State and local elections officials — nervously eyeing the fall for a potential second wave of COVID-19 — are scrambling. With only five months before the presidential election, they are scouting larger polling places to enable social distancing and planning to mail and scan more absentee and mail-in ballots than ever.
But in addition to keeping poll workers and voters safe from viral transmission, there is a second major risk: how to keep the election itself secure from cyber threats.
Cyber threats to U.S. elections came into sharp relief in 2016, when Russia conducted operations to influence the electorate and infiltrate voting systems. In January 2017, the Department of Homeland Security declared elections to be “critical infrastructure” and embarked on an extensive cybersecurity support effort. It established, for example, the Elections Infrastructure Information Sharing and Analysis Center which provides elections officials with cybersecurity alerts, vulnerability assessments and response aid when experiencing a cyberattack.
But now the pandemic has devastated state budgets. HAVA fund administrators at the federal Elections Assistance Commission felt compelled to issue guidance saying states can use these funds for health-related safety needs.
This was necessary and prudent; mitigating the health risks and reassuring anxious voters is paramount to ensuring a smooth running of the election in the fall. States are furiously rolling out new processes, scouting polling places that can accommodate social distancing and preparing for unprecedented volumes of absentee and mail-in ballots. Each of these moves is costly, however, and states must pursue all of them simultaneously. A recent Brennan Center report argues that states will need significantly more funding to prepare for the November election, noting for example that the federal grant would only cover roughly 10% of the estimated $110 to $124 million Georgia alone would need to spend between now and Election Day.
Meantime, the cyber threats to voting systems have not diminished; indeed they may be elevated as adversaries see an opportunity in the crisis. Even as they rush to buy high-speed optical ballot scanners and distribute vote-by-mail request forms, election officials must continue to safeguard their (old and new) IT infrastructure. Voter registration databases, electronic pollbooks used to check in voters, websites publishing vital information about changes to voting processes — all these need to be kept secure. States are likely to need yet more federal funding, particularly given that most states will have to balance their budgets even as tax revenues crater this year.
Other options are available to states — and all of them may be needed. The federal government, for instance, could offer assistance via Homeland Security’s cybersecurity agency, which could corral resources and manpower from the Department of Defense (including the National Guard), FBI and the intelligence community.
Private companies — including Microsoft, Akamai and Cloudflare — provided free cybersecurity services to elections officials in the run-up to the 2018 midterm elections. They could renew that offer of help. Other private companies could add their support and provide software, hardware or other equipment needed to support safe polling places, efficient and secure remote voting options, and the public education campaigns needed to tell citizens about their voting options.
And finally, all citizens should figure out early on their voting options and make a plan for how they are going to vote. The integrity of our elections is central to the health of our democracy, no less so now that we also have to worry about the health of voters.