The Crucial Role of Cybersecurity for U.S. Election Offices


Cybersecurity is a universal necessity. Whether you're a multinational corporation or a local government agency, safeguarding your digital assets and sensitive information has become paramount. While election offices are safeguarding the heart of our democratic process, they face cyber threats in various forms, from sophisticated nation-state actors to opportunistic malicious hackers seeking exploitable vulnerabilities.

Attacks Targeting Election Offices

In 2022 alone, cyber threat actors (CTAs) targeted multiple election offices just before Election Day. This series of attacks targeted election-related web content and, if successful, could have denied the public access to important information during a critical election period. In one case, the effective use of a single, properly employed cybersecurity measure was effective in stopping the attack.

In a separate cyber attack, this one on Election Day 2022, an election official received an email that spoofed a county office. The election official recognized that the email attempted to gain sensitive information and so alerted others about it, preventing a possible account compromise.

Cyber Defense Measures and the CIS Controls

As with all other industries and organizations, there are fundamental cybersecurity principles that apply to election offices. Cybersecurity best practices are generally accepted guidelines that lead organizations to the best possible outcomes when implementing cybersecurity measures. The CIS Critical Security Controls (CIS Controls) are one such set of globally-recognized best practices developed by security expert consensus that provide organizations like election offices with prioritized recommendations for implementing effective cybersecurity. These security measures provide a comprehensive set of smaller actions (CIS Safeguards) that organizations can implement to protect against the most common attacks.

Layered Defense: Defense-in-Depth

CIS Layered Defense: Defense-in-Depth To ensure robust security, the industry standard is to implement a layered defense concept known as "defense-in-depth." It's akin to having a series of protective barriers that require varied aspects of technical expertise to successfully penetrate, making it significantly more challenging for threats to succeed. Effective cyber defense for election offices involves layers of defense at the network level, at the device level (servers and computers), at the user level, and elsewhere.

Many of these safeguards are inexpensive and easy to implement, but some organizations, like a cash-strapped local election office, can’t afford to buy all of the solutions needed for effective cyber defense. This is where operational support from the Center for Internet Security (CIS) factors in.

CIS Support to Election Offices: A Collaborative Effort

CIS operates the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC®), a community of more than 3,600 election offices from all 50 states and six territories that is partially funded in a cost-share model by CIS and Congress through the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA). Guiding the EI-ISAC is an executive committee consisting of representatives from the election community who are elected by fellow EI-ISAC members.

CIS Support to Election Offices: A Collaborative Effort

The EI-ISAC provides cyber threat intelligence, detection, and response around the clock at no cost to election offices through the 24x7x365 CIS Security Operations Center. To support layered defense among election offices, the EI-ISAC also offers multiple security solutions at no cost to EI-ISAC members.

  • Malicious Domain Blocking & Reporting (MDBR) is a web security service that is highly effective at preventing IT systems from connecting to harmful sites online related to known malware, ransomware, phishing, and other cyber threats.
  • Endpoint Detection and Response is security software deployed on election office devices like servers and computers that can detect and stop active cyber attacks.
  • CIS SecureSuite Membership provides integrated cybersecurity resources to help organizations start secure and stay secure.

The operational support from the EI-ISAC provides solutions that many election offices would otherwise lack the resources or expertise to implement.

A Shared Responsibility

Implementing appropriate cyber defenses takes time, money, and expertise. It requires the combined efforts of a community that includes government agencies, organizations like CIS and the EI-ISAC, and dedicated election officials at the state and local levels.

CIS is proud to play a role helping election offices understand and defend against cyber threats. We applaud the efforts of the thousands of election officials and their staffs to help secure American democracy by protecting the personal data of citizens nationwide and enabling democratic elections.

To learn about election security resources available to elections offices, please visit this CISA site.

Want to know more about how CIS supports election offices?