Election Day in the US followed an unprecedented season of security alerts, disinformation campaigns, and speculation as to how foreign actors could interfere in the 2020 presidential race. While Nov. 3 has been relatively calm so far, we're not out of the woods yet, a senior Cybersecurity Infrastructure and Security Agency (CISA) official said in a news briefing.
"At this point, this just looks like any other Election Day … even just another Tuesday," the official said. There has so far been no sign of foreign adversaries successfully compromising or affecting votes cast in the election.
But the process is only getting started. One senior CISA official likened today to "halftime," warning there may still be efforts to interfere with this election in days and weeks to come. Today saw some instances of disinformation targeting voters in specific states, as well as a few technical glitches that forced some polling places to fall back on their paper pollbooks.
Michigan Attorney General Dana Nessel reports robocalls targeting residents of Flint, Michigan, with the message that "due to long lines, they should vote tomorrow." This is an obviously false statement and an effort to suppress the vote, she said. Robocalls are a voter intimidation tactic often seen in elections; the FBI is reportedly investigating this incident, the DHS says.
In Franklin County, Ohio's largest, some voters experienced delays due to a shift to paper pollbooks. A digital file containing data on early voters was too large and could not be synced to electronic pollbooks, forcing poll workers to switch to paper. While this can be attributed to a technical glitch and not a cyberattack, the backup plan aligns with the message of resilience that officials say has been a key part of state and local partnerships leading up to the election.
Foreign activity in the 2020 election has so far been lower than in 2018, CISA officials said, citing the "improved resilience" and national conversation about issues such as disinformation. Social media companies such as Facebook and Twitter have both acted to fight fraudulent content.
"Social media platforms have taken major steps to improve their security and protection against disinformation and attacks by third-party actors," says Victoria Mosby, federal mobile security expert at Lookout. "In particular, Facebook and Twitter are seen as the largest platform for disinformation and both have gone to great lengths to counter this issue." Twitter, for example, announced measures to delete tweets calling for violence around election results.
It's Still Early, Officials Say
This election has been top-of-mind for security officials since the chaos surrounding the 2016 race. The government has improved visibility into election infrastructure and now has intrusion detection system monitors installed across all 50 states. The State Department announced a reward of up to $10 million for information leading to people engaging in election interference on behalf of a nation-state. CISA's "Rumor vs. Reality" page aims to combat mis- and dis-information.
The FBI and the DHS CISA have warned of interference attempts by Iranian and Russian actors. In one instance, Iranian attackers spoofed emails to voters and published a video meant to cause confusion and undermine confidence in the election process. Russia-backed threat group Energetic Bear has reportedly targeted dozens of US state, local, territorial, and tribal government networks since Sept. 2020, CISA reported.
Government actions to secure the 2020 election also include a two-week operation against Iran, the Washington Post reports. General Paul Nakasoke, who heads the NSA and military cyber command, said in an interview on Tuesday that he was "very confident in actions" against adversaries over the past several weeks and months to protect against interference. This reportedly followed the attack in which Iranian actors sent emails to threaten voters.
While foreign activity has so far been quiet on election day, CISA officials say they're not letting their guard down. Now is the time when polls are closing; when numbers and unofficial results start going up; when we might see disruption due to defacement or denial-of-service attacks.
"A defaced or manipulated election night reporting webpage would not impact the counting or the certification of official results," CISA posted in a tweet, noting the results on election night are unofficial. Website defacements related to elections could be intended to undermine confidence in the election process, which will remain a concern as the votes are counted.
"I don't think the impact on the tabulation, and the counting of votes is going to come to fruition," says John Dickson, principal at Denim Group. "There might be influence operations, but no disruption of polling." Tonight - when all eyes are on the Web, the news, and the election reporting - is the more susceptible time for interference activity to occur, he points out.
Given the window in which malicious cyber activity could still occur, security experts urge voters to remain patient, seek news in trusted sources, and keep in mind that technical glitches occur – not every disruption might be related to a cyberattack. Voters should keep in mind how voting has been affected by the pandemic and there may not be a final result for days to come.
"Everybody is acutely and intensely focused on ensuring that this election is as secure as humanly possible," one senior official said.