Oct 25, 2022 - Technology

U.S. officials eye a complex web of election cybersecurity threats

Illustration of a lock over abstract images of ballots.

Illustration: Aïda Amer/Axios

Two weeks out from Election Day, U.S. officials are staring down a complex map of election security concerns that go beyond the now-expected foreign hack-and-leak operations.

The big picture: Heading into this year's election, a web of domestic and foreign disinformation campaigns, physical threats to poll workers, and 2020 election deniers running for political office are complicating election security officials' jobs.

Why it matters: It's no longer enough to properly secure a ballot box and the country's election infrastructure from hacking attempts.

  • Federal, state and local officials also have to get ahead of any potential disinformation campaigns that aim to lie and convince Americans that routine cybersecurity practices and audits don't work.

Driving the news: Throughout the last month, U.S. officials have been on a media blitz and releasing public service announcements to ensure voters know their votes are safe this year.

  • The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a PSA on Oct. 4 concluding that malicious cyber activity is "unlikely to disrupt or prevent voting."
  • CISA Director Jen Easterly told reporters earlier this month that "at this time, we are not aware of any specific or credible threats to compromise or disrupt election infrastructure."

Between the lines: One of officials' best tools is to "pre-bunk" any fake information about the elections before it comes out.

  • In their public messaging, CISA and the FBI have been highlighting information provided by state and local election offices, said Suzanne Spaulding, a former Department of Homeland Security official and current senior adviser at the Center for Strategic and International Studies, at an Axios event last week.
  • "There's a little bit more trust at that level, and there's a lot of mistrust in the federal government," Spaulding added.

Details: Government and campaign officials are still eyeing a number of threats that could emerge in the next few weeks before and after the elections.

  • Earlier this month, the FBI warned Republican and Democratic state party headquarters that Chinese hackers could be targeting their operations, according to the Washington Post.
  • Cybersecurity firm Recorded Future warned this month that both Russian and Chinese state-sponsored actors are likely to conduct "malign influence operations" targeting U.S. audiences to sway perceptions of the elections.
  • The intelligence community is also expected to release a bulletin this week warning of Chinese and Russian cyber threats, Politico reports.

Failing to get ahead of these threats could not only lead to increased physical harassment of poll workers and voter intimidation at the ballot boxes, but also possibly encourage more election workers to conduct breaches.

The intrigue: Since 2016, officials and campaigns have become better aware of the threat cyberattacks and disinformation poses to elections, says Will Adler, senior technologist on the elections and democracy team at the Center for Democracy and Technology.

Yes, but: The web of election security threats could get even more intense in future elections as hundreds of 2020 election deniers run for public office this year — creating an opportunity to spread conspiracy theories and lies about election security.

  • "Some of them are running for governor or secretary of state, and they're going to be in a position to actually change the way that elections are run or to create doubt when it comes time to certify results in 2024," Adler says.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper