From the Key Findings: "Compromises to the integrity of state-level voter registration systems, the preparation of election data (e.g., ballot programming), vote aggregation systems, and election websites present particular risk to the ability of jurisdictions to conduct elections. When proper mitigations and incident response plans are not in place, cyber attacks on the availability of state or local-level systems that support same day registration, vote center check-in, or provisional voting also have the potential to pose meaningful risk on the ability of jurisdictions to conduct elections. While compromises to voting machine systems present a high consequence target for threat actors, the low likelihood of successful attacks at scale on voting machine systems during use means that there is lower risk of such incidents when compared to other infrastructure components of the election process. U.S. election systems are comprised of diverse infrastructure and security controls, and many systems invest significantly in security. However, even jurisdictions that implement cybersecurity best practices are potentially vulnerable to cyber attack by sophisticated cyber actors, such as nation-state actors. Disinformation campaigns conducted in concert with cyber attacks on election infrastructure can amplify disruptions of electoral processes and public distrust of election results."
Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/