The devices used in voting are relatively low-tech. In order to avoid cyber threats, even those that use a touch screen to capture votes are intentionally not connected to the internet. However, even this unconnected approach has security risks that need to be addressed so that these devices and the data they hold aren't tampered with. The states and localities that administer elections are continually focused on the full spectrum of security risks, putting processes and systems in place in advance of election day to ensure that voting is safe and secure.
Diversity is a Strength
The diversity of voting machines being used across the country reduces threat impacts. If there is an issue with a piece of software, it won't impact the entire national voting system, just particular machines. While software vulnerabilities are still huge problems, standardizing on one type of machine nationwide would mean one software bug could wipe out all electoral results.
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) released a public service announcement that acknowledges the growing cyberthreat landscape but emphasizes the overall security in election technology. It explains that even if a ransomware attack disrupted the digital aspect of election infrastructure, that would only result in delays rather than compromise the validity of votes. About 97 percent of registered voters will have a paper backup as part of their voting process; that record can later be accessed to be counted, recounted, and audited.
Additionally, CISA pointed out that each voting precinct has multiple safeguards in place, including:
- Testing equipment prior to putting it in use
- Multiple cybersecurity protections
- Physical access protections
- Post-election audits that ensure accuracy
Staying Ahead of Hackers
In an effort to anticipate problems, researchers are constantly looking for key security risks that need to be mitigated. For example, one group tested what would happen if hackers inserted a USB drive into a voting machine to deploy a digital payload, scrambling its tallying capabilities. National security agencies are monitoring the activity of known foreign adversaries, like China-based Volt Typhoon, to ensure election infrastructure is not a planned target for future attacks.
To help election officials stay on top of current threats, CISA organized the Tabletop the Vote election security exercise, which allows election officials to share best practices around cyber and physical incident planning, preparedness, identification, response, and recovery.
High Tech Makes an Impact Outside of the Voting Booth
While cutting-edge technology is not part of actual voting machines, it is being implemented to support the overall voting process. Voters in Michigan can track their absentee ballots using the Michigan voter information center and can now receive related notifications by email and see where their ballot is in the process. They can also see when their ballot has been accepted for tabulation.
CISA recently issued a checklist to state and local election administrators to help them shore up cyber defenses in advance of the 2024 election. Among the tips, the checklist highlights the need to enable multi-factor authentication on all accounts to prevent phishing, ensure their election networks are separate from other business operations, and monitor network traffic to spot malicious activity.
These resources from GovEvents and GovWhitePapers provide great insight into how government is mitigating threats to election security.
- Government Cybersecurity Roadshow New York (November 7, 2024; Albany, NY) - This event will offer insights into the current priorities of cybersecurity leadership at both state and local government levels. Through a focus on innovation, strategic development, and networking, the Roadshow will outline actionable steps for organizations to enhance their resilience.
- Cyber Warfare: What We've Learned from Past Conflict (November 12, 2024; webcast) - Modern conflict increasingly centers around technology and digital infrastructure. The battlefield is no longer solely a physical stretch of terrain between territories; war is waged behind enemy lines, within their networks, and inside their security systems. How can entities protect their operations from opponents, particularly in this new landscape of warfare?
- The GovExec Cybersecurity Futures Forum (November 20, 2024; McLean, VA) - Organizations face unprecedented challenges in safeguarding sensitive data and critical infrastructure from adversaries who exploit evolving vulnerabilities. Leaders from federal and defense sectors will tackle pressing cybersecurity challenges. Mainstage discussions will focus on proactive measures, regulatory updates, and emerging cybersecurity standards essential for operational readiness.
- 2025 Outlook: How to Strengthen Your Ransomware Defenses (December 11, 2024; webcast) - As cybersecurity threats become increasingly sophisticated, government agencies at all levels are facing the difficult task of securing their networks. Hear from government and industry leaders about what agencies can do to thwart ransomware and other cybersecurity threats.
- Secure the Election Process with Lookout (white paper) - Governments are under more pressure to secure the election process than ever before. Cybercriminals take advantage of the uncertainty of the election season to boost their own financial gain through the use of lures and phishing attacks. In this fundamentally new environment, the need to protect the integrity of democratic processes has never been higher.
- Best Practices for Scaling Absentee Tabulation (white paper) - Election officials know that months of work and preparation go into running a successful election. Beginning conversations with vendors and government partners as early as possible can help jurisdictions inform their planning process early and ensure their needs are being communicated and met.
- 2024 General Election: Cross-Sector Checklist to Support Elections (data sheet) - The administration of elections relies on infrastructure owned and operated by other critical infrastructure sectors. By partnering with election officials, critical infrastructure owners and operators can help prevent disruptions to the democratic process while increasing the security and resilience of election infrastructure.
For more on election security, search for additional resources on GovWhitePapers and GovEvents.
