Security firm finds county election websites lack cybersecurity protections

Security firm finds county election websites lack cybersecurity protections
© Getty Images

Many county election websites are lacking basic cybersecurity measures that could leave voters vulnerable to misinformation, security firm McAfee said Wednesday.

McAfee threat researchers looked at county websites in 20 states and found that many county sites used .com domains instead of .gov ones, which are required to be thoroughly vetted as being official sites by government officials.

Researchers found that Minnesota had the highest percentage of non-.gov domains for county election sites at 95.4 percent, followed by Texas at 95 percent and Michigan with 91.2 percent.

ADVERTISEMENT

Steve Grobman, the senior vice president and chief technology officer at McAfee, noted in a blog post that .com and other domains can be bought by anyone, meaning that misinformation about elections could be more easily shared with potential voters.

McAfee also found that a large majority of the county sites did not enforce the use of Secure Sockets Layer (SSL) certificates, which protect visitors to a website from being redirected to fake sites and encrypt users’ personal information.

West Virginia had the highest percentage of sites without SSL at 92.6 percent. Texas was second with 91 percent, and 90 percent of Montana's sites were unprotected.

“SSL is one of the most basic forms of cyber hygiene, and something we expect all sites requiring confidentiality or data integrity to have at a minimum,” Grobman wrote. “The fact that these websites are lacking in the absolute basics of cyber hygiene is troubling.”

Elections are administered by state and local officials, with the support of federal agencies like the Department of Homeland Security.

The McAfee report was released the same day as the annual Unisys Security Index, which found that a large majority of Americans — 86 percent — are afraid of U.S. elections being compromised by foreign actors and that they may not vote over those concerns.

U.S. officials have warned of ongoing influence campaigns by nations like Russia, Iran and China ahead of next month's midterm elections. And on Friday, the Department of Justice unsealed its first charge against a Russian national tied to interfering in the midterms.

Officials have said that there is no evidence of a foreign adversary trying to interfere with election infrastructure.