MARYLAND LEADERS made an announcement this month that should drive home how vulnerable is the country’s election infrastructure to Russian attack. Senior officials revealed that an Internet technology company with which the state contracts to hold electronic voting information is connected to a Russian oligarch who is “very close” to Russian President Vladimir Putin. Maryland leaders did not know about the connection until the FBI told them.

This is not to say that Maryland is a slacker on election security. The state is ahead of the curve relative to its peers. If even motivated states can be surprised, what about the real laggards?

Maryland’s exposure began when it chose a company to keep electronic information on voter registration, election results and other extremely sensitive data. That company was later purchased by a firm run by a Russian millionaire and heavily invested in by a Kremlin-connected Russian billionaire. At this point, the state does not have any sense that these Russia links have had any impact on the conduct of its elections, and it is scrambling to shore up its data handling before November’s voting. But the fact that the ownership change’s implications could have gone unnoticed by state officials is cause enough for concern. The quality of the contractors that states employ to handle a variety of election-related tasks is just one of many concerns election-security experts have identified since Russia’s manipulation campaign in the 2016 U.S. presidential election.

To its credit, Maryland has pushed to upgrade its election infrastructure over the past several years. It rented new voting machines in advance of the 2016 vote to ensure that they left a paper trail. State elections officials proudly note that they hire an independent auditor to conduct a parallel count based on those paper records, with automatic recounts if there is a substantial discrepancy between the two tallies. Observers note that the state could still do better, for example by conducting manual post-election audits as well as electronic ones. But the state is still far more responsible than many others.

Politico’s Eric Geller recently surveyed 40 states about how they would spend new federal election-security funding Congress recently approved. The results were depressing. “Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability,” Mr. Geller wrote. “In addition, almost no states conduct robust, statistic-based post-election audits to look for evidence of tampering after the fact. And fewer than one-third of states and territories have requested a key type of security review from the Department of Homeland Security.”

Meanwhile, Congress seems uninterested in offering any more financial help, despite states’ glaring needs. Federal lawmakers last week nixed a $380 million election-security measure. That does not mean states are off the hook — it means they have to press their representatives in Washington to change course, or find the money elsewhere.

Read more: