New Jersey Division of Elections Addresses Election Security Inquiries

TRENTON — The New Jersey Division of Elections announced on Nov. 4 it has strong confidence in the state’s election security measures and that it will not be impacted by the type of breaches affecting Arizona, Illinois and the Democratic National Committee.
The announcement follows voluminous media inquiries about New Jersey’s Statewide Voter Registration System (SVRS), which is unlike the online voter registration systems in Arizona and Illinois that were breached earlier this year. New Jersey does not have online voter registration, and instead uses paper registration forms, reducing the prospect of a malicious actor penetrating our registration system.
Nonetheless, the Division and the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) teamed up with federal, state and local authorities, and a third party cybersecurity firm to reinforce the SVRS. For example, the State monitors systems for suspicious activity; conducts risk and vulnerability assessments and penetration tests; uses network hardening controls; provides security awareness training to the counties; and ensures county continuity of operations plans are in place. Our ongoing dialogue with the U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) revealed no state voter registration database breaches beyond Illinois and Arizona.
Voting Machine Security:
Distinct from the voter registration system are the voting machines found in each polling place. New Jersey law requires voting machines never connect to the internet; making this a discussion of physical security, not cybersecurity. The machines currently used in 18 out of 21 counties, the AVC Advantage machines, were the focus of a nearly five-year trial that found that “not one witness presented evidence that the AVC machine, outside of a controlled academic setting, has ever been hacked.” Likewise, the judge stated “[t]here has never been a demonstrated incident of an attempted attack or a verified attack … since its use began at least as early as 1979.”
Despite this positive result, New Jersey further enhanced voting machine security procedures through use of seal-use protocols for tamper-evident seals on all voting machines; use of pre-election testing protocols; requiring a pre-election voting machine security training class; requiring all those working on the voting machines to undergo criminal and security background checks; and hardening and installation of anti-virus software on all election management computers.
Unofficial Election Night Reporting:
The counties use an Election Night Reporting system for public release of unofficial results on a web-based application. All computer systems used for voting machine related purposes are not connected to the Internet at any time. Instead, the unofficial tallies are manually transferred by single-use CD or flash drive from the voting machine computer system to the computer system accessing the website. Additionally, the Division and DHS offered the counties all the State’s cybersecurity resources and shared best practices from the U.S. Election Assistance Commission and DHS.
Continuity of Operations – Emergency Preparedness:
The Division works with the NJ Office of Emergency Management (NJOEM) on Election Day security and strongly recommended all the counties do the same with their county OEMs. On Election Day, NJOEM will monitor information feeds for issues affecting the operation of the election; staff the State Emergency Operation Center Operations Room; communicate with county OEMs on developing conditions affecting safety at county polls; and provide coordinated support of preventative actions.
For more information regarding the Division of Elections, visit http://nj.gov/state/elections/index.html