Election Day was hack free, but cybersecurity officials are still bracing for attacks
Two federal agencies say they didn't detect any cyberattacks Tuesday, but concerns remain over attempts to undermine the process in the coming days.
Election Day 2020 was free from cyberattacks, according to the US government. Concerns now focus on what comes next.
Misconfigured voting machines. An unexpected swell of voter turnout. Too much hand sanitizer. These are among the reasons that voters in states like Georgia, Ohio and Iowa experienced delays on Election Day. But rest assured, cyberattacks weren't among the problems, US officials declared Tuesday night.
While the results of the US presidential election remain unclear, officials from the Cybersecurity and Infrastructure Security Agency and the National Security Agency had a more definitive outcome across all 50 states: Cyberattacks didn't affect Americans on their last day to vote.
Hackers from Russia, Iran and China made multiple attempts in the months leading up to the election, including a last-minute voter intimidation email campaign from Iran. But officials from CISA and the NSA found that the cyberattack efforts on Election Day 2020 were much quieter compared with 2016 and 2018.
"What we've seen today is just another Tuesday on the internet," a senior CISA official said on Election Day. "For the most part today, it's been a little boring. And honestly, that's a good thing."
Throughout the day, cybersecurity officials remained on guard for attacks. They cautiously noted at several press briefings that there was still plenty of time for a hack to hit. Indeed, officials are still wary of disinformation campaigns or attacks on social media designed to undermine the credibility of the system even as the votes continue to be counted.
"We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results. The American people are the last line of defense against foreign influence efforts and we encourage continued patience in the coming days and weeks," CISA Director Chris Krebs said in a statement on Wednesday.
Election security has been a major concern since Russian cyberattacks interfered with the US presidential race in 2016. Hackers stole voter registration data in two Florida counties and accessed Democratic National Committee's emails, but they weren't able to affect the vote count.
Still, as security researchers demonstrated how easy it is to hack voting machines and because the 2016 election showed a jarring vulnerability to democracy, the Department of Homeland Security established CISA in 2018, with a focus on securing election infrastructure.
That's meant building relationships with election officials across all 50 states over the last few years. Compared with almost no communications in 2016, nearly 500 election officials on Tuesday were connected through CISA, sharing insights on any hacking attempts or technical issues affecting voters.
"We've had four years to get ready for this one. I think the state and local officials deserve a lot of credit for improving their systems," CISA officials said Tuesday.
Midnight shift
While it remained quiet on Election Day, protecting the presidential race from foreign influence could become more difficult in the days after polls close.
Both CISA and the FBI have already warned about disinformation campaigns following Election Day, which could come through hacks on election results websites or as propaganda on social media.
"The attack surface is shifting from the actual voting process itself into the counting, canvassing, auditing and through the certification over the next several days and weeks," a senior CISA official said.
The day after Election Day, NSA Director Paul Nakasone said the agency would be continuing to watch for hacking attempts while votes are being counted.
As votes continue to be counted, @US_CYBERCOM & @NSAGov teams continue standing the watch - countering foreign adversaries that seek to interfere in our electoral processes.
— General Paul M. Nakasone (@CYBERCOM_DIRNSA) November 4, 2020
Millions of mail-in ballots still need to be counted in several states, and the uncertainty around the results leaves a window of opportunity to sow doubt in the outcome. While CISA is able to monitor cybersecurity through sensors and reports from local election officials, containing disinformation is a different matter.
Along with election officials, CISA is working with social networks like Facebook, Twitter and Google that have their own policies for handling disinformation. The agency also established its own "Rumor Control" page to dispel false election information.
Krebs asked American voters for patience with voting machines at the start of Election Day. By the end of it, the agency echoed the call, this time about posting on social media.
"Be skeptical, and don't share things that aren't verified," a senior CISA official said at the agency's last press briefing on Tuesday night. "That's kind of the landscape as we see it over the next several days, and even in the next week."
Technical difficulties
The concern for the coming days comes after a quiet Election Day from a cybersecurity front, where most of the problems stemmed from technology malfunctions across the US.
Voters in Spalding County, Georgia, and Franklin County, Ohio, were among the first to report issues from electronic pollbooks, causing hours of delay for voters on Tuesday morning.
Franklin County's technology malfunctioned because an unexpected rise in voter turnout created too much data to upload, while Spalding County's outage happened because of an unapproved, last-minute update that caused a glitch, according to Politico.
But not all voting machine flaws came from software glitches. At a polling site in Des Moines, Iowa, ballot counts were briefly delayed after hand sanitizer from voters left residue on the ballots and jammed a tabulator, according to Kevin Hall, the communications director for Iowa's Secretary of State.
These delays didn't impact the overall vote tally, and the counties also had paper backup plans in place. The constant communication with CISA among election officials helped the agencies quickly identify if issues were coming from unexpected errors or a malicious cyberattack.
"Technology is used to increase access and improve accuracy of the voting process, but also technology is not a single point of failure and there are resilience measures in place that you can switch over to," a senior CISA official said Tuesday. "We're seeing early indications of resilience of voting in action."
At the start of Election Day, Krebs said that such issues happen every election and urged Americans to be patient and resist jumping to the conclusion that their vote was hacked.
By day's end, the agency was confident that voters had heeded Krebs' warning, pointing at the high voter turnout as evidence of trust in election security.
Even though the glitches happen every election, they can still be fuel for disinformation campaigns, as Russian propaganda efforts used a video of a malfunctioning machine to claim that the 2016 election was rigged. Now election officials are looking to lower the number of technical issues with voting machines to help extinguish future disinformation efforts.
"There will be a lessons-learned process that every state's going to go through," a CISA official said. "We here at CISA and working with the Election Assistance Commission and state partners will continue to go through some of the things that we're seeing out there, and there'll be plenty of feedback."