Feds push local election officials to boost security ahead of 2024

liveslow/Getty Images

 

Connecting state and local government leaders

Local election officials are encouraged to beef up their cybersecurity practices to safeguard their voting systems against potential threats heading into the 2024 presidential race.

WASHINGTON, D.C. — Some of the nation’s top cybersecurity leaders are warning state and local election officials of ongoing foreign and domestic national security threats to election systems, urging them to upgrade their defenses ahead of next year’s presidential election.

At separate conferences this month, federal officials warned gatherings of the National Association of Secretaries of State and the National Association of State Election Directors that they must be vigilant in securing their state’s elections systems and building resilience to prevent attacks.

Many election officials, overworked and frightened by personal threats, left the field following President Donald Trump’s loss in 2020. In light of that turnover, national security officials wanted to emphasize that local election officials can use federal resources to build defenses and educate front-line staff.

Although foreign cyberattacks did not disrupt November’s midterm elections, China, Iran, North Korea and Russia remain threats to U.S. election systems, said Cynthia Kaiser, deputy assistant director of the FBI’s Cyber Division.

“We have no evidence that a foreign government or other actors compromised election infrastructure or manipulated election results during the 2022 elections,” Kaiser told the secretaries of state. Still, she added, “We need to remain vigilant.”

A year into Russia’s invasion of Ukraine, for example, national security officials remain concerned Russia may attack critical U.S. infrastructure, including elections, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, also known as CISA.

“That has not, thankfully, manifested in any significant way,” Easterly told the secretaries of state. “We’ve not seen anything here, but I’d like to end with the word ‘yet.’”

She emphasized that preparation is key in preventing malicious efforts such as so-called denial of service attacks, which made a handful of state and local government websites unavailable in the weeks before the midterms.

To run safe and secure elections, Easterly recommended that state and local election officials train staff to use multi-factor authentication and to avoid clicking on suspicious email links. She also advised them to replace outdated software and use available federal resources.

There was “sophisticated” activity from foreign governments before and on the day of the 2022 midterms that should be a cause for concern, Kim Wyman, senior election security adviser at CISA, told a nearby conference of the National Association of State Election Directors.

Foreign actors scanned state and local government websites, even though election systems weren’t targeted, she said. While scanning a system doesn’t necessarily compromise it, she said, it could be preparation for a future attack. Local election offices can be “target-rich, cyber-poor” entities, she said, warning that cybersecurity still is not a top priority for many small- and medium-sized jurisdictions.

“The 2024 election for president is fast approaching,” Wyman said, “and this year is really that window of opportunity that you all have to gear up and make strides in reducing your risk.”

In addition to cybersecurity, national security officials stressed the importance of protecting the physical security of voting system storage locations and election offices by, for example, using locks that only a limited number of people can open.

Layering an approach that considers both physical and cybersecurity is challenging, said Bill Ekblad, Minnesota’s election security cyber navigator, who through the secretary of state’s office coordinates an election security strategy with local election offices.

“We continue to see threats compound,” he told Stateline after one session. “We have to take those two concerns with us and be ready for whatever else comes. Everything we heard from our federal partners shores up that perspective that it’s all about readiness, communications, preparing to react and planning, because we can’t predict what the trends will be.”

Presidential primaries are less than a year away for many states, he added, so election officials must prepare now.

The cyber threat

Every day, cyber threats increase, Kaiser told election officials.

She pointed to several incidents in recent years, including Iranian efforts to use influence campaigns, tailored to members of each political party and various other constituencies, to convince Americans that their election system is insecure or otherwise dissuade them from voting.

China has used new tools to target state agencies and services in the United States, including secretary of state and political party servers, Kaiser added.

The Election Assistance Commission, a bipartisan federal agency that guides state and local election administration, will hand out $75 million in election security grants this year. In the four years after 2018, the commission awarded almost a billion dollars in election security grants, said Commissioner Ben Hovland.

The commission is accepting applications to test election equipment for security vulnerabilities. The agency also is developing election technology standards and evaluating electronic poll books, electronic ballot delivery methods, election night reporting systems and online voter registration portals.

Federal officials further encouraged state and local election officials to join a voluntary information-sharing network of more than 3,400 election offices. The network has room to grow, federal officials said — there are 10,000 election offices nationwide.

Boosting physical security

The sustained disinformation campaign that has falsely convinced millions of voters that there was widespread fraud in the 2020 presidential election had real consequences last fall: In some places, protesters — sometimes armed — harassed voters turning in their ballots at drop boxes during the midterms. There were protests blocking voters from reaching polling places and violent threats against state and local election officials.

Assessing physical security, conducting de-escalation and active shooter training and coordinating with local law enforcement can help mitigate such threats, federal officials said.

In Weber County, Utah, election workers, especially female staff, faced an onslaught of threats in recent years by people who believed the election was rigged, said Ricky Hatch, the county’s clerk. Hatch reached out to his county’s sheriff to develop a cooperative relationship, so that they can respond to harassment or other disruptions on or around Election Day.

Hatch provides law enforcement officers with his contact information and key election details, such as when drop boxes are accepting ballots, when in-person voting begins, when election officials are transporting ballots to counting centers and how elections are audited. They also review election laws, and procedures for removing people disrupting the voting process.

Not only does the communication establish a strategic relationship between election offices and law enforcement, but it also tells law enforcement officers that the election process is secure, and that the election results are valid and accurate, he said.

“We wanted to tell our partners, ‘Look, if you’re going to defend this process, we want you to have confidence that the process is sound,’” Hatch said.

In North Carolina, law enforcement officers have a guide that fits in their patrol car visors that succinctly outlines state election law and procedures for “maintaining peaceful and orderly elections and ensuring voters can cast a ballot free of intimidation,” said Karen Brinson Bell, the state’s election director. The state also is developing an online training guide for officers.

Federal law enforcement agencies also have stepped up protections for election workers.

The Election Threats Task Force, established in 2021 and run by the U.S. Department of Justice and the FBI, has a dozen cases of criminal threats to state and local election workers from recent years, said John Keller, principal deputy chief of the department’s Public Integrity Section.

He urged state election directors to “err on the side of reporting” to federal partners any harassment or threats they face.

Lost faith

As national security officials briefed the room of state and local election officials last week, West Virginia Secretary of State Mac Warner stood up to say that he and many of his constituents have lost faith in the FBI and in federal law enforcement. Warner said that could hinder election security efforts.

“We love the FBI, we want to believe in the FBI, but as an election official, we’ve had this recent situation where the credibility of the FBI has been shot,” said Warner, a Republican. “I feel right now we’re being played by the FBI, our own federal agency, in the elections arena when it comes to things like Hunter Biden’s laptop and that sort of thing. I’m not sure we can trust the FBI.”

Kaiser defended the FBI and the “fantastic work” done by “really great people” every day, though she added she “sympathized” with his feelings. It’s important to establish local relationships, she said.

CISA’s Easterly, who was nominated by President Joe Biden and confirmed unanimously by the U.S. Senate in 2021, also acknowledged that some people may not trust the federal government. She’s been getting into the field, meeting people, understanding gaps in services and getting feedback.

“At the end of the day, it’s really about developing relationships because people trust people,” Easterly said. “I may not always like the feedback, but I will always listen. I will always hear.”

This article was first posted to Stateline, an initiative of The Pew Charitable Trusts.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.