Election Security 2020: Why Did Things Go Right This Time?

On the eve of the election, CISA prepared a virtual war room to allow election officials to quickly report and address potential cybersecurity threats. The war room could remain in operation until the election is formally certified when electors cast their votes in mid-December. Moreover, U.S. Cyber Command officials informed the New York Times that it sent teams across the globe to identify and undermine foreign hacking groups ahead of the election. This reproduced efforts used before the 2018 elections and exemplify U.S. Cyber Command’s strategy of “defending forward” and persistent engagement

Cyberattacks on Election Infrastructure
Despite considerable efforts undertaken by the U.S. government to prevent cyberattacks from targeting state and local networks before the election, there were nonetheless a handful of incidents. 

The FBI and CISA issued two major advisories on October 22, stating that Iran [PDF] and Russia [PDF] had breached state and local government networks. The week after, the two agencies revealed that Iranian hackers had also probed state election websites. This allowed them to access non-public voter registration data in Alaska, resulting in the mass dissemination of voter information and threatening emails sent to registered Democrats.

There was also one documented case of a ransomware attack that compromised election infrastructure in Hall County, Georgia. After county officials failed to pay a ransom to the attackers, voters’ private information was published on a website belonging to the DoppelPaymer ransomware group, which is believed to be based in Russia. The leaked information included voter names and registration numbers, an inventory of election equipment, and ballots identified to contain mismatched signatures.

Despite these incidents, U.S. officials repeatedly sought to reassure the public that there was no evidence that election integrity had been compromised. Moreover, there appeared to be no major cyberattacks on Election Day, with one CISA official commenting, “For the most part today it’s been a little boring and that’s a good thing — this is kind of one of those best-case scenarios that we would hope for.”

Disinformation 
As the FBI and other government agencies had warned, U.S. voters were targeted with disinformation by foreign and domestic actors often seeking to exacerbate existing social and political divisions and undermine confidence in election security.

Under intense scrutiny from lawmakers, social media companies stepped up their efforts to prevent the spread of disinformation on their platforms. In the run-up to the election, companies including Facebook and Twitter increased information sharing with the U.S. government, removed accounts known to spread disinformation on their platforms, demoted and flagged posts potentially containing disinformation, and accelerated efforts to detect and remove inauthentic coordinated activity. Either because private sector efforts were effective, attackers decided to hold off, or some combination, foreign actors appear to be playing less of a role in the spread of disinformation in this election compared to 2016.

Unfortunately, domestic actors have played an increasingly significant role in the spread of disinformation. President Trump and members of his campaign have been heavily criticized for sowing doubt about the integrity of the election, and U.S. officials warn that foreign actors will amplify these messages. Since Election Day, Facebook, Twitter, and YouTube have aimed to prevent premature claims of victory by flagging posts falsely claiming victory and adding notices to social media feeds to remind users that votes are still being counted.

Unclear Outcome
While the American public likely won’t know the final vote tally for some time, they can rest assured that no cyberattacks seem to have compromised the integrity of the 2020 election. Nonetheless, we are not out of the woods yet. As uncertainty spreads over who will be victorious, controlling disinformation is more critical than ever. It is up to social media platforms and the U.S. government to ensure that the final stretch of the democratic process is protected against false information, both foreign and domestic, that could incite confusion and, possibly, violence.

Adam Segal is the Ira A. Lipman chair in emerging technologies and national security and director of the Digital and Cyberspace Policy program at the Council on Foreign Relations (CFR). Connor Fairman is Research Associate at CFR’s Digital and Cyberspace Policy Program.Lauren Dudley is Research Associate at CFR’s Asia Studies Program. Maya Villasenor is Investment Analyst at JVP and Policy Intern at CFR’s Digital and Cyberspace Policy Program. This article is published courtesy of the Council on Foreign Relations (CFR).