全球智库信息集成服务系统

See: Matrix of state grades

In 2016, America’s elections were targeted by a foreign nation-state intent on infiltrating and manipulating our electoral system. On September 22, 2017, it was reported that the U.S. Department of Homeland Security (DHS) notified 21 states that were targeted by hackers during the 2016 election.¹ Among those states notified by DHS were: Alabama, Alaska, Colorado, Connecticut, Delaware, Florida, Illinois, Maryland, Minnesota, Ohio, Oklahoma, Oregon, North Dakota, Pennsylvania, Virginia, and Washington.² Arizona, California, Iowa, Texas, and Wisconsin were also among those states originally contacted by DHS. However, those states have denied that their election systems were attacked.³ Ultimately, hackers only reportedly succeeded in breaching the voter registration system of one state: Illinois.⁴ And while DHS did not name those responsible for the attempted hacks, many believe the culprits can be traced back to Russia.⁵ Experts have warned that a future attack on our election infrastructure, by Russia or other malicious actors, is all but guaranteed.⁶

By now, the American people have been alerted to many vulnerabilities in the country’s election systems, including the relative ease of voting machine hacking,⁷ threats to voter registration systems and voter privacy,⁸ and disinformation campaigns waged by foreign nation-states aimed at confusing voters and inciting conflict.⁹ If left unaddressed, these vulnerabilities threaten to undermine the stability of our democratic system.

Free and fair elections are a central pillar of our democracy. Through them, Americans make choices about the country’s future—what policies will be enacted and who will represent their interests in the states, Congress, and beyond. The right of Americans to choose their own political destiny is in danger of being overtaken by foreign nation-states bent on shifting the balance of power in their favor and undermining American’s confidence in election results. In our democracy, every vote counts, as evidenced by the race for Virginia’s House of Delegate’s 94th District, which was decided by lottery after being tied.¹⁰ That contest illustrates the inherent worth and power behind each vote as well as the necessity of protecting elections from tampering on even the smallest scale.¹¹ Every vote must count, and every vote must be counted as cast.

Election security is not a partisan issue. As aptly noted by the chairman of the U.S. Senate Select Committee on Intelligence, Sen. Richard Burr (R-NC), “Russian activities during the 2016 election may have been aimed at one party’s candidate, but … in 2018 and 2020, it could be aimed at anyone, at home or abroad.”¹² Failing to address existing vulnerabilities and prepare for future attacks puts the nation’s security at risk and is an affront to the rights and freedoms at the core of American democracy. Already, we are running out of time to prepare for the 2018 elections, while the 2020 presidential election is looming.¹³ Another attack on our elections by nation-states such as Russia is fast approaching.¹⁴ Leaders at every level must take immediate steps to secure elections by investing in election infrastructure and protocols that help prevent hacking and machine malfunction. In doing so, the United States will be well positioned to outsmart those seeking to undermine American elections and to protect the integrity of every vote.

To understand risks to our election systems and plan for the future, it is necessary to identify existing vulnerabilities in election infrastructure so we can properly assess where resources should be allocated and establish preventative measures and strategies. Only through understanding the terrain can the nation rise to the challenge of preventing voting machine malfunction and defending America’s elections from adversarial attempts to undermine our election infrastructure.

In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections.¹⁵ This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:

1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing

This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.

It is important to note at the outset that this report is not meant to be comprehensive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and procedures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals¹⁶ who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas.¹⁷

This report is not an indictment of state and local election officials. Indeed, many of the procedures and requirements considered and contained within this report are created by statute and under the purview of state legislators instead of election officials. Election officials are tasked with protecting our elections, are the first to respond to problems on Election Day, and work diligently to defend the security of elections with the resources available to them. Unfortunately, funding, personnel, and technological constraints have limited what they have been able to do related to election security. We hope that by identifying potential threats to existing state law and practice, this report helps lead to the allocation of much needed funding and resources to election officials and systems in the states and at the local level.

It is within the purview of the states to administer elections.¹⁸ And although members of Congress may not have a direct hand in the processes and procedures for carrying out elections, they still have a role to play by ensuring elections are properly and adequately funded. Nearly three-quarters of states are estimated to have less than 10 percent of funding remaining from the Help America Vote Act, which allocated nearly $4 billion in 2002 to help states with elections.¹⁹ According to a 2017 report, 21 states support receiving more funding from the federal government to help secure elections.²⁰

All 50 states have taken at least some steps to provide security in their election administration. In recent examples:

• Virginia overhauled its paperless direct recording electronic voting machines and switched to a statewide paper ballot voting system just weeks before the 2017 elections.
• In 2017, Colorado became the first state to carry out mandatory risk-limiting post-election audits.
• In 2017, Rhode Island passed a bill requiring risk-limiting post-election audits for future elections.
• A new election vendor contract in Alabama requires election officials with access to the state’s voter registration system to undergo cybersecurity training prior to elections.
• In December 2017, New York Gov. Andrew Cuomo (D) announced a new election security initiative as part of his 2018 State of the State agenda, including creating a state Election Support Center, developing an Elections Cyber Security Support Toolkit, and providing Cyber Risk Vulnerability Assessments and Support for Local Boards of Elections, among other things.
• At least 36 states are coordinating with or have already enlisted some help from DHS or the National Guard in assessing and identifying potential threats to voter registration systems.

Additionally, states such as Delaware and Louisiana are considering replacing their paperless voting systems with technology that produces voter verified paper ballots, and Indiana is considering implementing risk-limiting post-election audits for the 2018 elections. Florida Gov. Rick Scott (R) has requested millions of dollars in funding aimed at protecting election systems and software from attack. And on February 9, Gov. Tom Wolf’s (D) administration in Pennsylvania—which still uses paperless voting machines in some jurisdictions—ordered counties looking to replace voting systems to purchase machines with paper records.

No state received a perfect score in this report. With few exceptions, most states fell in the middle of the spectrum: No state received an A; 11 states received a B; 23 states received a C; 12 states received a D; and five states received an F.

The main takeaway from the Center for American Progress’ research and analysis is that all states have room for improvement:

• Fourteen states use paperless DRE machines in at least some jurisdictions. Five states rely exclusively on paperless DRE machines for voting.
• Thirty-three states have post-election audit procedures that are unsatisfactory from an election security standpoint, due either to the state’s use of paperless DRE machines, which cannot be adequately audited, or other factors. At least 18 states do not legally require post-election audits or require jurisdictions to meet certain criteria before audits may be carried out.
• Thirty-two states allow regular absentee voters and/or U.S. citizens and service members living or stationed abroad to return voted ballots electronically, a practice deemed insecure by election and cybersecurity experts.
• At least 10 states do not provide cybersecurity training to election officials.

This point cannot be overemphasized: Even states that received a B or a C have significant vulnerabilities that leave them susceptible to hacking and infiltration by sophisticated nation-states. However, by making meaningful changes to how elections are carried out, states can improve their overall election security while supporting public confidence in election procedures and outcomes.

The election security factors considered in this report were selected based on their ability to evaluate election security and preparedness at the state level. They are:

1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper audit trail
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing

The information included in this report is derived primarily from state statutes and regulations, as well as interviews with state and local election officials. A debt of gratitude is owed to several organizations for the work they’ve conducted on the seven categories considered in this report, including the Brennan Center for Justice, Common Cause, Verified Voting, the Pew Charitable Trusts, and the National Conference of State Legislatures. We also drew from information supplied by the U.S. Election Assistance Commission.

As part of our research, we reached out to the offices of the top election official in all 50 states plus the District of Columbia, requesting phone interviews to verify research and provide election officials the opportunity to expand on state requirements. In addition to requesting phone conversations, we sent state election offices a survey covering our areas of interest, which we invited them to complete in the event that they were unable to speak over the phone. The authors requested a follow up phone interview with any state that opted to fill out the survey. Finally, each state was given the opportunity to review and comment on our assessments prior to the publication of this report.

For grading each state’s level of election security preparedness, we awarded points based on a state’s adherence to a set of best practices included within each category. Each of the seven categories was graded on either a 1-point or 3-point scale so that the highest total score a state could receive was 13 points. In four categories, if a state adheres to all the best practices included within a category it received a “fair” score, and 1 point for that category. If the state adheres to some standards, but not others, it received a score of 0, or “unsatisfactory.”

Three key categories were graded on a 3-point scale, those being voter-verified paper audit trail, post-election audits, and minimum cybersecurity standards for voter registration systems. The 3-point scale was assigned to categories that, if implemented correctly, are found to greatly improve election security and where the standards were numerous, so it made sense to supplement the category with the opportunities to earn additional points.

The point distribution varies slightly for these three categories. For example, states that carry out elections through the exclusive use of paper ballots received 3 points, or a “good” score, for that category. States that use VVPR-producing DRE machines statewide or in combination with paper ballots and/or ballot marking devices received a “fair” score. While recognizing that paper ballots are the most hack-proof way of conducting elections, we still wanted to recognize states using DRE machines that provide a paper record of votes cast. If a state uses paperless DRE machines in any of its jurisdictions, it received an “unsatisfactory” score for that category.

For the category of post-election audits, this report identifies nine best practices for carrying out such audits. Because robust post-election audits are considered particularly important for improving election security, states must adhere to all nine of those best practices to receive a “good” score for this category. States that meet seven or eight standards received a “fair” score, and meeting three to six standards earned a state a “mixed” score. Failing to adhere to at least two “best practices” resulted in the state receiving 0 points for this category. Even if a state met a majority of the best practices included in this category, it could still receive an “unsatisfactory” score if it failed to meet the best practices of making audits mandatory or controlling for erroneous preliminary outcomes, as these are particularly important for carrying out meaningful post-election audits. A state also automatically earned an “unsatisfactory” score for this category if it uses paperless DRE machines in any jurisdictions, as these machines are impossible to adequately audit.

The category of minimum cybersecurity standards for voter registration systems is one of those where the recommended minimum standards are so numerous that it made sense to provide states with the opportunity to earn additional points for adhering to all or almost all of the recommendations. The scoring for this category differed slightly depending on whether the state uses electronic poll books. Because we did not want to penalize states for their decision to use or not to use electronic poll books, the two recommended standards relating to electronic poll books were not considered for scoring states that do not use them. Thus, states that use electronic poll books were measured against a total of eight standards, while states that do not use electronic poll books—or are only in the early piloting stages of using electronic poll books—were measured against a total of six standards, as detailed further below.

Each individual best practice standard within a given category was given equal weight, aside from the exceptions mentioned above.

In some cases, information on a state’s adherence to cybersecurity standards for voter registration systems was difficult to find. There are many reasons states may have for keeping information on specific cybersecurity requirements of state-run databases private and inaccessible to the public, including researchers. Throughout our research, we made numerous attempts to reach out to state officials about their states’ cybersecurity requirements and practices for voter registration. Unfortunately, some states failed to respond to our requests for information and comment, while others refused to do so, citing legal or security reasons in some cases. As a result, we were unable to award these states credit for certain cybersecurity standards due to missing pieces of information. This is not to say that these states do not in fact require these important security measures, but rather that we were unable to award credit to the state for information that was not provided. In such cases, states received an “incomplete” for the cybersecurity category with missing information, but were awarded credit where possible based on the information we did have. We felt that this was the fairest way to handle the point distribution, as we did not want to deter states from sharing information with us or punish those states that did share information on voter registration cybersecurity. To increase transparency and public confidence in U.S. elections, it is important that the public have access to information about the measures that states are taking to protect voter data. Notably, states with an “incomplete” score in the cybersecurity category may have a higher score overall if they are in fact carrying out the missing standards. However, at most, a state with an “incomplete” score in the cybersecurity category would raise its grade by only one letter grade if it adheres to all the missing best practices standards in that category. In most cases, a state’s grade would not change at all given the point distribution for other categories. We indicate that a state’s grade may be higher by way of a solidus or forward slash (Example: D/C) if there was information missing on a state’s voter registration cybersecurity requirements and if the state’s overall grade would change if it is carrying out the missing cybersecurity best practices.

The issue of election security is expansive and fast-moving. As such, it is always possible that certain data points may need updating as state laws and practices change or more information becomes available. Information contained in this report reflects research and analysis at the point of publication.

The grades for each state were assigned per the following point distribution:

• A = 13 points
• B = 10 points to 12 points
• C = 7 points to 9 points
• D = 4 points to 6 points
• F = 1 point to 3 points

A more comprehensive description of the standards and explanation of the best practices against which states were graded is below.

Category 1: Cybersecurity standards for voter registration systems

Some states still use voter registration databases that are more than a decade old, leaving them susceptible to modern-day cyberattacks.²¹ If successfully breached, hackers could alter or delete voter registration information, which in turn could result in eligible voters being turned away at the polls or prevented from casting ballots that count. Hackers could, for example, switch just a few letters in a registered voter’s name without detection.²² In states with strict voter ID laws, eligible voters could be prevented from voting because of discrepancies between the name listed in an official poll book and the individual’s ID. In addition, by changing or deleting a registered individual’s political affiliation, hackers could prevent would-be voters from participating in partisan primaries.

There are serious privacy implications associated with breaches to voter registration databases. Voter registration lists contain myriad personal information about eligible voters—including names, addresses, dates of birth, driver’s license numbers, political affiliations, and partial Social Security numbers—that could be used by foreign or domestic adversaries in any number of ways.²³ Moreover, while electronic poll books have been shown to increase efficiency and reduce wait times at polling places, they are subject to tampering and malfunction, as is true with any electronic system.²⁴ Guarding voter registration systems against hacking and manipulation is therefore critically important to protecting the right to vote and voter privacy.

It is worth noting that the recommendations listed below represent minimum cybersecurity standards that states should have in place to protect their voter registration systems. We sought to frame our inquiry into state voter registration systems broadly to avoid providing any kind of road map to potential malicious actors. We know that there are cybersecurity standards beyond those listed below that states should adopt in order to protect voter information, and we recommend that election officials work with cybersecurity experts in implementing them. For example, all states should have a backup voter registration database available in case emergencies arise.

The factors considered for grading in this category are:

• Whether the state’s voter registration system provides access control to ensure that only authorized personnel can access the voter registration database. Access control is perhaps the most basic cybersecurity requirement that all states should implement to prevent unauthorized access to voter registration databases and sensitive voter information.²⁵ Access control measures can consist of anything from single or multifactor authentication to IP-recognition software, ensuring that only those with permission have access to the voter registration system.
• Whether the state’s voter registration system has logging capabilities to track modifications to the voter registration database. Logging capabilities allow cyberprofessionals to monitor activity—innocent and malicious—on databases containing sensitive information.²⁶ When used, the software records all changes made to a database, oftentimes along with the name or IP address of the user responsible. A timestamp of when the change was made is also often provided.²⁷ Logging capabilities assist with investigations into suspicious cyberactivity by allowing cyberanalysts to identify and track those responsible.
• Whether the state’s voter registration system includes an intrusion detection system that monitors a network of systems for irregularities. As the name suggests, intrusion detection systems monitor networks and computers for malicious or anomalous activity and alert relevant parties when potential problems arise.²⁸ Intrusion detection systems can include firewalls, anti-virus software, and spyware detection programs, to name just a few.²⁹ Given the increasing frequency and growing sophistication of modern-day cyberattacks, state officials must be alerted to potential breaches as soon as they occur so that they can respond accordingly to prevent the loss or alteration of sensitive information.
• Whether the state performs regular vulnerability analysis on its voter registration system. To understand the full extent of election-related risk, vulnerability assessments should be carried out continuously on voter registration databases. By conducting regular vulnerability assessments, the state can identify the existence and extent of potential weakness within its voter registration system. By doing so, election officials can better determine where government resources should be allocated and plan for preventative measures and strategies.
• Whether the state has enlisted DHS or the National Guard to help identify and assess potential threats to its voter registration system. While it is important for states to retain a level of autonomy over the administration of their elections, many states lack the personnel and resources necessary to thoroughly probe and analyze complex cybervulnerabilities in election databases and machines. Federal agencies and military personnel with expertise in cybersecurity and who may be privy to classified information on contemporaneous cyberthreats should be responsible for carrying out comprehensive threat assessments on election infrastructure.³⁰ By combining their expertise on cyberthreats and insight into the unique qualities of localized election infrastructure, state and federal officials can better assess and deter attempts at electoral disruption.³¹ DHS services—which can include cyberhygiene scans, risk and vulnerability assessments, and incident response assistant, among other things³²—come at no cost to the states.³³
• Whether the state provides cybersecurity training to election officials. Election officials are on the front lines of guarding U.S. elections against attack by foreign and domestic actors, as well as a host of other potential Election Day problems. However, few election officials possess the kind of cybersecurity expertise necessary to detect and protect against potential attacks.³⁴ Even basic training to identify spear-phishing attempts and respond to other suspicious cybernetwork activity can go a long way toward improving election security.

For states that use electronic poll books, additional considerations are:

• Whether the state requires that all electronic poll books undergo testing before Election Day. As with all voting machines, electronic poll books should be tested prior to Election Day to ensure that they are in good and proper working order. In doing so, election officials can avoid machine malfunctions on Election Day that result in long lines for voters, which can hinder voter participation.
• Whether backup paper voter registration lists are available at polling places using electronic poll books on Election Day. To ensur