Election security

Last updated

Election cybersecurity or election security refers to the protection of elections [1] and voting infrastructure from cyberattack or cyber threat [2] – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases. [3]


Cyber threats or attacks to elections or voting infrastructure could be carried out by insiders within a voting jurisdiction, or by a variety of other actors ranging from nefarious nation-states, to organized cyber criminals to lone-wolf hackers. Motives may range from a desire to influence the election outcome, to discrediting democratic processes, to creating public distrust or even political upheaval.

Legislation and policy best practices

A variety of experts and interest groups have emerged to address voting infrastructure vulnerabilities and to support democracies in their security efforts. [4] From these efforts have come a general set of policy ideas for election security, including:

Role of white hat hackers

The "white hat" hacker community has also been involved in the public debate. From July 27–30, 2017, DEFCON – the world's largest, longest running and best-known hacker conference – hosted a “Voting Machine Hacking Village” at its annual conference in Las Vegas, Nevada to highlight election security vulnerabilities. [16] The event featured 25 different pieces of voting equipment used in federal, state and local U.S. elections and made them available to white-hat hackers and IT researchers for the purpose of education, experimentation, and to demonstrate the cyber vulnerabilities of such equipment. During the 3-day event, thousands of hackers, media and elected officials witnessed the hacking of every piece of equipment, with the first machine to be compromised in under 90 minutes. [17] One voting machine was hacked remotely and was configured to play Rick Astley's song "Never Gonna Give You Up." [18] [ irrelevant citation ] Additional findings of the Voting Village were published in a report issued by DEFCON in October 2017. [19]

The "Voting Village" was brought back for a second year at DEF CON, which was held in Las Vegas, August 9–12, 2018. The 2018 event dramatically expanded its inquiries to include more of the election environment, from voter registration records to election night reporting and many more of the humans and machines in the middle. DEF CON 2018 also featured a greater variety of voting machines, election officials, equipment, election system processes, and election night reporting. Voting Village participants consisted of hackers, IT and security professionals, journalists, lawyers, academics, and local, state and federal government leaders. A full report was issued on the 2018 Village Findings at a press conference in Washington, DC, held on September 27, 2018.


Russia's 2016 attempts to interfere in U.S. elections fits a pattern of similar incidents across Europe for at least a decade. Cyberattacks in Ukraine, Bulgaria, Estonia, Germany, France and Austria that investigators attributed to suspected Kremlin-backed hackers appeared aimed at influencing election results, sowing discord and undermining trust in public institutions that include government agencies, the media and elected officials. [20]

United States

The United States is characterized by a highly decentralized election administration system. Elections are a constitutional responsibility of state and local election entities such as secretaries of state, election directors, county clerks or other local level officials encompassing more than 6,000+ local subdivisions nationwide. [21]

However, election security has been characterized as a national security concern increasingly drawing the involvement of federal government entities such as the U.S. Department of Homeland Security. In early 2016, Jeh Johnson, Secretary of Homeland Security designated elections as “critical infrastructure” making the subsector eligible to receive prioritized cybersecurity assistance and other federal protections from the Department of Homeland Security. The designation applies to storage facilities, polling places, and centralized vote tabulations locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments. [22] In particular, hackers falsifying official instructions before an election could affect voter turnout or hackers falsifying online results after an election could sow discord. [23]

Post 2016 Election

Election security has become a major focus and area of debate in recent years, especially since the 2016 U.S. Presidential Election. In 2017, DHS confirmed that a U.S. foreign adversary, Russia, attempted to interfere in the 2016 U.S. Presidential Election via “a multi-faceted approach intended to undermine confidence in [the American] democratic process." [24] This included conducting cyber espionage against political targets, launching propaganda or “information operations” (IO) campaigns on social media, and accessing elements of multiple U.S. state or local electoral boards. [25]

On September 22, 2017, it was reported that the U.S. Department of Homeland Security (DHS) notified 21 states that they were targeted by Kremlin-backed hackers during the 2016 election. Those states included Alabama, Alaska, Colorado, Connecticut, Delaware, Florida, Illinois, Maryland, Minnesota, Ohio, Oklahoma, Oregon, North Dakota, Pennsylvania, Virginia, Washington,2 Arizona, California, Iowa, Texas, and Wisconsin. Currently, hackers only reportedly succeeded in breaching the voter registration system of one state: Illinois. [26]

In the aftermath of the 2016 hacking, a growing bench of national security and cyber experts have emerged noting that Russia is just one potential threat. Other actors including North Korea, Iran, organized criminals possess, and individual hackers have motives and technical capability to infiltrate or interfere with elections and democratic operations. [27] Leaders and experts have warned that a future attack on elections or voting infrastructure by Russian-backed hackers or others with nefarious intent, such as seen in 2016, is likely in 2018 and beyond. [28] [29] [30]

One recommendation to prevent disinformation from fake election-related web sites and email spoofing is for local governments to use .gov domain names for web sites and email addresses. These are controlled by the federal government, which authenticates the legitimate government controls the domain. Many local governments use .com or other top-level domain names; an attacker could easily and quickly set up an altered copy of the site on a similar-sounding .com address using a private registrar. [31]

In 2018 assessment of US state election security by the Center for American Progress, no state received an “A” based on their measurements of seven election security factors. [10] Forty states received a grade of C or below.  A separate 2017 report from the Center for American Progress outlines nine solutions which states can implement to secure their elections; including requiring paper ballots or records of every vote, the replacement of outdated voting equipment, conducting post election audits, enacting cybersecurity standards for voting systems, pre-election testing of voting equipment, threat assessments, coordination of election security between state and federal agencies, and the allocating of federal funds for ensuring election security. [32]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

<span class="mw-page-title-main">Bill Conner</span> American businessman

F. William Conner is an American business executive.

Jeffrey Carr is a cybersecurity author, researcher, entrepreneur and consultant, who focuses on cyber warfare.

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organisations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyber attacks have increased with an alarming rate for the last few years

<span class="mw-page-title-main">Election audit</span>

An election audit is any review conducted after polls close for the purpose of determining whether the votes were counted accurately or whether proper procedures were followed, or both.

<span class="mw-page-title-main">Strengthening State and Local Cyber Crime Fighting Act of 2017</span>

The Strengthening State and Local Cyber Crime Fighting Act of 2017 is a bill introduced in the United States House of Representatives by U.S. Representative John Ratcliffe (R-Texas). The bill would amend the Homeland Security Act of 2002 to authorize the National Computer Forensics Institute, with the intent of providing local and state officials with resources to better handle cybercrime threats. Ratcliffe serves as the current chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.

The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats. The organization is headquartered in East Greenbush, New York, with members including large corporations, government agencies, and academic institutions.

<span class="mw-page-title-main">Cris Thomas</span> American cybersecurity researcher and hacker

Cris Thomas is an American cybersecurity researcher and white hat hacker. A founding member and researcher at the high-profile hacker security think tank L0pht Heavy Industries, Thomas was one of seven L0pht members who testified before the U.S. Senate Committee on Governmental Affairs (1999) on the topic of government and homeland computer security, specifically warning of internet vulnerabilities and claiming that the group could "take down the internet within 30 minutes".

<span class="mw-page-title-main">Alex Stamos</span> Greek American computer scientist

Alex Stamos is a Greek American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.

Electric grid security in the US refer to the activities that utilities, regulators, and other stakeholders play in securing the national electricity grid. The American electrical grid is going through one of the largest changes in its history, which is the move to smart grid technology. The smart grid allows energy customers and energy providers to more efficiently manage and generate electricity. Similar to other new technologies, the smart grid also introduces new concerns about security.

Kaspersky Lab has faced controversy over allegations that it has engaged with the Russian Federal Security Service (FSB) to use its software to scan computers worldwide for material of interest—ties which the company has actively denied. The U.S. Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017, alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). In October 2017, subsequent reports alleged that hackers working for the Russian government stole confidential data from the home computer of a National Security Agency (NSA) contractor in 2015 via Kaspersky antivirus software. Kaspersky denied the allegations, stating that the software had detected Equation Group malware samples which it uploaded to its servers for analysis in its normal course of operation.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security (DHS) that is responsible for strengthening cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers. Its activities are a continuation of the National Protection and Programs Directorate (NPPD), and was established on November 16, 2018, when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018.

<span class="mw-page-title-main">Jake Braun</span> American political, cyber and national security expert

Jacob H. Braun is an American politician, cyber and national security expert. He was appointed by President Joseph Biden as the U.S. Department of Homeland Security (DHS) Secretary's Senior Advisor to the Management Directorate. Braun is also a lecturer at the University of Chicago’s Harris School of Public Policy Studies where he teaches courses on cyber policy and election security. He previously served as the Executive Director for the University of Chicago Harris Cyber Policy Initiative (CPI).

<span class="mw-page-title-main">Chris Krebs</span> Cybersecurity and infrastructure security expert

Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020 when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.


  1. "Election Security - Section 3: Key Election Process Categories - Unleashing the Potential of Election Data - Open Election Data Initiative". openelectiondata.net. Retrieved 2018-03-16.
  2. Fidler, David (May 2017). "Transforming Election Cybersecurity, Council on Foreign Relations" (PDF).
  3. "Election Security Preparedness - BeReady16 | US Election Assistance Commission". www.eac.gov. Retrieved 2018-03-06.
  4. Larson, Selena. "Hackers will work with government, academia to make future elections secure". CNNMoney. Retrieved 2018-03-06.
  5. Woolsey, R. James; Fox, Brian J. (2017-08-03). "Opinion | To Protect Voting, Use Open-Source Software". The New York Times. ISSN   0362-4331 . Retrieved 2022-12-09.
  6. Wofford, Ben (June 25, 2021). "One Man's Quest to Break Open the Secretive World of American Voting Machines". POLITICO. Retrieved 2022-12-09.
  7. 1 2 3 "Verified Voting Foundation: Principles for New Voting Systems". Verified Voting. 2015-02-04. Retrieved 2018-03-06.
  8. "Belfer Center for Science and International Affairs, Harvard Kennedy School, Defending Digital Democracy, The State & Local Election Cybersecurity Playbook, February 2018".
  9. Legislatures, National Conference of State. "Election Security: State Policies". www.ncsl.org. Retrieved 2018-03-06.
  10. 1 2 3 4 5 6 Root, Danielle; Kennedy, Liz; Sozan, Michael; Parshall, Jerry. "Election Security in All 50 States". Center for American Progress. Retrieved 2020-05-01.
  11. 1 2 "Expert Testimony by J. Alex Halderman, Professor of Computer Science, University of Michigan before the U.S. Senate Select Committee on Intelligence, June 21, 2017" (PDF).
  12. 1 2 "9 Solutions to Secure America's Elections - Center for American Progress". Center for American Progress. Retrieved 2018-03-06.
  13. "Center for Internet Security (CIS), A Handbook for Elections Infrastructure Security, Version 1.0, February 2018" (PDF).
  14. 1 2 3 "CONGRESSIONAL TASK FORCE ON ELECTION SECURITY, Final Report, January 2018" (PDF).
  15. 1 2 "Praetz, Noah, Office of Cook County, IL Clerk David Orr, 2020 Vision: Election Security in the Age of Committed Foreign Threats, December 7, 2017" (PDF).
  16. "Hackers at DefCon conference exploit vulnerabilities in voting machines". USA TODAY. Retrieved 2018-03-06.
  17. "Hackers competed to breach U.S. voting machines. It took them 90 minutes". Newsweek. 2017-07-30. Retrieved 2018-03-06.
  18. France, Lisa Respers. "Rick Astley is on a (Rick) roll". CNN. Retrieved 2018-03-06.
  19. "DEFCON 25 Voting Machine Hacking Village: Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases, and Infrastructure. October 2017" (PDF).
  20. "Russia's pattern of meddling abroad exposes threat to 2018 U.S. elections: report". USA TODAY. Retrieved 2018-03-06.
  21. Legislatures, National Conference of State. "Election Administration at State and Local Levels". www.ncsl.org. Retrieved 2018-03-06.
  22. "Statement by Secretary Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector". Department of Homeland Security. 2017-01-06. Retrieved 2018-03-06.
  23. 2018-2019 San Mateo County Civil Grand Jury (July 24, 2019). "Security of Election Announcements" (PDF). Superior Court of California. Retrieved August 20, 2019.
  24. "Congressional Testimony of Jeanette Manfra, then-Acting Deputy Under Secretary For Cybersecurity and Communications, National Protection And Programs Directorate, U.S. Department of Homeland Security, before the Select Committee on Intelligence, United States Senate, June 21, 2017" (PDF).
  25. "ICA: Intelligence Community Assessment. "Background to "Assessing Russian Activities and Intentions in Recent US Elections: The Analytic Process and Cyber Incident Attribution." January 9, 2017" (PDF).
  26. "Election Security in All 50 States - Center for American Progress". Center for American Progress. Retrieved 2018-03-06.
  27. "Election Security in All 50 States - Center for American Progress". Center for American Progress. Retrieved 2018-03-06.
  28. "Pompeo: 'I have every expectation' Russia will meddle in 2018 midterms". POLITICO. Retrieved 2018-03-06.
  29. CNBC (2018-03-06). "Top intel official: 'Highly likely' Russia will seek to influence 2018 US vote". CNBC. Retrieved 2018-03-06.
  30. Cohen, Zachary. "US cyber chief says Trump hasn't told him to confront Russian cyber threat". CNN. Retrieved 2018-03-06.
  31. 1 Simple Step Could Help Election Security. Governments Aren't Doing It
  32. Root, Danielle; Kennedy, Liz. "9 Solutions to Secure America's Elections". Center for American Progress. Retrieved 2020-05-01.