Have you ever wondered how state and county election officials secure elections?
The Pennsylvania Department of State (DOS) collaborates with federal and state law enforcement partners to remain vigilant on current and emerging threats that may impact elections.
At both the state and local level, in conjunction with experts from the state and federal Departments of Homeland Security, Center for Internet Security, and other key partners, Pennsylvania is employing extensive measures to stay one step ahead of any threats to our infrastructure. These measures include comprehensive monitoring and assessment of risk, fortification of physical and cyber security, employing mitigation actions for issues identified, providing training and resources to partners, and increasing communications at all levels.
Election Security in Pennsylvania
We all value the integrity and security of our elections and want assurance that our votes are secure and accurate, particularly following reports on attempted interference in our election process.
While our voting system and network security are very strong in Pennsylvania, the commonwealth and county boards of elections are vigilant in monitoring and assessing any potential vulnerabilities, and we regularly take comprehensive additional measures to make our elections more secure.
The Department of State (DOS) works closely with all 67 county boards of elections, as well as experts from the state and federal Departments of Homeland Security, Center for Internet Security (CIS), the National Guard, the Office of Administration (OA), the PA Emergency Management Agency (PEMA), state and county IT staff, and other key partners to maintain and enhance the security of our election process.
Here are some of the many ongoing steps being taken to ensure that our systems remain safe and secure:
Election Security at the State Level
Election Security at the Local Level
Protecting Our Voting Systems
All certified voting systems in Pennsylvania, including the election management system and vote- tallying components, are never connected to or permitted on internet-facing networks, which significantly decreases opportunities to be hacked.
A layered set of protections are in place to secure voter registration databases.
Appropriate use of encryption technology and other tools raise the bar on protecting systems.
Continuous monitoring of the commonwealth's technical environment means alerts are reviewed and acted upon quickly.
Independent vulnerability assessments are frequently performed to verify established protections. There is no evidence the voter rolls or vote results have ever been hacked or compromised.
Pennsylvania has partnered with the U.S. Department of Homeland Security to conduct multiple in- depth vulnerability assessments of the commonwealth's cybersecurity posture.
Counties strictly secure their voting systems. Every county election board inspects and tests each piece of voting and tabulating equipment before an election and places locks with tamper-evident seals on all voting machine access points.
Precinct election results are not submitted through a network. They are physically delivered by precinct officials to county election officials, and duplicate copies of the printed results are retained. Official election results are then certified under the seal of the county and are physically delivered to the state.
The Department of State directed all PA counties to select new voting systems with voter-verified paper ballots by the end of 2019, to ensure that Pennsylvania voters are voting on the most secure, accessible, and auditable equipment available.
- DOS has issued guidance to counties on the following topics for election preparedness and security:
- Pre-election testing
- Password and permissions management
- Restricting access
- File transfers
- Vote canvassing
Engaging in Strategic Data Sharing
- Pennsylvania works with CIS's Multi-State Information Sharing and Analysis Center (MS-ISAC) to gather and share intelligence about cyber threats (such as website defacement) that target government or government-affiliated systems.
- We also participate in CIS's Elections Infrastructure Information Sharing and Analysis Center, (EI- ISAC), an elections-focused cyber defense suite providing additional free support and resources including forensic analyses and emergency response teams.
- Pennsylvania, like many other states, continues to see increasing membership in MS-ISAC and EI-ISAC communities.
- Department of State (DOS) staff have national security clearances to extend our access to classified information to bolster our election security.
- In November 2018, DOS launched an election day dashboard in partnership with the Pennsylvania Emergency Management Agency (PEMA) to strengthen communication and response on election day among county, state and federal partners.
Developing and Maintaining Crucial County Partnerships
In 2017, DOS formed an election security workgroup of County Commissioners Association of Pennsylvania (CCAP) representatives, county election directors, DOS staff, and county and state IT directors to discuss security issues, share training resources, and conduct security self-assessments to assess each participating county's security posture.
In 2018, the Administration formed an Executive Interagency Workgroup to further fortify our election security, banding together experts from the Department of State, Homeland Security, Emergency Management Agency, Information Technology, State Police, National Guard, Inspector General, and the Department of Military and Veterans Affairs. This team of key agencies collaborate on increasing security resources, training, support, information, and preparation.
The cyber defense team of the PA National Guard was recently chosen to be the first state to participate in a new DHS training program. The program, now in the pilot phase, trains third parties to conduct Risk and Vulnerability Assessments (RVA) to DHS standards.
Providing Ongoing Training Opportunities
DOS co-hosted a free webinar in April 2018 in conjunction with the U.S. Department of Homeland Security (DHS), the state Office of Homeland Security, the Federal Bureau of Investigation, the Center for Internet Security (CIS), and other experts, for state and county election and IT personnel.
DOS staff has participated in nationally-recognized election cybersecurity trainings, including a table-top training exercise by Harvard Kennedy School's Belfer Center. We are collaborating with our partners to provide similar trainings, mock election exercises, and other resources to PA counties, including in-depth tabletop exercises to train election, information technology, and security personnel in incident response and preparation, simulating scenarios that could impact voting operations.
DOS co-hosted an Election Day Preparedness Table Top exercise in September 2018 in conjunction with PEMA, OA, National Guard, State and Federal offices of Homeland Security, the Governor's Office, and personnel from numerous counties.
We have issued guidance, training, and resources to counties on strong cyber security practices for voting system and network preparation and security, including pre-election testing, password and permissions management, restricting access, file transfers, and vote canvassing. We are also providing anti-phishing and security training and tools to all 67 counties at no cost to them.
OA partnered with CCAP in 2018 to provide counties with access to the security awareness training that all commonwealth employees are required to take annually. In addition, OA partnered with CCAP to conduct phishing exercises for both state and county election personnel.
Election security video prepared by the Election Assistance Commission (EAC)
The U.S. Election Assistance Commission also prepared a video to summarize the measures employed by state and local election officials across the nation to safeguard elections, voter registration data, voting systems, and more. As you’ll see, a lot goes into election preparation, but it’s worth protecting the democratic process.
EAC Election Security Video