As Americans cast votes for congressional and gubernatorial candidates Tuesday, security experts are most concerned about the spread of misinformation and disinformation that threatens to undermine the integrity of the election process. The election technology itself has receded as a concern.
State and local officials have addressed cybersecurity weaknesses and threats of hacking, the key threats seen in previous election cycles going back to 2016. Experts say Congress, federal agencies and private security firms aided those efforts.
“I think the biggest new challenge we’re seeing is the disinformation challenge,” said Derek Tisler, counsel in the Brennan Center’s Elections & Government Program. “While not actually threatening the security of elections, it is affecting how people view the security of elections, and many of the challenges can end up having the same effect.”
Congress approved more than $1 billion in federal grants to be administered by the Election Assistance Commission since the 2016 elections to help states and local jurisdictions upgrade equipment and boost cybersecurity.
The funding boost was driven by evidence showing widespread attempts by Russian spy agencies to tamper with U.S. voter rolls and voting equipment in the 2016 presidential race, although those attempts didn’t succeed.
Congress approved $380 million in the fiscal 2018 appropriations bill to improve the administration of federal elections. An additional $425 million was approved as part of a fiscal 2020 appropriations bill. And Congress approved $400 million in March 2020 as part of a COVID-19 relief package to help states prepare for elections amid the disruption of the pandemic.
Federal funding and work by government agencies such as the Cybersecurity and Infrastructure Security Agency and private companies have helped raise awareness among election administrators about cybersecurity threats to election systems, said Robert Sheldon, director of public policy and strategy at the cybersecurity research firm CrowdStrike.
“There’s just a lot more clarity about what types of pathways adversaries might use to affect outcomes” of elections, Sheldon said. “If you go back two or three election cycles ago, there was a lot of emphasis on breach and what threat actors could do if they could breach either a campaign or an elections administration entity of some kind.
“And now there’s a lot more awareness about the threats of misinformation, disinformation, and threat actors’ use of personas to amplify many themes that could affect elections just from an information operation standpoint,” Sheldon said.
While voting machines and election computers may be less vulnerable to an outright cyberattack, the spread of disinformation about voting machines and systems, combined with physical threats of violence to poll workers and election administrators is concerning, Sheldon and other experts said.
“We’re really seeing the new physical security challenge, both in terms of conspiracy theories, trying to gain physical access to voting equipment … to election systems, but also threats to the security of people who actually run elections,” Tisler said. “We’re seeing an alarming increase in threats, harassment, intimidation directed at election officials and workers across the country since 2020.”
Risk of physical harm
Jen Easterly, director of CISA, an agency in the Department of Homeland Security, told CBS News on Oct. 30 that “rampant disinformation” in addition to threats of potential cyberattacks and the danger of potential harm are key challenges for election officials.
“And yes, very worryingly, you have threats of harassment, intimidation and violence against election officials, polling places and voters,” Easterly told CBS. “Let’s be really clear: That has to stop.”
As in recent election cycles, CISA and state election officials plan to monitor online disinformation campaigns and refute false allegations in real time.
Recorded Future, a cybersecurity research and online intelligence firm, said in a report published Monday that it had identified several claims in “mainstream and alternative social media landscape suggesting that technologies deployed” by the three major makers of voting systems “will be used to falsify the results of the midterms.”
The company identified the major voting systems makers as Dominion Voting Systems, Smartmatic and Election Systems & Software.
A “vast majority of false information” targeting makers of voting systems is likely to be from domestic sources rather than foreign ones, but foreign state-owned media outlets are likely to amplify such false claims that are likely to circle back to American voters and cause distrust in the elections, Recorded Future said.
Recorded Future said it had identified false claims on Facebook, Instagram, Telegram, Gab, 4chan and other social media sites alleging that Dominion systems will be rigged for the 2022 midterms.
The group said a Russian propaganda outlet called Red Spring Information Agency, as well as the Centre for Research on Globalization, considered a front organization for Russia’s main military intelligence agency, have been seen promoting materials online casting doubt about Dominion machines.
Former President Donald Trump targeted Dominion after the 2020 election when he falsely alleged that its machines switched votes in Pennsylvania from him to Joe Biden.
After similar claims by Trump and his Republican supporters as well as some news organizations, Dominion refuted them and later filed lawsuits against Fox News, other media outlets and lawyers representing Trump for defamation. Those lawsuits remain unresolved.
Since November 2020, Trump and his supporters, including several Republican candidates in the midterms, have embraced the false notion that the 2020 election was rigged and that Biden isn’t the legitimate president.
Smartmatic and Election Systems & Software face similar false claims online, and most such disinformation is focused on key battleground states such as Georgia, Wisconsin, Arizona, Pennsylvania, Florida and Nevada, Recorded Future said.
“Election administrators in such jurisdictions should be prepared for hyper-scrutiny of both voting technologies used and administrators themselves in connection to the technologies’ functioning,” Recorded Future said in its report.
Despite federal grants, cybersecurity improvements and greater awareness of cyberattacks, some states continue to use digital voting machines that don’t have paper backups or paper ballots that can be used to audit and verify results.
In the 2020 election, 93 percent of all votes cast had a paper record, according to data compiled by Verified Voting, a nonprofit group that advocates for reliable voting systems. That was up from 82 percent in 2016, the Brennan Center said in a recent report. Going into the 2022 midterms, that number hasn’t changed from 2020, Tisler said.
“Every battleground state has a paper record of every vote,” Tisler said.
That still leaves a handful of states using voting machines that do not generate a verifiable paper record, including Indiana, Louisiana, Mississippi, New Jersey, Tennessee and Texas, according to the Brennan Center.