Election officials race to combat cyberattacks

Election officials race to combat cyberattacks
© Nicole Vas

A year before the midterm elections, state election administrators are racing to plug vulnerabilities and update software ahead of an expected wave of cyberattacks from foreign actors.

In interviews, state officials and elections experts said they are working to bolster internal security at both the state and local levels. At the same time, many said they hope Congress will act to update federal election law, in part to provide them with the resources they need to secure the democratic process.

“No matter what steps we take today, cybersecurity and the cyber risk evolves and changes daily, and we just have to be vigilant and diligent going forward,” said Vermont Secretary of State Jim Condos (D). “Anybody that thinks, ‘today I’ve got it covered,’ and washes their hands of it is fooling themselves.”


Condos is the president-elect of the National Association of Secretaries of State, which has established a cybersecurity task force to share best practices among different state agencies. Condos said states are being encouraged to use cybersecurity experts in their National Guards to help secure systems, and to provide free software upgrades to local election administrators.


Those local election administrators may represent a prime vulnerability for foreign actors. Localities in most states actually run elections, and many are woefully understaffed, underfunded and behind the technological times.

“Locally, in some places, we’re very vulnerable to attack,” said Michael McDonald, a University of Florida political scientist who has worked with states to bolster election security. “Those local election officials in many cases don’t have the same capacity to protect themselves from attacks and respond to attacks, because they just don’t have the resources.”

Several states have also enlisted new security software aimed at discovering fake news spread on Facebook and Twitter, like incorrect information about where and when to cast ballots that could lead voters astray.

Condos is also one of a handful of election administrators working with the Department of Homeland Security (DHS) on a multistate information sharing and analysis center. The center, which includes officials from the FBI, the Election Assistance Commission and other security agencies, acts as a clearinghouse for information about incoming cyberattacks.

DHS and FBI agents have been on the ground in Virginia, where voters went to the polls Tuesday, to combat any potential Election Day assaults. 

Edgardo Cortés, the commonwealth’s elections commissioner, said his office’s pre-election planning has “taken on a different feel this year” after Russian-backed hackers tried to penetrate voting systems in nearly two dozen states. Virginia replaced hundreds of touch-screen voting machines with new machines that will leave an auditable paper trail.

In California, Secretary of State Alex Padilla (D) has ordered constant security testing of any vulnerable system.

“It’s a nonstop effort for us. We know that as technology evolves, so will the sophistication of those who would do us harm,” Padilla said in an interview.

Some secretaries expressed concern that the federal government has not done enough to embrace the urgency of the threat. Padilla and Condos, among others, were critical of DHS for failing to let them know in a timely fashion whether or not they had been targets of cyberattacks.

“Unfortunately, we have a White House in denial, but every day that goes by that they continue to be in denial is one day less that we have to prepare,” Padilla said.

Condos said DHS had failed to keep secretaries in the loop in part because state officials do not have security clearances necessary to give them a look at secret or top secret information. The national group is working with DHS to obtain clearances for top election administration officials.

In Virginia, Cortés said his relationship with Homeland Security officials had improved over the last year. DHS has worked with the elections office to identify holes that needed to be plugged, he said.

But Cortés warned that there is still work to be done ahead of next year’s midterms.

“We’ve got a year at this point until the midterms. There’s no way to change that time frame, so that’s really going to be the biggest challenge — doing as much as possible knowing there’s that amount of time,” Cortés said. “If you’re still worrying about certain things come Election Day, you’ve missed the time frame to be able to do anything.”

Most states hope Congress takes up some new version of the Help America Vote Act, the 2002 law passed in the wake of the deadlocked 2000 election that gave states the resources to purchase updated voting machines. 

“We’re now at a point where those machines are 15 years old, and we’re going have to look at updating our systems,” Condos said.

Padilla said the threat of cyberattack raises anew the prospect of a closely fought election that comes down to disputed results.

“It’s not butterfly ballots and hanging chads,” Padilla said. “Now we’re talking about cybersecurity.”

Morgan Chalfant contributed.