As a retired Air Force general officer who went on to serve as the U.S. government’s first federal chief information security officer, I have dedicated my life and career to protecting and serving a country that I deeply cherish. At its best, our country is smart, capable, and resilient. We will need to summon each of those attributes to address the growing concerns over securing this November’s election—a challenge we can and must meet.
Free and fair elections that lead to a peaceful transition of power are a central element of our country’s success. That is why there is no more urgent task for all of us—political leaders, election officials, and private citizens alike—than to address both the reality and the perception of election security concerns leading up to the November 3 election. Many of the fears expressed in recent weeks, such as potential hacking of election machines or the possibility of widespread mail-in ballot fraud, have been overstated. Others, such as the deluge of disinformation targeting the electorate and the impact of the pandemic on election logistics, are cause for clear concern. Taken together, these threats—both real and perceived—pose an unprecedented challenge to our democracy that demands our full commitment to proactively address them between now and Election Day.
A recent election security survey from nonpartisan technology association ISACA shows that misinformation (bad information unwittingly shared) and disinformation (bad information shared deliberately) are considered the top threat to election security, exceeding concerns about technical security that also have become widespread this cycle. Attacks leveraging disinformation/misinformation are inexpensive to create and launch; all you need is a laptop and a means to amplify your message, such as through social media. As a result, U.S. voters are being bombarded by these schemes from multiple foreign adversaries, and the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) recently warned such attacks will also seek to muddy the results in the aftermath of the election. It is apparent that continuing the vital American tradition of free and fair elections will only be possible if the government, citizens, and tech platforms such as social media companies take more concerted measures to combat these efforts to manipulate the electorate.
In fact, much of the overarching mistrust Americans have in the integrity of the election—76% of respondents to the ISACA survey anticipate top election security threats could significantly impact the November election—tells me that disinformation campaigns targeting the U.S. have been successful in sowing discord. This is largely because, as a country, we have drifted into partisan echo chambers to seek out information and analysis. Artificial intelligence learns from our clicking habits and serves us more of what we already consume. Media outlets tend to tailor content to their audience’s expectations. As long as we put ourselves in a bubble where we are only served one perspective, we will remain trapped in this vicious cycle.
Checking multiple trusted and verifiable sources of information is the easiest, cheapest, and most effective means of combating misinformation, both leading up to and during Election Day. Your state and local election officials are the best source of election information. It is not difficult to envision a scenario on November 3 in which false information is shared on social media about certain polling locations being closed or overrun by menacing mobs. While social media companies must do everything in their power to swiftly remove disinformation, it is the public’s duty to check trusted, official sources in their area to avoid making themselves an easy target for manipulation.
A resilient system
Placing further strain on election integrity is the challenge of securing the ballot box. However, as difficult as the cybersecurity landscape has become to manage, technical election security concerns might be less problematic than many people imagine. The ISACA survey shows that 63% of U.S. respondents are not confident in the resilience of election infrastructure, and 62% identify hacking or tampering with voting machines among the top election security threats. This represents a crisis of confidence that is more indicative of general anxiety about the state of cybersecurity than tangible concerns related to the security of voting machines, which have largely proven to be reliable and effective in past election cycles.
Based on my experience in the federal government and my numerous interactions with government officials at the national, state, and local levels, I believe our election system is more hardened and resilient than the public perceives. The U.S. has over 3,000 counties, more than 8,000 election jurisdictions, and tens of thousands of precincts nationwide. Elections are administered locally with a diverse array of election systems. Undetected manipulation of these systems at scale is highly unlikely, given the extensive controls and countermeasures that are in place. While some electronic devices are susceptible to tampering, those threats can be mitigated through rigorous physical security and cybercontrols that are being employed during this national election cycle, such as the widespread use of multi-factor authentication, which is hardening election infrastructure. In addition, federal risk and threat intelligence information is being shared with state and local officials, and contingency response plans have been created and regularly exercised.
Additionally, every precinct should have a paper record that can be relied upon in recounts; any locality eschewing this practice is adding to risk exposure because paper backups of electronic voting support the independent, third-party audits that likely will be particularly important in this election cycle. The overwhelming majority of localities have these sound procedures in place, but the public’s perception does not match the reality.
A mandate for clear communication
In this era of growing cyberthreats and motivated attackers, it is reasonable for citizens to be concerned about the possibility of attacks against the election infrastructure. That is why governments, from the county level on up, need to clearly and robustly communicate about what they are doing to secure their election infrastructure. Performing advanced tests of polling stations, procedures, and equipment—and inviting the press and public to watch and participate—would provide transparency that will engender greater confidence.
The state of the pandemic also is undermining confidence in the 2020 election—confidence that has slipped since January, according to the ISACA data. At a time when large public gatherings are being strongly discouraged by public health officials, it is understandable that many voters—particularly older voters and those with underlying health challenges—are embracing mail-in voting, a voting method that served me well throughout my military career. Unfortunately, the politicization of mail-in voting this cycle has undermined confidence in mail-in ballots, which in turn puts a greater onus on election officials to clearly articulate how the mail-in process is being administered and secured.
Another pandemic-related imperative is the need for an influx of new election workers at polling stations. Many experienced polling officials are retirees in higher-risk health categories who will be less inclined to administer polling stations during the pandemic than they otherwise would. Now is the time for local governments and communities to urgently recruit and train younger volunteers to become polling officials and ensure each precinct has sufficiently well-trained staff to handle Election Day roles and responsibilities.
The United States has long served as an example to the world of how to conduct fair elections that enable peaceful transitions of power. Although the volatile political climate in the midst of a pandemic presents unique challenges, there is no reason we can’t continue that time-honored tradition in November. Get involved. Volunteer to serve as a poll worker, participate in preelection testing, and perhaps most importantly, help stop the flow of misinformation. Collectively, the government and American citizens share this tremendous responsibility to do whatever is required to uphold our end of the bargain to preserve, protect, and defend our Constitution.
Retired Brigadier General Greg Touhill was the first Federal Chief Information Security Officer of the United States government. Now president of AppGate Federal, he serves as a member of the ISACA board of directors.