Thanks to a nationwide pandemic and fears of long delays, more than 90 million Americans already have voted either in person or by mail. The record early turnout could mean that today, Nov. 3, will see far fewer Americans physically showing up to vote at precincts across the country than in typical presidential election years, therefore easing the technology and cybersecurity burdens on voting systems.
Expanded early voting across the country was a key part of what is known as a “resilience concept” in cybersecurity, said Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.
Having voters cast their ballots in a staggered manner over a couple of weeks or more means any attacks or technical glitches on Election Day would likely lead to fewer delays and less panic than otherwise, he told reporters late last week at a briefing.
Nevertheless, the agency and hundreds of state and local election officials are bracing for nuisance attacks on Election Day, and the days after that could result in defacement of election websites, denial of service attacks that could slow down or crash websites, and exaggerated claims from foreign adversaries about attacks that far exceed their capabilities, Krebs said.
The agency known as CISA was created in the aftermath of the 2016 election when Russian intelligence agencies broke into voter registration systems in nearly two dozen states and also hacked the Democratic National Committee’s email server. The DHS scrambled to declare election systems as critical infrastructure yet faced a backlash from state officials, particularly in Republican-led states, who feared that the federal government was encroaching on their turf.
Since then the agency has worked with state and local election officials who oversee federal elections in more than 9,000 jurisdictions to help them beef up their cybersecurity, share intelligence on attacks and disinformation campaigns, and help monitor their networks for breaches.
CISA worked the 2018 midterm congressional election and the Democratic primaries as trial runs for the main event: the 2020 presidential race.
The agency operates an election monitoring hub from a location in Northern Virginia where representatives from intelligence agencies, the FBI, officials from the Election Assistance Commission, the U.S. Postal Service, executives from private companies that supply voting equipment, representatives of political parties, and social media companies come together to monitor all aspects of voting, tabulating and announcement of results.
State election officials are connected to the hub, sharing information back and forth on any phishing or malware attacks and localized disinformation campaigns.
The hub has been operating at an “enhanced posture” for the past 40 days, and CISA plans to keep operating for as long as state officials want the agency’s assistance, Krebs said, adding that it’s also likely to be driven by U.S. intelligence agencies’ assessment of likely threats.
A large wall-mounted screen at the monitoring hub shows when each state opened for early voting or began collecting mailed ballots. A progression of colored dots shows state-by-state deadlines for receiving mailed ballots, which states allow counting of mailed ballots before Election Day and on Election Day, and each state’s deadline for reporting final tallies. The federal deadline for final official tally of votes is Dec. 14.
Dots representing key deadlines spread out over a number of weeks has allowed CISA to mount a better defense than focusing all its energies on Election Day, Krebs said.
CISA has used the last two election rounds to build a baseline model of what might be considered a normal cycle so it can then quickly understand what abnormal looks like, said Alexis Wales, the agency’s mission manager for the operations hub.
The hub is divided into analytical cells that monitor and analyze internet traffic flowing into and out of every state and election jurisdiction system, and conveys its assessment to state officials, Wales said.
Krebs said the agency’s preparations helped identify and share information with state officials and the American public about Iranian operators sending emails pretending to originate from a white supremacist group, which called on voters to support President Donald Trump. Krebs, along with FBI Director Christopher Wray and Director of National Intelligence John Ratcliffe, announced the findings on Oct. 21.
CISA also expects Russian, Iranian, Chinese and other foreign adversaries to make claims on and after Election Day about breaking into voting systems or saying that they manipulated results, but based on threat modeling by U.S. intelligence agencies during the past two years, many of those claims are likely to exceed the capabilities of those adversaries, Krebs said.
At the Department of Defense, it is likely that the National Security Agency, which monitors overseas communications, and the U.S. Cyber Command have taken a measure of adversaries’ capabilities and are able to say with some confidence which claims may be valid and which ones may be just empty bragging.
But if a particular claim by a foreign spy agency appears to be valid, CISA plans to brief reporters and election officials quickly, Krebs said.
CISA has launched a rumor vs. reality page that seeks to debunk online disinformation campaigns. The agency also has released a graphic novel called Real Fake that illustrates a female U.S. gamer who busts a Russian disinformation campaign that had been using deepfake technology to trick Americans about a lawmaker.
Although independent election security experts have said they’re most concerned about disinformation flowing out of the White House and Trump’s Twitter feed, CISA doesn’t plan to specifically rebut the president’s claims, Krebs said.
Instead, the agency’s rumor vs. reality website would aim to debunk fake claims and disinformation in general, he said.
Given the diversity of the U.S. election system, which is managed at the state and local levels and includes about 9,000 jurisdictions, across-the-board foreign interference would be difficult, Krebs said.
Krebs said that unlike 2016, when multiple states had no backup to their electronic voting systems, about 95 percent of American voters are likely to be casting their ballots on systems that produce a paper backup. In the event a cyberattack succeeds, election officials can audit the final results using physical evidence, he said.