University of Pittsburgh
September 25, 2018

Blue Ribbon Commission on Pennsylvania’s Election Security Calls for State and Federal Funding to Update Machines


PITTSBURGH—After a five-month study of Pennsylvania’s most critical election security needs, The Blue Ribbon Commission on Pennsylvania’s Election Security has released a set of interim recommendations, encouraging immediate actions by state and federal legislatures.

The independent, bipartisan commission was convened this year by David Hickton, founding director of the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security, and Grove City College President Paul McNulty, with support from The Heinz Endowments and the Charles H. Spang Fund of The Pittsburgh Foundation. The committee’s goal is to assess the cybersecurity of Pennsylvania’s election architecture, including voting machines and back-end systems, registration systems and resiliency and recovery in the instance of a cyberattack.

A full report of findings will be released early next year, but the commission released key recommendations today — including a call to replace vulnerable machines for the 2019 election and for the General Assembly and federal government to help fund the replacement. In 2016, more than 80 percent of Pennsylvania voters used voting machines without an auditable paper trail.

In addition, the commission also recommends ensuring cybersecurity best practices are being followed throughout the supply chain.

“The vast majority of Pennsylvania’s voting machines are vulnerable to electronic manipulation and have no paper back-ups to ensure the integrity of elections. Giving voters in Pennsylvania and across the country access to trustworthy equipment is a civic duty of the highest priority,” said Hickton. 

“This is not a partisan issue,” said McNulty. “We must not leave our elections — and therefore our democracy — at risk of cyberattack. There is no question that Pennsylvania’s outdated voting machines must be addressed.”

For more information, visit the commission’s website. The commission is hosted by the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security (Pitt Cyber) and in collaboration with Verified Voting and Carnegie Mellon’s Software Engineering Institute CERT Division.

# # #