Verified Voting Public Commentary: Verified Voting Testimony before the Pennsylvania State Senate Senate State Government Committee: Voting System Technology and Security
The security of election infrastructure has taken on increased significance in the aftermath of the 2016 election cycle. During the 2016 election cycle, a nation-state conducted systematic, coordinated attacks on America’s election infrastructure, with the apparent aim of disrupting the election and undermining faith in America’s democratic institutions. Intelligence reports that have been published in 2017 demonstrate that state databases and third-party vendors not only were targeted for attack, but were breached.1 Regardless of the success of hacking attempts in 2016, the consensus among the intelligence community is that future attacks on American elections are inevitable.2 The inevitability of attacks is a key concept in cyber security, that is, it’s not whether a system will be attacked, but when.
The existence and national significance of this threat have escalated the priority of securing Pennsylvania’s elections infrastructure. Two primary areas that require immediate and sustained attention are 1) securing both the state and county networks, databases and data transmission infrastructure that touch elections; and 2) instilling confidence in election outcomes by replacing legacy voting systems with new systems that permit reliable recounts and audits.
During the time that I served the Commonwealth as Deputy Secretary for Elections and Administration and Special Advisor to the Governor on Election Policy, I worked with the Office of Administration-Office of Information Technology to protect the Commonwealth’s networks that touch elections and to implement procedures to recover from any potential attacks. These efforts complied with cyber security best practices to monitor, detect, respond and recover. OA-OIT’s experienced staff is continuing this effort, and along with the Department of State, they have engaged county CIOs and technology staff to coordinate similar efforts at the counties working through the Commonwealth’s relationship with the County Commissioners Association of Pennsylvania (CCAP). Assuming the administration receives support from the General Assembly, the Commonwealth is on the right track to taking the necessary steps to monitor, detect, respond and recover from cyber attacks.