Election Question: What steps have been taken to protect the nation’s election systems from potential interference by foreign powers like Russia? Have voting systems been “hardened” in any way?
Answer: Federal, state and local officials prioritized securing voting systems after Russia interfered in the 2016 election, breaking down bureaucracy to improve communication of potential threats, conducting security reviews and installing network sentinels to detect known cyberthreats and suspicious activity.
A key step was the January 2017 decision by the outgoing Obama administration to designate the election systems as “critical infrastructure” on par with nuclear reactors, banks and the electrical grid. The Department of Homeland Security and its cybersecurity agency have since worked to build relationships with election officials, giving top state election officials security clearances so they can quickly receive sensitive threat intelligence.
After the 2016 interference, state election officials complained that they were not alerted until nearly a year later that Russians had conducted extensive scanning of election systems, specifically targeting voter registration systems.
Communication is vastly improved heading into November, though the threat is unchanged. U.S. intelligence chiefs continue to warn Russia, China and others could interfere in the presidential election beyond so-called “information operations.” There is been no indication as yet of any cyber-related attacks directed at election systems.
One of the most feared threats is a well-timed ransomware attack that could scramble or impede access to voter registration data. State election officials have been working to build redundancies into their systems so they can recover quickly in the event of an attack.
Beyond providing comprehensive security assessments, federal officials also offer routine scanning for vulnerabilities and training around best practices. While experts say improvements have been made, they are most concerned about smaller election offices with limited IT and cybersecurity budgets.
Layers of security, including firewalls, threat-detection sensors and multi-factor authentication protocols, have been added to protect voter registration systems. Federal officials noted this summer, however, that adoption of best practices in some places was lagging and it was taking longer in some cases to fix problems identified in federal security reviews.