Study finds election officials vulnerable to cyberattacks

Study finds election officials vulnerable to cyberattacks

Election administrators across the country are vulnerable to cyberattacks that originate through malicious phishing emails, a report released Monday found.

The report, compiled by cybersecurity group Area 1 Security, found that over 50 percent of election administrators have “only rudimentary or non-standard technologies” to protect against malicious emails from cyber criminals, with less than 30 percent using basic security controls to halt phishing emails. 

The study also found that around 5 percent of election administrators use personal emails, which are seen as less secure than government emails, and some election administrators use a custom email infrastructure known to have been targeted by Russian military hackers during prior elections. 


Email phishing is a key way hackers infiltrate networks, with hackers attempting to trick individuals into clicking on malicious links or attachments or providing sensitive information in other ways that allows the hacker to access a network. Area 1 Security noted that 90 percent of cyberattacks begin with a phishing email.

The security researchers at Area 1 Security noted that while the diversity of election systems and infrastructure across U.S. election jurisdictions would make it “impossible” for a nationwide hacking incident to occur, the low email security standards could easily lead to localized cyber incidents. 

“The disparate approaches to cybersecurity by state, local and county officials is such that should a cybersecurity incident occur in one small town, whether in a ‘battleground state’ or not, even if statistically insignificant, could cause troubling ripple effects that erode confidence in results across the entire country,” the researchers wrote in the report. 

The researchers urged election administrators to stop using personal email accounts and custom email infrastructure, and advocated for Congress to send further election security funds to help states bolster cybersecurity prior to the November general elections. 

Congress appropriated $425 million to states for election security in December as part of the 2020 spending bills, and another $400 million as part of the CARES Act coronavirus stimulus bill in March. Many officials and voting rights advocates have argued that more funds are needed to allow states facing huge budget shortfalls due to the pandemic to hold safe and secure elections this year. 


“States are in different stages of cybersecurity readiness,” the researchers wrote. “Most are not very close to be able to ensure a safe election and it is only going to be exacerbated the longer it takes for them to get the resources and expertise needed to make changes.”

Email phishing attacks targeting campaigns have already taken place during the 2020 election cycle. 

Staffers on both the 2020 presidential campaigns of President TrumpDonald TrumpNew Capitol Police chief to take over Friday Overnight Health Care: Biden officials says no change to masking guidance right now | Missouri Supreme Court rules in favor of Medicaid expansion | Mississippi's attorney general asks Supreme Court to overturn Roe v. Wade Michael Wolff and the art of monetizing gossip MORE and former Vice President Joe BidenJoe BidenOvernight Defense: Senate panel adds B to Biden's defense budget | House passes bill to streamline visa process for Afghans who helped US | Pentagon confirms 7 Colombians arrested in Haiti leader's killing had US training On The Money: Senate braces for nasty debt ceiling fight | Democrats pushing for changes to bipartisan deal | Housing prices hit new high in June Hillicon Valley: Democrats introduce bill to hold platforms accountable for misinformation during health crises | Website outages hit Olympics, Amazon and major banks MORE have been targeted by foreign hackers in recent weeks. An Iranian-linked threat group also reportedly targeted the Trump campaign and other groups through attacking Microsoft email accounts during a 30-day period last year. 

In 2016, Russian agents hacked into Democratic National Committee networks and email accounts of staffers on the presidential campaign of former Secretary of State Hillary ClintonHillary Diane Rodham ClintonJill Biden takes starring role at difficult Olympics Club for Growth goes after Cheney in ad, compares her to Clinton Sanders to campaign for Turner in Ohio MORE, stealing thousands of pages of sensitive emails.