By: Maurice Turner
By nearly all accounts, the 2020 election in the United States was the most secure ever. This is in spite of the dramatic challenges to the way elections were run as a result of COVID-related impacts. This represents a new baseline of security that will require continual investment in people, processes, and equipment. We must now look to build upon the lessons learned from 2020 as preparations for upcoming elections have already begun.
High-profile reports have consistently made the case that the 2020 election was the most secure ever. The MITRE corporation’s nonpartisan National Election Security Lab found “no evidence of fraud, manipulation, or uncorrected error” after it reviewed presidential election results from Arizona, Florida, Georgia, Michigan, North Carolina, Ohio, Pennsylvania, and Wisconsin. Shortly after Election Day, members of the Election Infrastructure Government Coordinating Council Executive Committee and Election Infrastructure Sector Coordinating Council issued a joint statement that “there is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” However, the Intelligence Community Assessment on Foreign Interference in 2020 Election has still not been publicly released. The classified report has been submitted to Congress as mandated. The unclassified assessments from the Intelligence Community typically offer the public greater insight into the types of threats and threat actors attempting to interfere with US elections.
The tremendous efforts to bolster defenses leading up to the 2020 election has established a new baseline of security. It highlights the difficult reality that security is moving target that requires constant attention and adaptation. This was greatly helped by significant Congressional funding in 2020. The Help America Vote Act (HAVA) and Coronavirus Aid, Relief, and Economic Security (CARES) Act made a combined $825 million in grants available to states to address health, safety, and security needs. No-cost training offerings were popular amongst officials, campaigns, and others involved in elections. The USC Election Cybersecurity Initiative hosted in-person and virtual workshops throughout the year with attendees from all 50 states. The Election Assistance Commission (EAC) provided access to live and on-demand training designed to help participants across a spectrum of cybersecurity topics. Offerings such as these provide critical training to election officials who saw increased their pressure on election infrastructure due to record turnout. It is possible that changes such as extended voting periods and increased use of mail-in ballots could remain for the 2022 election and beyond.
Preparing for future elections is basically a continual process. There are some key developments to track as we look forward to upcoming elections. The most significant is the recent approval of the Voluntary Voting System Guidelines (VVSG) 2.0 by the EAC. There were major changes to security, usability, accessibility, and accountability. Manufacturers will need to follow these updated guidelines in order to have their voting systems certified for use. Technology companies are expanding access to resources for election stakeholders. Google is providing free or low-cost security services including multi-factor authentication keys to campaign staff. Microsoft is supporting development of its ElectionGuard free and open-source technology in risk-limiting audit pilots.
Elections stakeholders are preparing for the 2022 elections by building upon the success of a well-defended, well-run series of 2020 elections. They can expect that adversaries are also preparing by searching for new vulnerabilities to exploit and targets that are relatively weak compared to their peers. The USC Election Cybersecurity Initiative will continue to offer workshops throughout 2021, starting in March, to help raise the baseline of security across election and campaign offices.
Maurice Turner
Election Security Analyst, USC Election Cybersecurity Initiative
Maurice Turner is a recognized technologist and cybersecurity expert who regularly provides analysis for television, print, and social media on issues relating to election security and election administration. He has held numerous positions in the public, private, and non-profit sectors, including the United States Election Assistance Commission (EAC), the Center for Democracy & Technology (CDT), and the United States Senate.