Election Infrastructure

The people of the United States are committed to free and fair elections. Virtually all federal, state and local elections employ computer-based technologies to manage voter-registration data, record votes and tally ballots. Many of these systems suffer from software and physical security flaws that could allow criminals or dedicated foreign adversaries to disrupt voting processes or alter the public’s faith in election results.

The Department of Homeland Security has designated election infrastructure as a critical infrastructure, but because state and local jurisdictions plan and carry out elections, governors and secretaries of state are responsible for ensuring that they are secure against tampering.

Why is Election Security Unique?
  • Few experts understand cybersecurity and election processes, leading to impractical advice;
  • State election officials, not governors, usually take the lead; and
  • Local jurisdictions possess autonomy when it comes to election decisions.
What are the Essential Terms?

Voting Systems (Voting Machines)

  • Record voter intent;
  • Isolated from the Internet (usually);
  • Subject to standardized testing.

Election Systems

  • Voter registration, vote tabulation, etc.;
  • Far more complex than voting systems; and
  • No standardized testing procedures.
What Can Governors Do?
  • Recommendation 1: Develop a plan now

    When one election ends, officials begin preparing for the next one. Governors should work now to integrate security improvements into that process. Because of legal restrictions, the closer it gets to an election, the more difficult it is to change anything that can improve cybersecurity. Additionally, the sooner states can present a plan, the easier it will be to justify as a calm, prudent move, instead of a rushed action that invites speculation or misinterpretation.
  • Recommendation 2: Broaden focus beyond voting machines

    While many voting machines possess critical security vulnerabilities, in most cases, hackers would need physical access to individual machines to manipulate an election. More serious risks arise from the sheer complexity of election systems that are connected to the Internet. It is these types of systems that criminals and foreign adversaries are more likely to attack.
  • Recommendation 3: Rely on paper and redundancy

    One of the most serious threats to election security is disruption: cyberattacks that infiltrate election systems to sow disinformation and slow or disrupt operations on election day. Governors should work hand-in-glove with the legislature and state election officials to ensure that local election officials have hard copy backups of voter rolls and registration files, approved ballots and other necessary documents.
  • Recommendation 4: Develop a framework for emergency action

    Governors should establish and test a specialized response framework prior to the next election. It should enable quick coordination between the governor’s office, independent security experts, local election officials, political parties and election campaigns. Such an arrangement must account for federal, state and local laws regulating communication between campaigns and election officials.