cost cybersecurity and disinformation detection services from qualified vendors to Federal campaign committees, National party committees, think tanks, and non-governmental organizations. Initial US CyberDome activities are focused on the 2020 U.S. Presidential and Senatorial campaigns, and will apply to other campaigns over time. We operate in full alignment with the Federal Election Commission's Advisory Opinion 2018-12 to fund qualified vendors using US CyberDome donations. US CyberDome is comprised of cybersecurity experts who have trained and practiced at the world's largest accredited computer forensics and incident response institute in the world, the Defense Cyber Crime Center, as well as the U.S. Department of Defense and National Institute of Standards and Technology. The team was formed by a group of cybersecurity experts who became alarmed by increasing cyber threats and the lack of protection for campaigns and voters. They formed the non-profit organization to absorb the extraordinary cost of providing cyber protection to campaigns by working with donors and charitable foundations. Of special note, US CyberDome believes our role is to help ensure U.S. political discourse is free of foreign interference, but not to participate in or affect that discourse. For that reason, we are non- partisan in our approach. Our Board of Advisors represents a variety of political parties and beliefs to ensure we are guided in a balanced way. Additionally, our services are designed to be delivered fairly and equitably, regardless of political party or beliefs. political campaigns in 2019 Our freedom of speech and democracy are under attack by increasingly sophisticated and ever-evolving threats to the election process, including purposeful attacks and exploits from foreign governments, terrorists, organized crime, foreign corporate spies, and others. The 2016 U.S. Presidential elections demonstrated that cyber attacks and disinformation can be used to manipulate the U.S. election. As set forth in the Bob Mueller's Report on the Investigation into Russian Interference in the 2016 Presidential Election, ``the Russian government interfered in the 2016 Presidential election in sweeping and systematic fashion.'' They did so principally through 2 operations. First, a Russian entity conducted a sophisticated social media campaign, and second, a Russian intelligence service conducted computer-intrusion operations against campaign entities, employees, and volunteers, and then released stolen documents. Successful and public foreign interference in 2016 increased the likelihood that other nations will seek to influence in 2020 and beyond. Other factors will very likely increase interference in the U.S. 2020 Presidential election. For instance, as the United States increases trade pressures around the world, cyber attacks from affected nations have increased. These, and potentially other factors, will likely lead to increased attacks on 2020 U.S. Presidential campaigns, and Federal campaigns in general. In summary, I offer the affirmation of one US CyberDome Advisor, former Secretary of the U.S. Department of Homeland Security, Michael Chertoff. ``Malign foreign actors continue their efforts to attack our democracy, including through the on-line penetration and disruption of our candidate and campaign organizations.'' Even more insidious, some nation-states are busy gathering information about U.S. Presidential candidates, Senators, and Representatives, that may be used at a moment in time that is advantageous to that nation in the future; potentially far beyond 2020. Not even the Government can guarantee a 100 percent success rate against every attack or exploit from malicious nations or nation- states. However, we can greatly increase success rates through diligence in detecting adversary activity, and expediency in responding to and reporting that activity. As executive director for US CyberDome, I have talked with many other organizations who are helping campaigns with cybersecurity and disinformation. Organizations such as Microsoft and Area 1 Security who have received positive Advisory Opinions from the FEC and are supporting campaigns. Organizations such as the DigiDems who offer on- site technical personnel to campaigns and currently have over 80 personnel embedded in those campaigns. I have been engaged with personnel in National party committees and Federal campaign committees, as well as personnel who have worked for those types of committees in the recent past. The observations of this testimony come from those dialogs, my professional experiences, and the experiences of the US CyberDome founders and Advisors. observations about campaigns Campaigns are under-prepared.--They are not adequately resourced to defend against many expert, persistent, and well-funded threat actors such as nation-states. Most campaigns do not have enough technical expertise or historical experience against the myriad threats they face. Simply put, if they have not previously detected and responded to sophisticated threat actors, they will not be able to. Even campaigns with a very knowledgeable cybersecurity professional on-staff are hindered. One person cannot hold off the Korean People's Army or the Armed Forces of the Islamic Republic of Iran. There are very few workplaces in the United States where campaigns can find someone with past experience defending against a wide variety of nation-state cyber attacks or disinformation. The intelligence community and Department of Defense have groups of such individuals. Also, the Defense Cyber Crime Center, an organization I commissioned while serving as the commander of the Air Force Office of Special Investigations also employs and trains some of these cyber specialists. Without this type of field-tested past experience, even well-skilled information technologists and cybersecurity professionals are ill- prepared to detect and respond to nation-state actors. Again, if they have not previously detected and responded to sophisticated threat actors, they likely will be unable to successfully do so. Additionally, U.S. political campaigns are unlike any corporate or Government entity. They are essentially start-ups that can endure for weeks or years. The short tenure of personnel--both volunteers and employees--diminishes the effect of cybersecurity measures used successfully in corporate America. For instance, anti-phishing training has been demonstrated to reduce the effectiveness of phishing attacks in corporate America. Campaigns have less long-term effect from similar training, because their personnel are relatively short-tenure. Campaigns are isolated.--Our democracy is rooted in the separation of powers--Executive, Legislative, Judicial. Our election process is a key component that must be independent. This very independence tends to isolate the election community from some of the core National security apparatus that it needs to protect it. The United States Government has the best intelligence, law enforcement, National security, and cybersecurity capabilities in the world, but conditions isolate campaigns from U.S. Federal Government resources. Campaign personnel may be concerned about the interests of for- profit organizations. Specifically, campaigns wonder how they can trust the advice of an organization that stands to profit on that advice. In particular, product vendors following common sales practice only represent their own products. This can inadvertently lead campaigns to a less-than-comprehensive cybersecurity solutions. Campaigns focus.--Their singular focus is to get elected. Any effort not directly in support of getting elected, is not funded or underfunded. For election campaigns, every dollar spent on services like cybersecurity is a dollar that is not being spent on their core mission. Even proactive candidates may think twice about spending effort and money on cybersecurity, for fear this diversion of resources will result in less votes than their competitors. This results in a lack of incentive for campaigns to address cybersecurity more fully, despite the imminent threat. Last mile cybersecurity.--In addition to the above campaign observations, I offer a technical one. We still struggle with the ``last mile'' of cybersecurity within our communities--getting actionable security intelligence in the hands of those who need to defend themselves. There are at least two aggravating circumstances. First, the classification level of threat information slows down the flow of actionable threat intelligence. Second, threat information is mainly conveyed in formats that cannot be automatically processed by computers. In cyber space, the pace of engagement is extremely fast. It far outpaces the rate of de-classification and re-formatting threat intelligence. We are fighting an asymmetrical war on the cyber front, and we must adjust. what can we do Capitalize on the non-profit model.--Non-profit organizations are uniquely positioned and scoped to support campaigns. Specifically, non- profits avoid misgivings campaigns may have about utilizing Federal Government and for-profit resources directly. When non-profits engage campaigns, it reduces risks they may face, and we all face, if those campaigns are isolated. Non-profits are not a part of the Executive branch of Government, therefore they are not affiliated with a competing candidate. Non-profits less prone to the financial conflicts of interest faced by a for-profit. At the same time, non-profits can still play an integral role in brokering the resources of the Federal Government and for-profit organizations. For instance, non-profits may offer an indirect way to disseminate cyber threat information (and do so in formats that can be immediately utilized by campaigns). For all of these reasons, I believe non-profit organizations are well-suited to support political committees and campaigns with on-going and proactive measures. Specify minimum standards for campaign cybersecurity.--Campaigns may have greater incentive to spend effort and funds on cyber protections if they know their competitors are obligated to the same expenditures. Here is a similar circumstance from recent history. In the past, US CyberDome personnel helped create the DoD-Defense Collaborative Information Sharing Environment (DCISE). The DCISE stemmed from the Comprehensive National Cybersecurity Initiative to be one of the first successful examples of ``need to share'' in America. The DCISE used specific methodologies and techniques to anonymously share intelligence and law enforcement information with the defense industrial base (DIB), and share that information with the Federal Government. In the DIB, there existed similar competitive pressures about the effort and time spent on participation in DCISE. Ultimately, the Defense Federal Acquisition Regulation incorporated requirements for DIB organizations to participate in the DCISE, thus ``leveling the playing field'' for all DIB organizations to participate. This propelled the DCISE to a well-utilized and effective solution for threat information sharing in the DIB. Similar requirements for Federal campaign committees would likely prove useful. Focus on key technical challenges.--Congress should consider mandating that all U.S. Government threat intelligence be disseminated in computer-readable formats, in addition to prose. This simple requirement would go a long way to ensuring that action can be taken swiftly once threat intelligence information is received. I do not espouse a specific format. I would leave that up to the experts. Expressing all threat information in computer-readable formats will be a big step forward. Challenges like de-classification are more complex to solve. Over- classification is something that intelligence organizations should evaluate for themselves. In other words, is it possible that certain aspects of the threat information never needed to be Classified to begin with? Accelerating de-classification should also be considered. We are living in an age where machine learning is broadly applied, and artificial intelligence is starting to be well-understood. These technologies hold significant promise to automate large portions of the de-classification process. conclusion US CyberDome is defending against election interference by working with Federal campaign committees, National party committees, think tanks, and non-Governmental organizations. Our status as a non-profit affords us unique insights and opportunities to help the community. Thank you for the opportunity to testify. I am happy to answer any questions you may have. Chairman Thompson. General Taylor, let me thank you for your testimony. I now recognize Mr. Stengel for his opening statement. STATEMENT OF RICHARD STENGEL, FORMER UNDER SECRETARY OF STATE FOR PUBLIC DIPLOMACY AND PUBLIC AFFAIRS, U.S. STATE DEPARTMENT Mr. Stengel. Thank you, Mr. Chairman. I said thank you, Mr. Chairman. I feel very comfortable here today, because I spent so much time sitting next to General Taylor in Government. So the consent of the governed, that is the basis of our democracy. If that consent is acquired through deception, the powers derived from it are not just. That is why disinformation is so dangerous to our democracy. Disinformation is deliberately false information designed to deceive or mislead. Misinformation is simply false information, whether deliberate or not. Disinformation is the much greater threat, because it is on the rise around the world and at home, particularly here at home. Disinformation is asymmetric warfare. You might not be able to afford an F-35, but you can certainly hire some people with laptops who act as trolls. Yet it is often a weapon used by the strong against the weak, because authoritarian leaders have understood that they can repress free speech at home and spew disinformation on state media. It is difficult to fight, because it is hidden in plain sight. It uses all the same principles of behavioral economics and the tools of the big social media companies to find a targeted audience. It is as old as humanity, but social media has made it exponentially easier to create, deliver, and instantly find large audiences. I spent 3 years at the State Department, attempting to combat ISIS propaganda and Russian disinformation. In fact, we started the first counter-Russian group at the State Department, which eventually became the Global Engagement Center. I came to the State Department after 7 years as the editor of Time, where I understood media. What I found was that fighting ISIS was a lot more direct than fighting the Russians. ISIS at least said who they were. The Russians masqueraded as Americans to insert their poison into our digital bloodstream. We saw from the State Department the first wave of Russian disinformation around Putin's illegal invasion of Ukraine in 2014. Then the Russians took what they learned in the periphery and brought it here to our election in 2016. But in attempting to counter Russian disinformation, I came to the conclusion that Government wasn't the answer. I saw that countering disinformation was often counter-productive. After all, we were the enemy. A tweet from the under secretary of state to someone was not going to change their mind. Democracies aren't actually very good at combating disinformation. Why is that? In part, because our opponents use our freedoms against us. They exploit freedom of speech to create false speech, which is protected by the First Amendment. They use the same tools of microtargeting that advertisers use to sell us sneakers and phones, to sell us false narratives and conspiracy theories. The truth is disinformation doesn't so much create division as amplify it. Even though I don't think Government has a direct role in countering disinformation through creating content or taking it down, I do think Government has a clear role in creating resilience to disinformation. First, Congress can impose stricter regulations on the platforms that host all of this disinformation. Right now the law, the Communications and Decency Act, doesn't treat them as publishers, and they have complete immunity from liability for all this content on their platforms. Take it from me. Not only are these companies publishers, they are the biggest publishers in the history of the world. To be sure, they can't have the same liability that I had when I was editor of Time. But they need to have some more liability for content that is on their platforms that is demonstrably false, that is created by robots, that attacks people on the basis of race, religion, ethnicity, gender, or sexual orientation, that is created by foreign actors to deceive American voters. They need to be much more accountable for making a good-faith effort to remove that content. So as 2020 approaches, we see a host of new problems, deep fakes, data manipulation, where they--bad actors don't just steal data but manipulate it. The professionalization of interference, where private companies teach people how to do disinformation for profit, and the rise of home-grown disinformation and the recruitment of Americans as witting or unwitting agents of disinformation. I actually think the platform companies need to embrace is what I call the five Ds of combating disinformation: Detection, demotion, deletion, disclosure, and digital literacy. They not only need to remove foreign influence; they need to publicize it. I do think the one entity in Government that I mentioned before, the Global Engagement Center, which was created to combat global disinformation, can help with this election, too. I would urge the passing of the Honest Ads Act, which would bring a lot more transparency in political advertising. As I have often said, we don't have a fake news problem, we have a media literacy problem. There was a poll this past week that showed that 47 percent of Americans say they find it difficult to evaluate whether the information they are getting is true. We need to teach deep media literacy and digital literacy in the schools. I can't think of anyone better to pay for that than the platform companies. Ultimately, the problem of disinformation is not so much that people will come to believe what is false. The greatest problem is that they will doubt what is true. I am honored to be here today, and I welcome your questions. Thank you very much. [The prepared statement of Mr. Stengel follows:] Prepared Statement of Richard Stengel November 19, 2019 ``Governments are instituted among men,'' the Declaration declares, ``deriving their just powers from the consent of the governed.'' In a democracy, how do we obtain that consent? Through information, the Framers said, true information. The rise of disinformation is a threat to our democracy because it undermines our consent. If that consent is acquired through deception and disinformation, the powers derived from it are not just. Disinformation is deliberately false information designed to deceive or mislead. Misinformation is simply false information that is not deliberate or designed to mislead. Disinformation is the much greater threat and it is on the rise around the world and at home. In the realm of politics, it is the promulgation of false narratives to undermine democracy. Disinformation is asymmetric warfare: You might not be able to afford an F35, but you can always hire a few trolls with laptops. Yet it is often a weapon used by the strong against the weak: Authoritarian leaders have learned that they can repress free speech at home and spew disinformation on state media. That's a dangerous combination for the future of democracy. Disinformation is difficult to fight because it is hidden in plain sight. It uses all the principles of behavioral economics--and the tools of the big social media companies--to find a targeted audience. Disinformation is as old as information, but social media has made it exponentially easier to create, deliver, and instantly find large and receptive audiences. My book Information Wars is the story of how we attempted to fight Russian and ISIS disinformation from the State Department during the last 3 years of the Obama administration. I went into Government after 7 years as the editor of TIME and I thought I understood media. ISIS was something new in terrorism: A non-state actor as adept at social media as barbaric killings. But ISIS's digital jihadis did not pretend to be anyone else other than who they were--unlike the Russians, that is. The Russians adopted other identities and masqueraded as Americans to insert their poison into our digital bloodstream. From the State Department, we first saw Russia create a wave of social media disinformation in the Russian periphery around Putin's illegal invasion of Ukraine in 2014--and then the Russians took what they learned there and aimed it squarely at our election space in 2016. What also makes disinformation effective is that there is often a kernel of truth in it. What united ISIS and Russian disinformation was what I called the weaponization of grievance. ISIS weaponized the grievances of Sunni Muslims who felt left out by modernity and repressed by their rulers. Putin weaponized the grievances of Russians who mourned the loss of the Soviet Union and never adapted to the modern world. If ISIS had a slogan, it was Make Islam Great Again. If Putin had a slogan, it would be Make Russia Great Again. They had their mantras long before we heard about making America great again. This global weaponization of grievance is the unified theory behind the rise of nationalism and right-wing strongmen across the globe. But the ultimate threat is here at home. It's easier and more comfortable for us to see this problem as a threat from the outside, from foreign influence operations. And, indeed, they remain a grave National security threat. But the scale and range of domestic disinformation--created and spread by Americans to other Americans-- dwarfs any foreign threat or troll factory. Our foreign adversaries seek to engage Americans and do so, but our home-grown disinformation overwhelms what our adversaries produce. Our internal challenge is far greater and more dangerous than any external one. In attempting to counter Russian and ISIS disinformation I came to see that Government was not the answer. I saw that ``countering'' disinformation was often counter-productive. When we tried to create content ourselves, we very often played into our adversaries' hands. After all, we were the enemy. It's very hard for a tweet from the U.S. State Department to persuade someone of our point of view if we are seen as the cause of the problem. They see our efforts to rebut them as confirmation that they are right and that their strategy is working. Democracies just aren't very good at combatting disinformation. Why is that? One reason is that our opponents not only use our freedoms against us, but our technology. They exploit freedom of speech to create dangerous and false speech, which is protected by the First Amendment. They utilize the same tools of micro-targeting that advertisers use to market sneakers and phones but they use them to sell us false narratives and conspiracy theories. Disinformation is hard to fight because it's not just a supply problem, it's a demand problem. People embrace it when it seems to confirm their beliefs. It's a missile that hits its target because the target welcomes it. The truth is, disinformation doesn't create divisions so much as widen them. At the end of last year, the initial Senate Select Committee on Intelligence report on Russian interference in the 2016 election said the Internet Research Agency in St. Petersburg had created more than 10 million tweets--of which 6 million were original--across 4,000 accounts; more than 100,000 Instagram posts; and more than 50,000 Facebook posts. The second Senate Intelligence Committee report that came out last month reported that the Russians had done more since the election than they did before it. Now, as then, it's a whole-of- Government effort which includes Russian intelligence services, conventional Russian media, and even the foreign ministry. The Russians are shrewd about using our own biases against us. In 2016, they sought out groups who were afraid of immigrants and Muslims and stoked their fears. They targeted African American voters and told them voting was a waste of time. After Twitter and Facebook removed many on-line assets attributed to Russia in 2017, the Russians returned with a more tailored focus to activist communities who were susceptible to disinformation. With a focus on 2020, the Russians will again seek out cultural and social divisions and try to magnify them. As with 2016, they will often amplify both sides of divisive issues. Anything to create chaos and disunity and doubt about the integrity of our political process. Even though I don't think Government has much of a role in countering disinformation through creating content or taking it down, I do think there is a clear Government role in raising awareness and creating resilience to disinformation. Combatting disinformation is a cross-cutting issue that has implications for a wide range of different agencies and committees. First, I think Government has a role in regulating the platforms that host disinformation. Currently, there is an alignment of economic interests between the disinformationists and the platforms: The social media companies make money when disinformation goes viral. Right now, the law doesn't treat the platform companies as publishers and they have complete immunity from liability for the content on their platforms. Not only are these companies publishers, they are the biggest publishers in the history of the world. No, they don't have human editors, but as a former editor I'm here to tell you that algorithms and content recommendation engines are editors--the fastest and most efficient editors in history. To be sure, these companies cannot have the same liability that I used to have as editor of TIME. But they need to have some liability for content that is on their platform that is demonstrably false, that is created by robots, that attacks others on the basis of race, religion, ethnicity, gender or sexual orientation, that is created by foreign actors to deceive American voters. They need to be legally accountable for making a good-faith effort to remove such content from their platforms. As the 2020 election approaches, there are a host of new problems: Deep fakes; data manipulation, where bad actors don't steal data but manipulate it; the professionalization of interference, as private companies hire out their services to create disinformation; the rise of domestic disinformation and the recruiting of Americans as witting or unwitting agents of disinformation. Combatting these new efforts requires the detection and removal of foreign influence in our election, greater ad transparency, more accountability for the platform companies, and greater data protection. I would endorse the Senate Intelligence Committee's recommendations for fighting disinformation, and in particular the timely sharing of information between the private and public sector of real-time threats. I believe the tech companies would welcome that too. I'd also recommend the Five D's of combatting disinformation: Detection, demotion, deletion, disclosure, and digital literacy. The empowering of the Global Engagement Center, which was created at the end of 2016, to truly help fight all kinds of disinformation could be a vital effort of the Government. It is important to pass the Honest Ads Act, which would provide for more transparency in political advertising. All of this in addition to giving the content companies more liability for publishing proscribed content would help but not remedy the flood of disinformation. I've often said we don't have a fake news problem, we have a media literacy problem. Media and digital literacy need to be taught and the schools, and I can't think of a better source of that funding than the platform companies. We also need a privacy bill of rights that protects our information as part of a new digital social contract. The ownership of one's personal information is an unalienable right. The disinformationists know that it's far easier to create confusion rather than clarity, to confuse rather than persuade. They want people to see empirical facts as an elitist conspiracy. Citizens have trouble discerning fact from fiction and we need to teach media and digital literacy in the schools from an early age. In a new poll from this past week, 47 percent of Americans say they find it difficult to know whether the information they encounter is true. The public needs to see that countering disinformation is a civic duty for which we all are responsible. Ultimately, the problem of disinformation is not so much that people will come to believe what is false. The greatest problem is that they it will cause them to question what is true. Mr. Richmond [presiding]. Thank you. I will now recognize Dr. Blaze for 5 minutes to summarize his statement. STATEMENT OF MATT BLAZE, PH.D., MC DEVITT CHAIR OF COMPUTER SCIENCE AND LAW, GEORGETOWN UNIVERSITY Mr. Blaze. Thank you, Chairman Thompson, Chairman Richmond, and Ranking Member Katko for convening this hearing on the vitally important topic of securing American elections against foreign interference. I am here today as an academic and technologist who studies particularly election system security. As I know you are well aware, the integrity of elections across the United States today depends heavily on the integrity of the computers and software systems embedded across our election infrastructure. Complex software lies at the heart of not just the vote-casting equipment used at polling places, but also the information systems used by local authorities to manage everything from voter registration records, to the tallying and reporting of election results, to the dissemination of authoritative information to voters. Unfortunately, much of this information--much of this infrastructure has proven dangerously vulnerable to tampering and attack, in some cases in ways that can't easily be detected or corrected after the fact. These vulnerabilities create practical avenues for our adversaries to do everything from cause large-scale disruption on Election Day, disenfranchise large numbers of voters, create uncertainty as to the legitimate winners of election, or even to undetectably alter election outcomes. Now, for the purpose of our discussion, it is helpful to consider voting machines and election management infrastructure separately. They have different properties and different mitigations. So let me begin with the voting equipment used at polling places first. To be blunt, it is a widely recognized and indisputable fact that every piece of computerized voting equipment used at polling places today can be easily compromised in ways that have the potential to disrupt election operations, compromise the firmware and software in these devices, and alter vote tallies that get reported by county offices. Now, this is partly a consequence of poor design and implementation by equipment vendors, which is a notorious problem, but it is also ultimately a reflection of the nature of complex software. It is simply beyond the state-of-the-art to build software systems that can reliably withstand a targeted attack by a determined adversary in a high-stakes environment like voting. The vulnerabilities are real. They are serious and, absent a surprising breakthrough in technology and computer science, probably inevitable for quite some time to come. Now, fortunately, there is now also overwhelming consensus among experts who have studied this problem on how we can conduct reliable elections, despite the inherent unreliability of the underlying hardware and software that we use to cast our votes. This requires 2 things, 2 properties of the equipment and processes. The first is that the voting technology must retain a paper record that reliably reflects the voter's intended choices. Now, fortunately, equipment with this property already exists and is in use in many jurisdictions throughout the Nation. It has the added virtue of being relatively simple and inexpensive, compared to other alternative voting technologies that we use and have been using. I am referring here to paper ballots, preferably marked by hand, that are fed into optical scan ballot readers at the time that the vote is cast by the voter. Now, paper ballots alone are not sufficient to accomplish reliable elections in the face of tampering, since the software in ballot scanners themselves all are vulnerable to tampering and to error. So there is a second requirement, and that is that the election be reliably audited to ensure that the software is reporting the correct outcome of each race. Now, there is a statistically rigorous technique recently invented called risk limiting audits that can accomplish this efficiently and quickly. But it must be done routinely after every election in order to provide meaningful assurance that election outcomes are correct. Unfortunately, here and now, only a handful of States currently conduct risk limiting audits, although it is encouraging that more and more States are experimenting with them. So the second technology at risk is the election management infrastructure that is used by local jurisdictions. While voting--vote casting equipment has justifiably gained a great deal of attention, there is more to this than just the voting machines. Each of the more than 5,000 local jurisdictions responsible for running elections has to maintain a number of critical information systems that are attractive targets for disruption by adversary. Most prominently are the voter registration databases that determine who is allowed to vote on Election Day. Now, all of the 5,000 different local jurisdictions responsible for running these systems have different resources, practices, and regulations that govern them, but they have in common that they are targets of some of the world's most sophisticated intelligence services, and they are at the front line of our Nation's defense against election disruption. There is no simple fix here, but--except the provisioning of significant additional resources to protect these systems. We don't expect the local sheriff to single-handedly defend against military ground invasions, and we should not expect county election IT managers to defend against cyber attacks by foreign intelligence agencies, yet that is what we effectively ask them to do. So thank you again for your attention to these important issues. [The prepared statement of Mr. Blaze follows:] Prepared Statement of Matt Blaze \1\ --------------------------------------------------------------------------- \1\ Professor and McDevitt chair of computer science and law, Georgetown University, 600 New Jersey Ave NW, Washington, DC 20001. mab497@georgetown.edu. Affiliation for identification only. --------------------------------------------------------------------------- November 19, 2019 introduction Thank you for the opportunity to offer testimony on the important questions raised by the security of the technology used for elections in the United States. For more than 25 years, my research and scholarship has focused on security and privacy in computing and communications systems, especially as we rely on insecure platforms such as the internet for increasingly critical applications. My work has focused particularly on the intersection of this technology with public policy issues. For example, in 2007, I led several of the teams that evaluated the security of computerized election systems from several vendors on behalf of the States of California and Ohio. I am currently the McDevitt chair of computer science and law at Georgetown University. From 2004 to 2018, I was a professor of computer and information science at the University of Pennsylvania. From 1992 to 2004, I was a research scientist at AT&T Bell Laboratories. I hold a PhD in computer science from Princeton University, an MS in computer science from Columbia University, and a BS from the City University of New York. This testimony is not offered on behalf of any organization or agency. In this testimony, I will give an overview of the security risks facing elections in the United States today, with emphasis on vulnerabilities inherent in electronic voting machines, as well as the exposure of our election infrastructure to disruption by National security adversaries. I have attempted, to the extent possible, to represent the current consensus of experts in the field, but space and time constraints limit my ability to be comprehensive or complete. An especially valuable resource, with comprehensive discussion and recommendations. is the recent National Academies ``Securing the Vote'' consensus study report.\2\ --------------------------------------------------------------------------- \2\ https://www.nap.edu/catalog/25120/securing-the-vote-protecting- american-democracy. --------------------------------------------------------------------------- I offer 3 specific recommendations: Paperless (``DRE'') voting machines should be phased out from U.S. elections immediately, and urgently replaced with precinct-counted optical scan ballots that leave a direct artifact of voters' choices. Statistically rigorous ``risk-limiting audits'' should be routinely conducted after every election, in every jurisdiction, to detect and correct software failures and attacks. State and local voting officials should receive access to significant additional resources, infrastructure, and training to help them protect their election management IT systems against increasingly sophisticated adversaries. i. elections and software security A consequence of our Federalist system is that U.S. elections are in practice highly decentralized, with each State responsible for setting its own standards and procedures for registering voters, casting ballots, and counting votes. The Federal Government has set only broad standards for such issues as accessibility, but has historically been largely uninvolved in day-to-day election operations. In most States, the majority of election management functions are delegated to local county and town governments, which are responsible for registering voters, procuring voting equipment, creating ballots, setting up and managing local polling places, counting votes, and reporting the results of each contest. Consequently, thousands of individual local election offices shoulder the burden of managing and securing the voting process for most of the American electorate. Elections in the United States are among the most operationally and logistically complex in the world. Many jurisdictions have large numbers of geographically-dispersed voters, and most elections involve multiple ballot contests and referenda. Baseline election security must account for sophisticated adversaries, ballot secrecy, fair access to the polls, and accurate reporting of results, making secure election management one of the most formidable--and potentially fragile-- information technology problems in government. Computers and software play central roles in almost every aspect of our election process: Managing voter registration records, defining ballots, provisioning voting machines, tallying and reporting results, and controlling electronic voting machines used at polling places.\3\ The integrity and security of our elections are thus inexorably tied to the integrity and security of the computers and software that we rely on for these many functions. --------------------------------------------------------------------------- \3\ A typical election administration office is much like any modern enterprise, with local computer networks tying together desktop computers, printers, servers, and internet access. This increasing connectivity served as a critical avenue in 2016 for what U.S. intelligence agencies have identified as attacks by Russian military intelligence. --------------------------------------------------------------------------- The passage of the Help America Vote Act (HAVA) in 2002 accelerated the computerization of voting systems, particularly with respect to the ways in which voters cast their ballots at local polling stations. HAVA provided funds for States to replace precinct voting equipment with ``accessible'' technology. As implemented, however, some of this new technology has had the unfortunate unintended consequence of increasing, rather than decreasing, the risk of our elections being compromised by malicious actors. A. Election Software and Hardware A typical \4\ county election office today depends on computerized systems and software for virtually every aspect of registering voters and conducting elections. Generally, an election office workflow will include at least the following pre- and post-election functions: --------------------------------------------------------------------------- \4\ The precise nature of the systems used and how they interact with one another will vary somewhat depending on the vendors from which the systems were purchased and the practices of the local jurisdiction. --------------------------------------------------------------------------- Voter registration.--The on-going maintenance of an authoritative database of registered voters in the jurisdiction, including the precinct-by-precinct ``poll books'' of voters (which might be on paper or in electronic form) that are used to check in voters at precinct polling stations. Ballot definition.--The pre-election process of creating data files that list the various contests, candidates, and rules (e.g., number of permitted choices per race) that will appear on the ballot. The ballot definition is used to print paper ballots, to define what is displayed on touchscreen voting terminals, and to control the vote tallying and reporting software. Local races (such as school boards) may sometimes require that different ballot definitions be created for different precincts within a county in any given election. Voting machine provisioning.--The pre-election process of configuring the individual precinct voting machines for an election. This typically includes resetting internal memory and loading the appropriate ballot definition for each precinct. Depending on the model of voting machine, provisioning typically involves using a computer to write removable memory cards that are installed in each machine. Absentee and early voting ballot processing.--The process of reading and tabulating ballots received by mail and from early voting polling places. Mail votes are typically processed in bulk by high- volume optical scan ballot reading equipment. Tallying and reporting.--The post-election process of tabulating the results for each race received from each precinct and reporting the overall election outcomes. This process typically involves using a computer to read memory card media retrieved from precinct voting machines. Each of the above ``back end'' functions employs specialized election management software running on computers. Depending on the size and practices of the county, the same computers may be used for more than one function (e.g., the ballot definition computer might also serve as the tallying and reporting computer). These computers are typically off-the-shelf desktop machines running a standard operating system (such as Microsoft Windows), often equipped with electronic mail and web browser software along with the specialized voting software. Election office computers are typically connected to one another via a wired or wireless local area network, which may have a direct or indirect connection (sometimes via a firewall) to the internet. In some jurisdictions, some of these election management functions (most often those concerned with voter registration databases and ballot definition), may be outsourced by a county or State to an election services contractor. These contractors provide jurisdictions with specialized assistance with such tasks as creating ballots in the correct format, managing voter registration databases, creating precinct poll books, and maintaining voting machines. The degree to which jurisdictions rely on outside contractors varies widely across the Nation. Much of the voting equipment used at precincts is computerized as well, although it is generally packaged in specialized hardware. This equipment includes: Direct Recording Electronic (DRE) Voting Machines.--DRE machines are special-purpose computers that display ballot choices to the voter (based on the ballot definition) and record voter choices. Both the ballot definition configuration and the vote count are typically stored on removable memory media.\5\ --------------------------------------------------------------------------- \5\ Some models of DRE can be equipped with a Voter Verified Paper Audit Trail (VVPAT) option in which the voters' selections are printed on a paper tape roll that is visible to the voter. VVPATs can assist with determining the voter's intent during a recount, but their efficacy depends on each voter's diligence in confirming that their choices are correctly recorded on the paper tape before they leave the voting booth. Research consistently suggests that, in practice, very few voters successfully perform this confirmation step. --------------------------------------------------------------------------- Optical Scan Ballot Readers.--Optical scan ballot readers are specialized computers that read voter-marked paper ballots. The ballot is read according to the ballot definition configuration (typically on removable memory media), and a tally is maintained in memory (also typically on removable media). The machine also captures the scanned ballots and stores them in a mechanically-secured ballot box. Ballot-Marking Devices (BMDs).--Ballot-marking devices are an assistive technology used in optical scan systems to allow visually or mobility impaired voters to create ballots for subsequent scanning. BMDs are similar in appearance to DRE machines in that they display (or read aloud) the ballot electronically, based on a ballot definition configuration, and accept voter choices for each race. However, instead of recording those choices in computer memory as DREs do, BMDs print a marked paper ballot that can then be submitted through an optical scan ballot reader. Electronic Poll Books.--These devices are typically tablet-style computers that contain an authoritative copy of the database of registered voters at each precinct. Electronic poll books are not used directly by voters, but rather by precinct poll workers as voters are checked in at their polling place. They are not used in all jurisdictions. B. Software and Election Security Securing complex software systems is notoriously difficult, and those that perform the various functions described above are no exception.\6\ There are several avenues of vulnerability in such systems. Common software ``bugs'' often introduce vulnerabilities that can be exploited by an adversary to silently compromise the integrity of data or make unauthorized (and difficult to detect) changes to the behavior of systems. Configuration and system management errors (such as the use of vulnerable out-of-date platforms and weak passwords) can further compromise security. Computer networks (which are not generally used by precinct voting machines themselves but are commonly connected to back end systems in election offices) compound these risks by introducing the possibility of remote attack over the internet. --------------------------------------------------------------------------- \6\ The fact that software systems can be, and often are, vulnerable to attack is not unique to election systems, of course. Serious data breaches are literally daily events across the public and private sectors, and cybersecurity is widely recognized to be a serious law enforcement and National security problem. To the extent that elections depend on software or are administered by networked computing systems, they are subject to all the same risks. --------------------------------------------------------------------------- The integrity of the vote today thus increasingly depends on the integrity of the software systems--running on voting machines and on county election office networks--over which elections are conducted. Any security weakness in any component of any of these systems can serve as a ``weak link'' that can allow a malicious actor to disrupt election operations, alter tally results, or disenfranchise voters. In many electronic voting systems used today, a successful attack that exploits a software flaw might leave behind little or no forensic evidence. This can make it effectively impossible to determine the true outcome of an election or even that a compromise has occurred. Unfortunately, these risks are not merely hypothetical or speculative. Many of the software and hardware technologies that support U.S. elections today have been shown to suffer from serious and easily exploitable security vulnerabilities that could be used by an adversary to alter vote tallies or cast doubt on the integrity of election results. ii. current electronic voting systems have proven vulnerable to a range of known, exploitable security flaws A. Risks in Various Election Components Security concerns about computerized voting systems have been raised from almost the moment such systems were first proposed. Most of these concerns have focused on electronic voting equipment used at polling stations, although the ``back end'' election management software used to manage voter registration, provision voting machines, and tally are at least equally critical to the integrity of the vote. To be clear, all electronic voting technology can and does suffer from security vulnerabilities. The consequences of these vulnerabilities being successfully exploited, however, depends on the particular class of device and whether the technology permits effective post-election auditing to validate or recover correct election results. 1. Election Management IT Systems As noted above, local jurisdictions rely on computers for almost every aspect of election administration. Official information for voters is distributed on public-facing websites. Voter registration records, used on election day to determine who is permitted to vote, are maintained in computerized databases. Ballots forms are created and edited on computers. Absentee ballot mailings are managed by computer. Preliminary and official election results are maintained and disseminated by computer. Specialized ``Election Management'' software (generally provided by the vendor of the voting equipment) is used to configure ballots and read results from precienct voting machines. In most cases, the computers used for election administration employ the same hardware, operating systems, and networking platforms employed by other enterprises, and are connected, directly or indirectly, to the internet. Election management systems are exposed to the same risks of compromise by malicious actors that cause the commonplace ``data breaches'' in other private- and public-sector domains that have become regular fixtures of on-line life. Many jurisdictions outsource some of their election management tasks to outside vendors or contractors. This further amplifies the exposure of local election systems to external tampering. Disruption or compromise of any local election administration functions can have grave and often non-recoverable consequences for the integrity of elections. Compromise of voter registration databases can be exploited by adversaries to cause long lines at polling places (forcing large numbers of voters to cast provisional ballots) and can selectively disenfranchise voters to favor particular candidates. Provisioning of voting machines with incorrect ballot definitions can prevent correct ballots from being cast. Errors in in unofficial or final tallies can cast doubt on the legitimacy of entire elections. In some cases, successful attacks may not be discovered until long after polls have closed, or may never be discovered at all. The IT and security administration of election management computers varies widely from jurisdiction to jurisdiction. In the best cases, there may be a full-time staff devoted to securing and managing election computers and networks. In a more typical case, computer security is relegated to the general county IT staff, which may have only limited resources relative to the threat. In all cases, however, even the best defensive cybersecurity resources of a local county are of only limited value against a foreign state adversary. Local election management computers and networks are especially attractive targets for foreign tampering and interference. They can often be attacked remotely, without the need for physical presence in the targeted jurisdiction, and successful attacks may be rewarded with partial or complete control over a county's voter registration databases, voting machine configuration, and results reporting infrastructure. 2. Electronic Poll Books Electronic poll books, which are not used in every jurisdiction, perform the initial voter ``check-in'' function at polling places on election day. They must, by nature of their function, have reliable access to an authoritative list of the voters registered to vote at each polling places. This may be accomplished either with an internal copy of the voter registration database or by on-line remote access to a central computer. In either configuration, electronic poll books perform an essential election function and must be reliably secured against tampering. If poll books are unavailable or if their databases are corrupted, voters will not be able to cast ballots (except by provisional ballot, to the extent that is a viable option). Electronic poll books have received much less scrutiny than other precinct voting equipment, but are subject to all the same risks and attack vectors as other electronic devices. In many jurisdictions, they are largely unregulated and require little or no outside certification or audit. 3. Optical Scan Ballot Readers Optical scan ballot readers are specialized computers that scan and retain printed ballots and record on electronic storage media the tally of votes cast in each race. They depend on the integrity of their software and hardware for their ability to correctly interpret ballots and to correctly record votes. They are exposed to physical access by poll workers, and, in many cases, individual voters. Ballot scanners can be compromised in a number of practical ways, any one of which can compromise the recorded vote tally. However, because they retain the physical paper ballots marked by voters, it is possible to recover from such a compromise if it is detected. A technique called ``risk-limiting audits'' can reliably detect and recover from defective or compromised ballot scanners and is discussed in the sections that follow. 4. Ballot Marking Devices Originally, Ballot Marking Devices (BMDs) were conceived of narrowly, as an assistive technology for use by voters with disabilities to assist them in marking optical scan paper ballots, (bringing such systems into compliance with Help America Vote Act (HAVA) requirements for accessible voting). However, certain recent voting products greatly expand the use of BMD technology by integrating a BMD into the voting process for all voters, whether they require assistive technology or not. BMD-based voting systems are controversial, since, by virtue of their design, the correctness of their behavior cannot be effectively audited except by every individual voter carefully verifying his or her printed ballot before it is cast. A maliciously compromised BMD could subtly mismark candidate selections on ballots in a way that might not be noticed by most voters. If BMDs fail or must be rebooted at a polling place, there may be no way for voters to create marked ballots, making BMDs a potential bottleneck or single point of failure on election day. As a relatively new technology, BMD-based systems have not yet been widely examined by independent researchers and have been largely absent from practical election security research studies. However, even with relatively little scrutiny, exploitable weaknesses and usability flaws have been found in these systems, This underscores the need for more comprehensive studies and for caution before these systems are purchased by local jurisdictions or widely deployed. 5. Direct Recording Electronic (DRE) Voting Machines From a security perspective, by far the most problematic and risky class of electronic voting systems are those that employ Direct Recording-Electronic (DRE) machines. DRE machines are special purpose computers programmed to present the ballot to the voter and record the voter's choices on an internal digital medium such as a memory card. At the end of the election day, the memory card containing the vote tallies for each race is generally removed or electronically read from the machine and delivered to the county election office, where the tallies from each precinct are recorded by the county tallying software. DRE machines are sometimes informally called ``touchscreen'' voting machines, although not all DRE models use actual touchscreen displays (nor are all election devices that employ touchscreens DREs). The design of DREs makes them inherently difficult to secure and yet also makes it especially imperative that they be secure. This is because the accuracy and integrity of the recorded vote tally depends completely on the correctness and security of the machine's hardware, software, and data. Every aspect of a DRE's behavior, from the ballot displayed to the voter to the recording and reporting of votes, is under control of the DRE hardware and software. Any security vulnerability in this hardware or software, or any ability for an attacker to alter (or re-load new and maliciously behaving) software running on the machine, not only has the potential to alter the vote tally, but can make it impossible to conduct a meaningful recount (or even to detect that an attack has occurred) after the fact. If a DRE is compromised at any time before or during an election, any votes cast on it are irreparably compromised as well. DRE-based systems introduce several avenues for attack that are generally not present (or are not as security-critical) in other voting technologies: Alteration or deletion of vote tallies stored in internal memory or removable media Alteration or deletion of ballot definition parameters displayed to voters \7\ --------------------------------------------------------------------------- \7\ An incorrect (or maliciously altered) DRE ballot definition can make it impossible to determine the true election results even without any malicious software exploitation. For example, in York County, PA, a DRE ballot definition programming error in the 2017 general election appears to have allowed candidates in some local races to be voted for twice, with the possible consequence that the election will have to be invalidated and redone. See http://www.ydr.com/story/news/2017/11/08/ voting-machine-problems-what-york-countys-options/843423001/. Paper- based systems, in contrast, are more robust against such errors. For example, the 2000 general election in Bernalillo County, NM had a similar error in their punch card-counting software, but was later able to correct the error without a new election; see https://www.wsj.com/ articles/SB976838091124686673. --------------------------------------------------------------------------- Alteration or deletion of electronic log files used for post-election audits and detecting unauthorized tampering. Attacks might be carried out in any of several ways, each of which must be reliably defended against by the DRE hardware and software: Direct tampering with data files stored on memory cards or accessible through external interface ports Surreptitious replacement of the certified software running on the device with a maliciously altered version Exploitation of a pre-existing vulnerability in the certified software. Successfully exploiting just one of these avenues of attack can be sufficient to undetectably compromise an election. The design of DREs makes it necessary not only that their hardware be highly secure against unauthorized tampering, but that the software running on them not suffer from any vulnerabilities that could be exploited by a malicious actor. This makes the security requirements for DREs more stringent--and also more easily defeated--than for any other currently- deployed election technology. Unfortunately, the DRE-based systems purchased by and used in various States under HAVA have repeatedly been found to suffer from exactly these kinds of exploitable hardware and software vulnerabilities. B. The 2007 California and Ohio Studies To date, the most extensive independent studies of the security of electronic voting systems were commissioned 10 years ago by the Secretaries of State of California and Ohio. Expert review teams were given access to the voting machine hardware and software source code of every system certified for use in those States. The systems used in California and Ohio were also certified for use in most of the rest of the country, so these studies effectively covered a large fraction of available electronic voting equipment and software. I led the teams that reviewed the Sequoia products (for the State of California) and the ES&S products (for the State of Ohio); other teams in these studies reviewed the Diebold/Premier and Hart InterCivic products.\8\ --------------------------------------------------------------------------- \8\ The various final reports of the California ``Top-To-Bottom Review'' studies can be found at http://www.sos.ca.gov/elections/ voting-systems/oversight/top-bottom-review/. The final report of the Ohio ``Project EVEREST'' study can be found at https://www.eac.gov/ assets/1/28/EVEREST.pdf. --------------------------------------------------------------------------- In both studies, every team found and reported serious exploitable vulnerabilities in almost every component examined. In most cases, these vulnerabilities could be exploited by a single individual, who would need no more access than an ordinary poll worker or voter. Such an attacker would be able to alter vote tallies, load malicious software, or erase audit logs. Some of the vulnerabilities found were the consequence of software bugs, while others were caused by fundamental architectural properties of the system architecture and design. In some cases, compromise of a single system component (such as a precinct voting machine) was sufficient to compromise not just the vote tally on that machine, but to compromise the entire county back- end system. In response, California and Ohio ordered some equipment decertified and some election-day procedures modified. However, all the vulnerable equipment and software remained certified for use in at least some other States. Some equipment vendors and local voting officials claimed at the time that the findings of the California and Ohio studies were irrelevant or overstated, that any problems identified could be easily fixed, and that it would be difficult or impossible for anyone but an expert with extensive experience and access to privileged information (such as source code) to exploit vulnerabilities in practice. However, as exercises such as the DEFCON Voting Village (described below) have demonstrated, not only do these systems remain vulnerable, but they can be readily exploited by people with no more than ordinary computer science experience and expertise and without access to any secret or proprietary information. C. The DEFCON Voting Village Exercise The DEFCON conference is one of the world's largest and best-known computer security ``hacker'' conferences. This year's DEFCON was held August 8-10, 2019, in Las Vegas, NV, and drew more than 25,000 participants from around the world. DEFCON participants have broad interest in technology, and include security researchers from industry, Government, and academia, as well as individual hobbyists. For the last 3 years, DEFCON has featured a Voting Machine Hacking Village (``Voting Village'') to give participants an opportunity to examine and get hands-on experience with the security technology used in U.S. elections, including voting machines, voter registration databases, and election office networks. I am one of the organizers of the Voting Village.\9\ --------------------------------------------------------------------------- \9\ Organizers of the DEFCON Voting Village include the author as well as Harri Hursti, Margaret MacAlpine, and Jeff Moss. --------------------------------------------------------------------------- The voting machines available in the Voting Village included a variety of DRE, optical scan readers, ballot marking devices and electronic poll books from a range of commercial vendors. We acquired (from the surplus market) and made available to participants a sampling of different pieces of election hardware, including both DRE and optical scan voting machines as well as ``poll book'' devices used by used by precinct workers to verify and check in voters at polling places. Every model machine currently at the Voting Village is still certified for use in U.S. elections in at least one jurisdiction today. The DEFCON Voting Village is not intended to be a formal security assessment or test, but rather an opportunity for a general audience of technologists to examine election equipment and systems. However, participants are encouraged to critically examine and probe the equipment and software for vulnerabilities, and to seek practical ways to compromise security mechanisms. No proprietary information or computer source code is made available. The results of the Voting Village are summarized each year in detail in a report.\10\ It is notable that participants, who overwhelmingly do not have any previous special expertise in voting machines or access to any proprietary information about them, have been very quickly able to find ways to compromise every piece of equipment in the Village by the end of the weekend. Depending on the individual model of machine, participants have found ways to load malicious software, gain access to administrator passwords, compromise recorded votes and audit logs, or cause equipment to fail. In most cases, these attacks could be carried out from the ordinary interfaces that are exposed to voters and precinct poll workers. --------------------------------------------------------------------------- \10\ The current Voting Village final report is available at: https://media.defcon.org/DEF%20CON%2027/voting-village-report- defcon27.pdf. --------------------------------------------------------------------------- The ease with which participants compromise equipment in the Voting Village should be regarded as at once alarming and yet also unsurprising. It is alarming because the very same equipment is in use in polling places around the United States, relied on for the integrity of real elections. But it is also ultimately unsurprising. Versions of many of the machines at DEFCON had been examined in the 2007 studies and found to suffer from basic, exploitable security vulnerabilities. It should not come as any surprise that, given access and motivation, people of ordinary skill in computer security would be able to replicate and expand on these results. It is, in fact, precisely what the previous studies of these devices warned would happen. In summary, the DEFCON Voting Village demonstrates that much of the voting technology used in the United States is vulnerable not just to hypothetical expert attack in a laboratory environment, but also to practical analysis, manipulation, and exploitation by non-specialists with only very modest resources. iii. us election systems are not engineered to resist national adversaries The traditional ``threat model'' against which electronic voting systems have been evaluated has been largely focused on resisting traditional election fraud, in which domestic conspirators, perhaps assisted by corrupt poll workers or election officials, attempt to ``rig'' an election to favor a preferred candidate in a local, State, or National contest. Fraud might be accomplished by altering votes, adding favorable votes, deleting unfavorable votes, or otherwise compromising the security mechanisms that protect the ballot and tally. While virtually every study of electronic voting technology has raised questions about the ability of current systems to resist serious efforts at fraud, traditional election fraud is not the only kind of threat, or even the most serious threat, that a voting systems must resist today. Electronic voting systems must resist not only fraud from corrupt candidates and supporters, but also election disruption from hostile nation-state adversaries. This is a much more formidable threat, and one that current systems are far less equipped to resist. The most obvious difference between traditional election fraud by corrupt domestic actors and disruption by hostile state actors is the expected resources and capabilities available to each. The intelligence services of even small nations can marshal far greater financial, technical, and operational resources than would be available to even highly sophisticated criminal conspiracies. For example, intelligence services can feasibly conduct advance operations against the voting system supply chain. In such operations, the aim might be to obtain confidential source code or to secure surreptitious access to equipment before it is even shipped to local election officials. Hostile intelligence services can exploit information and other assets developed broadly over extended periods of time, often starting well before any specific operation or attack has been planned. But their greater resources are not the most important way that hostile state actors can be a more formidable threat than corrupt candidates or poll workers. They also enjoy easier goals. The aim of traditional ``retail'' election fraud is to tilt the outcome in favor of a particular candidate. That is, to succeed, the attacker must generally alter the reported vote count or add, change, or delete votes. But a hostile state actor--via an intelligence service such as Russia's GRU--might be satisfied with merely disrupting an election or calling into question the legitimacy of the official outcome. With election systems so heavily dependent on demonstrably insecure software and voting equipment, this kind of disruption could be comparatively simple to accomplish, even at a National scale. A hostile state actor who can compromise even a handful of county networks might not need to alter any actual votes to create widespread uncertainty about an election outcome's legitimacy. It may be sufficient to simply plant suspicious (and detectable) malicious software on a few voting machines or election management computers, create some suspicious audit logs, delete registered voters from the rolls, or add some obviously spurious names to the voter rolls. If the preferred candidate wins, they can simply do nothing (or, ideally, use their previously-arranged access to restore the compromised networks to their original states, erasing any evidence of compromise). If the ``wrong'' candidate wins, however, they could covertly reveal evidence that county election systems had been compromised, creating public doubt about whether the election had been ``rigged''. This could easily impair the ability of the true winner to effectively govern, at least for a period of time. Electronic voting machines and vote tallies are not the only potential targets for such attacks. Of particular concern are the back- end systems that manage voter registration, ballot definition, and other election management tasks. Compromising any of these systems (which are often connected, directly or indirectly, to the internet and therefore potentially remotely accessible) can be sufficient to disrupt an election while the polls are open or cast doubt on the legitimacy of the reported result. The decentralization of election operations, managed by thousands of individual local offices throughout the Nation (with widely-varying resources) is sometimes cited as a strength of our electoral process. However, this decentralization can be turned to the adversary's advantage. An attacker can choose arbitrarily from among whatever counties have the weakest systems--those with the least secure software or most poorly defended networks and procedures--to target. It is beyond the scope of my testimony to speculate on specific intrusions that occurred against State and local election management systems in the 2016 U.S. general election, much of which remains Classified or under investigation. It has been reported that voter registration management systems in at least several States were targeted for exploitation and access. It is unclear whether voting machines or tallying systems were also targeted. However, targeting and exploiting such systems would have been well within the capability of any major rival intelligence service.\11\ --------------------------------------------------------------------------- \11\ For a comprehensive discussion of technical attacks against our election infrastructure in 2016, see the Report of the Select Committee on Intelligence, US Senate on Russian Active Measures in the 2016 US Election, Vol 1. https://www.intelligence.senate.gov/sites/ default/files/documents/Report_Volume1.pdf --------------------------------------------------------------------------- In summary, the architecture of many current electronic voting systems, especially those that employ DRE voting machines, makes disruption attacks an especially attractive option for our foreign adversaries--and especially difficult one to effectively defend against. These systems can give hostile actors interested in disruption an even easier task than that facing corrupt candidates seeking to steal even a small local office. And the consequences of election disruption strike at the very heart of our National democracy. iv. recommendations: all u.s. elections should employ paper ballots and risk-limiting audits It is perhaps tempting to conclude pessimistically that election technology in the United States is fatally flawed, leaving our Nation irreparably vulnerable to election fraud and foreign meddling. But while it is true that the current situation exposes us to significant risk, it is by no means hopeless or beyond repair. Relatively simple, and available, technologies can be deployed that render our elections significantly more robust against attack. While electronic voting machines do indeed suffer demonstrably fundamental weaknesses, some electronic voting technologies are significantly more resilient in the face of compromise than others. The most important feature required is that there be a reliable record of each voter's true ballot selections that can be used as the basis for a post-election audit to detect and recover from failure or compromise of the software or hardware. Among currently available, HAVA-compliant voting products, the only systems that meet this requirement are those that employ optical scan paper ballot technology. In such systems, the voter fills out a machine-readable paper ballot form (possibly with the aid of an assistive ballot marking device for language-, visually- and mobility- impaired voters), that is then deposited into a ballot scanning device that reads the ballot choices, maintains an electronic tally, and retains and secures the marked paper ballots for subsequent audit. After the polls close, the electronic tally records are read from each ballot scanner and preliminary results calculated. The paper records of votes that precinct-counted optical-scan systems provide are a necessary, but not by themselves sufficient, safeguard against software. As noted above, even non-DRE systems can suffer from flaws and exploitable vulnerabilities in the voting machine and back-end software. The second essential safeguard is a systematic and reliable process for detecting whether the software has reported incorrect results, and to recover the true results if so. The most reliable and well-understood method to achieve this is through an approach called risk-limiting audits.\12\ In a risk-limiting audit, a statistically significant randomized sample of ballots are manually checked by hand and the results compared with the electronic tally. (This must be done for every contest, not just those with close results that might otherwise call for a traditional ``recount''.) If discrepancies are discovered between the manual and electronic tallies, additional manual counts are conducted. The effect of risk-limiting audits is not to eliminate software vulnerabilities, but to ensure that the integrity of the election outcome does not depend on the herculean task of securing every software component in the system. This important property is called strong software independence.\13\ --------------------------------------------------------------------------- \12\ A good introduction to the theory and practice of risk- limiting audits in elections can be found at https:// www.stat.berkeley.edu/?stark/Preprints/RLAwhitepaper12.pdf. \13\ See Ron Rivest. ``On the notion of `software independence' in voting systems''. Phil. Trans Royal Society A. Volume 366 Issue 1881. October 28, 2008. http://rsta.royalsocietypublishing.org/content/366/ 1881/3759. --------------------------------------------------------------------------- Optical scan paper ballots and risk-limiting audits comprise a critical, and readily deployable, safeguard against both traditional election fraud and nation-state disruption. Taken together, they permit us to more safely enjoy the benefits of computerized election management, without introducing significant new costs or requiring the development of speculative new technology. The technology required for this is available today, from multiple vendors, and is already in use in many States. As important as paper ballots and risk-limiting audits are, however, they are not panaceas that solve every threat to our elections. It is also critical that the State and county back-end computer networks and systems used for election management and voter registration be vigilantly protected against compromise. As we saw in 2016, hostile adversaries might attempt to breach not just voting machines, but also back-end election management systems and voter registration database systems, which are often connected, directly or indirectly, to the internet. It is no exaggeration to observe that State and local election officials serve on the front lines of our National cybersecurity defense. They must be given sufficient resources, infrastructure, and training to help them effectively defend their systems against an increasingly sophisticated--and increasingly aggressive--threat environment. It is notable that the budgets for election administration often must compete for resources with essential local services such as fire protection and road maintenance. Election management represents only a miniscule fraction of the total National spending on political campaigns. Additional investment here will pay significant dividends for our security. By analogy, we do not make the county sheriff responsible for defending against ground invasions by foreign military forces. Yet that is precisely the role into which we have placed our local county IT administrations in defending our election infrastructure against electronic attacks. Just by doing so, we have set them up for failure. Simply put, much of our election infrastructure remains vulnerable to practical attack, with threats that range from traditional election tampering in local races to large-scale disruption by National adversaries. We should take no comfort if such attacks have not yet been widely detected. At best, it is only because, for whatever reason, serious attempts have not yet been made. Given the potential rewards to our adversaries, it is only a matter of time before they will. National-level investment in safeguards such as those described above serve our democracy in critically important ways. They can provide a significant improvement to election security, both in our ability to resist attack and in our ability to recover from attacks when they occur. Perhaps most importantly, they provide meaningful assurance to voters that their ballots truly count and that their elected officials are governing truly legitimately. Our republic cannot long survive without the confidence that comes from that assurance. Mr. Richmond. Thank you, Dr. Blaze. We have votes that have been called. There is a minute and 48 seconds left on us to vote. There is still 282 people who have not voted. But what we will do is we will go into recess right now; we will go vote. There is probably going to be 1 vote--at most, 2 votes. So we will come back and resume immediately when votes are over. So with that we will stand in recess. [Recess.] Mr. Richmond. I will now call the committee back to order, and I will recognize Ms. Badanes for 5 minutes to summarize her testimony. Thank you for your patience. STATEMENT OF GINNY BADANES, DIRECTOR, STRATEGIC PROJECTS, DEFENDING DEMOCRACY PROGRAM, MICROSOFT Ms. Badanes. Absolutely. Chairman Richmond, Ranking Member Katko, and Members of the subcommittee, thank you for the opportunity to testify today on the important topic of campaign security. My name is Ginny Badanes, and I am the director of strategic projects for Microsoft's Defending Democracy Program. Our team works globally with a variety of stakeholders to preserve and protect electoral processes, protect campaign organizations from cyber-enabled threats, and defend against disinformation campaigns. Microsoft has several initiatives to achieve these goals. But my testimony today will focus on our efforts to increase the cybersecurity and resilience of campaign organizations. To address how campaigns can protect themselves, it is helpful to first understand the threats that they are up against. Campaigns face a unique challenge when it comes to securing themselves. Most campaigns have limited budgets, and even more limited cybersecurity expertise. Yet they can face outsize threats and a symmetry that can harm our democratic process. Microsoft's work to protect campaign organizations builds upon our broader experience in assessing and tracking cybersecurity threats. The Microsoft Threat Intelligence Center, known as MSTIC, has focused on tracking nation-state adversaries for more than a decade. We provide notification to customers when an on-line service account has been targeted or compromised by a nation-state actor that we are tracking. As a technology provider with many customers in this space, we believe we have an obligation to do more to support campaign's efforts to protect themselves. For that reason, we now offer services specifically designed to assist the campaign community. In August of last year we began offering a free service called Account Guard, which provides campaign customers of our email and productivity tools with additional security support. We did this for 2 reasons. First, we wanted to address the reality that threat actors do not only attack the enterprise accounts of their targets. They go after personal accounts of staff, as well. For that reason, Account Guard customers have the option to also enroll their personal Microsoft email accounts, such as Hotmail or Outlook. This optional enrollment provides our threat monitoring team with valuable information about what might otherwise appear to be a standard consumer account. More importantly, it allows us to notify the individual and the organization quickly if we identify a threat actor targeting that personal account. Second, we recognize that campaigns might not be equipped to receive a nation-state attack notification. While the information can be very valuable, it doesn't serve much purpose if the recipient isn't sure what to do with the information that they receive. For that reason, in addition to informing the customer about an attack, we also include information about what to do next, especially if the attack resulted in a breach. This additional communication ensures that notifications reach the right person within the organization, and that they can turn that information into action. We have also created a new version of our email and productivity tools just for campaigns. We did this based on feedback that sophisticated security tools aren't realistic on a campaign budget, and that setting them up was too difficult for the typical campaign IT staff. So we made Microsoft 365 for Campaigns available this past summer. This allows campaigns to access security tools at a much lower cost, and provides non- technical users with, essentially, an easy button to turn on key security features. While new tools and free services are helpful, they don't address the most impactful thing that campaigns can do to protect themselves, and that is to educate their team about cybersecurity hygiene. That is why we provide a variety of cybersecurity trainings in person, as well as on-line, tailored to the specific needs of the campaign community. We encourage campaigns to do the basics, such as turn on two-factor authentication, use better password management, use a cloud service provider, and use secure communication platforms. In conclusion, Congress plays a critical role in securing our campaign organizations and elections. In addition to the recommendations made by my fellow witnesses, Congress also can contribute to a multi-stakeholder approach that addresses the threats themselves. We believe that combating attacks at the root will require a joint effort, from private-sector actors such as Microsoft, as well as State, local, and Federal Governments, civil society, academia, and campaign organizations themselves. Campaigns face the threat of capable, well-funded, and agile adversaries. While there is much they can do to protect themselves, we have seen first-hand that they benefit from assistance from the private sector, and they would certainly benefit from Congressional and Executive branch leadership and multi-stakeholder engagement, especially around establishing international norms to discourage nation-state attacks against our democratic institutions. Thank you, and I look forward to your questions. [The prepared statement of Ms. Badanes follows:] Prepared Statement of Ginny Badanes November 19, 2019 Chairman Richmond, Ranking Member Katko, Members of the subcommittee, thank you for the opportunity to testify today on the important topic of campaign security. My name is Ginny Badanes and I am the director of strategic projects for Microsoft's Defending Democracy program. We focus on advocating for and contributing to the stability and security of democratic institutions globally. In a non-partisan manner, our team works with a variety of governmental and non-governmental stakeholders in democratic countries to achieve the following goals: Explore technological solutions to preserve and protect electoral processes and engage with Federal, State, and local officials to identify and remediate cyber threats; Protect campaign organizations from hacking through increased cyber resilience measures, accessible and affordable security tools, and incident response capabilities; and, Defend against disinformation campaigns in partnership with leading academic institutions and think tanks dedicated to countering state-sponsored digital propaganda and falsehoods. Though the Defending Democracy team undertakes several initiatives in pursuit of these goals, my testimony today will focus on our efforts to increase the cybersecurity and resilience of campaign organizations. threats to campaign organizations To address how campaign organizations can protect themselves, it is helpful to first understand the threats that they are up against. Campaign organizations face uniquely challenging circumstances when it comes to securing themselves. Outside of a handful of Presidential campaigns, many campaign organizations often have limited technology budgets and usually even more limited cybersecurity expertise. Yet, they can face outsized threats, an asymmetry that can have detrimental effects on our democratic processes. Campaign organizations are like technology startups with enterprise cybersecurity needs. Microsoft's work to protect campaign organizations and democratic institutions broadly builds upon the company's experience in assessing and tracking cybersecurity threats. The Microsoft Threat Intelligence Center (MSTIC) has focused on tracking nation-state actors for more than a decade. We provide notification to customers, including election-sensitive customers, when an on-line service account has been targeted or compromised by a nation-state actor that we are tracking. We continuously track these global threats, building this intelligence into our security products to protect customers and using it in support of our efforts to disrupt threat actor activities through direct legal action or in collaboration with law enforcement. But let's be clear-- cyber attacks continue to be a significant weapon wielded in cyber space. In some instances, those attacks appear to be related to on- going efforts to attack the democratic process. In the past year, Microsoft notified nearly 10,000 customers, including campaign organizations,\1\ that they have been targeted or compromised by nation-state attacks. About 84 percent of these attacks targeted our enterprise customers, and about 16 percent targeted consumer personal email accounts. This data demonstrates the significant extent to which nation-states continue to rely on cyber attacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives. --------------------------------------------------------------------------- \1\ New Cybersecurity Threats require new ways to protect democracy. https://blogs.microsoft.com/on-the-issues/2019/07/17/new- cyberthreats-require-new-ways-to-protect-democracy/. --------------------------------------------------------------------------- Based upon the threats we are tracking, most of the nation-state activity in recent months originated from actors in 3 countries-- Iran,\2\ North Korea, and Russia.\3\ We have also seen activity by actors operating from China, but not at the same volume as the actors in these 3 nations. These actors have targeted a variety of industries including a number of stakeholders that are important to political dialog and democratic processes, including think tanks, universities, diplomatic entities, journalists, current and former Government officials, and campaign staff. --------------------------------------------------------------------------- \2\ Recent Cyberattacks Require Us All To Be Vigilant. https:// blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks- require-us-all-to-be-vigilant/. \3\ New Cyberattacks Targeting Sporting and Anti-Doping Organizations. https://blogs.microsoft.com/on-the-issues/2019/10/28/ cyberattacks-sporting-anti-doping/. --------------------------------------------------------------------------- microsoft & campaign security Recognizing the unique needs of campaign organizations, Microsoft offers services to help them increase their cybersecurity and resilience. On-line account security protection Security guidance, on-going education, and training Microsoft 365 for Campaigns on-line account security protection In August 2018, Microsoft instituted enhanced cybersecurity services for campaign users of Office 365 and free consumer email services. With more than 60 million users of its paid Office365 (O365) cloud-based productivity software and free Outlook.com and Hotmail.com web-based e-mail services, Microsoft found itself in a unique position to protect election-sensitive users of its products against such hacking. To that end, Microsoft requested and received an advisory opinion from the Federal Election Commission (FEC) confirming that Microsoft may offer a package of free enhanced on-line account security protections at no additional charge on a nonpartisan basis to its election-sensitive customers. The Advisory Opinion concluded that the provision of such services is not a prohibited in-kind contribution under campaign finance law.\4\ --------------------------------------------------------------------------- \4\ FEC Advisory Opinion 2018-11, https://www.fec.gov/files/legal/ aos/2018-11/2018-11.pdf. --------------------------------------------------------------------------- Until this advisory opinion, the FEC had not robustly addressed the provision of cybersecurity services to political campaigns and National committees. In response, this advisory opinion sparked a series of similar requests for approval \5\ from cybersecurity firms to provide cybersecurity services to Members of Congress, political campaigns, and National committees at reduced costs or at no cost at all. --------------------------------------------------------------------------- \5\ FEC Advisory Opinion 2018-15 (approving Senator Wyden's request to use campaign funds for cybersecurity expenses), https://www.fec.gov/ data/legal/advisory-opinions/2018-15/; FEC Advisory Opinion 2018-12 (approving the provision of free cybersecurity resources to candidates and political party committees, by nonprofit corporation and its private-sector sponsors and partners), https://www.fec.gov/files/legal/ aos/2018-12/2018-12.pdf. --------------------------------------------------------------------------- The Microsoft service is called AccountGuard,\6\ and it serves 2 primary functions. --------------------------------------------------------------------------- \6\ Microsoft AccountGuard, https://www.microsoftaccountguard.com/ en-us/. --------------------------------------------------------------------------- (1) Cross-Account Notifications.--We recognize that threat actors do not only attack the enterprise accounts of their targets, they go after the target's personal accounts as well. We provide AccountGuard customers with the ability to enroll the personal Microsoft email accounts (Hotmail.com, Outlook.com) of staff and other affiliates of their organization. This optional enrollment provides our threat monitoring team with valuable information about what might otherwise appear to be a typical consumer account. More importantly, it allows us to notify the individual and organization quickly if we identify a threat- actor targeting that personal account. (2) Nation-State Attack Enhanced Monitoring.--If an AccountGuard customer is targeted by a nation-state actor that we track, the team provides customers with additional services and notification. In addition to informing them about the attack, we include information about what to do next, especially if the attack resulted in a breach. This additional communication ensures that notifications reach the right person within an organization. Since the launch of AccountGuard we have uncovered attacks specifically targeting organizations that are fundamental to democracy. We have steadily expanded AccountGuard to political campaigns, political parties, think tanks, and democracy-focused non-governmental organizations (NGO's), in 26 countries across 4 continents. While this service is relatively new, we've already made over 900 notifications of nation-state attacks targeting organizations participating in AccountGuard. This data shows that democracy-focused organizations in the United States should be particularly concerned as 95 percent of these attacks have targeted U.S.-based organizations. By nature, these organizations are critical to society but have fewer resources to protect against cyber attacks than large enterprises. Many of the democracy-focused attacks we've seen recently target NGO's and think tanks and reflect a pattern that we also observed in the early stages of some previous elections. In that pattern, a spike in attacks on NGO's and think tanks that work closely with candidates and political parties, or work on issues central to their campaigns, typically serves as a precursor to direct attacks on campaign organizations and election systems themselves. Similar attacks occurred in the U.S. Presidential election in 2016 and in the last French Presidential election. In 2018 we detected attacks targeting, among others, U.S. Senate offices, and think tanks associated with key issues at the time.\7\ Earlier this year we saw attacks targeting democracy- focused NGO's in Europe close to European elections.\8\ As we head into the 2020 elections, given both the broad reliance on cyber attacks by nation-states and the use of cyber attacks to specifically target democratic processes, we anticipate potential attacks targeting U.S. election systems, campaign organizations, or NGO's that work closely with campaign organizations. --------------------------------------------------------------------------- \7\ ``Microsoft Says It Stopped Cyberattacks on Three 2018 Congressional Candidates'', Time, July 19, 2018: https://time.com/ 5343585/microsoft-candidate-cyberattacks/. \8\ ``New steps to protect Europe from continued cyber threats'', Feb. 20, 2019, https://blogs.microsoft.com/eupolicy/2019/02/20/accountguard-expands- to-europe/. --------------------------------------------------------------------------- Our adversaries have a stated goal of seeking to diminish the confidence of our citizens in the processes that are at the very core of our democracy. We should anticipate that we will see more attacks on our election processes in 2020 in furtherance of this goal. security guidance, on-going education & training Informed by our observations about campaign challenges, Microsoft provides in-person cybersecurity trainings tailored to the specific needs of the campaign community regardless of whether there is any formal relationship with Microsoft.\9\ These trainings cover the basics of cybersecurity hygiene and highlight many of the best practices recommended by our partners at Harvard Belfer Center in their Cybersecurity Campaign Playbook.\10\ To date, we've trained over 1,000 political professionals in 13 countries with our security workshop trainings. --------------------------------------------------------------------------- \9\ We acknowledge these security solutions and on-going trainings depend on the campaign organizations and individuals having access to a smart phone or to broadband connectivity. Microsoft notes that broadband connectivity is also an urgent National problem that we are committed to helping solve. We've contributed to this effort through our Microsoft Airband Initiative, a 5-year commitment to bring broadband access to 3 million unserved Americans living in rural communities by July 2022. Microsoft is partnering with a number of local providers across the United States to offer new broadband services where there is no option or affordable alternative. \10\ Cybersecurity Campaign Playbook, https://www.hks.harvard.edu/ publications/cybersecurity-campaign-playbook. --------------------------------------------------------------------------- In addition to the in-person trainings, we conduct webinars focused on specific cybersecurity topics of interest to campaign organizations. Just this week, for example, Microsoft security experts are hosting 2 webinars representative of our training efforts in this area. One helps non-technical election-sensitive customers learn how to protect their user accounts. We will cover topics such as common attack vectors, multi-factor authentication, credential hygiene, and identity best practices. The other webinar helps information technology (IT) professionals in the election-sensitive space learn technical best practices and tools available to them to secure their organization's environment. Finally, all our AccountGuard customers receive monthly guidance from us. This guidance highlights stories of relevance, provides best practices, and promotes better cybersecurity hygiene across their organization. microsoft 365 for campaigns Campaign organizations are fast-moving environments that face significant security threats from nation-state actors and criminal scammers--much like large enterprises. However, unlike enterprises, campaign organizations often must ramp up and down quickly, vary in their ability to hire dedicated and experienced IT staff, and have unpredictable budgets. While the AccountGuard service is a step in the right direction to help protect campaign organizations facing these challenges, we recognized that we could do more to provide this community with access to secure, reliable, accessible, and affordable software. For those reasons, Microsoft recently announced the availability of Microsoft 365 for Campaigns.\11\ --------------------------------------------------------------------------- \11\ ``Protecting political campaigns from hacking'', May 6, 2019: https://blogs.microsoft.com/on-the-issues/2019/05/06/protecting- political-campaigns-from-hacking/. --------------------------------------------------------------------------- First, to address the constrained budgets of campaign organizations, we have used our non-profit pricing model for this offering so campaign organizations can get access to software at a significantly reduced rate. Second, to address the problem of ease of use for non-technical users, we have streamlined the configuration and set-up of high-impact security settings. With only a click or two, customers can now turn on recommended security features to create a secure baseline from which to operate their campaign organization. Just a few examples of the settings that can now be automated-- Enabling multi-factor authentication.--A second layer of security for sign-ins. Turning on Office 365 Advanced Threat Protection.--A service that protects emails, links, and files from phishing and malware attacks. Providing device protection.--Secures access to sensitive data on mobile devices using a service called Microsoft Intune.\12\ --------------------------------------------------------------------------- \12\ Microsoft InTune, https://www.microsoft.com/en-us/microsoft- 365/enterprise-mobility-security/microsoft-intune. --------------------------------------------------------------------------- This offering derives from our Microsoft 365 Business product, which is tailored to small and medium businesses. That means campaign customers can now access the high-end security capabilities typically leveraged by enterprise customers, enjoy easier deployment of those features, and do so at an affordable rate. other ways campaign organizations can protect themselves While we encourage innovation in this area, campaign organizations can best protect themselves by employing basic hygiene.\13\ A few examples of how that can be achieved: --------------------------------------------------------------------------- \13\ Your Pa$$word Doesn't Matter. https:// techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa- word-doesn-t-matter/ba-p/731984. --------------------------------------------------------------------------- Password management.--In 2016, Microsoft saw over 10 million username/password pair attacks every day. This gives us a unique vantage point to understand the role of passwords in account takeovers.\14\ Despite general awareness of the importance of using unique passwords to secure data, users admitted to reusing the same password 62 percent of the time for multiple accounts as recently as a year ago.\15\ As a result, we train campaign organizations to use strong unique passwords and more importantly, to use password managers to generate them. --------------------------------------------------------------------------- \14\ Microsoft Password Guidance by the Microsoft Identity Protection Team. https://www.microsoft.com/en-us/research/wp-content/ uploads/2016/06/Microsoft_Password_Gui- dance-1.pdf. \15\ See eg. Passwords Reuse Abound Recent Survey Shows. https:// www.darkreading.com/informationweek-home/password-reuse-abounds-new- survey-shows/d/d-id/1331689. --------------------------------------------------------------------------- Two-factor authentication.--We encourage campaign organizations to use a 2-step authentication source like a phone app or a physical key for all accounts. Using a cloud service provider.--We encourage campaign organizations to leverage cloud services for email, documents, and infrastructure and avoid public or anonymous sharing. Using a secure communications platform.--For sensitive data, Microsoft encourages campaign organizations to use encrypted communications channels and avoid using public Wireless Fidelity (Wi-Fi) channels for accessing sensitive information. emerging threats Earlier this fall, director of the Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs drew attention to the threat of ransomware attacks against our local governments and the impact that could have on our elections if executed against voter registration systems close to, or on, election day.\16\ We agree this is a risk that deserves attention from all election security stakeholders. Voter registration databases (some of the same systems targeted in 2016), are vulnerable because they are some of the only election sensitive systems that are regularly connected to the internet. We are currently exploring how we can work with Government and others in the tech community to continue to raise awareness of this threat while also providing additional solutions to protect against ransomware. Basic security recommendations in this context include using modern technology, setting up two-factor authentication for all relevant accounts, creating secure back-ups, and engaging in exercises to ensure rapid restoration of data in the event of an attack. --------------------------------------------------------------------------- \16\ ``CISA Director's Outlook on Ransomware'', Aug 23, 2019: https://www.politico.com/newsletters/morning-cybersecurity/2019/08/23/ cisa-directors-outlook-on-ransomware-5g-more-727286. --------------------------------------------------------------------------- An additional emerging threat is the increased potential for bad actors to use artificial intelligence to create malicious synthetic media, better known as ``Deepfakes''. Advances in synthetic media have created clear benefits; for example, synthetic voice can be a powerful accessibility technology, and synthetic video can be used in film production, criminal forensics, and artistic expression. However, as access to synthetic media technology increases, so too does the risk of exploitation. Deepfakes can be used to damage reputations, fabricate evidence, and undermine trust in our democratic institutions. To help guard against this challenge, Microsoft has established clear principles that govern its use and deployment of synthetic media and other artificial intelligence, including fairness, inclusiveness, reliability & safety, transparency, privacy & security, and accountability. Furthermore, Microsoft has engaged with partners in academia, civil society, and industry to work together to advance best practices for the ethical use of AI. One such effort includes a recent ``Deepfakes Detection Challenge'' we helped launch together with Facebook and the Partnership on AI, a technology industry consortium focused on best practices for AI systems, which invites researchers to build new technologies that can help detect deepfakes and manipulated media. what congress can do When conducting trainings for political parties and campaign organizations in democracies around the world, we always encourage leadership of those organizations to attend the sessions alongside their teams. While leaders may not have a technical background, they play an incredibly important role when it comes to their organization's cyber health: Setting the culture. Similarly, Congress plays a critical role in securing our campaign organizations and elections. By holding this hearing on the cybersecurity health of campaign organizations and the election space more broadly, the committee is contributing to the culture of security that is necessary to ensure a more secure environment. Beyond culture-setting, Congress also can contribute to a multi- stakeholder approach to addressing the threats themselves. We believe that combatting attacks will require a joint effort from private-sector actors such as Microsoft, as well as State, local, and Federal Governments, civil society, academia, and campaign organizations themselves. Cyber attacks, especially ransomware attacks, are increasingly targeting State and local authorities, including for example, Atlanta (GA), Baltimore (MD), Cleveland (OH), Greenville (NC), Imperial County (CA), Stuart (FL), Augusta (ME), Lynn (MA), Cartersville (GA). Most recently there was an attack on over 20 government entities in Texas. Overall, we can reasonably expect that the situation will only get worse. Importantly, these and other attacks are increasingly leveraging sophisticated tools that are developed by governments, creating a dangerous ecosystem of cyber weapons and requiring adoption of international norms for responsible behavior on-line. Microsoft advances support for the adoption and observance of such norms. Microsoft supports the multi-stakeholder approach taken by the Paris Call for Trust and Security in Cyber Space.\17\ It reaffirms a number of norms and principles established in other forums, including at the U.N. Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN-GGE), and at the G7 and G20, respectively. Importantly, the Paris Call includes a comparatively new principle to protect electoral processes from foreign interference--``Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities.'' --------------------------------------------------------------------------- \7\ Paris Call for Trust & Security in Cyber Space: https:// www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/ france-and-cyber-security/article/cybersecurity-paris-call-of-12- november-2018-for-trust-and-security-in. --------------------------------------------------------------------------- However, what truly distinguishes the Paris Call is that it recognizes that a multi-stakeholder approach is essential to achieve success. The Call has so far been endorsed by over 1,000 signatories, the largest coalition of signatories ever in support of a cybersecurity document: 74 governments, 357 civil society and public sector organizations, and 607 industry members all agreeing to 9 core principles to govern conduct in cyber space. Microsoft was one of the private-sector signatories and we will continue to advocate that all governments agree to observe the 9 principles of the Call. While we are here today to discuss campaign organizations, we'd be remiss not to address other ways Congress can support securing our elections. In our discussions with voting officials around the country we have learned that consistent and reliable funding over time will best enable election officials to plan ahead, purchase new equipment rather than letting outdated systems remain active, and invest in the kind of cybersecurity training and staffing that we expect of all critical infrastructure owners and operators. Our adversaries are relentless and well-resourced. To ensure we can maintain defenses, our State and local voting officials need a durable source of Federal financial support so that the most secure technology can be deployed rapidly to ensure our vote is protected. The stewardship of our democracy demands nothing less. conclusion Campaign organizations face the threat of capable, well-funded, and agile adversaries. Organizations of any size would struggle to be prepared for these challenges, but the size and nature of campaign organizations makes them especially vulnerable. There is a lot that campaign organizations can do to protect themselves. They can create a culture of cyber awareness, encourage everyone associated with the campaign organization to turn on two-factor authentication on all their accounts (personal as well as organizational), and be aware of phishing campaigns. These are the most important actions campaign organizations can take to protect themselves. But they need additional help. They will benefit from industry partners providing access to tools that support these efforts. They will benefit from NGO's like Defending Digital Campaigns and Cyberdome who can help filter and provide tools at affordable rates. And finally, they would benefit from Congressional and Executive branch leadership in multi-stakeholder engagement, especially around establishing international norms to discourage nation-state attacks against our democratic institutions. Mr. Richmond. The gentlelady yields back. Thank--I want to thank the witnesses for your testimony. I will remind each Member that he or she will have 5 minutes to question the panel. I will now recognize myself for opening questions. Let me start where we just finished, with Ms. Badanes. You heard me mention the Louisiana ransomware attack on our secretary of state, and it appears it was the business side of that office, as opposed to the election side. But you mentioned in your testimony that ransomware attacks against election infrastructure--how has Microsoft seen this threat grow, No. 1? No. 2, how can the private sector assist our local governments in securing sensitive election systems? You mentioned the campaign, so--the infrastructure. Ms. Badanes. Thank you for the question. This is a topic that Microsoft has been aware of for a long time, ransomware, generally, an issue. We tend to agree with Director Krebs of CISA, who has pointed out recently that ransomware attacks, if timed a couple weeks before an election or, indeed, the week of an election, could have dramatic effects on the results of the election. As you discussed in your opening statements, it could do things like tying up the voter registration database, sowing chaos when people go to try and vote. It could also, depending on the timing, make it difficult or impossible to deliver ballots, or the ballot formats in the right--at the right time. So it is a real concern. The reason that we address it--and why I believe Director Krebs has, as well--as a potential emerging threat, is because we have seen it happen in large and small cities in the recent past. So clearly, we have seen this in Baltimore and Atlanta, and lots of other places. Then, of course, the information that just came out this morning about what was happening in Louisiana. So it is a big concern. It is one that we are working with our partners in Government, DHS in particular, to think through what steps can be taken to form a resilient response. Because the reality is these systems will remain vulnerable, as long as there are people trying to attack it. But if they have resilient plans in place, they can respond accordingly. Mr. Richmond. Thank you. General Taylor, over the last couple years, since 2016, we have put an enormous amount of time from this committee into looking at our election infrastructure. We learned in 2016 that our adversaries can exploit cybersecurity vulnerabilities in campaign organizations to steal information and spin a divisive narrative. How can campaigns help serve as a line of defense against foreign influence in our elections? General Taylor. Well, thank you for the question, Mr. Chairman. I think the important thing is recognizing that they are a target, first, and that they need to invest in cybersecurity. Part of what U.S. CyberDome is attempting to provide to them free of charge is expert-level capability to protect themselves. As I mentioned in my remarks, campaigns are not built to-- with cybersecurity expertise. They--and the nature of the threat that is coming at them requires a very sophisticated understanding of how that threat is manifesting itself. That can only be done by security experts, cybersecurity experts, and campaigns just don't have those kinds of people, routinely. They are startups only together for 1 or 2 years, at most, and can't invest in those kinds of capabilities. Mr. Richmond. Thank you. Mr. Stengel, in the beginning of your book you stated that disinformation doesn't create divisions, it amplifies them. We know the Russians' influence of campaigns fed off of conflict, manipulating discussions on race relations, gun control, global warming, among others, to turn Americans against each other. How do we equip voters to understand when public debate is being manipulated by the Russians or some other adversary to undermine U.S. interests? Then the second part of that would be how can we de- politicize the conversation about disinformation and foreign- influenced campaigns all together? Mr. Stengel. Thank you for that question, Mr. Chairman. In my book I talk about what the Internet Research Agency did in the last few weeks, in particular before the election, where they focused on African American voters. What I meant about that disinformation doesn't create division, it amplifies it, they were trying to get African American voters not to vote. There was a bunch of tweets to people who followed the site that they created, called Blacktivist, which was created, of course, from St. Petersburg, to black voters saying, ``Don't wait in line to vote, vote at home.'' They were trying to get black voters not to vote. They were trying to get voters to vote for minority candidates. Joel Stein, for example. So they can suppress people's votes, they can increase enthusiasm or decrease it. They are not really going to change people's minds. Again, the issue of disinformation is one that people have to be aware of. The first line of defense is the fact that we are actually talking about it now, and that people have to be skeptical of the information that they get, and they need to have some kind of media literacy, where they check the information against other sources. Ultimately, that is what the Russians try to do, not so much get people to believe their point of view, which they don't have, but to make them doubt the voracity of everybody else. Mr. Richmond. Thank you. My time is up. I will yield back, and I will now recognize the Ranking Member of the subcommittee, the gentleman from New York, Mr. Katko. Mr. Katko. Thank you, Mr. Chairman, and thank you all. I have about 30 minutes of questions, but I know I only have 5, so I will get through as much as I can. Ms. Badanes, a lot of questions I would like to ask you, but first of all, on your computer laptop you have a sticker that says, ``Protect 2020.'' Could you briefly explain what that represents? Because I know what it does. What was Microsoft's interaction with 2020, if anything? Ms. Badanes. Sure. Well, I have a couple stickers here that were actually produced by DHS with CISA. Protect 2020 represents an initiative by lots of different stakeholders. To protect our elections we need participation from governments, private sector, academics. It is really going to be a collaborative effort. So they are very generous with giving out their stickers, so that all of us who are part of that effort can display how much we care about this. Mr. Katko. What is Microsoft's role in that effort? Ms. Badanes. We have a variety of initiatives. We have some security initiatives, obviously, for campaigns, as I mentioned in my opening statement. But we also do work around election security. We actually have an open source software development kit, where we are inviting people to come in and use it in their elections, to ensure that a voter's vote makes it all the way through. So we have several initiatives that we are doing. We try and identify places where Microsoft fits, where our resources and our knowledge and people are a good fit to fill some gaps. Mr. Katko. It is a free tool that local election officials can use. But is it fair to say we only have about 25 percent of the local official agency--election agencies using that tool? Ms. Badanes. Currently, it is not used by anyone. It is an open source, and we want to have some pilots. Mr. Katko. I am thinking of something else, then, I am sorry. Ms. Badanes. OK. Mr. Katko. Whatever it is. But I know something with CISA, where 25 percent of the people are not taking up with CISA's free assistance---- Ms. Badanes. Oh---- Mr. Katko [continuing]. To give them assistance with their local elections. That--I am concerned that--why they wouldn't be taking up--it is a free advice, and they get free notification updates as to security vulnerabilities, and they are not using them. I just--for the life of me, I can't understand why. Ms. Badanes. I am not sure. Mr. Katko. Yes, OK. Well, Mr. Blaze, I know we have had some discussions with you in the past, and you have described the election security vulnerabilities as follows. Basically, no matter what we do, it is never going to be perfectly secure, but there is ways you can minimize the risks. So obviously, making sure the machines that actually do the tabulation are off-line, and they have a separate, verifiable way--usually it is through paper, but maybe some other ways, as well, but generally through paper--so we have a recording of the actual vote. Then, you want--I think you said in your testimony, and I have heard you say it before--the risk-limiting audit is a great tool to go back and do. Now, the concern I have is something General Taylor mentioned, and some others alluded to. A lot of these local election agencies don't have the funding to do what we need them to do. So I would like to hear from you all as to what we should be doing in that regard, because whether it is a risk-limiting audit or other types of audits you can do afterward, having the paper trail and going back and doing the spot checks, to me, is the only way to really ensure the integrity of the numbers and the tabulations. Some jurisdictions are better than others. But again, a lot of them do not participate--are not able to do this. So what can we do to fill that gap? I would like to hear from any of you. Mr. Blaze. So I will start off by saying that I agree with you completely, and there is wide variance among the thousands of election administrators throughout the country in capability and funding and interest. You know, one thing that we can do is, you know, infuse funding specifically to replace voting equipment with those that use paper ballots to conduct risk-limiting audits, to share experience---- Mr. Katko. The problem is, I think--I don't want to interrupt you, because we are short on time, but--a lot of jurisdictions will get the funding, but they will choose not to do risk-limiting audits, they will put it into hardware. So what--just briefly, if you can, I want to give the others an opportunity, as well--what can we do? Mr. Blaze. Right. Mr. Katko. What should we be doing? Mr. Blaze. Well, we have to recognize in any funding initiative that the audit step is at least equally important. Mr. Katko. OK, OK. Mr. Blaze. That is absolutely critical. Mr. Katko. OK. Mr. Stengel, General? Anybody want to add anything to that? Mr. Stengel. No, go ahead. General Taylor. You know, I think of this, Mr. Katko, as--I look at the defense industrial base and how long it took that organization, those organizations to really kind-of realize what the threat is. I don't think--I think this is a long-term strategy. I think the investment that you have made in funding for CISA's election security is a huge step in the right direction. I think they have done an excellent job of getting the confidence of the Secretaries of State. I think, over time, that will filter down. But it is a long, tedious process. But as we set the standards and best practices, I am confident it will roll to the--to every level of our election infrastructure. Mr. Katko. OK. Anybody like to offer---- Mr. Stengel. I would only say I am the disinformation guy, not the campaign security guy. [Laughter.] Mr. Stengel. While you can harden election voting systems, it is very hard to harden anything to prevent disinformation, in part because people welcome it. It is part of confirmation bias. Mr. Katko. Right. That is part of the problem here. People have to understand that there is election interference, but that--which we know is going on right now, and that is what you are trying to stop. But then we also have what we are all concerned with, is them actually hacking into the tabulations. We haven't seen that yet, and that is what we are trying to guard against. They are certainly trying to do it, and that is why we need to have these risk-auditing procedures, to make sure that those numbers have integrity. But I thank you all and yield back the balance of my time. Mr. Richmond. The gentleman from New York yields back. I will now recognize the gentleman from Rhode Island, Mr. Langevin, for 5 minutes. Mr. Langevin. Thank you, Mr. Chairman. I want to thank our witnesses for your testimony today. There is certainly no greater responsibility we have than to protect our elections, if we are going to protect our democracy. I appreciate the work you are doing in helping us to get to a better place. Mr. Stengel, I will start with you, if I could. In your testimony you mentioned that--the rise of domestic disinformation is becoming an even greater threat than external disinformation campaigns, as we approach 2020. So I wanted to ask you, and you can please elaborate, on why you are saying domestic disinformation is becoming a threat now, and why you assess it a greater threat and scope than the external campaigns like the Russian interference that much of the focus has been on. Mr. Stengel. So one of the organizations that I am affiliated with is the Digital Forensics Lab at the Atlantic Council, and they evaluate that there has been a very large increase in domestic disinformation. When you think about it, even if you talk about the 100,000 items that the Internet Research Agency placed on Facebook, or the more than 10 million tweets, it--they--it gets leverage, and it gets virality from Americans, not from other Russians. Yes, the Russians have a bunch of bots, but all of this is picked up by American users, and then it is amplified, and that creates the volume, domestically, which is actually larger than the disinformation that is created by the Russians and other actors. Mr. Langevin. But was it started externally and just--are you saying amplified it internally, or are you talking about it is---- Mr. Stengel. Yes, so---- Mr. Langevin. Generated by some organized internal effort? Mr. Stengel. It is--the foreign stuff is started externally, and then it is amplified internally. But there is plenty of domestic disinformation from all kinds of fringe groups on the right and the left, and a lot of experts believe that the domestic space--domestic disinformationists will actually ultimately dwarf the foreign disinformationists. Mr. Langevin. So in your testimony--continuing on with you, Mr. Stengel--you testified that democracies just aren't very good at combating disinformation. I certainly--I agree. One of the things that I focused on, along with one of our new Members of the subcommittee, Ms. Slotkin, is building resilience to disinformation, much as we have built resilience to cyber attacks or acts of terror. So can you please elaborate on how you believe we can build resilience? What does digital literacy education look like? How can we teach digital literacy to Americans of all ages, including older Americans who are already out of school? You know, I understand the idea of, you know, debate and discourse, but this is something different than we are talking about. How do we build in this resilience to disinformation? Mr. Stengel. Yes, I mean, the--I agree with the thrust of your question. One of the things I found in Government, as a person who used to create content, is that countering content by us is often counter-productive. People are not receptive to it, and we are the enemy that they are already attacking. I do think digital literacy and information literacy is something that should be taught in the schools. I suggest that, actually, the platform companies should be financing those kinds of lesson plans. There are a number of organizations, non-profits, that teach digital literacy and media literacy. I think, in the future, we will look at the fact that we didn't teach this in schools as silly as not teaching computer programming. So part of it is this--the resilience is to make people a little bit more skeptical. I think the fact that we are talking about it, about disinformation in general, is the first line of defense because it makes people a little bit wary of the information that they do get. That is, in fact, a good thing. Mr. Langevin. Critical thinking is the--I think the key here. But thank you for that perspective. Dr. Blaze, Professor Blaze, good to see you again. You mentioned in your testimony that hostile state actors can be particularly formidable, because their goal may simply be to disrupt an election or call into question its legitimacy, instead of electing a particular candidate. I agree with that concern. Unfortunately, we know that Russia succeeded in causing voters to lose confidence in the election system in 2016. What steps can we take to maintain voters' confidence in our elections, even in the case of disruption? How can we restore lost confidence in our system? Are these solutions largely technical, or are there policy or strategic communications avenues that we should be pursuing? Mr. Blaze. Well, certainly there are, you know, policy components to all of this. My expertise is on the technological things we need to do. What I would strongly advocate is that we harden the systems as best we can so that, by the use of things like hand- marked paper ballots and risk-limiting audits conducted routinely, election officials have a good answer when people question the legitimacy of the outcome. We can say we are doing rigorous techniques that give us high assurance and high confidence in the outcome of the election, in spite of the inevitable weaknesses and inevitable attacks against them. Similarly, we need to harden things like voter registration databases, procedures for handling provisional ballots and so forth, so that when disruptions occur, we can recover from them quickly enough so that there is no question about whether people were able to vote in the first place. Those are, you know, critical technical safeguards that serve as a foundation for the policy initiatives that you discussed. Mr. Langevin. Thank you. I know my time has expired, but thank you all for your testimony here today. Your perspective is very helpful. Thank you, Mr. Chairman. I yield back. Mr. Richmond. The gentleman from Rhode Island has yielded back. The gentleman from Texas, Mr. Taylor, is now recognized for 5 minutes. Mr. Taylor. Thank you, Mr. Chairman. I appreciate the witnesses being here. Professor Blaze, I really appreciated your testimony. I just wanted to ask one question. So you are recommending that we go to a paperless--recommend we get rid of paperless DRE voting machines and go to precinct-counted optical scan ballots. So that is your recommendation, right? Mr. Blaze. That is correct. I should point out that is not merely my recommendation. Mr. Taylor. Oh, sure. Mr. Blaze. A National Academies report represents the consensus of experts on this, the foundation of that---- Mr. Taylor. If--what is a realistic projection to try to implement that at the Federal level? I mean, is that something we could do for the next--for the primaries in March? Is that something we could do for the general election next fall? Is that something that we could do over a 4-year period, 6-year period? Do you have any projection for kind-of what would be a reasonable time frame to get that done? Mr. Blaze. Some States are already using the technology that is needed, so that is great. Other States are not. There is certainly some lead time in--for purchasing, for training, and for ultimate deployment. You know, I think, certainly, the primaries--for any State not using that equipment right now, the primaries are a pretty aggressive goal to have. The general election is also an aggressive goal, but it is not one that is out of the question to achieve, if we have a-- if we have, as we should, a strong interest in doing so. Mr. Taylor. But--OK. Maybe--if you haven't put pen to paper, I am not trying to put you in a box. Have you put pen to paper on this, or is this just kind of a recommendation? Mr. Blaze. Well, it is--you know, it is highly variable from jurisdiction to jurisdiction. So it is hard to generalize about how to deploy it---- Mr. Taylor. You are fine. Again, I am not trying to put you in a box. Just--different people have different ideas on how long it takes to do these--some of these things, and some of them are really--it is a big ask, right, to do every voting machine in America and change it over? I appreciate that you haven't--I think it is probably fair you don't know, which is fine. I don't know, either. But I think I would certainly want to give it a few years to try to do something of this magnitude. Your comments on voter registration on page 3 of your written testimony, there is an implicit supposition within a voter registration--that you are saying that voter registration is important. Is that a fair statement? Mr. Blaze. Certainly the integrity of the voter registration databases is absolutely critical to conducting---- Mr. Taylor. OK. Mr. Blaze [continuing]. High-integrity elections. Mr. Taylor. So, you know, in my home State of Texas, we require--people can mail in voter registration, but they actually have to vote in person and be verified that it really is a human being, and not, you know, someone trying to steal an election by mailing in 100 voter registrations and get 100 mail-in ballots, and then fill those back in. So a system of voter--so we have voter registrars in Texas. We--so we have a series of checks to try to make sure there isn't fraud, which I assume you would believe would--fraud undermines a belief in the election system. Is that a fair statement? Mr. Blaze. Absolutely. I think we are fortunate that studies have shown that fraud at the individual voter level is, fortunately, quite rare. Mr. Taylor. Well, that may be your experience, but certainly not mine. So what I--but just going back to trying to stop fraud, so again, in Texas we have a very--a system for trying to stop fraud on a voter registration basis. Do you think we should throw out that system? Should we throw out the voter registration systems in all the States, and sort-of let people register however they would choose? Mr. Blaze. Well, you know, I certainly think that making it easy for people who are authorized to vote to become part of the voter rolls is a critical function of any election system. Mr. Taylor. Does it make sense to have---- Mr. Blaze. And---- Mr. Taylor [continuing]. Some mechanism---- Mr. Blaze. And---- Mr. Taylor. Does it make sense to have a mechanism to make sure that voters are really voters, and not people trying to steal elections? Mr. Blaze. That is certainly one of the roles of each State, to---- Mr. Taylor. So that is a yes? Mr. Blaze [continuing]. To perform. Mr. Taylor. It makes sense to stop people from stealing elections, or we should just throw open--get rid of the registrar system in this country and let anybody who wants--let anybody register anybody? Mr. Blaze. Well, it ultimately is a risk management question. So I think, in order to properly answer that--and it is, you know, a bit outside of my own expertise--we would have to, you know, weigh the expected amount of fraud, which, as I understand it, is relatively small, but that is, again, not my area, against the benefit of making it easier for people to vote. Mr. Taylor. So should we get rid of States' provisions for protecting the voter registration system or not? Mr. Blaze. Well, the--you know, I think---- Mr. Taylor. That is a yes-or-no question. Mr. Blaze. I will defer to the National Academies study on the precise recommendation---- Mr. Taylor. So you don't know? Mr. Blaze. [continuing]. Managing voter registration databases. Mr. Taylor. What do you---- Mr. Blaze. I am here to discuss--and my expertise is on-- the technical protections---- Mr. Taylor. But your--you are testifying in writing that you think that voter registration is important to protect, right? Mr. Blaze. Absolutely. Mr. Taylor. OK. Should we have laws to protect that, or not? Mr. Blaze. Well, of course, we should have laws to protect that. Mr. Taylor. Thank you. Thank you, Mr. Chairman. I yield back. Mr. Richmond. The gentleman's time has expired. I now recognize the gentlewoman from Illinois, Ms. Underwood. Ms. Underwood. Thank you, Mr. Chairman. I am really excited to take part in this committee's third hearing this Congress centered on election security. I greatly appreciate the commitment and leadership shown by both Chairman Thompson and Chairman Richmond, who recognize the present and growing threat foreign adversaries pose to our most sacred democratic institutions. On-line disinformation is one of those growing threats as we approach the 2020 election. Last year, for the first time ever, more Americans got their news from social media than they did from print newspapers. So to Mr. Stengel, what should social media companies be doing to prevent attempts to sow disinformation on their platforms, and are they doing it? Mr. Stengel. Yes, I would just note that you can get news from the New York Times and the Washington Post on your phone, as well. But I do recommend--and I wasn't explicit about it in my testimony, but I think amending the Communications Decency Act, particularly section 230, to give the platform companies liability for the content that they publish. Right now they are not considered publishers. They have complete immunity from everything that they have. As I say, they can't have the same liability that a newspaper has, or a magazine, just in part because of the volume. But they need to make a good-faith effort, a reasonable effort, to take off different types of content that violate their terms of service. I would argue hate speech, demonstrably false speech, deep fakes don't have a role in our elections. Ms. Underwood. And---- Mr. Stengel. They need to have liability for taking that stuff down. Ms. Underwood. OK. So my constituents, like many others in the country, want to learn more about how they can increase their social media literacy. So could you answer this question that was submitted by one of my constituents? Can you clearly describe the difference between misinformation and disinformation? Mr. Stengel. Yes. I would define the difference as follows: Disinformation is deliberately false information meant to deceive; misinformation can be just a mistake. It is not necessarily deliberate, although it can be. Disinformation is the much more dangerous and damaging version of that. Ms. Underwood. From your point of view, it is the disinformation that is being used by the foreign adversaries on the social media platforms. Mr. Stengel. Yes, the Russian disinformation, which we are very familiar with, was false information designed to deceive. Part of the reason disinformation is effective is it often has a kernel of truth in it. It is not completely made up out of whole cloth, it is a combination of fact and fiction. Ms. Underwood. Mr. Blaze, thank you and DEFCON Voting Village for organizing the informational briefing last month for Members of Congress. I appreciate your efforts to call attention to the security gaps present in way too many of our voting machines used across the country. What more do you believe voting equipment vendors need to be doing to reduce vulnerabilities? Mr. Blaze. Well, first of all, thank you so much for having us. The--you know, ultimately, vendors have 2 roles here. First is it is critically important that they be responsive, and welcome reports of vulnerabilities and reports of bugs and problems in their system, and rapidly turn that around into defenses against those well-known vulnerabilities. We have seen the--since 2007, the same vulnerabilities present in deployed systems used for live elections, and there is really no reason that those cannot have been fixed by now. But second, vendors--I would urge vendors to produce systems in accordance with the recommendations of the National Academies study, which very firmly reject DRE technology that is still being produced, still being sold by the major voting vendors, even though we understand that it cannot be adequately secured, and we cannot perform risk-limiting audits on it. Ms. Underwood. Thank you. Mr. Stengel, as a former senior State Department official, you have been on the front lines of dissecting and analyzing how foreign governments and other non-state actors are weaponizing information. We also just heard the Ranking Member inquire about the appropriations, and how much money the Federal Government is appropriating. In a field hearing in my district last month we had an expert sitting on a panel like this testify that the United States would need to spend $2.2 billion in order to properly secure Federal elections ahead of 2020, and we have seen news reports of Senator McConnell being willing to appropriate 10 percent of that, $250 million. Based on your expertise, do you feel this administration's response and preparations for the upcoming 2020 election are sufficient? If not, what improvements would need to be made? Mr. Stengel. Again, I am not an expert in election security, but from--even from the premise of your question, I think we don't spend nearly enough on election security. In fact, we don't make elections easy for people to vote in, whether that is changing the date to a weekend, whether that is opening several days. I do think it is quite extraordinary, when you think of the--you know, the marketing budget of a company like Proctor and Gamble, it is probably $25 billion, and we spend less than $1 billion on our own election, it shows what we value and what we don't value. Ms. Underwood. Sure. The 2020 election is now less than a year away, and we must not be caught off guard. I appreciate all the witnesses for being here today to offer your recommendations and work to ensure elections are secure. I yield back. Mr. Richmond. The gentlelady from Illinois has now yielded back. I will now recognize the gentlewoman from Texas, Ms. Jackson Lee. Ms. Jackson Lee. Thank you, Mr. Chairman, and thank you to the full committee Chair, Ranking Member, subcommittee Ranking Member. This is a very important hearing. It is good to see you again, Mr. Stengel, and thank all of you for your work here in the--here at the--in the Government, Federal Government, that some of you have worked in in the past. Let me say how serious this hearing is. Probably to ensure that democracy thrives, we probably need to have these meetings almost every other day. Let me frame my questions from the perspective of 2 points that I want to make. It is general knowledge, and in the recent impeachment investigations even stated, that Russia intends to investigate--excuse me, to interfere with the 2020 elections. Mr. Stengel, I just want to go to you, having experience in the State Department, and being an avid expert on international issues. Do you have any knowledge of Ukraine's involvement in the 2016 election? Mr. Stengel. I do not. Ms. Jackson Lee. Do you have knowledge of the--in the general arena of information--that the intelligence community documented that Russia interfered in the 2016 election? Mr. Stengel. Yes. I mean that is absolutely indisputable, and we saw that both from Classified sources and non-Classified sources. Ms. Jackson Lee. So let me go to General Taylor. Thank you very much. Let me go to General Taylor. Thank you, welcome. It is good to see you again. I have been on this committee since the heinous act of 9/11. I have seen superior [sic] and consistent Secretaries of Homeland Security. We may have had a policy difference here and there, but I have seen the Department take its rightful role in securing the Nation. Certainly we know that we can improve from 2016, but tell me what the state of DHS is as we go into the 2020 elections, in terms of its capability, staffing, leadership on this very vital issue of election security, in your opinion. General Taylor. In my opinion, Congresswoman, the most heartening thing I see in DHS around this issue of election security is CISA, and the investment that this committee has made in making CISA more capable of addressing this issue, and the work that CISA has done to build confidence in the secretaries of state, and down to the State and local election officials. So---- Ms. Jackson Lee. Do we have the staffing and the orderliness that we need, going into 2020, in this Department now? General Taylor. I think we have a huge start. But as you have mentioned, this is--to me, this is the same issue we face as we left 9/11. This is not going to happen overnight. It is going to happen with consistent investment over time, and confidence-building in our State and local officials that the Federal Government is here to help, not necessarily to get in the way. We have done that on counterterrorism. It has taken 15 years. We can do it on election security. I think CISA is well on its way to getting that---- Ms. Jackson Lee. You feel the staffing presently--I don't know if you have access to---- General Taylor. I do not. Ms. Jackson Lee. So you cannot comment on the staffing that we presently have in DHS---- General Taylor. I can only comment on the investment this committee---- Ms. Jackson Lee. Right. General Taylor [continuing]. Has made---- Ms. Jackson Lee. But not on the implementation. General Taylor. Correct. Ms. Jackson Lee. Thank you. Let me--thank you very much. Let me--Dr. Blaze, your expertise in what could happen, let me ask you whether you feel comfortable as to whether or not we are actually prepared for a disruption that we might not expect. I am introducing something called the failsafe elections bill that deals with paper ballots and other issues. But, in particular, it is to secure the technology, the attentiveness to the question of what could happen that were not expected. If you would--if I could yield to you on that question. Mr. Blaze. Well, I will say that, of course, we don't know what we don't know. But I will say that one thing we do know is that if there has not been a large-scale disruption or attack against our election infrastructure that has been successful, it is not because our systems are robust, but rather because nobody has seriously tried to do it. I think it is only a matter of time before our national adversaries turn their resources in earnest on us, and---- Ms. Jackson Lee. Give us one thing--and so 2020 might be the year. We don't know. Give us your 1 or 2 that we really need to deal with in this short period of time, as we move to 2020. Mr. Blaze. Vastly increased resources to protect State and local election infrastructure, rapid deployment of paper ballot voting machines, and risk-limiting audits. Ms. Jackson Lee. Mr. Stengel, my last point on the disinformation, I just want to be clear on what you said, because, as you well know, in past elections African Americans have been told that the election day is on Saturday, and in actuality it was on Tuesday. Absolutely disinformation to oppress, suppress the vote. Did you say that disinformation, the provider's obligation to take it down, they should be liable for it? Was that what you were saying, or---- Mr. Stengel. I think disinformation---- Mr. Richmond. The gentlelady is out of time. I will permit you to answer the question. Mr. Stengel. I think disinformation, which is deliberately false information that is meant to deceive, if it is proven false, if it is indisputably false and meant to deceive, yes, the platform company should take that down. Ms. Jackson Lee. Thank you so very much. I yield back. Mr. Richmond. The gentlelady yields back. We will do a second round of questioning, and I will yield 5 minutes to myself. General Taylor, Congresswoman Underwood asked the question of if we are doing enough, or if the administration and the Federal Government is doing enough on election security. Would you like to weigh in on that? General Taylor. As I said in answering Ms. Jackson Lee's question, I think we have begun a process that is going to take time to build the confidence in State and local election officials that we can benchmark each other and improve the cybersecurity status of our election systems. I have a great deal of confidence in Mr. Masterson over at CISA, and the work that he has done since he has been leading the election security effort there. I think it is developing good fruit. It is not--nowhere near where it needs to be over time. I don't think this is one--again, I think of it from a war on terrorism point of view, and it took us almost 15 years to develop the capacity to do what we have done here since 9/11. So I see it in that vein. Mr. Richmond. Ms. Badanes, let me ask you. In October Microsoft reported significant cyber activity by a threat group you called Phosphorous, which targeted a U.S. Presidential campaign. Can you tell us more about that cyber activity? No. 1, how Microsoft found out about it, and No. 2, what did you do with that information? Ms. Badanes. Sure. There is a group at Microsoft called Microsoft Threat Intelligence Center. We call them MSTIC. For the last 10 years they have been, essentially, hunting nation- state adversaries. They track a lot of their behavior and identify if they are attempting to target any of our customers. So recently they noticed that a group that we call Phosphorous, as you noted, who operates out of Iran, was targeting the individual personal consumer accounts of a lot of very interesting targets. They were current and former Government officials, members of the media, and, as you mentioned, a staffer for a Presidential campaign. Once they were able to confirm that information, and make sure that what they were seeing checked out with a few other sources, they then started notifying. So we notified the individuals who had been attacked, provided them with actionable information--in many cases, things that they could do to check their own logs themselves. Then we notified our friends and colleagues in Government to let them know the activity we were seeing. Then, the final step we took was actually talk about it publicly. We put out a blog post, where we described the action we were seeing, because we thought it was very important to be transparent when we see that kind of activity, especially the kinds of customers they were targeting. Mr. Richmond. Thank you. Let me ask the panel just some general questions. If you could just say yes or no, it would be very helpful. No. 1, it is universally agreed without much contradiction that Russia did, in fact, meddle in the 2016 Presidential election. Would you agree? General Taylor. Yes, sir. Ms. Badanes. Yes. Mr. Blaze. Yes. Mr. Stengel. They didn't meddle; they attacked our infrastructure and the core of our democracy. Mr. Richmond. Agreed. Second, and there are nation-state actors, and there are a lot of people out there that are trying to affect the 2020 election, from infrastructure to disinformation to our very voting machines. Would you agree with that? General Taylor. Yes. Mr. Blaze. Undoubtedly. Ms. Badanes. Yes. Mr. Stengel. Yes, and the Senate Intelligence Committee report said the Russians have done more since 2016 than they did leading up to 2016. Mr. Richmond. Would you also universally agree that the Federal Government has not put the resources there to combat and protect our very democracy that depends on fair, free elections, where every vote matters? Mr. Stengel. Yes. General Taylor. Yes. Mr. Blaze. Yes. Ms. Badanes. More could certainly be done. Mr. Richmond. Then let me ask you another question, because it always comes up from people about this rampant action by individual citizens to go vote who are not voters, and that there is some alleged rampant election fraud perpetrated by individuals. Has anyone seen or aware of a rampant effort by U.S. citizens to vote who may not be qualified to vote, or election fraud? Mr. Stengel. No. General Taylor. Not that I have seen. Mr. Blaze. Not that I am aware of. Ms. Badanes. It is not my area of expertise, but no. Mr. Richmond. I will just close with this. It is very important for the people in this country to believe in the elections that we have, and that the person who wins is the person who was supposed to win, and received the most votes in the regular election, or, in the case of a President, did in fact win the State so that they could win the electoral college. I want to thank you all for what you all are doing, the effort that you are putting forward, to make sure that you offer your subject-matter expertise to how we protect our elections, how to make sure they are fair, how to make sure the winner is the winner. So I just want to thank you all for coming. With that I will yield back and yield to the Ranking Member of the full committee, Mr. Katko. Mr. Katko. Thank you, Mr. Richmond. Those are great questions, I think, and they establish how serious the predicament we are in right now. A couple of quick questions for Mr. Blaze. If you can keep your answers really short, then I got a question for everybody. Mr. Blaze, just a point of clarification. About what percentage of voters in the United States have a paper ballot to--back-up system? Mr. Blaze. That number has, fortunately, been increasing. I don't have the precise number at my fingertips. I believe there are something like 19 States, currently, that don't use any form of paper. Mr. Katko. OK, all right. I wanted to just have you briefly explain what a risk-limiting audit is, and what the costs are involved in a risk-limiting audit. Mr. Blaze. All right. I will be as brief as I can. Essentially, a risk-limiting audit is a statistical technique for sampling ballots and comparing, by a human observation---- Mr. Katko. After the election---- Mr. Blaze. After the election, comparing by human observation what is printed on the ballot with what was recorded. To the--as you see more ballots that match, you gain more confidence that the machine tally showed you the correct election outcome. If you see mismatches you have to look at more ballots and compare them. Mr. Katko. The risk, of course--the problem is a lot of the local election districts simply don't have the manpower or the funds to do that. Correct? Mr. Blaze. That is right. Manpower, funds, experience, and mandate. Mr. Katko. OK. Now I want to ask a question for all of you, and I think I will start with Mr. Stengel, because you kind-of alluded to this a little bit, that Russia is, in particular, is refining their efforts in this regard. How has Russia's strategies evolved with respect to election interference in 2016, and what should we be most concerned with with what they are doing now that they didn't do in 2016? Mr. Stengel. Yes, I don't know the answer to the question of how--of what--of how the Russian strategy has evolved. What I do know is that the platform companies have taken down extraordinary amounts of content. There was an extraordinary story this past week that Facebook had eliminated 5.4 billion--that is B, with a B--fake accounts. I don't know how many of those were Russians, but certainly a significant number. The reporting that I have read about this--and I don't have access to the same intelligence I used to have--is that they are doing more microtargeting this time. They are looking at voters where there is already existing divisions, and trying to widen them and, again, sowing doubt about the integrity of the election. That is their ultimate goal. Mr. Katko. OK. Anybody else want to add to that? General. General Taylor. I agree. I think the one thing I learned in 40 years of intelligence, if something works well, keep at it and get better at it. I think that is what the Russians learned in 2016, and they have--their efforts have continued to evolve to get more sophisticated and more effective. Mr. Katko. OK. Ms. Badanes, anything you want to add to that, or---- Ms. Badanes. All I would add is it is important to note that they are likely not the only player in the game this time around. So, while the strategies of one adversary are important, from the protection standpoint the tactics are a lot of what we look at, how campaigns and election officials protect themselves regardless of who is coming after them. Mr. Katko. OK. So what have we done better that we didn't do in 2016? What have we done--we, being the election officials in the Federal Government--to help with the election officials? What have we done better? What--and then, last, what else can we do? So you can add that---- General Taylor. I will start. When Secretary Johnson indicated that the election infrastructure would be part of our--critical infrastructure was the first step. I think the investment that Congress has made in CISA and CISA's activities, and the confidence that they built among state-- secretaries of state has been a huge step forward from where we started. I think you will recall when Secretary Johnson first designated elections as critical infrastructure, the pushback from the States was pretty significant. I think we have built a lot more confidence that the Federal Government is truly here to help, not to dictate how elections are run. Mr. Katko. Anybody else want to add to that? Ms. Badanes. I would just add that the communication amongst all the stakeholders has vastly improved. We recognize that in 2016, a lot of time, if something happened in a municipality, they didn't know who to call. They didn't know who to call at the FBI, DHS. If it was a platform company or a tech company, they weren't sure who to reach out to. Those communication lines are much stronger. There have been many tabletop exercises and other activities to ensure that people know how to respond if and when something does occur. Mr. Blaze. I will add to that that there is now consensus from technical experts on precisely what to do that didn't exist at the time the Help America Vote Act was passed. We are--have the benefit of pretty clear guidance from the National Academies report, for example, on precisely how to introduce new resources to better protect our elections. Mr. Stengel. I would only say that, in combating disinformation, which is different than what we are talking about here, I am not aware of anything that Congress or the Federal Government has done to combat disinformation. Mr. Katko. OK. I would yield back the balance of my time. Thank you. Mr. Richmond. The gentleman from New York yields back. I now recognize the gentlewoman from Illinois, Ms. Underwood, for 5 minutes. Ms. Underwood. Thank you, Mr. Chairman. In Dr. Blaze's written testimony, you outlined a series of technical observations about the election infrastructure that we have in our country. I just wanted to just drill down on this point. Which do you think is the most vulnerable, ahead of 2020? Mr. Blaze. Well---- Ms. Underwood. For a cyber attack. Mr. Blaze. Right. So I think the--aside from the voting machines, which have been discussed quite a bit, the protection of back-end infrastructure, particularly the voter registration databases that are used to produce the poll books that voters check in with on Election Day, are utterly critical to protect, and we have, literally, thousands of different election administrators all protecting them in slightly different ways. Ms. Underwood. That is so alarming to me. I am from Illinois. I represent a community in northern Illinois. That was exactly what got hacked for us in 2016. It was the on-line voter registration systems and some 76,000 Illinois voters, whose information was compromised. OK. So in General Taylor's written testimony, you went into some minimum standards for campaign cybersecurity. In your written testimony you said that there should be an incentive to spend certain dollars across the board amongst campaigns to incentivize each campaign to make those investments. I am just wondering if you wanted to expand for the committee about what you think that type of incentive should look like, or what those campaigns should be investing in, more specifically. General Taylor. Well, specifically, what I am referring to there is the fact that campaigns, by and large, are start-ups, and don't have the expertise or--to do sophisticated cybersecurity against the adversaries that they face. Ms. Underwood. Right. General Taylor. So the encouragement would be for them to work with a company or an organization like U.S. CyberDome to provide that expertise in a systematic way with funding from donors to our 401--501(c)(4) organization. So it is the investment in organizations like Microsoft or CyberDome that will provide those services free of charge to the campaigns that will raise the level of security that they will have, moving forward. Ms. Underwood. OK. Then also in your testimony, sir, your written testimony, you described how there is a bit of a shortage in qualified workers that have the experience required to do this type of sophisticated cyber defense on behalf of the United States electoral process. Just wondering if you wanted to comment on that. General Taylor. Certainly. It takes years of expertise to build the understanding of how the adversary works, and how to apply the tools of cybersecurity. A college graduate in cybersecurity is not going to have that expertise, and that is why we have tried to bring together folks with that kind of expertise to apply it to individual campaigns in a systematic way, as opposed to a haphazard way. Ms. Underwood. With experience, then, in playing cyber defense---- General Taylor. And---- Ms. Underwood [continuing]. Against the Russians, the Chinese, the Iranians---- General Taylor. Exactly. Ms. Underwood [continuing]. And the other foreign actors that threaten our elections. General Taylor. Who have very significant experience in the defense area of cybersecurity and have applied those tools very successfully over the years. Ms. Underwood. So, with that in mind--thank you, General Taylor--Ms. Badanes--OK, yes, Badanes--could you comment, then, on Microsoft's ability to source that talent, given the relative lack of availability around the country? Do you feel that your company was able to recruit the individuals that do have the ability to play that type of cyber defense that the general was describing? Ms. Badanes. Sure. Microsoft is, actually, one of the most attacked companies in the world. So, when it comes to cybersecurity, it is something that we have had to take seriously for our own protection. We have been able to take our learnings from protecting ourselves, and also apply those to protecting our customers. That includes recruiting the talent that we need to both protect ourselves and also go into that front-line role of protecting our customers. Ms. Underwood. So those individuals, your cybersecurity professionals, then would have had previous experience? Ms. Badanes. In many cases. We have a lot of--real quick, previous experience? Ms. Underwood. Against these foreign adversaries that General Taylor was outlining, right? Ms. Badanes. Sure---- Ms. Underwood. The Chinese, the Iranians, the Russians that have--are the known foreign actors that threaten---- Ms. Badanes. Yes---- Ms. Underwood [continuing]. Our election system. Ms. Badanes. In particular, the MSTIC team that we work with very closely recruits a lot of individuals from previous Government experience, where they faced similar threats. Ms. Underwood. Thank you. So, I mean, it is clear to me that if large technology companies like Microsoft have to go out and recruit these types of very experienced, talented individuals, that campaigns are not going to be able to do that. Certainly, States that barely have an IT person to manage the whole system dedicated to their board of elections or whatever, a secretary of state, they are not going to be able to recruit those people, too. So it sounds to me like we have a real work force issue, in addition to a lack of some standards and requirements. General Taylor. I think there is a work force issue across the board, in terms of cybersecurity, for the country. But more specifically, from our perspective, we believe that we can harness the expertise of the cybersecurity community, focus on campaigns---- Ms. Underwood. Right. General Taylor [continuing]. And do so in a systematic way, which will provide better protection than hiring a--you know, a college graduate to be your cybersecurity person trying to take on the Russians. Ms. Underwood. Thank you for your testimony. I yield back. Mr. Richmond. The gentlelady from Illinois yields back. The gentlewoman from Texas, Ms. Jackson Lee, is recognized for 5 minutes. Ms. Jackson Lee. Let me--again, let me thank the witnesses, and let me share with you these points if you can listen to this fact--points, and then I will raise some questions. The Russian General Staff Main Intelligence Director, GRU, is suspected by our intelligence agencies of having begun cyber operations targeting United States elections as early as March 2016. They took on the persona of Guccifer 2.0, DCLeaks.com, and Wikileaks as the identities that would be reported as having involvement in the work that they had undertaken to undermine our Nation's Presidential election. Russia is blamed for breaching 21 local and State election systems, which they have studied extensively. In February 2018 Special Counsel Robert Mueller released indictments of 13 Russians, at least one of whom has direct ties to Russian President Vladimir Putin. The 37-page indictment details the actions taken to interfere with the U.S. political system, including the 2016 U.S. Presidential election. Among the charges, which include charges for obstruction of justice, are several especially notable details. The indictment states that 13 defendants posed as U.S. persons and created false U.S. personas and operated social media pages and groups designed to attract U.S. audiences. Dr. Blaze, are we better off now than we were pre-2016 and into 2016, as it relates to the operatives that we might expect--Iran, Russia, China? Mr. Blaze. Well, I think, in some sense, we are better off because we are discussing it, the fact that we are having these hearings. But on the other hand, 2016 could be seen as a demonstration of how successful this approach can be with very limited resources. So I think, in particular, this is--the experience of 2016 provides great encouragement to even smaller National adversaries than the--those with the GRU at their disposal. Ms. Jackson Lee. Do you believe, when information counters documented intelligence reports that Russia was the entity that interfered in 2016, and representations from government officials keep utilizing Ukraine as having a server, or having been involved, does that give a sign of victory to our adversaries, when that kind of dialog is still going on? Mr. Blaze. If you are asking me, I think it is, you know, very important that our intelligence services be fully utilized, and their expertise listened to in building our defenses. So to the extent that we are distracted about these things, that only weakens us. Ms. Jackson Lee. Do you still maintain that we need to ramp up the monetary investment quickly to be able to be prepared for what we may not suspect might happen in 2020? Mr. Blaze. I think this is an urgent priority. Ms. Jackson Lee. Your comment, I think, 19 or 20 States don't have paper ballots? Mr. Blaze. That is right. I don't have the precise numbers at my disposal, but there are voters in a large number of States who still don't use paper---- Ms. Jackson Lee. I count that as a crisis. That is about one-third of the 50 States that don't have paper ballots, that something disruptive could occur and they have no record. Mr. Blaze. I think we are--we have been very fortunate if something hasn't occurred yet. Ms. Jackson Lee. Secretary Stengel, again, we have, I think, operatives that think they are successful because, in the public sphere, there is a comment that Ukraine may have had a server, may have had something to do with 2016. Do you count that as disinformation at its paramount level? What else could be said, going into 2020? Mr. Stengel. Yes, Congresswoman, I think that is an example of disinformation. To go to your previous question, I think our adversaries regard it as a victory when they can get that kind of information in the digital bloodstream of the United States, and you have people in the Government not believing what our intelligence sources say is absolutely indisputable, and going--having recourse to some of this disinformation and strange theories that is--are not proven at all. I think our adversaries see that as a victory. Ms. Jackson Lee. With that in mind, let me just say--and let me thank the witness from Microsoft. Let me just quickly ask. You continue to shore up your system to protect against those who want to attack Microsoft, right? It is a daily, everyday basis. Ms. Badanes. Absolutely. It is a race without a finish line. Ms. Jackson Lee. So let me just say I think CISA is a very important new entity. But listening to all of the witnesses, I am almost saying that we should declare a war room. We are a couple of months out from the major Presidential primaries, with one party having any number of candidates. That is the crux of our democracy for the highest office in the land. I appreciate Dr. Krebs and his work, but I really believe that we need an effective war room working on behalf of the Federal Government and working with all the States. This is-- stakes are high, and this is going to be serious in 2020. I thank you all for the contribution you have made today. I yield back. Mr. Richmond. The gentlelady from Texas yields back. I will now recognize the gentleman from Ohio, Mr. Roy--Joyce. Mr. Joyce. I love Ohio, but I am from Pennsylvania. Mr. Richmond. Oh, I am sorry. Mr. Joyce. That is all right. Ms. Badanes, I think it is important that you, representing Microsoft, are here today. You discuss the work on protecting campaigns. But in your written testimony you mentioned that you work on election integrity. Can you elaborate on that work, please? Ms. Badanes. Yes, sure. Thank you for the question. So, as I mentioned in the testimony, our program is focused on 3 pillars, which are actually quite similar to the hearing today. We focus on campaign security, disinformation defense, and election security. So when we approach that space, as I said earlier, one of the things we were looking for was identifying ways that our company uniquely could fit in and make a contribution. One thing that we have done is to encourage the work of Dr. Josh Benaloh, who actually contributed to the National Academies report, and is well-known in the election security community. He is a senior cryptographer in Microsoft Research, and he has created a concept called end-to-end verifiability in elections. So we have built out the code for that. It is now available, open-source, on what is called GitHub, which is a site where open source code lives, and we have invited vendors new and old to take that code and use it to make their system stronger. We are working with them actively to identify pilots where we can test that kind of application. Mr. Joyce. You also mentioned Account Guard and Microsoft 365 for campaigns. Can you tell us about Election Guard, please? Ms. Badanes. Sure. So I actually didn't reference that the open-source software development kit is called Election Guard. Mr. Joyce. It is called Election Guard. Ms. Badanes. Yes, yes. Mr. Joyce. Can you go into some more details of how you can see that impacting the 2020 elections? Ms. Badanes. It will be difficult for it to be rolled out in time for the 2020 election in any notable way, other than a few pilots. However, the way that it impacts voters--and that is what we are really focused on--it comes down to that question of was my vote counted, can I trust that my vote made it all the way through? What end-to-end verifiability enables is a voter to cast their vote, take a tracking number back with them. That vote is now encrypted. Whether it is through a ballot marking device, or whether it is through hand-marked paper ballots into a scanner, it can be applied in lots of different ways. But the voter, at the end of the election, can check and make sure that their vote actually made it into the final tally. So it really is, ultimately, about voter confidence. Mr. Joyce. Can you elaborate on research and development at Microsoft? Do you consider this to be a field of development that Microsoft is committed to? Ms. Badanes. So, interestingly, where Dr. Benaloh sits within the company is within Microsoft Research. So, as a team, the Defending Democracy Program, we are actually quite small. But what we are able to do is work across the company, in particular, with our researchers, identify projects they are working on that could be applicable in the election and campaign space, and where there is a good fit we can then work with them to make that research real and be part of the commercial offerings. Mr. Joyce. Thank you. My next questions are for Dr. Blaze. Pennsylvania recently launched a risk-limiting audit pilot project. Can you speak of how that project has been perceived, and how that was rolled out in 2 different communities in Pennsylvania? Mr. Blaze. Right. If I understand, Philadelphia, my former home town, was one of those cities. You know, it is vitally important that States and local jurisdictions get experience with risk-limiting audits. You know, I think the--Pennsylvania needs to be applauded for doing this. The experience from Pennsylvania is going to be extremely valuable to both Pennsylvania and other jurisdictions, looking forward. So this is, you know, a very positive thing, in my view. Mr. Joyce. Conversely, Dr. Blaze, do you see any potential disadvantages utilizing risk-limiting audits? Mr. Blaze. No. We simply have to do them. I think the biggest disadvantage we face is that if there isn't a National standard for doing them, they are being rolled out very slowly and, you know, this needs to be accelerated with things like the Pennsylvania pilot project. Mr. Joyce. Thank you, and I thank all of the witnesses for being here today. I yield my time. Mr. Richmond. The gentleman yields back. I just want to echo the sentiment of my colleague from Pennsylvania and thank you all for being here and covering such an important topic. I believe that it is bipartisan, that we want to protect our elections and protect our democracy, and make sure that every vote matters. So, with that, the Members of the committee may have additional questions for the witnesses. We ask that you respond expeditiously in writing to those questions. Without objection, the committee record shall be kept open for 10 days. Hearing no further business, the committee stands adjourned. [Whereupon, at 4:24 p.m., the subcommittee was adjourned.] A P P E N D I X ---------- Questions From Chairman Cedric L. Richmond for Francis X. Taylor Question 1. Political campaigns, with their limited resources and staff, are a rich target for adversaries. Are political campaigns doing enough to defend themselves from cyber attack? What more is needed? Answer. Generally, campaigns are not doing enough to defend themselves from cyber attack. Campaigns are not adequately resourced to defend against many expert, persistent, and well-funded threat actors such as nation-states. Most campaigns do not have enough technical expertise or historical experience against the myriad threats they face. Simply put, if they have not previously detected and responded to sophisticated threat actors, they will not be able to. Even campaigns with a very knowledgeable cybersecurity professional on-staff are hindered. One person alone cannot repel the Korean People's Army or the Armed Forces of the Islamic Republic of Iran. Congress should consider specifying minimum cybersecurity standards for Federal candidate committees. Campaigns may have greater incentive to spend effort and funds on cyber protections if they know their competitors are obligated to the same expenditures. Today, a campaign's singular focus is to get elected. Any effort not directly in support of getting elected, is not funded or underfunded. For election campaigns, every dollar spent on services like cybersecurity is a dollar that is not being spent on their core mission. Even proactive candidates may think twice about spending effort and money on cybersecurity, for fear this diversion of resources will result in less votes than their competitors. This results in a lack of incentive for campaigns to address cybersecurity more fully, despite the imminent threat. A minimum standard would ``level the playing field'' and also ensure foundational cybersecurity safeguards are implemented across committees. The specific cybersecurity standards need not be authored from scratch. A large catalog of U.S. Federal cybersecurity publications exists now and might be adapted specifically for political campaigns. Finally, given the relationship between Federal candidate committees and National party committees, Congress should also consider specifying minimum cybersecurity standards for National party committees. Congress should consider mandating that all U.S. Government cyber threat intelligence be disseminated in computer-readable formats, in addition to prose. This simple requirement would go along way to ensuring that action can be taken swiftly once cyber threat intelligence information is received. Today, cyber threat information is mainly conveyed in formats that cannot be automatically processed by computers. In cyber space, the pace of engagement is extremely fast. It far outpaces the rate of re-formatting threat intelligence. We are fighting an asymmetrical war on the cyber front, and we must adjust. I do not espouse a specific format. I would leave that up to the experts. Expressing all threat information in computer-readable formats will be a big step forward. Congress should consider funding efforts to automate de- classification. De-classification processes also cost cyber defenders critical time. However, these challenges are more complex to solve. Over-classification is something that intelligence organizations should evaluate for themselves. In other words, is it possible that certain aspects of the threat information never needed to be classified to begin with? Accelerating de-classification should also be considered. We are living in an age where machine learning is broadly applied, and artificial intelligence is starting to be well-understood. These technologies hold significant promise to automate large portions of the de-classification process. It's noteworthy that computer-readable formats and de- classification of cyber threat intelligence are also big challenges to the U.S. Federal Government sharing information with private sector, whether in the interest of protecting critical infrastructure or for other reasons. I urge careful consideration of these topics, given their importance at-large. Question 2. Recent reports suggest that foreign governments like Russia are ramping up influence operations in places with fledgling democracies or more fragile economies, such as Africa, and using increasingly aggressive tactics. What is the next frontier of foreign influence operations, and how might it matter for U.S. National security? Answer. A RAND blog from June 2019 does a very good job in summarizing what I believe to be the next frontier in foreign influence operations. The author states what many of us have been seeing for some time, ``nation-state cyber wars are already well under way.'' The lack of international norms means that cyber attacks fall into gray areas below total war. Nation-state actors (e.g. Russia, Iran, and China) exploit that uncertainty and pose serious risks to U.S. National security. Their exploits threaten critical infrastructure, including transportation, food delivery, utilities, and commerce in general. The Department of Homeland Security (DHS) has provided solid guidance (published May 15, 2018) toward developing a more robust cybersecurity strategy for the homeland that focuses on better defenses. DHS proposed that the United States seek to build deeper partnerships with industry to foster an aligned cybersecurity ecosystem to enable more effective collaboration and information sharing. DHS has encouraged the accelerated use of innovative and emerging technologies such as artificial intelligence and machine learning, with an eye toward protecting critical infrastructure. DHS has determined that the effects of cyber attacks against critical infrastructure could be better mitigated through the creation of comprehensive playbooks to unify Government actions across defense, homeland security, law enforcement, intelligence, and State agencies. This could drive uniformity in action across the National security enterprise for defensive measures. Question 3. The Obama administration filled the position of National Security Council's cybersecurity coordinator, who coordinated Federal efforts related to cybersecurity. Do you believe such a role is necessary in the coordination of the various agencies' responses to election security? Answer. The increasing reliance of our Nation on technology means the cybersecurity coordinator role has never been more important. Not only is the cybersecurity coordinator critical for coordination of Federal efforts related to cybersecurity, but this role must also oversee alignment of Federal efforts with those of private sector and other levels of government. This alignment is vital for areas such as critical infrastructure, to include election security, where the majority of our critical infrastructure exists outside of the Federal Government. Questions From Chairman Cedric L. Richmond for Richard Stengel Question 1. Political campaigns, with their limited resources and staff, are a rich target for adversaries. Are political campaigns doing enough to defend themselves from cyber attack? What more is needed? Answer. While I am not an expert on cybersecurity and I do not have any data on what the political campaigns are doing, I would suspect that they are not doing nearly enough. They are ripe targets. We saw that in 2016; it will be even more true in 2020. Moreover, there are new methods that have been developed since 2016 that make campaigns more vulnerable. Deep fakes and the manipulation of data, in addition to cyber hacking and disinformation are now among the many things campaigns need to be concerned about. In information war, offensive weapons are more sophisticated than defensive weapons. Campaigns should have full-time teams dedicated to defending themselves in the cyber realm. Question 2. Recent reports suggest that foreign governments like Russia are ramping up influence operations in places with fledgling democracies or more fragile economies, such as Africa, and using increasingly aggressive tactics. What is the next frontier of foreign influence operations, and how might it matter for U.S. National security? Answer. The recent New York Times story about Russian influence operations in Madagascar (Nov. 11, 2019) illustrates the concerns contained in the question. In that story, the Russians were trying to sway a political campaign to help Russian business. Their interests are always unscrupulous: To help Russian interests and to undermine democracy. The Russians, especially outside the United States, combine political influence operations with commercial ones. The Chinese tend to concentrate only on commercial ones. In the case of the Chinese, they believe commercial ties will lead to political ones. In both cases, they seek to erode the strength of American alliances abroad-- and that is a long-term threat to U.S. National security. Question 3. What do you mean when you say that the primary weapons in the global information war are ``weaponized information and grievance?'' How were these weapons used in the 2016 Presidential election? Answer. The weaponization of information and the weaponization of grievance are two different things. The former is a description of global information war, in which bad actors both steal information and distort it to influence and deceive their targets. The weaponization of grievance is a fancy way of saying that some politicians and leaders magnify and exploit voters' frustrations and unhappiness instead of proposing solutions and policy. In the case of weaponizing information, the Internet Research Agency in St. Petersburg created false narratives about U.S. Presidential candidates. The Russians also stoked resentment among both white conservative voters and African-American voters with false claims and deceptive advice. Questions From Chairman Cedric L. Richmond for Matt Blaze Question 1. Political campaigns, with their limited resources and staff, are a rich target for adversaries. Are political campaigns doing enough to defend themselves from cyber attack? What more is needed? Answer. Response was not received at the time of publication. Question 2. Recent reports suggest that foreign governments like Russia are ramping up influence operations in places with fledgling democracies or more fragile economies, such as Africa, and using increasingly aggressive tactics. What is the next frontier of foreign influence operations, and how might it matter for U.S. National security? Answer. Response was not received at the time of publication. Question 3. As one of the organizers of the DEFCON voting village, you have been able to hack voting machines, vote scanners, and ballot marking devices. What do you see as the greatest strength and weakness in our election infrastructure? What technical threats to election infrastructure are most concerning to you in 2020? Answer. Response was not received at the time of publication. Question 4. This month, The Brennan Center for Justice issued a report calling on Congress to establish a framework for Federal certification of election vendors, the private companies that manufacture voting equipment and maintain voter registration databases, which would include the establishment of Federal standards and the ability for Federal officials to monitor compliance and address violations. Are vendors doing enough to defend voting systems? What more is needed? Answer. Response was not received at the time of publication. Question 5. Although you have disclosed these vulnerabilities to vendors, many of these devices will still be in use for the 2020 National election. How have vendors responded to your disclosures? And do jurisdictions that use these machines face a high risk of being compromised? Do you believe that election vendors are well-situated to withstand attacks from nation-state actors? Are there supply chain security certifications that must met for vendors to be able to participate in National elections? Answer. Response was not received at the time of publication. Questions From Chairman Cedric L. Richmond for Ginny Badanes Question 1. Political campaigns, with their limited resources and staff, are a rich target for adversaries. Are political campaigns doing enough to defend themselves from cyber attack? What more is needed? Answer. Political campaigns in the United States range from a small thousand-dollar budget operation with a single staff member to a large multi-million-dollar budget organization with hundreds of staff. No matter their size or resources, all face the potential threat of attack from well-funded adversaries. Many campaigns are taking fundamental steps to protect themselves, but more can always be done. The most impactful thing a political campaign can do to protect itself is to train members of the team on the importance of basic cyber hygiene. These trainings should promote practices such as using a password management tool, turning two-factor authentication on all their accounts, and using a secure communications platform for sensitive messages. Such trainings will not alter the behavior of staff unless campaign leadership first creates a culture of cybersecurity awareness within the organization. When the candidate, campaign manager, and other prominent officials demonstrate a commitment to cybersecurity with their own devices and accounts, prioritize trainings, and provide secure software for the team to use, they demonstrate that cybersecurity is something everyone on the team is expected to care about. However, campaigns can only do so much to protect themselves. There is a role for the private sector to play in supporting these efforts as well. For example, at Microsoft we have made top-tier communications and productivity tools (M365 for Campaigns) available at non-profit pricing so that campaigns can access the security features they need at a price that is reflective of their budget reality. Similar initiatives being spear-headed by organizations such as Defending Digital Campaigns and CyberDome will continue to provide campaigns with the kind of support they need to defend themselves against sophisticated adversaries. Question 2. Recent reports suggest that foreign governments like Russia are ramping up influence operations in places with fledgling democracies or more fragile economies, such as Africa, and using increasingly aggressive tactics. What is the next frontier of foreign influence operations, and how might it matter for U.S. National security? Answer. Identifying the kind of influence operations our adversaries will try next is a challenge that many in both the private and public sector are aggressively investigating. There has emerged consensus on a few things, specifically: (1) Adversaries have already begun and will continue influence operations targeting the 2020 U.S. elections, and (2) adversaries will not follow the same playbook they ran in 2016. While a multi-stakeholder approach is under way to identify and combat these operations, it should be noted that key participants in that process are the voters themselves. An informed public is one of the best defenses that can be used against such operations. A good example of arming citizens with information that is helpful to this effort is the recent infographic created by the Cyber & Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). This infographic clearly demonstrates how disinformation is constructed and spread by adversaries, using the clever topic of whether pineapple belongs on pizza.\1\ Additional engagement with the public using tools like this is a helpful step toward preparing the public for these on-going influence operations. --------------------------------------------------------------------------- \1\ CISA Disinformation Infographic--https://www.dhs.gov/sites/ default/files/publications/19_0717_cisa_the-war-on-pineapple- understanding-foreign-interference-in-5-steps.pdf. --------------------------------------------------------------------------- As researchers look into what other tactics might be used in future influence operations, one emerging threat that is gaining attention is the increased potential for bad actors to use artificial intelligence to create malicious synthetic media, better known as ``Deepfakes''. While advances in synthetic media have clear benefits (such as synthetic voice used to improve accessibility technology), the increased access to synthetic media technology also leads to the risk of exploitation. Stakeholders from academia, civil society, and industry are currently working together to advance best practices for the ethical use of AI. One such effort includes a recent ``Deepfakes Detection Challenge'' Microsoft helped launch together with Facebook and the Partnership on AI, a technology industry consortium focused on best practices for AI systems, which invites researchers to build new technologies that can help detect deepfakes and manipulated media. The emergence of deepfakes is just one possible avenue our adversaries will pursue in their efforts to disrupt the 2020 U.S. elections, and there is more to be done to combat this possible threat as well as others. Microsoft remains committed to working with other stakeholders to contribute to solutions as these and other threats emerge. [all]