As international attention and media coverage increasingly focuses on the 2020 U.S. presidential election, election security measures will take center stage. Where are the resources?
Back in the spring of 2016, this blog asked the rhetorical question, “Could the election be hacked?”
The response: most people, including industry experts at the time, either ignored, mocked or laughed at the suggestion. But after the events of the past few years, no one is laughing now at the potential for voting irregularities, either online or offline.
On the contrary, as we head closer to the November, election security is quickly rising to the very top of the domestic priority list and is set to be a top issue this Fall. Some of the recent headlines underline a growing sense of urgency, if not panic, regarding the topic and what’s at stake. For example:
Explain This New Election Context?
So why now? What makes our current situation different than in the past? According to Andris Ozols, the former chief research analyst for Michigan government and an expert who has commented nationally on several past election cycles, the USA is in uncharted waters. "The pandemic is helping shift the election discourse from processes, operations and IT cybersecurity to also emphasizing public policies and values. For example, eligibility, access, openness, transparency, trust and truthfulness and equity are core issues.
This is in partly accomplished from (1) lessons from the 2020 primaries, (2) the police and justice actions being seen in the larger context of pandemic, economic status, employment and election framework, and through (3) collaboration among states, governors and state interest groups and (4) increased engagement by the private sector."
State collaboration on technology plays a significant role with internal, US generated threats while the private sector strongly assists with US based as well as external threats. Here are more specific details on unique aspects to this election cycle:
Top Election Cybersecurity Issues
Registration: See June 15, 2020 NYT on “Pandemic is Choking off the Quadrennial Surge in Voter Registration” and WSJ, Keep Voters from having to Wait in Line”, June 12, 2020.
Voter Data Bases: Increased external inquiries and allegations of ineligible or deceased registrants. Targeted sweeps of registered voters, changes in eligibility, often affecting minority or other groups that tend to vote blue.
Mail Voting: Addresses many aspects of Pandemic issues, but there are claims of potential for fraud. See June 12 WSJ “Bolster confidence in voting by mail” and “Encourage Election and Postal Officials to coordinate their efforts as soon as possible”.
E voting: Multiple issues on vulnerability raised by many entities and experts. Recent studies by MIT and others.
Accelerated Vote Suppression: Multiple techniques: disenfranchisement including removal from rolls, targeted site placement and consolidation, reduction in days or hours, etc. Vote suppression accelerates during census cycle decision and data utilization phases.
Insist that big-tech companies do their part: See WSJ, June 12, 2020. The WSJ has done a good job on covering this issue.
Collaboration Among States, State Association and Security Entities
"The EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center) handles information for election officials and provides no-cost cybersecurity services. ...”
Government Technology Challenges:
Addressing New Cyberthreats
Yes, we’ve been discussing election cybersecurity threats for the past four years, but new cyberthreats keep surfacing. Consider these recent examples:
“With the general election less than 150 days away, there are rising concerns that the push for remote voting prompted by the pandemic could open new opportunities to hack the vote — for President Vladimir V. Putin of Russia, but also others hoping to disrupt, influence or profit from the election. …
Homeland Security officials have been focusing “intensely on hardening registration systems,” said Christopher C. Krebs, who leads the department’s Cybersecurity and Infrastructure Security Agency. He said his teams had been working to make sure that towns, counties and states patch software vulnerabilities, back up their systems and also have paper printouts of poll books — the registration lists used on Election Day — should criminals or adversary nations render the digital versions inaccessible. …”
Vanity Fair: Hackers Are Already Screwing With the 2020 Election
“Expanding access to the ballot will be necessary this cycle, as officials scramble to hold an election against the backdrop of a pandemic. But the security vulnerabilities they present are almost certain to be exploited by the president and his allies.
Solutions Please: Organizational Election Resources and References
Over the past few years there has been many ways that election security topics were addressed by lawmakers and other government leaders and organizations. From states getting classified briefings in 2018 elections to the Senate Intelligence Committee writing a report on election vulnerabilities ahead of the midterms to the US Election Assistance Commission providing $380 million to states in election security funds, the response to the 2016 election was broad-based.
Many other groups across the country have focused on these issues. Some of the available resources for the 2020 elections include these organizations and important documents listed below.
State Interest Groups, Associations Addressing Election Security
National Governors Association (NGA)
National Association of State Budget Officers
April 28, 2020: A Budget Shortfall Estimate for States Grows Even Worse
National Association of State Chief Information Officers (NASCIO)
The National Governors Association (NGA) and the National Association of State Chief Information Officers (NASCIO) released Stronger Together: State and Local Cybersecurity Collaboration. With a dramatic uptick in ransomware attacks across the country, governors, state CIOs and state government executives are designing and implementing programs to strengthen local partnerships in cybersecurity. The publication outlines promising programs that states have initiated to enhance collaboration with their local government counterparts for cyber resilience. It also provides high-level recommendations for state officials looking to strengthen partnerships with local government officials on cybersecurity.
National Conference of State Legislatures
Ensuring the integrity and security of the election process is essential for the functioning of democracy in the U.S., and is a shared responsibility among many officials. Local election administrators are in charge of the nuts and bolts of election administration, and play a key role in elections security.
Feb 14, 2020 · Requires executive branch agency heads to ensure that information security programs are in place, implement security policies, standards and cost-effective safeguards to reduce, eliminate or recover from identified threats to data and information technology resources; include cybersecurity …
Council of State Governments (CSG)
Observations and lessons learned from these facilitated sessions will be distilled into a toolkit that any state can use to map a communications plan for an election cybersecurity breach. The toolkit was be made available on the CSG website in November 2018.
National Association of Counties (NACO)
Mar 23, 2020 · Administering an election during a global pandemic is likely a first for most county officials. With the uncertainty of COVID-19’s long-term impact throughout the country, counties are grappling with election-related challenges ranging from shortages of poll workers to providing additional voting options and keeping polling locations clean.
National League of Cities (NLC)
This guide outlines some of the most impactful ways that local governments can work with their state governments to prepare and defend again cyberattacks.
International City/County Management Association (ICMA)
ICMA, which was formed in 1914, is the leading association of local government professionals dedicated to creating and sustaining thriving communities throughout the world. With over 10,000 members, the organization advances professional local government through leadership, management, innovation, and ethics.
National Association of Attorneys General
National Association of Election Officials
National Association of Secretaries of State (NASS)
THE ROLE OF CHIEF STATE ELECTION OFFICIALS IN ELECTION SECURITY: 40 members of the National Association of Secretaries of State (NASS) serve as their state's designated chief election official, overseeing the conduct of elections according to law.
Election Processes and Security (Various Sources) That Are Addressing Election Security
National Institute of Standards & Technology (NIST)
Jul 11, 2018 · The Guidelines are used by accredited testing laboratories as part of both state and national certification processes; by state and local election officials who are evaluating voting systems for potential use in their jurisdictions; and by manufacturers who need to ensure that their products fulfill the requirements, so they can be certified.
Department of Homeland Security (DHS)
Jun 09, 2020 · Election Security is a Partnership. Securing election infrastructure is a partnership between federal, state and local government and private sector entities. DHS collaborates with federal departments and agencies, state and local government, election officials and other valued partners such as the National Association of Secretaries of State ...
Cybersecurity Infrastructure Security Agency (CISA)
Securing election infrastructure from new and evolving threats is a vital national interest that requires a whole-of-society approach. This library provides State and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks and systems from cyber and physical risks.
US Election Assistance Commission
The Department of Homeland Security has designated elections systems as part of our nation’s critical infrastructure. At the time of designation, then-DHS Secretary Jeh Johnson observed, "Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law."
Election Security . Election Security Preparedness; Election Management Guidelines; Quick Start Guides; Election Worker Best Practices; Voting Accessibility; Designing Polling Place Materials; Voter Registration Cancellations; Language Access; Glossaries of Election Terminology; Press Releases; Elections as Critical Infrastructure; Procurement
Managing Election Technology The Election Official of today is an Information Technology (IT) Manager - whether they think they are, whether they want to be, or whether they were trained to be. IT management requires a unique set of attitudes, knowledge, and skills in order to plan, direct, and control contemporary election administration.
Center for Election Innovation
Ongoing support to state and local governments. Election Technology Vendors Must Secure Their Voting Systems Many states purchase their voting systems from third-party vendors who have little financial incentive to prioritize election security…
May 13, 2020 · Guidance for the Brookings community and the public on our response to the coronavirus (COVID-19)
Aug 23, 2019 · The lack of information flow in 2016 is largely due to the fact that at that time almost no state election officials had security clearances and were thus not privy to understanding the full ...
Aug 20, 2019 · This post is part of " Cybersecurity and Election Interference," a Brookings series that explores digital threats to American democracy, cybersecurity risks in elections, and ways to mitigate...
About Cybersecurity and Election Interference. As we head into the 2020 elections, the United States faces extraordinary threats from the weaponization of cyberspace, foreign interference…
Pew Charitable Trusts
Nov 01, 2018 · In March, Congress allocated $380 million for state and local election security. While counties used the funds for cybersecurity training and new election equipment, many local officials complained it was not enough money. Some states, such as Arkansas, were able to improve their voting
ELECTION SECURITY: DHS Plans Are Urgently Needed to Address Identified Challenges Before the 2020 Elections
GAO-20-267: Published: Feb 6, 2020. Publicly Released: Feb 6, 2020.
Center for American Progress
Election Security in All 50 States ... this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing …
Aug 19, 2019 · The right to vote in a free and fair election is the most basic civil right, one on which many of the other rights of the American people depend. View the Election Fraud Database.
Alliance for Securing Democracy
David Levine, Elections Integrity Fellow February 13, 2020 ... well as experts in cybersecurity and information technology, to complement efforts by federal and/or state officials ... many of its local election officials are part-time employees,15 the state’s election cybersecurity.
International voting system standards would provide valuable guidance for governments in the process of procuring election technology. Establishing comprehensive international guidelines is vital. Some companies, in particular those with a track record of managing and implementing new election technology in a variety of countries, self-regulate ...
Harvard Kennedy School - Belfer Center for Science and International Affairs, Cyber Security Project
Center for Internet Security (CIS)
Elections Infrastructure Security Handbook (February, 2018)
Multi-State Information Sharing and Analysis Center (MS-ISAC)
Final Thought From Dan Lohrmann
No doubt, the sum of these election challenges and resources seems daunting – and not just for cybersecurity reasons. Indeed, if the vote count is close, some believe that voters won’t accept the 2020 election results no matter who wins.
But regardless of your political persuasions or perspectives regarding the events of the past few years, there can be little doubt that all eyes are now on November. Election security is the elephant in the room for the next five months – and likely beyond.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.