Back in April, the U.S. Election Assistance Commission – a federal agency— divided $380 million among all states to help strengthen election systems. This week, the EAC reported how each state plans to use its share of this federal money. States will spend the most money on cybersecurity — 36 percent of the $380 million, by 41 states and territories. The rest will be spent on updating voting equipment, voting registration systems, and post-election audits.
Pennsylvania's allocation for cybersecurity? Zero.
Instead of investing in better cybersecurity to protect voter registration and communications of election officials, Pennsylvania is going to spend all of its $14,149,964 — which includes a 5 percent match from the state — on new voting machines. These are necessary, since the state is one of the 13 states that still uses voting machines that leave no paper trail and as such cannot be audited, according to the Brennan Center for Justice at New York University. The federal funds fall far short of being able to replace all the machines — estimated by the Pa. Department of State to be between $95 and $153 million. The state ordered counties to replace all non-auditable machines by 2020 and the federal funds will go toward counties' effort.
There's no question this is a priority, mainly because the faster the commonwealth replaces the machines, the fast it can address other election security concerns. (When Virginia made voting machines a priority, they were all replaced in 59 days – not two years.)
Earlier this month, in the yearly hacking conference Def Con, it took less than 10 minutes for most of the 11-year-old kids to hack state and campaign websites.
To address cybersecurity concerns for the state, in July, Gov. Tom Wolf established the Inter-Agency Election Preparedness and Security Workgroup. In August, Workgroup members participated in a national cyber training exercise alongside representatives from 10 counties.
Unlike state cybersecurity, security within individual campaigns is not under the purview of the Pa. Department of State.
There are measures that campaigns can take. The Belfer Center at the Harvard Kennedy School created a Cybersecurity Campaign Playbook. The playbook includes measures — mostly free or low cost — that every campaign should adhere to and seven steps that every campaign can check to ensure that they are secure. They include using encrypted messaging systems, strong passwords, and training on phishing tactics that hackers use.
Every political campaign in the state should pledge to adhere to cybersecurity best practices.