Reports of attempted foreign interference in our electoral process have only reinforced our dedication to protecting election integrity. Since 2016, the Pennsylvania Department of State has greatly intensified its election security efforts with increased monitoring, fortified voting system defenses, and added layers of protection to the commonwealth’s voter registration database.
We have also built the relationships and technical infrastructure necessary to sustain this high level of vigilance.
New, More Secure Voting Systems in Pennsylvania
In April 2018, the Department of State directed all Pennsylvania counties to select new voting systems with voter-verifiable paper records by Dec. 31, 2019, and implement them no later than the 2020 primary election. These systems will ensure that Pennsylvanians are voting on the most secure, accessible and auditable equipment available.
In 2018 and 2019, the department certified seven new voting systems that provide a paper record, meet the latest standards of security and accessibility, and can be thoroughly audited. In addition, in Pennsylvania every voting system and paper ballot must include plain text that voters can read to verify their choices before casting their ballot, and every system has successfully completed penetration testing, access control testing, and testing to ensure that every access point, software and firmware are protected from tampering.
To assist counties further, Act 77, signed into law by Governor Wolf on October 31, allocates $90 million in bond funding to reimburse counties for up to 60 percent of their allowable costs for replacing old voting machines with new systems that meet current security and accessibility standards by the 2020 primary. These funds are in addition to $14.15 million in federal funding and a state match that Gov. Wolf set aside in 2018 for distribution to counties for new voting systems meeting these standards and timelines. Any remaining bond proceeds may be used for the Department to fund grants to purchase county election security equipment.
As of the June 2, 2020, primary election, all 67 of the Pennsylvania's counties have deployed voting systems that produce voter-verifiable paper records and meet 21st-century standards of security, auditability and accessibility.
Election Security at the State Level
Election Security - State Level
Election Security - State Level
Election Security at the Local Level
Election Security - Local Level
Election Security - Local Level
More Robust Post-Election Audits
Pennsylvania counties conduct two types of post-election analyses: a 2% statistical sample required by state statute, and a statewide risk-limiting audit (RLA), which counties have been directed to conduct for the November 2022 general election.
As currently required as part of the computation and canvass of returns, counties must complete the statistical sample required by law (25 P.S. § 3031.17). County boards of elections are required to conduct a statistical recount of a random sample of at least 2% of the ballots cast or 2,000 ballots, whichever number is fewer.
Risk-limiting audits are scientifically designed procedures that use statistical methods to confirm election outcomes and to detect possible interference. RLAs examine a random sample of paper ballots, comparing the votes on paper to the totals reported by the vote-counting machines to ensure that the reported outcome of the contest being audited is correct. These types of audits can confirm that voting systems tabulated the paper ballots accurately enough that a full hand count would produce the same outcome.
Learn more about how enhanced post-election audits advance election security and assure Pennsylvanians that their votes count.
Safe and Secure Voter Registration and Voting Systems
Some of the many ongoing steps being taken to ensure that Pennsylvania’s voter registration and voting systems remain safe and secure:
- The Commonwealth utilizes multiple layers of protection.
- A layered set of protections is in place to secure voter registration databases.
- Continuous monitoring of the commonwealth's technical environment means alerts are reviewed and acted upon quickly.
- Pennsylvania has partnered with the U.S. Department of Homeland Security to conduct multiple in-depth vulnerability assessments of the commonwealth's cybersecurity posture.
- Precinct election results are not submitted through a network. They are physically delivered by precinct officials to county election officials, and duplicate copies of the printed results are retained. Official election results are then certified under the seal of the county and are physically delivered to the state.
- The Department of State has issued guidance to counties on the following topics for election preparedness and security:
- Pre-election testing
- Password and permissions management
- Restricting access
- File transfers
- Vote canvassing
- All certified voting systems in Pennsylvania, including the election management system and vote-tallying components, are never connected to or permitted on internet-facing networks, which significantly decreases opportunities to be hacked.
- Appropriate use of encryption technology and other tools raises the bar on protecting systems.
- Independent vulnerability assessments are frequently performed to verify established protections. There is no evidence that Pennsylvania’s voter rolls or vote results have ever been hacked or compromised.
- Counties strictly secure their voting systems. Every county election board inspects and tests each piece of voting and tabulating equipment before an election and places locks with tamper-evident seals on all voting machine access points.
- The Department of State directed all Pennsylvania counties to select new voting systems with voter-verifiable paper ballots by the end of 2019 to ensure that Pennsylvania voters are voting on the most secure, accessible, and auditable equipment available.
Collaboration and Communications
The Department of State works closely with all 67 county boards of elections, as well as experts from:
- the state and federal Departments of Homeland Security,
- Center for Internet Security (CIS),
- the National Guard,
- the Office of Administration (OA),
- the Pennsylvania Emergency Management Agency (PEMA),
- state and county IT staff,
- and other key partners to maintain and enhance the security of our election process.
Engaging in Strategic Data Sharing
Pennsylvania works with CIS's Multi-State Information Sharing and Analysis Center (MS-ISAC) to gather and share intelligence about cyber threats (such as website defacement) that target government or government-affiliated systems.
We also participate in CIS's Elections Infrastructure Information Sharing and Analysis Center (EI- ISAC), an elections-focused cyber defense suite providing additional free support and resources including forensic analyses and emergency response teams.
Pennsylvania, like many states, continues to see increasing MS-ISAC and EI-ISAC membership among its counties.
Select Pennsylvania Department of State staff have national security clearances to extend our access to classified information and bolster our election security.
Developing and Maintaining Crucial County Partnerships
In 2017, the Department of State formed an election security workgroup of County Commissioners Association of Pennsylvania (CCAP) representatives, county election directors, Department of State staff and county and state IT directors to discuss security issues, share training resources and conduct security self-assessments on each participating county's security posture.
In 2018, the Wolf Administration formed an Executive Interagency Workgroup to further fortify our election security by bringing together experts from the Department of State, Homeland Security, Emergency Management Agency, Information Technology, State Police, National Guard, Office of State Inspector General and the Department of Military and Veterans Affairs. This team of key agencies collaborates on increasing security resources, training, support, communication and preparation.
The Pennsylvania National Guard’s Cyber Defense Team was recently chosen to be the first National Guard team to participate in a new U.S. Department of Homeland Security (USDHS) program to train third parties to conduct Risk and Vulnerability Assessments (RVA) to USDHS standards.