Nov 11 2020

How State and Local Governments Kept the 2020 Election Secure

Election officials say working in concert with the federal Cybersecurity and Infrastructure Security Agency on cybersecurity preparations paid off.

State and local government officials have spent the past four years building up their cybersecurity defenses. On Nov. 3, those efforts paid off.

They worked to build cooperation and communication with each other and with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. They trained election officials and poll workers on anti-phishing techniques, bolstered network defenses and authentication measures, and shared threat information they received from CISA.

After Russian hackers interfered in the 2016 presidential election through social media manipulation and the theft and dissemination of Democratic Party emails, there were real concerns that 2020 could see a repeat.

However, federal cybersecurity officials at CISA say they detected no evidence of foreign interference on or after Election Day. Although CISA will maintain its operations center for 45 days after the election to continue monitoring for threats, the agency has deemed its election security efforts, dubbed “#Protect2020,” largely a success.

In a Nov. 4 statement, CISA Director Christopher Krebs said that “we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.”

Aside from a few isolated incidents, there were not many election security hiccups on Election Day itself, despite record turnout. CISA officials say they will remain vigilant alongside partners at the state and local level. Those partnerships are what helped ensure a smooth election, election officials say.

How Partnerships Helped Protect Election Infrastructure

In the runup to the election, there were widespread concerns about malicious actors spreading disinformation, hacking into voter registration databases, locking election security officials out of databases through ransomware attacks, manipulating vote tallies and potentially even targeting the power grid to disrupt the vote.

None of that came to pass, Krebs said. “We are only here because of the hard work of state and local election officials and private sector partners who have focused efforts on enhancing the security and resilience of elections,” he said in the Nov. 4 statement. “The United States government supported these partners throughout the election, bringing the full range of capabilities to bear in securing systems and pushing back against malicious actors seeking to disrupt our process and interfere in our election. CISA will continue to support our state and local partners as they move toward their certification deadlines and the official outcome of the 2020 election.”

A senior CISA official said Election Day was “just another Tuesday” in terms of cybersecurity, according to The Washington Post.

CISA spent years building partnerships with groups such as the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), an election security clearinghouse for state and local governments staffed and operated by the Center for Internet Security.

CISA also built up strong working relationships with groups including the National Association of State Election Directors and National Association of Secretaries of State, both of which commended the cooperative election security efforts.

“One of the big lessons learned from 2016 was that information sharing needed to improve significantly, so we put processes in place as a community to better share security information from the federal level to state and local election officials, as well as from election officials to our federal partners,” says NASED Board President Lori Augino. “The ISAC is the primary means of information sharing, including how information is shared to and from CISA and election officials, and it’s been very successful.”

Christopher Krebs, Director, Cybersecurity and Infrastructure Security Agency
We are only here because of the hard work of state and local election officials and private sector partners who have focused efforts on enhancing the security and resilience of elections.”

Christopher Krebs Director, Cybersecurity and Infrastructure Security Agency

Augino praised the advocacy of Krebs and the rest of the CISA elections security team, including Matt Masterson, a senior cybersecurity adviser who specializes in election security.

“We saw that pay off with the announcement about the voter intimidation emails prior to the election,” she says. “The team at CISA worked hard to get information to the election community as quickly as possible so we could prepare and defend ourselves and the Nov. 3 election.”

Election officials have spent the past few years exercising and preparing for a wide range of scenarios, Augino says, “which helped, because 2020 threw a lot at us.”

“States have implemented things like two-factor authentication, phishing trainings, risk and vulnerability assessments and other best practices, which have been especially valuable this year as more people have been working remotely as a result of the pandemic,” she notes.

NASS President and New Mexico Secretary of State Maggie Toulouse Oliver also praised the cooperation with CISA. “A great example of Election Day cooperation among DHS and NASS members was the DHS virtual situational awareness room, where hundreds of state and local election officials across the country shared election information with one another in real time,” she says.

There were a few minor technology-related incidents on Election Day that election officials had to contend with. For example, as Oliver notes, “the Texas Secretary of State’s election night reporting site had technical difficulties; however, they were transparent about the issue and worked quickly to remedy the situation with their vendor. The office sent out a tweet notifying about the outage and a tweet saying it was fixed, she says.

In Franklin County, Ohio, an electronic poll book could not be uploaded because the file was too large, so election workers checked voters in via a paper backup. Overall, however, everything ran smoothly from an election security standpoint, and there is “no evidence of any manipulation of voter registration data or other election-related data by malicious cyber actors,” Oliver says.

The EI-ISAC also says that its preparations, built up over the past few elections, paid off, and that the planning and reporting flows it put into place worked as they should have, according to EI-ISAC Director Ben Spear.

“None of that would have been successful without the tools deployed by and the relationships developed with the elections community,” he says. “Tools like Albert network monitoring, Malicious Domain Blocking and Reporting (MDBR), and Endpoint Detection and Response (EDR) provided us additional feeds of information to identify potential threats and correlate them across jurisdictions. Even further, the deployment of tools beyond these at the state and local level allowed election offices to quickly investigate and take action.”

LEARN MORE: CISA’s Bryan Ware explains how the coronavirus pandemic has affected cybersecurity efforts.

What to Watch For Moving Forward on Election Security

CISA is maintaining its in-person operations center at its headquarters in Arlington, Va., for 45 days after the election, and Krebs has said that Election Day only marks “halftime” in the agency’s election security efforts.

“There may be other events or activities or efforts to interfere and undermine confidence in the election,” Krebs said on a call with reporters, according to Nextgov.

“We’ve been in enhanced coordination posture now for 45 days and will continue that enhanced coordination posture for another 45 days, or as long as needed to make sure we’re sharing information with our partners,” an unnamed senior CISA official said on the call, Nextgov reports.

Additionally, Nextgov reports, the operations center will have both classified and unclassified intelligence flowing into it, and partners will include the FBI and the broader intelligence community, the Defense Department, the U.S. Postal Service, NASED, NASS, the U.S. Election Assistance Commission, both major political parties, social media and election technology companies, and others, according to CISA.

Augino adds that election officials “can’t put a bow on 2020 yet” and that there is still a lot of work ahead.

“Communication across levels of government was a notable success this year, but we can always be better,” she says. “Once we certify the results, we’ll take some time to look back and see where we can improve, both at the individual state level and at the national level.”

Oliver notes that the post-election process of counting ballots and canvassing and certifying results is a state-by-state process, and that NASS and secretaries of state “are working hard to educate the American public about the unique processes while also encouraging patience.”

Cooperation and communication continue to be “key principles in successfully administering and securing elections,” Oliver says. “Secretaries of state view election cybersecurity as a race without a finish line,” she says. “We will continue to work in cooperation with our partners to assess and mitigate risks to election systems and processes in the years to come.”

In terms of lessons learned, the EI-ISAC’s Spear says that the 2020 election underscored the importance of planning, information sharing and deploying a defense-in-depth approach. He says that the momentum and relationships built up for 2020 need to be maintained.

“We also need to continue and expand the channels of information sharing around election security threats,” Spear says. “We want our election partners to continue to look for and combat these threats all the time, not just around critical election periods. The EI-ISAC has started to quickly analyze, validate and share meaningful indicators through automation, the expansion of which would allow the ISAC and elections community to take immediate action to confront ongoing threats.”

Liliboas/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT