How Federal Departments and Agencies Can Help Secure America’s Elections

Since the 2020 election, lawmakers, advocates, and other public leaders have widely recognized that our democracy is under attack. Much of this has rightly focused on the wave of new voting restrictions passing in state legislatures across the country. But there has been a simultaneous and related increase in threats to our election infrastructure and election workers. Since 2020: 

• Threats against election workers and offices have grown dramatically
• Increasing numbers of Americans have come to distrust the election system, fostering an environment that is ripe for the spread of further disinformation and misinformation
• A few current election officials and many more candidates for such positions in 2022 have themselves adopted far-right conspiracy theories about “rigged” elections, increasing the odds of insider attacks on our election infrastructure, including cyberattacks

On top of this, states must continue to guard against cyberattacks. Indeed, the FBI reported in March that unknown hackers targeted election officials in at least nine states with phishing attacks just last fall. In the lead-up to the 2022 election, and with the American intelligence community warning that heightened tensions with Russia over Ukraine may result in new attempts to “interfere with American elections,” these risks are likely to grow. 

A recent Brennan Center survey of election officials bears out how serious many of these problems have become. Seventy-seven percent of local election officials nationwide say that threats against them have increased in recent years, and nearly one in three know of at least one election worker who left their job at least in part because of fear for their safety, increased threats, or intimidation. More than half of officials are concerned that some incoming colleagues might believe that widespread fraud occurred in 2020. Nearly two in three election officials say the spread of false information has made their jobs more dangerous. 

The federal government has taken some small steps over the last year to address these new threats. For example, the Department of Justice (DOJ) launched an Election Threats Task Force to address the rise in threats against election workers, and it approved the use of federal criminal justice grants to protect state and local election officials from abuse. 

But given the scale of these new threats, the government’s actions have been far from sufficient. Fortunately, it is not too late for federal agencies to take meaningful action to protect election workers and our infrastructure. We recommend the following:

• The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), an operational component of DHS, should direct resources and provide additional assistance to elections offices to secure election infrastructure, protect election workers, and fight election misinformation and disinformation.
• DOJ should increase outreach and cooperation with local election and public safety officials.
• The Election Assistance Commission (EAC) should build out a training hub for election officials, improve voting system testing and certification programs, and increase oversight of election vendors.

We discuss each of these important actions in greater detail below.

DHS is uniquely positioned to address rising challenges to election security, through the department’s administration of security grants and CISA’s direct assistance to state and local election officials. The department should use this position to reinstate election spending requirements for federal grants, hire regional election security specialists to support election officials, renew and leverage partnerships to provide anti-doxing services, combat misinformation, and expand the scope and scale of CISA’s Crossfeed program. 

Secretary Mayorkas should help direct needed resources to election offices

In 2020, the Federal Emergency Management Agency (FEMA) included election security components in two of the agency’s four national priority areas (NPAs), which guide its Homeland Security Grant Program (HSGP). State and local jurisdictions that received HSGP grants were required to use at least five percent of total funds on each NPA, guaranteeing that some funds would go toward election cybersecurity and physical security. For 2021, FEMA eliminated these election security components. And while FEMA included “enhancing election security” as an NPA for 2022, recipients of HSGP grants will not be required to dedicate funding toward election security as they will for other NPAs. 

In future years, we urge FEMA, at the direction of DHS Secretary Mayorkas, to use its broad discretion as administrator of HSGP grants to once again require states to allocate a share of funding toward election security projects. Until then, FEMA should conduct outreach to recipients that elevates the importance of election security needs, provides guidance on effective election infrastructure investments, and encourages officials to direct significant funding for this purpose.

In addition, CISA and FEMA should set election security as a priority area for the newly created State and Local Cybersecurity Grant Program, which the Infrastructure Investment and Jobs Act established to distribute $1 billion in new cybersecurity funding over the next four years. 

To ensure grant funding is being distributed to the most pressing state and local election security needs, Mayorkas should also direct FEMA to require that the chief state election official of each state, as defined by the National Voter Registration Act, be consulted in the HSGP and State and Local Cybersecurity Grant Program application processes.

The chief state election official could assist with the grant review process by affirming local plans are in line with overall state election security plans and are not already being funded through Help America Vote Act (HAVA) appropriations. Chief state election officials could also advise states on how to distribute funding to local recipients since local election offices have generally received prior federal funding through the chief election official.

These monies are badly needed. Despite the new risks to election security, Congress’s 2022 budget allocated just $75 million in HAVA election security funding, far less than was appropriated for elections in 2018, 2019, or 2020. And while DOJ recently announced that funds from the Byrne-JAG program can now be used to deter and prevent threats of violence against election workers, the use of these grants requires approval from other state and local officials, who typically have different funding priorities and may be less familiar with the challenges that election officials are now facing. 

Meanwhile, the costs to protect elections continue to grow. The Brennan Center has estimated that states will need to spend at least $500 million on new voting machines in the next five years, and basic steps to address insider threats could cost hundreds of millions of dollars more. The total cost of adequately securing our election infrastructure from cyber threats over the next few years could easily exceed $2 billion. And none of this considers the additional cost of protecting election offices and workers from physical threats and violence or combatting election misinformation.

CISA should hire regional election security specialists to work in each CISA region

Since 2017, CISA has worked with state and local jurisdictions to combat threats in three key areas: cybersecurity; physical security; and misinformation, disinformation, and malinformation (MDM). Through this work, the agency has built strong relationships with thousands of state and local officials to respond to election security threats. CISA’s efforts resulted in “the most secure elections in American history” in 2020.

Building on these efforts, CISA should hire election security specialists to help regional directors in each of the 10 CISA regions across the country. Currently, CISA regional directors are responsible for too broad a range of security personnel and issue areas to meet the needs of more than 8,000 election officials nationwide. The agency already has a range of specialists to serve specific needs in areas such as cybersecurity, protective security, chemical security, and emergency communication. Adding election specialists to their professional personnel would increase CISA’s effectiveness in this area. 

Importantly, election specialists would have the knowledge to address specific election security concerns and the capacity to do affirmative outreach to election officials on CISA products. Specialists would also be in the position to learn what threats election officials are facing at the state and local levels and which protective practices are working. They could then compile this information and share best practices with election boards and officials across the country to help enhance security measures.

Partly as a result of increased threats and political pressure, a large number of talented election officials with connections and trust in the wider election official community have already retired or intend to retire in 2022. Many would form an excellent pool of applicants for these positions.

CISA should leverage its relationship with the Center for Internet Security to help protect election officials and fight against election misinformation and disinformation

CISA already partners with the Center for Internet Security (CIS) to operate the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), which monitor for cyber threats to state and local governments. Through a cooperative agreement, CISA funds CIS to be a critical resource for cyber threat prevention, protection, response, and recovery for state, local, and tribal election offices.

Utilize outside services for doxing protection 

CISA should use its existing partnership with CIS to help protect election workers against the threat of doxing. While election officials and workers are indeed public employees, bad actors are revealing personal information about their private lives, like their home addresses, their license plate numbers, and even the cell phone numbers of their kids. 

One solution to defend against doxing is to work with external organizations that provide anti-doxing protective services. A small number of jurisdictions, for example, contract with outside providers that help scrub personally identifying information for officials, conduct monthly checks to ensure that information does not return, and offer tailored guidance on how to protect personal information in the future. However, most election offices do not have the resources to purchase such services for key staff.

We do not believe CISA can or should provide such services directly to election officials (as it would entail gaining access to election workers’ personal information). But with additional funding, CISA could facilitate this assistance by amending its current agreements with CIS and allowing it to fund local election officials to contract for anti-doxing services.

Provide CIS with resources to leverage partnerships and share MDM data with EI- and MS-ISAC 

During the 2020 election, CIS partnered with the Election Integrity Partnership (EIP), a group that responded to and analyzed voting-relating MDM, particularly on social media. EIP identified MDM trends and reported incidents to CIS to ensure that all federal stakeholders were aware and could take appropriate action.

The CIS-EIP partnership was critical to dispelling MDM during the 2020 cycle and will be equally critical for the upcoming election cycles. Congress should provide CISA with the resources needed to ensure that this partnership can continue and that CIS can use the EI- and MS-ISACs to circulate information gained from that partnership.

CISA should be given additional resources to expand Crossfeed

Finally, the federal government should make it a priority to fund an expansion of CISA’s Crossfeed program this year.

In 2020, CISA collaborated with Defense Digital Service to launch Crossfeed, a tool that collects data from a variety of public-facing resources and data feeds to give state and local governments a full picture of the weaknesses that attackers might find in their cyber infrastructure. CISA has used the program to monitor and warn state and local election officials about serious vulnerabilities in their election infrastructure. 

The cybersecurity program should now be further expanded to proactively monitor public aspects of state and local office infrastructure and be used to check for weaknesses in other election-specific technology. CISA could also offer Crossfeed services to election vendors, campaigns, and other election-related entities to strengthen election security across the board.

In July 2021, DOJ launched a law enforcement task force “to address the rise in threats against election workers, administrators, officials, and others associated with the electoral process.” The announcement was an important signal that DOJ recognized the risks that election officials were facing and was willing to dedicate the resources necessary to hold the perpetrators of these acts accountable, while preventing similar activity in the future. The task force has already made two arrests related to threatening government officials. 

While this task force represents a significant step forward in protecting election officials, more needs to be done to gain the trust and support of local election officials and ensure that these officials receive the help they need when they experience threats, harassment, and violence.

DOJ’s Election Threats Task Force should hire a senior advisor with existing relationships in the elections community to improve outreach to local election officials and raise awareness of its efforts

In the Brennan Center survey, 42 percent of local election officials surveyed said that they have never heard of the DOJ’s task force, and another 48 percent said that they have heard of it but did not know much about the effort. Just nine percent said that they were very familiar with the DOJ’s Election Threats Task Force. 

These numbers suggest that the task force must expand outreach to local election officials and raise awareness of its efforts. And there is reason to believe such focused outreach would reap results. After hearing an explanation of the task force, 57 percent of respondents said that they were somewhat or very confident that the task force’s investigation and prosecution of threats against election officials would make them feel safer in their role as an election official. Simply learning about the task force will provide a boost in confidence, which is sorely needed in an environment where more than half of local election officials who have been threatened because of their jobs did not even report the threat to law enforcement.  

CISA faced similar challenges after former DHS secretary Jeh Johnson designated election infrastructure as critical infrastructure in 2017. This designation let CISA provide free cybersecurity services and support to state and local election officials. However, many officials were unfamiliar with CISA and leery of federal overreach. After what election officials described as a “rocky start,” CISA hired a former election official with bipartisan long-term relationships in the community to serve as a senior advisor. Today, CISA enjoys widespread support and awareness. Former CISA director Christopher Krebs has said hiring the senior advisor was among the most effective steps in CISA’s work with state and local election officials.

DOJ should bring on a similar senior advisor to the task force. This person could leverage existing relationships to boost awareness of the task force and its work, help manage election official relationships, and provide information and expertise about election administration. This senior advisor could also help the task force navigate and map the elections community’s existing relationships, formal and informal, with other federal agencies such as the EAC and CISA. 

DOJ’s Election Threats Task Force should expand to include state and local law enforcement 

When election officials report threats to law enforcement, the federal government is rarely their first call. The Brennan Center survey found that 89 percent of local election officials who reported a threat to law enforcement contacted local law enforcement, compared to 22 percent who contacted federal law enforcement. (A small percentage reported threats to both.)

The Brennan Center’s 2021 report on threats to election officials recommended that DOJ lead a national task force that included representation from federal, state, and local law enforcement. This task force would support the investigation and prosecution of wrongdoers and provide proactive advice on how to keep election offices and polling places safe. The report pointed to DOJ efforts such as the Enhanced Collaborative Model Task Force to Combat Human Trafficking as a potential model for what a comprehensive response could look like.

Formal inclusion of local law enforcement would allow the task force to identify threat patterns that individual local law enforcement agencies may not be able to see in isolation. It would likely help local law enforcement (the main contact for most election officials) better respond to such threats. It may enable DOJ to bring criminal actions when there are no possible state actions. It would ease DOJ’s referral of cases when charges would be more easily made at the state or local level. And it likely would boost awareness of the task force since local election officials are far more likely to have pre-existing relationships with local sheriff or police departments.

DOJ should engage CISA and the EAC to lead trainings on election administration for DOJ and FBI staff

Election administration has become increasingly complex over the past decade. A basic understanding of how elections work, along with the safeguards built into the system, would benefit agents and staff tasked with protecting officials and the election process. It would also help build trust in these staff among the elections community. 

DOJ should engage CISA and the EAC to lead trainings on election administration for DOJ and FBI staff with election-related responsibilities. Because of its extensive work strengthening election infrastructure, CISA has existing election administration training materials for their staff and experience conducting similar trainings for other federal agencies. And as the designated federal clearinghouse for best practices, the EAC would also be a good source for training materials and instructors, particularly after bringing on several former local election officials since 2020.

DOJ should designate official protection as an area of emphasis in outreach for the Byrne-JAG program grants

Earlier this year, DOJ clarified that the Byrne-JAG program grants can be used by state and local governments to “deter, detect, and protect against threats of violence against election workers, administrators, officials, and others associated with the electoral process.” The Bureau of Justice Assistance should officially designate election official protection as an area of emphasis and encourage state and local jurisdictions to direct funds to this purpose in grant solicitations and other resources sent to applicants. 

As the national clearinghouse and resource center for election administration, the EAC has been critical to ensuring that voting systems meet security guidelines and that states receive the funding and resources Congress provides through its HAVA grants. The agency is responsible for sharing best practices on effective administration and for disseminating information about laws, technologies, procedures, and data related to administering federal elections. 

Despite its crucial role, the EAC has not been given the resources necessary to meet the rising needs of state and local election jurisdictions — the agency’s budget has remained about the same since 2010, adjusted for inflation. At a minimum, Congress should provide more funding to the EAC to facilitate better election administration across the country.

The EAC should build out a hub for training, guidance, and information sharing to election offices with turnover and staffing shortages

As threats and harassment take their toll on election officials, some are leaving the profession altogether, and many more are concerned about future staffing shortages. Nearly a third of election officials in the Brennan Center survey said they know election workers who have left because of these and related concerns, and three in five said that they are concerned that threats, harassment, and intimidation will make it more difficult to retrain or recruit election workers in future elections. In total, one in five election officials say they are likely to leave their job before the 2024 election.

With high turnover in election administration leadership and local offices stretched thin, the EAC can play an important role in sharing institutional knowledge and ensuring new staff get best practices up and running quickly. The agency has already created multiple publicly available digital resources and provided services for voters and election officials. The EAC has, for example, released guidance on topics such as post-election audits and chain of custody practices, provided election officials no-cost online cybersecurity training, co-hosted national tabletop election security training exercises with CISA, and worked with CISA to release an election security profile tool intended to help jurisdictions identify and help mitigate risks to their election system.

Election officials need the EAC to build on this work and be a more comprehensive central hub for election-related resources, guidance, and services election offices need to protect workers, serve voters, and run elections. The EAC should centralize already existing and available federal resources for election officials and develop additional guidance on how to address the novel challenges that election officials are facing, with a focus on resources that can be quickly adapted by election officials to meet the needs of their individual jurisdictions.

The EAC should improve its capacity for certifying and testing voting equipment and other election technology

To strengthen public confidence in elections and ensure election officials are working with secure technology, the EAC should also build out its capacity to certify voting equipment in a timely manner and offer regular assurance to election officials that their equipment continues to meet the latest cybersecurity standards.

Twenty-four states, home to 41 million registered voters, are using voting machines that are over a decade old, putting the equipment at or near the end of its life cycle. Twenty-three states are using voting machines that are no longer manufactured, making it difficult for election officials in these states to service and find replacement parts for their equipment. And six states are still using paperless voting equipment.

Though insufficient funding is the largest driver of this widespread outdated equipment, many states and local jurisdictions have also delayed purchases while waiting for new voting machines that are certified to the EAC’s latest standards released just last year — the first fully updated voting system guidelines since 2005.

As the EAC implements and oversees the certification of voting equipment to these latest guidelines — and continues to test and certify additional election technology such as electronic pollbooks — it must ensure timely reviews and updates of guidelines, invest in streamlined testing, and build out a more robust quality monitoring program so that states can use the newest, most reliable, and most secure technology every election.

It is important to note that although the EAC received a $3 million increase in its budget for FY22, this funding is not nearly enough to build and implement the suggestions mentioned here. Over the long term, the federal government needs to establish a government-wide approach to funding elections and election security as a critical part of the country’s infrastructure. President Biden’s FY 2023 budget, which recommends a 50 percent increase for the agency’s budget, would be a significant improvement in the future. For now, Congress should, at a minimum, grant the additional funds necessary to build out the EAC’s capacity in a meaningful manner.

The EAC should expand oversight of voting system vendor security

More than 80 percent of voting systems in use today are under the purview of three vendors. A success­ful cyber­at­tack against any of these compan­ies could have devast­at­ing consequences for elec­tions in vast swaths of the coun­try. Yet these vendors, unlike those in other sectors that the federal govern­ment has desig­nated as crit­ical infra­struc­ture, receive little or no federal review. 

In a previous report, we recommended that the EAC adopt Voluntary Voting System Guidelines that outline best practices for vendors as they relate to cybersecurity, personnel practices, foreign control, and supply chain integrity. In the meantime, the EAC should strengthen manufacturer registration standards by requiring each vendor that participates in the testing and certification program to disclose all entities or persons with greater than five percent ownership and to provide written policies regarding the company’s compliance with cybersecurity, personnel security, and supply chain security best practices. 

Moreover, the EAC should develop additional remedies for vendors that fail to meet the requirements of the testing and certification program. Currently, the agency’s responses are primarily limited to the decertification of voting equipment or the suspension of manufacturers from the program — both drastic measures that could have far-reaching consequences for states. The agency should develop intermediary actions such as probationary periods, which would draw public attention to the vendor’s failures to comply while offering the opportunity to remediate errors before more serious penalties are enacted.

Even before 2020, there were many new challenges facing election administration in the United States. Those challenges have only grown since, with several disturbing new threats to both election workers and election infrastructure emerging in the last two years. Ideally, Congress would respond with legislation and an infusion of new financial support for election administrators who must protect the integrity and fairness of our elections going forward. While the need for congressional action is pressing, executive agencies have an important part to play as well.

We urge every federal agency with a role in elections (including, but not limited to the three agencies discussed in this resource) to explore new actions they can take to support state and local election administrators in their work. The White House will play a critical role in coordinating this work, even though it does not have direct authority over some of those agencies (such as the EAC, which is an independent agency).