Skip Navigation
Analysis

Election Officials Spent Four Years Beefing up Voting Security. It Paid Off.

All of this work also allowed for a remarkably successful election with historic turnout during a pandemic.

This origin­ally appeared in Slate.

We have made it through Elec­tion Day (or month) without signs of a signi­fic­ant cyber­at­tack on our voting systems. That night­mare scen­ario had been at the fore­front of elec­tion secur­ity experts’ minds ever since oper­at­ives connec­ted to the Russian govern­ment targeted our elec­tion infra­struc­ture in 2016. Elec­tion offi­cials, federal agen­cies, secur­ity experts, and private vendors spent the next four years work­ing to prevent or minim­ize the impact of such an attack: They upgraded tech­no­logy, built a struc­ture for shar­ing inform­a­tion, estab­lished resi­li­ency plans, and coordin­ated at the federal, state, and local levels. Not only did all of this work strengthen our voting infra­struc­ture’s cyber­se­cur­ity, it had another extremely import­ant side bene­fit. It helped offi­cials run a remark­ably success­ful elec­tion with historic turnout during a pandemic.

In the nation­wide push for better elec­tion secur­ity, experts, elec­tion offi­cials, and others focused on the kind of voting machine most vulner­able to cyber­at­tack: paper­less machines, which do not produce a paper backup to check against elec­tronic tallies. In 2016, 14 states had at least some juris­dic­tions using paper­less voting machines as their primary polling place equip­ment.

By 2020, six states, includ­ing Geor­gia, North Caro­lina, Pennsylvania, and Virginia replaced these elec­tronic machines with newer, paper-based systems. The result was not only an increase in secur­ity but the replace­ment of anti­quated machines that were on their last legs and more likely to fail during heavy use. Indeed, the Bren­nan Center for Justice, where we work, issued a study in 2015 that detailed how contin­ued use of these outdated systems was not only a secur­ity risk but also (because of their age) a reli­ab­il­ity risk for “increased fail­ures and crashes, which can lead to long lines and lost votes.”

In addi­tion to repla­cing voting equip­ment, many states used federal and state money to modern­ize their IT infra­struc­ture, while strength­en­ing the tech­nical knowhow of local elec­tion offi­cials. Previ­ously, these outdated systems were diffi­cult to main­tain, did not integ­rate well with modern systems, and featured secur­ity gaps that were easily exploited by bad actors. Improv­ing these systems not only plugged secur­ity holes, it allowed local juris­dic­tions to adapt quickly when the pandemic hit. Improved infra­struc­ture meant that when voters who could not register at closed DMV offices shif­ted to using online regis­tra­tion sites, the sites (with extra capa­city gained from upgrades) largely stayed up and work­ing, with few excep­tions.

Finally, the focus on improv­ing elec­tion secur­ity in recent years meant that elec­tion offi­cials built up even more resi­li­ency than already exis­ted in their systems, so that if they were attacked, there would be a backup plan to ensure voters were not disen­fran­chised. They obtained emer­gency paper ballots to be used if touch-screen voting machines became unus­able. They placed paper poll book backups on site at polling places, in the event that data in elec­tronic poll books were corrup­ted. And they kept provi­sional voting mater­i­als (such as ballots and envel­opes) on hand, in case the voter regis­tra­tion data­base was hacked.

These prepar­a­tions had clear bene­fits in 2020, even absent a devast­at­ing hack: When there were tech­nical glitches, voters were able to continue voting while prob­lems got fixed. For instance, when poll work­ers in Fulton County, Geor­gia, had trouble getting their voting equip­ment to start, voters who could­n’t wait around for assist­ance to arrive were offered the option of voting on a paper ballot. When offi­cials in Frank­lin County, Ohio, exper­i­enced prob­lems with upload­ing voter data to elec­tronic poll books, they were able to switch to paper backup poll books. And when a fiber cable was acci­dent­ally cut during a util­it­ies project in Chester­field County, Virgini­a—­caus­ing the state’s voter regis­tra­tion data­base to be inac­cess­ible—early voters who could not return on a differ­ent day were able to vote provi­sion­ally. Those votes will even­tu­ally be coun­ted, once offi­cials check that the indi­vidu­als who cast those ballots were registered and eligible to vote.

No doubt, the invest­ment in elec­tion secur­ity helped in other ways, too. Cyber­se­cur­ity risk assess­ments performed by the Depart­ment of Home­land Secur­ity and inde­pend­ent compan­ies hired by states and local elec­tion offices around the coun­try almost certainly resul­ted in upgrades that led to not only more secure, but also more reli­able systems that were less prone to malfunc­tions. Secur­ity train­ings for thou­sands of elec­tion offi­cials, includ­ing the wide­spread adop­tion of multi­factor authen­tic­a­tion for their networks, made it easier for employ­ees to work remotely yet securely during the height of the first COVID-19 peak last spring and summer. Invest­ments in combat­ing disin­form­a­tion helped build confid­ence in a process that saw record turnout, despite the pandemic. And the move to paper ballots as a secur­ity meas­ure also allowed elec­tion offi­cials to reas­sure the public, inund­ated with disin­form­a­tion about the trust­wor­thi­ness of vote totals that they had the abil­ity to ensure accur­acy.

Although much progress has been made, there is more to do. Since 2018, Congress has inves­ted roughly $1.2 billion to secure our elec­tions (includ­ing money Congress provided states in 2020 to make adjust­ments to run elec­tions safely and securely in the midst of the pandemic). While that’s progress, it’s still short of what’s needed to secure our elec­tion infra­struc­ture over the next several years. Among other things, it is still crit­ical that the eight states using anti­quated paper­less elec­tronic voting machines replace them; that the federal govern­ment estab­lish minimum secur­ity stand­ards for elec­tronic poll books and voter regis­tra­tion data­bases (and that we upgrade those data­bases); and that we provide states and local elec­tion offices with resources to hire their own cyber­se­cur­ity profes­sion­als and conduct postelec­tion audits.

Sadly, one cyber­at­tack-free elec­tion does­n’t mean we’ve elim­in­ated the cyber­se­cur­ity threat. This is a race without a finish line. The good news is that 2020 shows that invest­ing in elec­tion secur­ity will not only reduce the risk of a success­ful cyber­at­tack but also result in more reli­able elec­tion systems, improved and more flex­ible elec­tion admin­is­tra­tion, and a better voting exper­i­ence for all Amer­ic­ans.