Hackers last year made more than 90 billion cyber intrusion attempts against the Commonwealth, according to a state official. As a security precaution the state is withholding information on the number of attempts against specific applications.
Wanda Murren, press secretary for the state Department of State, said that such disclosure could potentially provide useful information to hackers and draw attention to the application, resulting in even more intrusion attempts.
“As for our efforts to guard against hacking, like other mission-critical systems and data, Pennsylvania protects its voter registration system with a cybersecurity program based upon industry best practices and careful protection,” Murren explained in an email to PennLive.
Across the country, local and state election systems remain under scrutiny amid reports that scores of them were compromised during the election.
The Hill last week reported that hackers had made nearly 150,000 attempts to break into South Carolina’s voter registration system on Election Day 2016. The Hill’s report was based on information from South Carolina’s election commission.
Pennsylvania election officials have no evidence of Election Day interference — from Russia or elsewhere — with the state’s voting system, which include about 25,000 voting machines.
According to the Department of Homeland Security, Russian hackers targeted 21 U.S. states’ election systems in last year’s presidential race. News media reports have suggested the number could have been more extensive. In at least one case, hackers made a successful attempt to alter voter information, Time reported in June. Thousands of voter records containing private information, including Social Security numbers, were stolen, Time reported.
The hacking integrity of states election systems remain under review across the country amid a probe that President Trump’s campaign had ties to Russia propaganda efforts.
Officials have not identified specific states targeted; nor do they have evidence that any actual votes were manipulated.
Murren said Pennsylvania has implemented policies, technologies, practices and procedures to safeguard data and protect applications, systems and resources. The state Chief Information Security Officer works closely with federal counterparts at the Department of Homeland Security, she added.
“We constantly monitor our data and systems for vulnerabilities and attempted attacks in order to keep pace with the rapidly evolving threat landscape,” she said.
Cyber intrusion attacks run the gamut and may include passive attacks, meaning information is monitored (such as eavesdropping), or active, meaning information is altered, corrupted or destroyed.
In the run-up to last fall’s election, Pennsylvania was the first state to take advantage of Homeland Security’s offer to do vulnerability testing and scanning, Murren said. That assessment gave the Commonwealth high grades overall. Some minor changes that were recommended were put in place.
State officials also work closely with county election offices to develop and implement best practices, Murren added.
The state Department of State, which oversees elections, issued a directive to counties in 2016 reiterating good cyber-hygiene practices for elections.
Pennsylvania is considered one of the states most susceptible to hacking because 96 percent of its voting machines store votes electronically. Still, state officials consider the state immune from hacking because its voting machines and tabulating systems aren’t connected to the internet.