Better Safe Than Sorry: How Election Officials Can Plan Ahead to Protect the Vote in the Face of a Cyberattack
Summary: This toolkit is designed to help officials, advocates, and policy makers devise a strong contingency plan that will ensure eligible voters are able to exercise their right to vote and have those votes accurately counted.
Cyberattacks pose a growing threat to our election infrastructure, and while efforts to prevent these attacks are critical, it is as important to ensure preparations are in place to quickly and effectively recover if those efforts are unsuccessful. This toolkit is designed to help officials, advocates, and policy makers devise a strong contingency plan that will ensure eligible voters are able to exercise their right to vote and have those votes accurately counted.
Election Security Advance Planning Checklist
Election officials must address five critical areas in preparation for possible equipment failure or foreign interference on Election Day. This checklist identifies the steps every jurisdiction should take when designing its contingency plan. [Download PDF]
INTRODUCTION
America’s intelligence agencies have unanimously concluded that possible cyberattacks on election infrastructure pose a clear and present danger — one that is likely to grow. The intelligence community is also unanimous in their conclusion that Moscow was behind a coordinated infiltration of America’s election infrastructure in 2016. “These actions are persistent, they’re pervasive, and they are meant to undermine America’s democracy on a daily basis, regardless of whether it is election time or not,” said Dan Coats, Director of National Intelligence. Republican Senator James Lankford of Oklahoma summed up this new reality for election officials by noting that “we must proactively work to ensure the security of our election infrastructure for the possibility of interference from not just Russia, but possibly another adversary like Iran or North Korea or a hacktivist group.”
While there are many options to improve overall election security through the use of paper-based voting equipment, risk-limiting audits, and other crucial steps, they might not happen before November. Efforts to prevent attacks in the first place are, of course, critical. But in the months remaining before the election, it is at least equally important to ensure adequate preparations are in place to quickly and effectively recover if prevention efforts are unsuccessful.
Election officials have long been focused on creating contingency plans ahead of Election Day, creating battle plans that are a source of strength as our elections face new security threats. The Senate Intelligence Committee recently reviewed security planning by state and local election officials as part of its investigation into foreign interference in the 2016 election and concluded “that U.S. election infrastructure is fundamentally resilient.” Nevertheless, in light of the evolving nature of cyber threats, it is critical that officials constantly examine and work to improve our systems’ preparedness, particularly related to election technology.
This document seeks to assist election officials as they revise and expand existing plans to counter cybersecurity risks. Many existing plans focus on physical or structural failures; the Brennan Center’s recommendations spotlight preventing and recovering from technological errors, failures, or attacks. Advocates and policy makers working to ensure election offices are prepared for technology issues should review these steps and discuss them with local and state election officials. Effective contingency plans will ensure that eligible voters are able to exercise their right to vote and have those votes accurately counted.