OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Executive Calendar

Floor Speech

Date: July 18, 2018
Location: Washington, DC
Issues: National Security Foreign Affairs Elections

BREAK IN TRANSCRIPT

Mr. LANKFORD. Mr. President, there has been a lot of conversation again, of late, about election security. It seems to be a frequent conversation in the hallways the last couple of days, and it is an ongoing issue that I think some people have lost track of, but we have not.

Amy Klobuchar and I and several others have worked very hard for months on this issue of election security, quietly trying to get the language right and to work through the process of what it takes to secure our elections for 2018, 2020, and beyond, learning the lesson from 2016.

I do want to remind this body that the elections are not something that happens this November. It is already ongoing. Many States' primaries have already been conducted. Last night there was a runoff primary that happened in Alabama. Georgia holds their runoff primaries next week, and Tennessee is the week after that. Kansas, Michigan, Missouri, and Washington will be on Tuesday, August 7. It is already ongoing.

While we watch the indictments that just came down from the Mueller investigation on GRU officers from Russia who were trying to interfere in our elections in 2016, as we have seen the sanctions and the indictments that have come down on some of the oligarchs from Russia and from the Internet Research Agency for what they were doing in social media, trying to be able to interfere with our election in 2016, I think it may be important for us to do a quick lookback at what has happened and what is still going on and what we are trying to accomplish in the next few weeks.

Let me just give a quick look at what is happening in my State of Oklahoma. In Oklahoma, in the 2016 cycle, the FBI and others began to discover that there were issues with the elections and some interference from what they, at that time, called ``bad actors'' in June of 2016. Later that summer, in August of 2016, the FBI issued what they call a nationwide ``flash alert'' to every State dealing with a threat from a ``bad actor.''

The Oklahoma State Cyber Command director received that warning, as did everyone else, but at that time the FBI didn't share any details because no one in my State was given security clearance to be able to have that kind of classified conversation with the FBI.

It wasn't until September 22 of 2017, a year and a little bit later, that DHS actually notified my State and our State election authorities that we hadn't just been targeted by a bad actor but that we had been targeted by the Russians--a year later--because no one had clearance and there was no one engaged.

DHS told Oklahoma State Election Board secretary Paul Ziriax, who is doing a great job, that there was evidence that the Russians conducted a surveillance scan looking into vulnerabilities in the State computer network, but they didn't get into the election board computer network, and they didn't get into any of our equipment.

They basically came and checked to see if the door was locked, and they found out that in Oklahoma the door was locked, and the Russians could not get in. They didn't penetrate into our system, though they tried.

But it was a year after the elections before we were even notified that the Russians were trying to penetrate our system. A subtle flash warning is all that we received in the summer of 2016.

Oklahoma has a great system for elections. Our system is consistent across every single county. We have optical scanners with a paper ballot backup so that we can verify the computer count with a hand count if needed. We have had a very good system. That system was tested by the Russians when they evaluated the computer networks of our State, and they were also not able to get in, thanks to the leadership of some of the cyber and the technology folks who are in Oklahoma.

Not all States have the same practices. In some States, from county to county their election systems are different. From township to township they may have different systems with different companies and different backgrounds. They may not have the same kind of system where they get a chance to protect their cyber systems.

We saw that in 2016, when the Russians were able to penetrate some of the States and actually were able to harvest some of their voter register rolls. They weren't able to change any votes. They weren't able to affect the voting that day, but they did a tremendous amount of scanning through systems to be able to see where there were vulnerabilities, what they could learn on our election systems, and how they could engage for a future time.

I think we should learn a lesson from that and be aware that the Russians are trying to penetrate that system and learning as much as they could.

At the same time that they were hacking into different systems and testing them out to see if they could get in, a different set of folks from the Russian group the Internet Research Agency were trying to put out social media disinformation.

Some 200,000 Oklahomans saw Facebook and Twitter posts that Russians put out as false information. They weren't all on one candidate. There were multiple candidates and multiple issues. Sometimes it was on Hillary Clinton, sometimes on Donald Trump, sometimes on Bernie Sanders, sometimes on Jill Stein, and sometimes just on ideological issues. Over 200,000 Oklahomans saw those posts from different Russians, not knowing they were Russian posts at all. They were Russians pretending to be Americans, and they were pushing that information out.

What can we learn from this? One is the most simple of those things: You shouldn't believe everything you see on the internet. It is not always an American. It is not always who they post to be, and it is not always true. It should be the most basic information that we should learn about what is happening on the internet and what is online, including Facebook and Twitter.

The other lesson that we need to learn is a little more complicated. We have to be able to have better communication between the Federal Government and States, better cybersecurity systems, and the ability to audit that.

That is why Senator Klobuchar and I have worked for months on a piece of legislation called the Secure Elections Act. That piece has worked its way through every State looking at it and their election authorities. We have worked it through multiple committee hearings. In fact, recently, just in the last month, there were two different hearings in the Rules Committee. It is now ready to be marked up and finalized to try to bring it to this body.

It is a very simple piece. It affirms that States run elections. The Federal Government should not take over elections nationwide. In fact, that would make a bad situation worse. States need to be able to run elections and be able to manage those.

But it qualifies several things. One is that it gives a security clearance to a person in every single State. If there is a threat from a hostile actor, there is not some vague warning that comes out. There is an immediate address about what is happening and a communication within the intelligence community here on the Federal level to individuals with a clearance on the State level.

Right now, the DHS, in absence of this legislation, has started implementing it anyway. Every single State has at least one person with a security clearance now, including my own. They are working to have at least three in every State to do a backup system.

We also need to be able to affirm that every State can audit their elections, that they would do what is called risk-limiting audits after the election just to check and to make sure that the results are correct, but also that they have the ability to audit it as the election is going on so that it is not just counting on a machine but that there is also some way to back it up. States have a variety of ways they can actually do that.

If elections are trusting that the electronics are going to work and not be hacked into and not be affected, we should have learned the lesson from 2016 that there are outside entities trying to attack these systems and to find vulnerabilities, and they will.

Some way to be able to back it up, to be able to audit the election while it is happening, risk-limiting audits after the fact, security clearances for individuals within States, and rapid communication State to State and State to Federal Government all help to maintain the integrity of our elections.

That is what we do in the Secure Elections Act. I think it is so important that we try to resolve this as quickly as possible.

I encourage this body to finish the markup in the Rules Committee to be able to bring it to the floor and to have a consistent bipartisan vote to be able to support the work that we need to continue to do to protect our elections in the days ahead.

Our Republic is one that maintains its stability based on the integrity of our elections. I have zero doubt that the Russians tried to destabilize our Nation in 2016 by attacking the core of our democracy. Anyone who believes they will not do it again has missed the basic information that is out day after day after day in our intelligence briefings.

The Russians have done it the first time. They showed the rest of the world the lesson and what could be done. It could be the North Koreans the next time. It could be the Iranians the next time. It could be a domestic activist group the next time. We should learn that lesson, close that vulnerability, and make sure that we protect our systems in the days ahead.

There is more that can be done, but the States seem to take a lead on this. This is something that the Federal Government should do, and we are very close to getting it done. I wanted to be able to tell this body that we are close. Let us work together to get this done in the days ahead.

BREAK IN TRANSCRIPT


Source
arrow_upward