Institute for Cyber Law, Policy, and Security

The Blue Ribbon Commission on Pennsylvania’s Election Security – Interim Recommendations on Voting Systems

The Blue Ribbon Commission on Pennsylvania’s Election Security

        Interim Recommendations on Voting Systems  

There is no publicly available evidence of successful hacking of the 2016 US elections, in Pennsylvania or elsewhere. However, there is also no question that Pennsylvania’s elections, like other states, are under threat.

This is not a partisan issue. All Pennsylvanians should be concerned about the current status quo with respect to the cybersecurity of our elections. By multiple assessments, Pennsylvania is one of the states most vulnerable to election manipulation or election-day technical problems, in large part because of its reliance on older electronic voting systems. An estimated 83 percent of Pennsylvanians vote on machines that offer no auditable paper record. The lack of an auditable record could prevent Pennsylvania’s counties from detecting a successful hacking or even benign error, and prevents counties from recovering in such an event. As the US Secretary of the Department of Homeland Security Kierstjen Nielsen has testified, not having a verifiable way to audit election results is a “national security concern.”

Manipulating voting machines is one feasible method of an attack on our elections—and one that should be guarded against. Pennsylvania therefore took a significant step forward in improving its election security when Acting Secretary of State Robert Torres directed on April 12, 2018, that all Pennsylvania counties have “voter-verifiable paper record voting systems selected no later than December 31, 2019, and preferably in place by the November 2019 general election.” Per an earlier directive, any elections systems purchased February 9, 2018 onward must include a paper audit capacity.

These actions and others by Governor Wolf’s Administration bode well for the future of Pennsylvania’s election security. It deserves credit for thoughtful and thorough ongoing attention to the issue.

Local election officials also deserve thanks from all of us living in the Commonwealth for their commitment to the extraordinary effort that is administering our elections—and now the tremendous responsibility of securing them from nation-state adversaries.

However, additional actions from the Governor and Secretary of State, the General Assembly, and counties will be needed to ensure the security of Pennsylvania’s vote—and citizens’ faith therein.

With this in mind, the Blue Ribbon Commission on Pennsylvania’s Election Security has undertaken a study of Pennsylvania’s preparedness. Our full report and recommendations will be issued in early 2019. However, given the urgency of the threat and that many counties are appropriately undertaking decisions with respect to replacing outdated voting systems, the Commission has decided to issue interim recommendations with respect to new voting systems.

We note with caution that while voting systems often receive the most attention from media reports, efforts are also needed to secure Pennsylvania’s election security throughout the broader election architecture. This includes the security of election management systems; the voter registration system; and response and recovery in the event of a cyber incident, including disinformation campaigns. Our 2019 report will include full attention to these issues, in addition to a more fulsome discussion of voting systems and improving Pennsylvania’s election audits.


(1)   Counties Should Replace Vulnerable Voting Machines.

  • Those counties using DREs without voter-verifiable paper audit trails should replace them with systems using voter-marked paper ballots (either by hand or by machine) before 2020 and preferably for the November 2019 election, as directed by the Pennsylvania Department of State.

(2)   The Pennsylvania General Assembly and the Federal Government Should Help Counties Purchase Secure Voting Systems.

  • Pennsylvanians, including public officials, must recognize that election security infrastructure requires regular investments and upgrades. Our elections—and Pennsylvanian’s faith in them—are not free
  • The General Assembly should appropriate funding to help cover the cost of counties’ purchasing voting systems with voter-marked paper ballots (either by hand or by machine) and other needed improvements to Pennsylvania’s election security. It should also consider creating a fund for regular future appropriations as upgrades in security and accessibility technologies merit.
  • The US Congress should provide additional appropriations for those states, like Pennsylvania, which need to replace significant numbers of DREs without voter-verifiable paper audit trails.

(3)   Follow Vendor Selection and Management Best Practices To Minimize Supply Chain Vulnerabilities.

  • As election officials work with vendors on a range of items affecting the election architecture, including ballot preparation, logic and accuracy testing, and equipment procurement, it is imperative to safeguard against supply chain vulnerabilities and to assess vendors for potential security risks. This includes using a vendor’s cybersecurity readiness as a primary metric in procurement decision-making and conducting ongoing cybersecurity monitoring throughout the life cycle of the vendor relationship.

Pennsylvania’s elections are at risk. And one of the biggest risks is one that we can control—properly funding our election security, including by procuring voting machines that use voter-marked paper ballots.

We recognize that the General Assembly and counties have many funding priorities. The County Commission Association of Pennsylvania estimates the cost for replacing voting machines to be $125 million statewide. The majority of Pennsylvania’s current voting machines leave the integrity of our Commonwealth’s vote at risk. This is unacceptable. Compared to the magnitude of this risk, $125 million is a relative bargain.

Pennsylvania, like any other state, cannot entirely eliminate the risk of cyberattack or other errors on its computerized voting systems. However, it can work to both reduce the potential for attack and mitigate its impact in the instance of an attack. The faith in the integrity of our elections is at stake. Once shaken, it will be difficult to restore.


The Blue Ribbon Commission on Pennsylvania’s Election Security

David Hickton – Founding Director, Pitt Cyber; former US Attorney for the Western District of Pennsylvania (co-chair)

Paul McNulty – President, Grove City College; former Deputy Attorney General of the United States; former US Attorney for the Eastern District of Virginia (co-chair)

Jim Brown – Former Chief of Staff to US Senator Robert P. Casey, Jr; former Chief of Staff to Pennsylvania Governor Robert P. Casey

Esther L. Bush – President and CEO, Urban League of Greater Pittsburgh

Mary Ellen Callahan – Former Chief Privacy Officer, US Department of Homeland Security

Susan Carty – President, League of Women Voters of Pennsylvania

Nelson A. Diaz – Retired judge, Philadelphia Court of Common Pleas

Jane Earll – Attorney; former Pennsylvania State Senator

Douglas E. Hill – Executive Director, County Commissioners Association of Pennsylvania

Mark A. Holman – Partner, Ridge Policy Group; former Deputy Assistant to the President for Homeland Security; former Chief of Staff to Pennsylvania Governor Tom Ridge

Ken Lawrence – Vice Chair, Montgomery County Board of Commissioners

Mark A. Nordenberg – Chair of the Institute of Politics, University of Pittsburgh; Chancellor Emeritus of the University; Distinguished Service Professor of Law

Grant Oliphant – President, The Heinz Endowments

Peri Jude Radecic – CEO, Disability Rights Pennsylvania

Pedro A. Ramos – President and CEO, The Philadelphia Foundation

James C. Roddey – Former Chief Executive, Allegheny County

Marian K. Schneider – President, Verified Voting; former Pennsylvania Deputy Secretary of State for Elections and Administration

Bobbie Stempfley – Director, CERT Division, Software Engineering Institute, Carnegie Mellon University

David Thornburgh – President and CEO, Committee of Seventy

Sharon Werner – Former Chief of Staff to US Attorneys General Eric H. Holder, Jr. and Loretta E. Lynch

Dennis Yablonsky – Former CEO, Allegheny Conference on Community Development; former Pennsylvania Secretary of Community and Economic Development


Senior Advisors

     Charlie Dent – Former US Congressman, 15th District of Pennsylvania

Paul H. O’Neill – 72nd Secretary of the US Treasury

Dick Thornburgh – Former Governor, Pennsylvania; former Attorney General of the United States; former Under-Secretary-General of the United Nations

Affiliations are provided for identification purposes. Commissioners are serving in their personal capacities.


About the Commission:  The Blue Ribbon Commission on Pennsylvania’s Election Security is an independent, bipartisan commission studying Pennsylvania’s election cybersecurity, hosted by the University of Pittsburgh Institute for Cyber Law, Policy, and Security (Pitt Cyber). We are grateful for the generous support of The Heinz Endowments and the Charles H. Spang Fund of The Pittsburgh Foundation. Pitt Cyber and the commission are grateful for the partnership of Verified Voting and for technical advice from Carnegie Mellon’s Software Engineering Institute CERT Division.

Click here to download a printable version of this webpage.