WASHINGTON – Despite confirmed threats from foreign countries as well as worries about other threats to election security, security checks put in place by federal agencies seem to have worked, federal cybersecurity officials say.
On the heels Iranian interference with the presidential election and Russian hacking into state and local computer networks in late October, the Department of Homeland Security, the FBI and the Cybersecurity & Infrastructure Security Agency have been closely monitoring the 2020 election.
Acting Department of Homeland Security Secretary Chad Wolf tweeted on election day, saying, “DHS and CISA are utilizing all of our tools to ensure that every American can cast their ballot and know that their vote will count. American voters will decide this election – not our adversaries.” Wolf linked to the CISA rumor control hub, aimed at helping voters to discern misinformation and disinformation.
DHS and CISA are utilizing all of our tools to ensure that every American can cast their ballot and know that their vote will count. American voters will decide this election – not our adversaries. https://t.co/fqFJynUa8L #Protect2020 pic.twitter.com/MBCznHdmnL
— Acting Secretary Chad Wolf (@DHS_Wolf) November 3, 2020
And on the day after Election Day, The Cybersecurity & Infrastructure Security Agency said there was no evidence of foreign interference.
“Importantly, after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies,” a statement released on Nov. 4 from CISA Director Christopher Krebs said. “We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results. The American people are the last line of defense against foreign influence efforts and we encourage continued patience in the coming days and weeks.
Though experts remain cautiously optimistic, David Levine, Elections Integrity Fellow at the Alliance for Securing Democracy, said that even though “the jury is still out” to see if any attempts were made to interfere with the 2020 election, he remains “cautiously optimistic.”
“After the 2016 election, it took time for Robert Mueller’s report to come out, it took time for the bipartisan Senate Intelligence Committee to put out a series of volumes that unpacked the depth the foreign interference,” Levine said. “All indications are that we’ve done pretty well. It could ultimately take some time, once the 2020 election is concluded to see whether or not there were any [foreign interference] efforts that were undertaken and how successful they were.”
Susannah Goodman, director of election security with Common Cause, said that the designation of election infrastructure as a critical infrastructure subsector in 2017 changed the game for election 2020.
“It’s been an extraordinary development,” she said.
“Jeh Johnson, who was then secretary of the Department of Homeland Security, declared that election infrastructure would be deemed critical infrastructure,” Goodman said. “So it would receive the attention from the Cyber Chief equivalent to the attention that nuclear power plants and the electrical grid and the financial industry get in terms of protection and from foreign interference.”
The designation also gave state and local governments access to critical reciprocal information sharing to detect and combat election security threats.
“Before 2016, state and local election officials got very little information, if any, from the intelligence community. They have really good working relationships now, with the Elections Infrastructure Information and Analysis Center,” Goodman said.
Philip Stark, a professor at the University of California, Berkeley who serves on the United States Election Assistance Commission Board of Advisors, said that although DHS has stepped up election security, but more needs to be done.
“We’re recommending that the primary mode of voting be hand-marked paper ballots, with technology only for voters who require assistive technology …,” Stark said. “Instead, we’ve seen states either have no paper record at all or have a paper record that’s generated by the computer. There’s now good evidence that voters don’t check whether the computer-generated paper matches what they intended or did or saw.”
Stark also said that electronic voting machines are vulnerable to threats, from supply chain attacks to malware.
“There are so many ways that malware can enter these systems from supply chain attacks, attacks during configuration…,” he said. “There’s just lots and lots of ways that they can be misconfigured or have malware installed.
Stark says that public auditing presents a solution, both to vulnerabilities and increasing transparency for the public.
“So there’s a number of things that you need to have in place for the kind of auditing that I work on to be really helpful and probative. First and foremost, you need to be capturing votes primarily on hand-marked paper ballots, not on touchscreen voting machines. You need good physical chain of custody of those ballots,” Stark said. “If you’re talking about vote by mail ballots that voters that we really do check the signatures in a proper way and give voters an appropriate amount of time to remedy defects.”
Levine also cautioned that foreign disinformation campaigns will continue so state and local election officials must be vigilant and voters must maintain a healthy dose of cynicism on social media.
Levine sees fighting misinformation as a key part of improving voters’ trust in the election system and its legitimacy.
“We’ve continued to see large segments of the American populace that still have concerns in terms of their confidence in the election, in our election system,” Levine said.