RON JOHNSON WISCONSIN CHAIRMAN JOHN McCAIN ARIZONA ROB PORTMAN OHIO RAND PAUL KENTUCKY JAMES LANKFORD OKLAHOMA MICHAEL B ENZI WYOMING KELLY AYOTTE NEW HAMPSHIRE JONI ERNST IOWA BEN SASSE NEBRASKA THOMAS R CARPER DELAWARE CLAIRE McCASKILL MISSOURI JON TESTER MONTANA TAMMY BALDWIN WISCONSIN HEIDI HEITKAMP NORTH DAKOTA CORY A BOOKER NEW JERSEY GARY C PETERS MICHIGAN CHRISTOPHER R HIXON STAFF DIRECTOR GABRIELLE A BATKIN MINORITY STAFF DIRECTOR tinitro tatrs rnatr COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS WASHINGTON DC 20510-6250 September 14 2016 The Honorable Terry McAuliffe Chair National Governors Association Executive Mansion Richmond VA 23218 The Honorable Brian Sandoval Vice Chair National Governors Association Executive Chambers 101 North Carson Street Carson City NV 89701 Dear Governors McAuliffe and Sandoval I write today regarding the recent cyberattacks on American political organizations and state election systems and to make sure you are aware of the valuable tools that the Department of Homeland Security DHS has to offer to address these threats to our country I ask for your assistance with informing your fellow governors about these important tools that can be made available upon the request of any state As a former Governor of Delaware former Chairman of the National Governors Association NGA and former chair of the NGA's Center for Best Practices I greatly value the importance of the great work done by the NGA and the states I am especially encouraged by the leading role the Center for Best Practices has taken with respect to cybersecurity issues and the commendable work you have done to enhance the state-federal partnership to address cybersecurity challenges 1 As the cyber threat our country faces grows and evolves it is critically important that we continue to strengthen the ongoing partnership between the NGA and the federal government As has been publicly reported U S intelligence and law enforcement officials are reviewing whether Russia is engaged in active measures to influence the American political process including cyberattacks on election systems Last month for example the Federal Bureau of Investigation FBI issued an alert about unknown actors targeting state election databases 2 And there is strong evidence that Russia has sought to interfere with foreign states' election processes in the past in order to serve its own interests Although these reports are troubling I believe the American public should have confidence in our current election systems and the efforts of state and local governments to make the risk of a successful cyberattack remote With that said the FBI and DHS are still encouraging state and local governments to take appropriate additional precautions to enhance the security of their election1 Federal 2 Cybersecurity Programs A Resource Guide NGA Center for Best Practices Oct 2014 FBI Flash Alert Number T-LD1004-TT Aug 18 2016 related computer systems To this end there are several tools and resources that are available to states that wish to voluntarily seek more assistance DHS for example offers cyber hygiene assessments to identify vulnerabilities and then provides recommendations on remediating the vulnerabilities as well as more in-depth risk and vulnerability technical assessments DHS also makes available the services of its 24 7 cyber operations center known as the National Cybersecurity and Communication Integration Center as well as regional professionals across the country to help state local tribal and territorial governments States interested in these services can request assistance through DHS's State Local Tribal and Territorial Cybersecurity Engagement program by emailing SLTTCyber@hq dhs gov In addition DHS also partners with the Multi-State Information Sharing and Analysis Center MS-ISAC to help states manage cyber risk and share information As you are likely aware the MS-ISAC is another incredibly valuable resource for states and local governments and offers many services including real-time network monitoring early cyber threat warnings and advisories vulnerability identification and mitigation and incident response When I served as Governor from 1993 to 2001 my fellow governors and I did not have to worry about the many of the kind of cybersecurity challenges faced by states today While I remain confident in our election systems today and in the numerous security precautions already taken by states I respectfully ask that you continue to encourage your fellow governors to review the cybersecurity of their election systems and to take advantage of the information and voluntary assistance provided by DHS and other federal agencies While I fully appreciate a state's responsibility to administer its own election systems I believe that we must continue to work together to protect the values and institutions that we cherish so much in our great country With best personal regards I am Sincerely yours Tom Carper Ranking Member cc The Honorable Ron Johnson Chairman Scott Pattison Executive Director and Chief Executive Officer National Governors Association The Honorable Denise Merrill Connecticut Secretary of State President National Association of Secretaries of State