CISA: Election Security Still Under Threat at Cyber and Physical Level

400tmax/Getty Images

Threats enacted by state-sponsored actors during the 2022 election have highlighted the need for “continued vigilance” in upcoming elections, said CISA Election Security Advisor Kim Wyman.

Federal cyber leadership doubled down on the need to continue to fortify election security at both the local and national level as threats from foreign and domestic actors will still be a problem ahead of the 2024 presidential election.

“We face continuing threats from a growing number of foreign state sponsored threat actors intent on targeting our election infrastructure and voters through cyber activity and malign foreign influence operations,” Kim Wyman, the senior advisor for election security at the Cybersecurity and Infrastructure Security Agency said during a panel discussion hosted by the University of California, Los Angeles, on Friday.

Wyman said that in the wake of the tumultuous 2016 presidential election, the security of the digital election infrastructure of the U.S. has made “incredible progress” in improving voting systems’ resiliency. She also noted that while law enforcement and regulatory bodies saw “no evidence” of deleted or lost votes within the 2022 election, state-sponsored threats were documented.

“We did however, see activity from sophisticated state sponsored threat actors that is cause for continued vigilance,” she said. “Our adversaries continue to see our elections as opportunities for interference and influence.”

Heading into future elections, Wyman recommended basic cybersecurity practices, including using multi-factor authentication, updating software, improving physical security and exercising incident response plans along with public education on voter security.

“Election officials should be reviewing and updating procedures designed to detect, prevent, respond and recover from threats, including insider threats,” she said. 

As CISA works to advise state elections officials and policymakers on election security best practices, Wyman noted that secrecy and ballot confidentiality pose challenges to rectifying potential cases of voter fraud. 

Ensuring voters are aware of focal points where cyberattacks can occur via an electronic ballot is also a priority for CISA ahead of election season.

“CISA promotes the audibility of all election systems across the entire process,” she said. The agency worked with the the National Academies of Science, Engineering and Medicine to better secure digital voting, but quoted a report authored by the academics suggesting that the technology for absolute security for digital ballots is not yet present.

“We do not at present have the technology to offer a secure method to support Internet voting,” Wyman cited. “It is certainly possible that individuals will be able to vote via the internet in the future, but technical concerns preclude the possibility of doing so securely at this present time.”

In coordination with other organizations, CISA has been working to educate the larger public and election officials about all aspects of voting security, running exercises such as “Tabletop the Vote” ahead of midterms to prepare for both the potential cyber and physical threats during an election cycle.