Skip to content
Link copied to clipboard

Vulnerable voting systems means a vulnerable democracy | Editorial

Every political campaign in the state should make a pledge to adhere to cybersecurity best practices.

A worker is surrounded by computer monitors in the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Wednesday, Aug. 22, 2018. The center serves as the hub for the federal government's cyber situational awareness, incident response, and management center for any malicious cyber activity. (AP Photo/Cliff Owen)
A worker is surrounded by computer monitors in the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Wednesday, Aug. 22, 2018. The center serves as the hub for the federal government's cyber situational awareness, incident response, and management center for any malicious cyber activity. (AP Photo/Cliff Owen)Read moreCLIFF OWENS / AP

Back in April, the U.S. Election Assistance Commission – a federal agency— divided $380 million among all states to help strengthen election systems. This week, the EAC reported how each state plans to use its share of this federal money. States will spend the most money on cybersecurity — 36 percent of the $380 million, by 41 states and territories. The rest will be spent on updating voting equipment, voting registration systems, and post-election audits.

Pennsylvania's allocation for cybersecurity? Zero.

Instead of investing in better cybersecurity to protect voter registration and communications of election officials, Pennsylvania is going to spend all of its $14,149,964 — which includes a 5 percent match from the state — on new voting machines. These are necessary,  since the state is one of the 13 states that still uses voting machines that leave no paper trail and as such cannot be audited, according to the Brennan Center for Justice at New York University. The federal funds fall far short of being able to replace all the machines — estimated by the Pa. Department of State to be between $95 and $153 million. The state ordered counties to replace all non-auditable machines by 2020 and the federal funds will go toward counties' effort.

There's no question this is a priority, mainly because the faster the commonwealth replaces the machines, the fast it can address other election security concerns. (When Virginia made voting machines a priority, they were all replaced in 59 days – not two years.)

Earlier this month, in the yearly hacking conference Def Con, it took less than 10 minutes for most of the 11-year-old kids to hack state and campaign websites.

To address cybersecurity concerns for the state, in July, Gov. Tom Wolf established the Inter-Agency Election Preparedness and Security Workgroup. In August, Workgroup members participated in a national cyber training exercise alongside representatives from 10 counties.

Unlike state cybersecurity, security within individual campaigns is not under the purview of the Pa. Department of State.

There are measures that campaigns can take. The Belfer Center at the Harvard Kennedy School created a Cybersecurity Campaign Playbook. The playbook includes measures — mostly free or low cost — that every campaign should adhere to and seven steps that every campaign can check to ensure that they are secure.  They include using encrypted messaging systems, strong passwords, and training on phishing tactics that hackers use.

Every political campaign in the state should pledge to adhere to cybersecurity best practices.

Pennsylvania will be a key state in the midterm that could determine the composition of the next Congress. Both the state and political campaigns should gear up efforts to ensure that by the end of Election Day, we all celebrate democracy instead of trying to figure out how we were attacked — again.