Security Experts:

Connect with us

Hi, what are you looking for?



The Incentive to Disrupt Elections has Never Been Higher

Election Security

Election Security

The 2020 Elections Will be Hotly Contested, and the Integrity of the Election Is Critical to Ensure Confidence in a Free and Fair Election

In February, I was part of an international election observation mission to Moldova—the former Soviet Republic tucked between the Ukraine and Romania, and the poorest country in Europe. We met with candidates and political leaders, and collectively observed hundreds of polling places on election day, to help validate that the elections were free and fair. I loved meeting the people in Moldova and seeing their hope for the future. Even under challenging circumstances of corruption and disinformation, it was amazing to see democracy was holding its own.

What I saw in Moldova made me think about the sanctity of our election process in the United States, and how we can’t take it for granted. Yet adversaries are increasing their cadence of attacks on our election infrastructure, and given our geopolitical environment, the incentive to disrupt an election has never been higher.

We were leaving a polling place in a small village in northern Moldova—with the ubiquitous (for those parts) bust of Lenin still proudly standing out front—when a local colleague asked, “So in the USA, how confident are you that your vote will actually be counted properly?” I was caught off guard, as I’d never even had a passing concern in this area. “100% confident,” I answered. He asked if we had extensive poll observers or armed security at each polling place. I’ve seen a few observers over the years, but nothing close to the dozen or more observers at many of the Moldovan polls. I explained that our system worked because there was inherent trust, upheld by each part of the electoral process. Generally speaking, even the most partisan poll worker in the U.S. wouldn’t think of throwing opposition ballots into the trash can, or looking the other way as carousel voting takes place in plain sight. Or when it does happen, as it recently did in North Carolina’s 9th district, it’s national news. We trust the system because there are accepted norms, and because there’s a reliable history of the system working the way it should.

But you know what they say about trust: it takes years to build, but only seconds to destroy. A breach in the security of our election system would undermine that trust that has been built since the founding of our democracy. Imagine if you couldn’t be confident that your vote would be recorded, or worse, that it could be reversed.

Attacks on the sanctity of the ballot box have already begun. Readers of this column will be familiar with some of the examples:

• In the 2016 election cycle, we know that Russian actors probed the voter registration systems of at least 20 states.

• We’ve seen denial of service and ransomware attacks targeting state and local election agencies.

• FireEye recently reported on Russian actors APT28 and Sandworm Team recently compromising multiple governments in Europe in advance of elections. 

• The vulnerabilities in voting machines are myriad, have been well documented, and yet equipment makers continue to sell these outdated machines. FireEye Intelligence has observed voting machines for sale in underground criminal forums, for attackers to practice against.

• National parties and candidates’ organizations themselves have been targeted repeatedly.

• State-sponsored misinformation campaigns have dominated the headlines recently.

Fortunately, the U.S. government has taken some steps to address these issues. The 2018 Help America Vote Act (HAVA) allocated $380M, “to improve the administration of elections for Federal office, including to enhance election technology and to make election security improvements.” States are able to use allocations from this fund to purchase new voting equipment that provides a paper record of the voter’s intent, implement audit systems, upgrade computer systems, facilitate cyber security training for election officials, implement cyber security best practices, and fund other cyber security-related activities. 

It’s a good start, but as of September 30, 2018, just $31.4M (8.3% of the total allocated) had been spent by the states. Of that total, $18M was on cyber security, and just under $11M was used for new voting machines. You might think that the states have been slow to make their requests, but all states and territories have indeed submitted their requests and received their grants. Some states have detailed plans for improving their cyber security—for example South Carolina intends to spend $525,000 to conduct comprehensive risk and vulnerability assessments of their voter registration systems, remediate findings, conduct a penetration test of their e-poll book, and implement network monitoring solutions. Rhode Island intends to spend $734,000 to implement database activity monitoring, asset management systems, and a Security Information and Event Management system (SIEM) for their voting environment—in addition to budgeting for the necessary people to manage these tools. 

On the other hand, several states have requested no funding for cyber security, or only token amounts—e.g., funding a small vulnerability assessment, but no budget for remediation. It’s possible that these states had already allocated their own funds toward election security and don’t need the HAVA grant funding. However, I have yet to work with a state government that felt adequately funded for cyber security. I suspect one reason for the slow uptake is just a lack of answers: beyond the obligatory assessments and vulnerability scans, what should election agencies be doing to properly secure their environments, protect voter information, and the ensure integrity of the vote? These are complex and highly distributed systems, and it’s not an easy answer, but one that I hope to explore more in future columns.

It’s also my hope that we can properly fund more robust security for candidates’ organizations and national parties. Individual candidates are running campaigns on a shoestring budget, and a dollar spent to secure a database is one that isn’t used on a yard sign. It’s tough to prioritize security if funds aren’t specifically earmarked, but compromised campaigns can have global implications—as we saw when the Clinton campaign was hacked in 2016, perhaps tipping the outcome of the election.

Our state and federal election agencies don’t have to deal with the same level of corruption or misuse of state resources that I saw in Moldova, but they’re up against an even tougher adversary in the nation-state actors that seek to disrupt our democratic process. We have the right pieces of the puzzle to address these threats—the threat intelligence, the people, and now the funding to do something about it. I’m confident that our election officials can apply these resources to ensure the security of our voting process. The 2020 elections will be hotly contested, and the integrity of the election will need to be beyond repute to ensure citizens confidence in a free and fair election.   

RelatedHR1 Bill Includes Provisions to Improve U.S. Election Security

RelatedUS Election Integrity Depends on Security-Challenged Firms 

RelatedMicrosoft Disrupts Election-Related Domains Used by Russian Hackers 

RelatedU.S. Sanctions Russians for Hacking, Election Interference 

RelatedSecuring the Vote Against Increasing Threats 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...