Safeguarding the Vote

"Before addressing recommendations, this report will lay out the capabilities of each of the four state actors [Russia, North Korea, Iran, China] that may pose the greatest threat. Using examples drawn from each of these states' past cyber activities, this report will also comment briefly on what might motivate each of these four actors to interfere in future U.S. elections"

From the Introduction: "There is no one-size-fits-all approach for developing a cyber incident response plan. While some election offices are directly responsible for a large portion of the incident response capability for their systems, many (particularly in small and medium size jurisdictions) rely on vendors or other agencies for activities such as system monitoring, analysis, containment, eradication, and recovery. The structure, scope, and level of detail required for an incident response plan varies widely based on these and other factors. Regardless, all election offices play a critical role in detection of potential cyber incidents--based on system user observations--and notification of appropriate stakeholders. [...] This 'Cyber Incident Detection and Notification Planning Guide' focuses on the common need shared across the election community to effectively recognize and respond to potential cyber incidents. Specifically, the guide builds on existing materials offered by the Nation's election security thought leaders to assist election offices in determining and documenting the following: [1] Key stakeholders and contact information for incident notification and response; [2] Incident notification plans providing standardized procedures for notifying appropriate stakeholders of a potential cyber incident based on observed symptoms and level of criticality; [3] Incident indicators ('symptoms') system users can reference to detect potential cyber incidents and initiate the appropriate notification plan for escalation and reporting."

"This reference aid draws on CTIIC's [Cyber Threat Intelligence Integration Center] experience promoting interagency situational awareness and information sharing during previous significant cyber events--including cyber threats to elections. It provides a guide to cyber threat terms and related terminology issues likely to arise when describing cyber activity. The document includes a range of cyber-specific terms that may be required to accurately convey intelligence on a cyber threat event and terms that have been established by relevant authorities regarding technical infrastructure for conducting elections."

From the Introduction: "As the nation prepares for what most public health experts -- including those from the White House -- predict will be the peak in Coronavirus infections and casualties, several important political questions are being debated across the nation. At the top of this list is whether states should postpone their primary elections, continue elections through mail-voting or some hybrid system. [...] Are mail-in voting systems actually more prone to fraud? Fortunately, this is an empirical question that academics, think tanks, state governments, and the White House itself has studied over time. We draw from this body of work to address a simple question: is there a heightened risk of fraud with voting by mail, and what risk there is, is it greater than the public health risks associated with having voters show up to vote in person? Decades of data, research, and findings suggest vote-by-mail is safe, secure, and will not lead to greater fraud risks."

From the Key Findings: "Compromises to the integrity of state-level voter registration systems, the preparation of election data (e.g., ballot programming), vote aggregation systems, and election websites present particular risk to the ability of jurisdictions to conduct elections. When proper mitigations and incident response plans are not in place, cyber attacks on the availability of state or local-level systems that support same day registration, vote center check-in, or provisional voting also have the potential to pose meaningful risk on the ability of jurisdictions to conduct elections. While compromises to voting machine systems present a high consequence target for threat actors, the low likelihood of successful attacks at scale on voting machine systems during use means that there is lower risk of such incidents when compared to other infrastructure components of the election process. U.S. election systems are comprised of diverse infrastructure and security controls, and many systems invest significantly in security. However, even jurisdictions that implement cybersecurity best practices are potentially vulnerable to cyber attack by sophisticated cyber actors, such as nation-state actors. Disinformation campaigns conducted in concert with cyber attacks on election infrastructure can amplify disruptions of electoral processes and public distrust of election results."

From the Government Accountability Office (GAO) Highlights: "In January 2017, the Secretary of Homeland Security designated election infrastructure as a critical infrastructure subsector. The designation allowed DHS to prioritize assistance to state and local election officials to protect key election assets, including voter registration databases and voting equipment. [...] This report addresses (1) DHS's election security efforts and selected election officials' perspectives on them, and (2) DHS's planning for the 2020 elections. GAO reviewed DHS's strategies, plans, and services provided to election officials. GAO also interviewed DHS officials, representatives of the EI-ISAC [Election Infrastructure Information Sharing and Analysis Center], a DHS-funded center responsible for sharing threat information nationwide, and election officials from eight states and three local jurisdictions. GAO selected the states and local jurisdictions to provide geographic diversity and variation in election administration, among other factors. The results from these states and localities are not generalizable, but provide insight into election officials' perspectives on DHS's efforts."

From the Background: "Through #Protect2020, CISA [Cybersecurity and Infrastructure Security Agency] leverages a wide range of offerings and services to build outreach programs and engage local election officials in the over 8,000 election jurisdictions across the country. CISA builds these crucial relationships within the election community by supporting election officials in their efforts to identify and plan for potential vulnerabilities to elections infrastructure ahead of and during the 2020 election cycle. CISA engages political campaigns by supporting the development of non-partisan informational products and conducting voluntary assessments, partners with the private sector to collaborate on best practices and vendor security, and works towards raising public awareness about foreign interference efforts."

From the Introduction: "There is one thing every American voter can agree upon--we all want our vote to count. The challenges before the COVID-19 [coronavirus disease 2019] pandemic were already tough enough: Foreign cyber interference from Russia, China, and Iran. Disinformation campaigns. Racial division. Hyper-partisan politics. [...] This paper distills the recommendations that we believe represent the best approaches from official sources like the Centers for Disease Control and Prevention (CDC), U.S. Election Assistance Commission (EAC), and the National Association of Secretaries of State (NASS), enriched with examples of specific state actions and our own election integrity initiative."