How State and Local Governments Are Securing the 2026 Midterm Elections

Heading into the 2026 midterm elections, local election officials face a shifting threat landscape. While physical security remains a priority, the digital battlefield has grown more complex, fueled by advancements in artificial intelligence and the proliferation of tailored social engineering attacks.

“I think the way that election officials are looking at this, as we head toward the midterms, is you need to prepare for everything that we’ve seen and everything that we haven’t seen yet,” says Derek Tisler, counsel and manager in the Brennan Center for Justice’s Elections and Government program.

Crucially, the danger today is often less about a direct attack on the vote count and more about disrupting the administration of the election itself. Paralyzing a voter registration database or taking down an election results website can sow doubt about the integrity of results and create significant operational bottlenecks. 

“Even if it’s not going to undermine the accuracy of the vote count or stop any eligible voters from voting, if your electronic poll books are down on election day, for example, there may be backup procedures where you can switch to a paper list, but it might mean that voting is slower,” Tisler says.

In response, state and local governments are hardening their defenses. They are turning to technology partners to implement comprehensive endpoint detection and response (EDR), enforce network segmentation, and build infrastructure that ensures security does not come at the expense of the voter experience.

Los Angeles County Embraces Comprehensive Security

Rather than relying solely on endpoint monitoring tools, the Los Angeles County Registrar-Recorder and County Clerk has adopted a multilayered strategy that integrates controls for strict data governance, risk and compliance, infrastructure monitoring, and identity and access management.

It also encompasses application security, security operations and incident response, social media monitoring, countermeasures for misinformation, aggressive user training, and continuous assessment and improvement to strengthen the county’s overall security posture.

All critical, election-specific systems, including custom-designed voting machines, are isolated in an air-gapped network.

For the remaining infrastructure, the county deploys Cradlepoint E3000 routers to create secure, temporary networks at voting centers. The county uses Cradlepoint’s NetCloud Manager to monitor all network traffic in real-time, allowing it to switch carriers instantly via 4G, 5G or satellite if one network becomes jammed or compromised.

Only authorized devices with fresh security certificates (specifically, Apple iPads used as electronic poll books) are allowed to connect to these secure routers.

READ MORE: CISA helps states and localities with cybersecurity training.

But technology is only one part of the equation. Bhullar emphasizes a human-centered design philosophy where security is baked into the foundation of the voting experience.

“Whether we’re procuring vendor solutions or developing applications in-house, we maintain a security-first design philosophy while ensuring the user experience remains intuitive and accessible,” Bhullar says. “We’re committed to deploying technology that accelerates productivity and enhances capabilities, ensuring it functions as a strategic asset rather than a barrier to progress.”

This approach includes a multilayered security program. All critical, election-specific systems are isolated in an air-gapped network. For the remaining systems — such as public-facing servers and voter registration databases — the county strictly enforces network segmentation and zero-trust principles, ensuring users only get access to the systems they explicitly need.

Because threats continually evolve, the county also uses comprehensive intrusion detection and prevention mechanisms to guard against ransomware. These protections are backed by regular tabletop security exercises, Bhullar says, “to ensure all stakeholders understand their roles and can execute our response protocols when an incident requires coordinated human intervention.”

Layered Defenses Protect Election Operations

In St. Louis County, Mo., election officials are working closely with their IT department and technology partners to fortify their network backbone as they roll out a new election management system ahead of 2026.

Eric Fey, a director of elections for St. Louis County, notes that the threat landscape is a “constant chase” against sophisticated actors. The county recently underwent a biennial cybersecurity risk assessment and is focusing heavily on defending against “tailored incursions” and social manipulation.

DIVE DEEPER: Artificial intelligence is transforming the modern firewall.

On Election Day, the county maintains a strict separation of assets. Ballot printers, ballot scanners at polling places and accessible devices for voters with disabilities operate in a completely air-gapped system, Fey says.

However, the electronic poll books used to check in voters are connected via a cellular network. To manage this securely, the county can remotely shut down a poll book if it goes missing, or correct a mundane check-in error from a central location, ensuring polling places keep moving without exposing the wider network to risk.

As part of its defense-in-depth strategy, the county deploys Fortinet’s FortiGate firewalls to secure its enterprise.

Securing the Front Door to Preserve Public Trust

In Nebraska, state officials are similarly focused on protecting the infrastructure connected to the internet. While actual vote tabulation systems remain disconnected from the web, “front door” systems such as voter registration portals remain a prime target for disruption.

For the Nebraska Secretary of State’s office, securing these public-facing systems is vital, not just for operations but also for combating misinformation. According to a representative, the office encourages counties to deploy robust EDR tools on their internet-facing systems.

The state emphasizes that tabulation equipment is completely and physically isolated, including from the voter registration database.

“Protection provides reputation,” the spokesperson says. “Our strategy has remained consistent to bolster the cybersecurity posture of all counties, regardless of size,” including all government websites, email addresses, EDR tools and dedicated IT or managed service providers.

For example, Nebraska’s Lancaster County relies on EDR solutions from CrowdStrike to protect its public-facing websites.

However, a successful attack on a public website can easily be weaponized by bad actors into a false narrative, making voters believe the entire election system is compromised.

“People may not understand that there are backup records available, that there are alternative procedures in place to allow eligible voters to cast their ballot,” Tisler says. “They think that the entire system may then be compromised, even though there are a completely separate set of safeguards around that equipment.”

Ultimately, local governments realize they cannot face these threats alone. Whether through internal county IT departments, state-level collaboration or private sector vendors, a coalition approach is required.

“We maintain direct ownership of our cybersecurity operations rather than fully outsourcing our security posture,” says Bhullar. “However, strategic partnerships with external agencies remain essential to our defense-in-depth approach.”