Who's in Charge: Commissioner of Elections Elaine Manlove

Delaware may be known as the First State, but it certainly doesn't come in first when it comes to cybersecurity.

To document and tabulate its residents' votes, the tiny mid-Atlantic state uses the Danaher Shouptronic 1242 – a push-button direct-record electronic solution that does not have a voter-verified paper audit trail. This lack of paper back-up would make it very difficult to catch, audit or meaningfully remedy a successful attempt to hack into the machines and modify vote totals.

Absentee ballots are recorded on paper, but still carry some risk, as these ballots can be returned via email or fax.

Earlier this year the state accepted a $13 million bid to replace its current voting machines by 2020 with equipment from Election Systems & Software (ES&S), including the ExpressVote XL, a brand new DRE system that produces a voter-verified paper audit trail. However, officials were criticized for a lack of transparency after reportedly refusing to disclose the details of the bidding process to the public. The watchdog group Common Cause successfully sued the state under the Freedom of Information Act in order to obtain the relevant documentation.

The Center for American Progress has handed Delaware a "D" grade for its election security, due to its use of DRE machines without a VVPAT, and also because it fails to mandate post-election audits. On the plus side, the state's voter registration system benefits from access control, logging and intrusion detection, and vulnerability assessments. Also, all machines are test to EAC Voluntary Voting System Guidelines.

Delaware, which was one of 21 states to be targeted by Russian hackers in the run-up to the 2016 U.S. presidential election, was apportioned $3 million in federal funds this year under the Help America Vote Act.