VIDEO-Election landslide: Hackers vs. state voter systems

Currently, voting systems are not considered critical infrastructure under federal regulations, so those in charge of these systems are on their own in terms of deciding on the best approaches in dealing with cybersecurity threats.

Taking into consideration preparedness plans, such as regular threat assessments, incident response and information sharing, the Pell Center report found the most cyber-ready U.S. state was California, followed by Maryland and Michigan.

Since the Pell Center data was published a little less than a year ago, some states — Indiana, for example — have launched cybersecurity commissions and passed cyber-related legislation.

In Pennsylvania, another key presidential election state, Secretary of State Pedro A. Cortés said it is working to ensure the security and integrity of the November election. "In recent weeks, there has been talk about vulnerabilities in the nation's election infrastructure," Cortés said in a release. "Our election staff is working closely with federal and state experts to implement all available strategies to strengthen security."

A spokeswoman for the Pennsylvania Department of State stressed the distinction between voter registration databases and actual voting systems. In Pennsylvania, precinct voting systems are never connected to the internet. And while Pennsylvania's online voter registration application is on the web, applicants' personal information is stored in a statewide Uniform Registry of Electors voter registration database that is not connected to the internet and is only accessible internally.

A spokeswoman for the New Jersey Office of Homeland Security and Preparedness said it is working with federal and state partners and continuously reviewing the effectiveness of the security controls for all state systems and monitoring them for any suspicious activity. She said one major difference between New Jersey's voter registration system and that of Arizona and Illinois — states hit by recent attacks — is that New Jersey does not allow online voter registration.

Commission recommendations and conversations, though, are not the same as implementation, and states don't have much to show for existing efforts. "It's a good effort to bring experts together to talk about issues in states, but it's still not a solution," Spidalieri said. "No state has yet devised a comprehensive plan that aligns the state economic vision with their security priorities when it comes to this issue."

Mauricio Paez, a partner at Jones Day who manages the firm's privacy and cybersecurity practice, said the problem is not only that many voter registration systems in the United States are antiquated from a security perspective but that "there's a decentralized approach in terms of dealing with these breaches, because there is no uniform standard for states to address these risks."

http://www.cnbc.com/2016/09/02/election-landslide-hackers-vs-state-voter-systems.html