The prep includes education and recommendations as well as more immediate checks like remote penetration testing and vulnerability scans. It won’t, however, involve advice on whether or not state governments should pay ransoms. Homeland Security wants systems to be sufficiently airtight that they aren’t forced to make that choice, an unnamed official told Reuters.

It doesn’t take much to understand the potential severity. Ransomware could lock states out of their voting data at crucial moments, sparking delays and even undermining the legitimacy of the elections themselves. And since the data changes constantly, it’s not guaranteed that states’ backups will be current.

There’s no certainty CISA’s measures and others will be enough with roughly 14 months to go before the vote. Unlike in 2016, though, election workers are far more aware of the potential for data breaches from Russia and other unfriendly governments. If ransomware does hit, they could more quickly recover in the aftermath.