PA Sec. of State: available cyber security safeguards used for election integrity

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Harrisburg, PA – Secretary of State Pedro A. Cortés said today the Commonwealth is taking advantage of all available resources in working to ensure the security and integrity of the November election.

“In recent weeks, there has been talk about vulnerabilities in the nation’s election infrastructure,” Secretary Cortés said. “Our election staff is working closely with federal and state experts to implement all available strategies to strengthen security.”

Department of State (DOS) staff recently joined election officials nationwide in a conference call with U.S. Department of Homeland Security (DHS) Secretary Jeh Johnson. During that call, Secretary Johnson offered his agency’s assistance in conducting risk assessments as the states prepare their election systems for the November balloting.

“The Department has since been in touch with the DHS cyber security team to look at ways they can be of assistance in Pennsylvania,” said Deputy Secretary of Elections and Administration Marian K. Schneider.

“We have had conversations with Homeland Security regarding the services they could provide before November,” Deputy Schneider said. “Our goal is to proactively take any steps possible to make sure that Pennsylvania’s statewide election infrastructure is as secure as possible.”

Schneider pointed out that the Department has never permitted any precinct voting systems to be connected to the Internet, and that prohibition is still in place.

In addition, DOS is preparing an updated directive for the counties that will cover good cyber security practices for elections, including isolating computers from networks, strict password and privilege management, best practices for preparing voting systems and transmitting election night returns, and pre-election logic and accuracy testing. When complete, the directive will be posted on the

“Most of the information in the directive has been communicated to the counties in the past, but this will serve as a refresher and will gather all the information in one document,” Schneider said.

She added that adherence to the processes in the directive will minimize risks associated with the legacy voting systems in use throughout the Commonwealth. The Department also recommends that the counties refer to guidelines issued by the federal government.

The state Office of Administration’s Chief Information Security Office works on a regular basis with DHS’ Security Liaison to monitor threats and respond appropriately. The Enterprise Information Security Office is taking all possible steps to guard the Commonwealth’s systems, including the voter registration database, and to defend the Commonwealth against cyber attacks, reduce its vulnerabilities and minimize the damage and recovery time from any attacks, if they occur.