Back in April, the U.S. Election Assistance Commission – a federal agency— divided $380 million among all states to help strengthen election systems. This week, the EAC reported how each state plans to use its share of this federal money. States will spend the most money on cybersecurity — 36 percent of the $380 million, by 41 states and territories. The rest will be spent on updating voting equipment, voting registration systems, and post-election audits.

Pennsylvania's allocation for cybersecurity? Zero.

Less than three months ahead of the midterm election, national security experts agree that an attack on election infrastructure is a serious threat. The state was one of the 21 states that were targeted by the Russian meddling apparatus ahead of the 2016 election. Last year Pa. Senate Democrats were locked out of their emails and other files by what seemed to be foreign hackers. Pennsylvania should consider itself a potential target ahead of the midterm.

Instead of investing in better cybersecurity to protect voter registration and communications of election officials, Pennsylvania is going to spend all of its $14,149,964 — which includes a 5 percent match from the state — on new voting machines. These are necessary,  since the state is one of the 13 states that still uses voting machines that leave no paper trail and as such cannot be audited, according to the Brennan Center for Justice at New York University. The federal funds fall far short of being able to replace all the machines — estimated by the Pa. Department of State to be between $95 and $153 million. The state ordered counties to replace all non-auditable machines by 2020 and the federal funds will go toward counties' effort.

There's no question this is a priority, mainly because the faster the commonwealth replaces the machines, the fast it can address other election security concerns. (When Virginia made voting machines a priority, they were all replaced in 59 days – not two years.)

Earlier this month, in the yearly hacking conference Def Con, it took less than 10 minutes for most of the 11-year-old kids to hack state and campaign websites.

To address cybersecurity concerns for the state, in July, Gov. Tom Wolf established the Inter-Agency Election Preparedness and Security Workgroup. In August, Workgroup members participated in a national cyber training exercise alongside representatives from 10 counties.

Unlike state cybersecurity, security within individual campaigns is not under the purview of the Pa. Department of State.

There are measures that campaigns can take. The Belfer Center at the Harvard Kennedy School created a Cybersecurity Campaign Playbook. The playbook includes measures — mostly free or low cost — that every campaign should adhere to and seven steps that every campaign can check to ensure that they are secure.  They include using encrypted messaging systems, strong passwords, and training on phishing tactics that hackers use.

Every political campaign in the state should pledge to adhere to cybersecurity best practices.

Pennsylvania will be a key state in the midterm that could determine the composition of the next Congress. Both the state and political campaigns should gear up efforts to ensure that by the end of Election Day, we all celebrate democracy instead of trying to figure out how we were attacked — again.