Statements on Introduced Bills and Joint Resolutions

Floor Speech

BREAK IN TRANSCRIPT

Mr. WYDEN. Mr. President, today I am introducing the Federal Campaign Cybersecurity Assistance Act of 2019--a bulky name for a bill that attempts to do a simply stated thing: protect our democracy from foreign cyber attacks. This bill allows the national campaign committees to provide much-needed cybersecurity assistance to State political parties, Federal campaign offices' staffs, and Federal candidates' personal accounts and devices.

In 2015 and 2016, hackers working for the Russian government penetrated the networks of the Democratic National Committee and the Democratic Congressional Campaign Committee. The hackers also compromised the email account of Senator Hillary Clinton's presidential campaign manager, John Podesta. The Russian government subsequently leaked and weaponized Democratic party and campaign emails in order to influence the outcome of several elections--most publicly, the presidential race between Donald Trump and Hillary Clinton, but also U.S. House of Representatives races in Illinois, New Hampshire, New Mexico, North Carolina, Ohio, and Pennsylvania. Hackers also targeted Republicans during the same period, but were less successful in their efforts.

The impact of Russia's hacking-enabled influence campaign was a surprise to many. However, this was not the first time that a foreign government hacked into the campaign organization of someone running to be President of the United States. Senior officials from the 2008 Obama and McCain presidential campaigns have publicly confirmed that both organizations were compromised by hackers. In an interview with NBC News 2013, Dennis Blair, who served as President Obama's Director of National Intelligence between 2009 and 2010 stated that ``Based on everything I know, this was a case of political cyber-espionage by the Chinese government against the two American political parties. They were looking for positions on China, surprises that might be rolled out by campaigns against China.''

In recent years, the Republican National Committee, the National Republican Senatorial Committee, and the the National Republican Congressional Committee have all been hacked, as well as the campaigns of Senators Graham and McCain. Both major political parties have suffered hacks, and will undoubtedly continue to be targeted by foreign governments and other sophisticated hackers.

Over the past two years, Congress has turned its attention to several weaknesses in our democracy that were exploited by Russia including the role of social media companies and long-standing flaws in paperless voting machines used in several states. While these issues have yet to be meaningfully addressed, they have, at least, been the subject of oversight hearings and legislative proposals in Congress. In contrast, Congress has yet to hold a single hearing on the vulnerability of political parties and campaigns to hacking by foreign governments, nor has anyone else in Congress introduced legislation to help defend these organizations from cyber attacks.

For the sake of the integrity of the American political process, I introduce this bill today to protect those running for office, and the organizations that support them, from cyber attacks. Russia's hacking and leaking of emails in 2016 is now well documented. Their efforts continue. If you think they aren't working towards the 2020 federal elections as hard as any cub reporter in Iowa, you'd be sadly mistaken. And they are likely NOT alone. Other hostile governments will undoubtedly seek to emulate and improve on Russia's tactics.

Congress has acted in the past to protect those running for office from serious threats. After Senator Robert F. Kennedy was assassinated in 1968, Congress authorized the Secret Service to protect Presidential and Vice Presidential candidates. In extending Secret Service protection to candidates, Congress recognized that the threats to Presidential and Vice Presidential candidates required professional protection. Congress must now take action to protect candidates for Federal office--and consequently, our democracy--from another serious threat: hacking by foreign governments.

The political parties are best of the available options to provide cybersecurity to campaigns. Politicians are already dependent upon the parties for fundraising, advertising, polling, messaging, and other forms of support. Giving parties the responsibility to provide cybersecurity does not make politicians dependent on help from a new entity. Parties are also responsible to politicians they protect, moreso at least than any other government, corporate, or non-profit entity.

Quite simply, this bill gives the national campaign committees the role of the ``IT Department'' for state parties, campaigns, and candidates. The committees will be able to provide these entities with securely configured laptops and cellphones, professionally administered email, encrypted messaging, and collaboration software, and if necessary, hire third-party cybersecurity experts to help in the event of a successful hack.

This bill also permits the national parties to provide this assistance with money they raise in their ``building fund.'' The building fund is one of three supplementary accounts through which Congress permitted the national campaign committees to raise an additional $100,000 per individual, per year, to pay for the cost of presidential nominating conventions, national party headquarters buildings, and election recounts and other legal battles.

I know that some advocates have serious concerns about the building fund and the other supplementary accounts created by Congress in 2014. I share these concerns, and have long supported bold reforms of our campaign finance system. However, the current Senate is extremely unlikely to pass legislation creating public financing of elections anytime soon, and so while we have the current system, permitting the use of money in the building fund for cybersecurity appears to be the least bad option. Most importantly, this approach does not permit the parties to raise any new funds--it merely permits a new use of money raised through the building fund.

I am not the only one to recognize the severity of the cyber threat aimed at political parties. Earlier this year, the Canadian agency responsible for government cybersecurity, the Communications Security Establishment, issued a lengthy report on threats to elections, which noted that that ``Globally, political parties, candidates, and their staff remain attractive targets for cyber threat activity.'' Likewise, the Maryland Board of Elections published guidance last week, recognizing that ``Campaigns are a potential cyber target,'' and consequently permitted state political parties to provide additional cybersecurity assistance to campaigns.

November 2020 gets closer by the day. Congress cannot wait any longer to protect state parties, campaigns, and the candidates themselves from sophisticated cyber attacks. Accordingly, I urge my colleagues to promptly act on this legislation, and to secure our democracy from cyber threats before it is too late. ______

By Mr. DURBIN (for himself, Mr. Scott of South Carolina, Mr. Menendez, Mr. Young, Ms. Duckworth, Mr. Portman, Mr. Kaine, and Ms. Smith):

S. 1583. A bill to amend the Lead-Based Paint Poisoning Prevention Act to provide for additional procedures for families with children under the age of 6, and for other purposes; to the Committee on Banking, Housing, and Urban Affairs.

BREAK IN TRANSCRIPT

Source