Russian President Vladimir Putin in Moscow on April 10. (Alexey Nikolskyi/Sputnik/Kremlin pool/EPA-EFE/Shutterstock)

AS THIS year’s midterm elections approach, the country is still unprepared for another Russian attack on the vote, and President Trump continues to send mixed signals — at best — about what he would do if the Kremlin launched an even more aggressive interference campaign than the one that roiled the 2016 presidential race.

In last month’s omnibus spending bill, Congress set aside more than $300 million for states to invest in hardening their election infrastructure. They have a lot to do. New York University’s Brennan Center for Justice, which tracks election technology and procedures nationwide, reports that most states are using electronic voting machines that are at least a decade old, many running antiquated software that may not be regularly updated for new security threats. Though most states recognize that they must replace obsolete machines, not much has changed since 2016.

In the last presidential election, 14 states used the worst of the worst — paperless electronic machines that leave behind no physical record of cast votes. Though these machines are not routinely connected to the Internet, NYU’s Lawrence Norden warns that there are nonetheless ways to infiltrate them, including through computers used to program the machines. Since 2016, only one state, Virginia, has phased out all of its paperless machines. Georgia lawmakers failed last month to pass a bill that would have upgraded the state’s voting machines. And though Pennsylvania is pushing upgrades, the transition will not finish until after November’s vote.

Having paper-friendly machines is hardly enough. Paper trails enable state officials to run statistically sound post-election audits of vote tallies. Yet only a handful of states require rigorous audits, with only a handful more considering them.

Beyond voting machines, there are softer targets that are more exposed to remote hacking, including electronic voting rolls, vote-tallying servers and state elections websites. These are the sorts of electronic resources that Russian hackers seem to have infiltrated in 2016. There is no evidence the hackers changed anything, but there is also no guarantee they will not try in the future.

The surest way to secure the nation’s elections is to deter attacks in the first place. On this, the country is perhaps the most behind. A range of U.S. officials, most recently ousted national security adviser H.R. McMaster in a speech just before departing the White House, have warned that the Kremlin has not suffered consequences strong enough to discourage future meddling. Two recent rounds of sanctions from the Treasury Department promised to begin punishing some of those in Russian President Vladimir Putin’s orbit. But Mr. Trump undercut the message last week when he demanded the rollback of a separate batch of promised sanctions, which were planned in response to a suspected chemical attack by the Russian-backed Syrian regime. Further reports about Mr. Trump’s continuing fixation on appeasing Mr. Putin may lead the Russian government to believe that it would face few serious consequences for again interfering in U.S. elections. Of all the changes the country requires, a shift in presidential attitude could be the quickest and most effective way of responding to election threats.