Election officials preparing for the upcoming midterms face a myriad of threats, both foreign and domestic, as they look to protect voting systems and run a smooth election while fighting a wave of misinformation that has been undermining public confidence in U.S. elections.
The nation’s top state election officials gathered Thursday for the start of their annual summer conference, with a long list of challenges that begins with securing their voting systems.
While a top concern heading into the 2020 presidential election was Russia or another hostile nation waging a disruptive cyberattack, the landscape has expanded to include ransomware, politically motivated hackers and insider threats. Over the last year, a small number of security breaches have been reported at local election offices in which authorities are investigating whether office staff improperly accessed or provided improper access to sensitive voting technology.
Jen Easterly, who leads the nation’s cybersecurity agency, said Russia, China and North Korea remain “very dynamic and complex cyber threats” and that criminal gangs pushing ransomware were also a concern. But she noted election security officials could not afford to prioritize one over the other.
“We can’t just worry about one thing because if we focus too intently on one set of threats, we’re very likely to miss them coming from another direction,” Easterly told reporters, after a series of private meetings with state election officials.
The U.S. Cybersecurity and Infrastructure Security Agency has been conducting physical assessments for state and local election officials, which includes site visits and reviews of security procedures such as video surveillance and access controls.
Physical security has always been a concern but an onslaught of threats since 2020 targeting election officials have added urgency to the effort. State and local election officials have reported being harassed in person and receiving death threats over social media and text message.
“We’re seeing an exodus of people in the field. And some of it does relate to just the physical security threats that they’re facing,” said Kim Wyman, who leads election security efforts for the cybersecurity agency. “And what we’re trying to do with this is give them tools to be able to to deal with that.”
The agency has also issued guidance on how to mitigate insider threats, which emphasizes the importance of chain of custody rules. The guidance also suggests the use of bipartisan teams when accessing sensitive equipment to ensure voting systems are protected.
State election officials have also been focused on boosting cybersecurity defenses at the local level, where staffing and resources are often limited.
In Ohio, Secretary of State Frank LaRose recently announced a third wave of security requirements for the state’s county election boards, which includes increased video surveillance for voting equipment and more comprehensive security reviews of county systems.
“It’s constant vigilance,” LaRose said Thursday. “The threat is constantly emerging. The threat is constantly changing. And so we’re evolving with it and making sure that our guard is up.”
Election security became a national focus after the 2016 presidential election, when Russia probed state voter registration systems across the country looking for vulnerabilities.
In response, the Obama administration designated election systems as “critical infrastructure” — on par with the nation’s banks, dams and nuclear power plants. This freed up resources and funds for election officials, and a concerted effort was made to improve communications and intelligence sharing between the federal government and the states.
But the 2020 presidential election brought an unprecedented wave of false claims and conspiracy theories surrounding voting equipment and election procedures as former President Donald Trump sought to explain his loss to Democrat Joe Biden. Supporters and allies of Trump have been traveling across the country for more than a year claiming the election was stolen and spreading misinformation that has further increased distrust in U.S. elections.
Federal and state election officials and Trump’s own attorney general have said there is no credible evidence the election was tainted. The former president’s allegations of fraud were also roundly rejected by courts, including by judges Trump appointed.
But the false claims have persisted and have led to suspected security breaches at local election offices a handful of states.
Earlier this year, the clerk in Mesa County, Colorado, was indicted for a security breach at her election office. Authorities say Clerk Tina Peters allowed unauthorized people access to voting equipment and an unauthorized copy was made of the county’s voting system that was later posted online. Peters has denied any wrongdoing.
In Colorado, Secretary of State Jena Griswold pushed for legislative changes this year to tighten security measures surrounding voting systems and increase penalties for those attempting to access them.
Related: Cyber Agency: Voting Software Vulnerable in Some States
Related: Experts Warn of Dangers From Breach of Voter System Software
