IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

McAfee Finds County Websites in 13 States Lack Basic Security

The cybersecurity firm found that many counties in a group of electoral battleground states haven't taken measures — encrypting their websites and moving to .gov domains — that protect their credibility.

A cybersecurity concept of a series of digital locks, with one closed and the rest open
Elections — and democratic governments in general — run on trust. So when something undermines voters’ trust, it’s a problem for government.

Enter the Internet. Anybody with a connection can post what they want to online, and pretend to be anybody — including government officials.

That’s part of the reason why state and local governments have been increasingly moving in recent years to improve confidence in their official websites by encrypting them and shifting to .gov domains.

But according to cybersecurity firm McAfee, which just released a dataset on the subject, many counties still don’t do either of those things.

“Whereas websites using .com, .net, .org, and .us in their names are easily accessible to anyone with a credit card from website domain vendors such as, acquiring a .gov website name requires that buyers submit evidence to the U.S. government that they truly are buying these names on behalf of legitimate local, county, or state government entities,” wrote McAfee spokesperson Chris Palm in an email. “The lack of .gov in a website name means that no controlling government authority has validated that the website in question is legitimate.”

To study the issue, McAfee gathered data on 13 states that will serve as battlegrounds in the 2020 presidential election — in other words, a group of states that will receive an outsized amount of public attention as November nears.

Across those states, about 54% of county websites had an encrypted front page and 17% had an official website ending in .gov. Just 10% had a website that was both .gov and encrypted.

Counties are largely responsible for running elections, so their credibility is important for that reason, but any lack of validity to their online presence can cause other problems as well. Scammers, for example, have targeted citizens in the past pretending to be government officials in order to convince people to hand over information or money.

“While we have not seen examples of malicious actors spoofing county websites to misinform voters, McAfee does see thousands of phishing campaigns with suspicious Web links sending users to fraudulent sites,” Palm wrote. “The barriers to creating, launching, and managing these as political disinformation campaigns is very low.”

Of the states McAfee studied, Arizona led the pack in terms of the percentage of counties that used .gov addresses (67%), and encrypted domains (80%). In terms of the sheer number of counties, Georgia came out on top — in that state, 39 counties had .gov websites and 98 were encrypted.

StatesCounties# .GOV% .GOV# HTTPS% HTTPS# BOTH% BOTH# Election .GOV% Election .GOV
New Hampshire10110.0%770.0%00.0%00.0%
North Carolina1003838.0%5959.0%2222.0%3434.0%
All battlegrounds111719017.0%59853.5%1119.9%20918.7%
Here are maps of the four pieces of information McAfee collected for each state.
Ben Miller is the associate editor of data and business for Government Technology. His reporting experience includes breaking news, business, community features and technical subjects. He holds a Bachelor’s degree in journalism from the Reynolds School of Journalism at the University of Nevada, Reno, and lives in Sacramento, Calif.