Critical Infrastructure Security, Critical Infrastructure Security, Network Security

State of Security: Delaware

Who's in Charge: Commissioner of Elections Elaine Manlove

Delaware may be known as the First State, but it certainly doesn't come in first when it comes to cybersecurity.

To document and tabulate its residents' votes, the tiny mid-Atlantic state uses the Danaher Shouptronic 1242 – a push-button direct-record electronic solution that does not have a voter-verified paper audit trail. This lack of paper back-up would make it very difficult to catch, audit or meaningfully remedy a successful attempt to hack into the machines and modify vote totals.

Absentee ballots are recorded on paper, but still carry some risk, as these ballots can be returned via email or fax.

Earlier this year the state accepted a $13 million bid to replace its current voting machines by 2020 with equipment from Election Systems & Software (ES&S), including the ExpressVote XL, a brand new DRE system that produces a voter-verified paper audit trail. However, officials were criticized for a lack of transparency after reportedly refusing to disclose the details of the bidding process to the public. The watchdog group Common Cause successfully sued the state under the Freedom of Information Act in order to obtain the relevant documentation.

The Center for American Progress has handed Delaware a "D" grade for its election security, due to its use of DRE machines without a VVPAT, and also because it fails to mandate post-election audits. On the plus side, the state's voter registration system benefits from access control, logging and intrusion detection, and vulnerability assessments. Also, all machines are test to EAC Voluntary Voting System Guidelines.

Delaware, which was one of 21 states to be targeted by Russian hackers in the run-up to the 2016 U.S. presidential election, was apportioned $3 million in federal funds this year under the Help America Vote Act.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.