Decision 2024 – the ultimate election year – is in full swing, with more than 60 countries holding national elections this cycle. In the United States, where presidential candidates are polling neck and neck and stakes are high, this “first true AI election” has brought election security to the forefront of the conversation.
With AI, threat actors have a powerful way to spread and scale misinformation, disinformation and malinformation (MDM) campaigns, such as the false social media narratives and fake celebrity endorsements seen in recent months.
As election day in the U.S. approaches, defenders face unprecedented challenges in protecting the electoral process from further interference and foreign influence. No government can shoulder this burden alone. Upholding the security and integrity of this election – and all those to come – will require collaboration at many levels. It will also take strong cybersecurity practices grounded in good cyber hygiene, defense-in-depth and Zero Trust.
Major 2024 Election Cybersecurity Concerns
Today’s most pressing election cybersecurity challenges can be grouped into four major categories:
1. Nation-State Actors. Nation states’ efforts to sow distrust, shift opinions and generally undermine confidence in U.S. democratic institutions are intensifying. Recently, Donald Trump’s campaign confirmed that some of its internal communications were breached. U.S. intelligence officials soon linked the attack to a foreign adversary, noting in a joint advisory that “social engineering and other efforts sought access to individuals with direct access to the Presidential campaigns of both political parties.” They went on to warn that “Such activity, including thefts and disclosures, are intended to influence the U.S. election process.”
The U.S. government is taking such threats very seriously: in early September, the Biden Administration announced a sweeping set of actions to thwart another nation-state’s effort to influence the election, including criminal charges, sanctions and the seizure of numerous internet domains.
2. Election Infrastructure. The security of election systems – from voter registration databases to voting machines to back-end election management systems – is essential to trustworthy elections. Recognizing this, the Obama administration designated election infrastructure as “critical infrastructure” in 2017, placing it in a category receiving whole-of-government focus alongside the electrical grid, emergency services and other vital systems.
Yet many vulnerabilities persist, and (often outdated) election systems can be subject to a wide range of threats, such as phishing, malware and denial of service (DoS) attacks. In April, Georgia’s Coffey County experienced a ransomware attack that forced it to sever its connection to the state’s voter registration system – showing just how dangerous these types of attacks can be.
The increasingly connected nature of these digital systems also introduces software supply chain risks related to how election software is developed, distributed and updated in the field. For example, a recent POLITICO investigation reveals that “troubling security bugs,” along with a foreign national anthem, were found written into a U.S. voter database built with the help of an overseas subcontractor. According to the author, this “supply chain scare” underscores a broader issue: “There is little oversight of the supply chain that produces crucial election software, leaving financially strapped state and county offices to do the best they can with scant resources.”
3. Insider Threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) defines insider threats as “an individual or group who uses their authorized access or special knowledge to cause harm to an organization or entity.” This harm can include malicious or unintentional acts by current or former workers (i.e., employees, contractors and volunteers) within election bodies, as well as people working on the periphery who support or interact with election infrastructure.
Some examples of insider threat activity include a volunteer accessing systems without the need or proper authorization, a pro-party malicious insider altering or destroying ballots, and a third-party “hacktivist” leaking information to weaken an organization’s influence. Most insider threat cases stem from simple human error, such as inadequate training, unintuitive tools or complex workflow procedures. Still, such missteps can compromise security systems and expose sensitive data.
Though confirmed insider threat activities have been domestic thus far, according to CISA, nation-state actors may also seek to gain insider access by coercing or extorting insiders to help them achieve their goals.
4. AI. None of the above election risks are new; however, the increasing use of malicious AI exacerbates them. Threat actors are leaning heavily on AI-powered deep fakes and phishing scams to fine-tune their social engineering capabilities, exploit voter identities and scale their attacks. For instance, in January 2024, several New Hampshire-based voters received a robocall seemingly from President Joe Biden urging them not to vote in the primary elections. Fortunately, officials were able to identify and stop this social engineering tactic from having a material impact on the primary elections. However, we can safely assume that not every case will be this lucky.
Using AI-generated content, election meddlers have an unprecedented opportunity to forge one-on-one relationships with voters and ultimately influence target audiences, cast doubt on election integrity and even impact election outcomes.
Six Key Measures for Upholding Election Cybersecurity and Integrity
Proactive cybersecurity measures and an “assume breach” mindset are essential in safeguarding elections against evolving cyber threats. These include:
1. Transparent election audits. Regulatory and policy frameworks provide the foundation for credible elections, while risk-reducing election audits provide the necessary checks and balances. Election audits are essential to the electoral process, ensuring that election infrastructure works as intended, election officials comply with specified regulations, and issues are addressed and resolved transparently. This is especially true in places like the U.S., where more than 8,000 local governments manage elections with differing rules and processes. Voters expect – and increasingly call for – post-election audits. Voting systems must be designed and configured to produce the required artifacts for these audits, such as paper trails for electronic voting records.
2. Defense-in-depth cybersecurity. In the high-stakes world of election security, trusting a single line of defense is not enough. That’s where the concepts of defense-in-depthand Zero Trust come in. They offer a layered approach to protecting critical election infrastructure while assuming no trust between systems and requiring continuous verification of every user and device, and strong verification before granting high risk access.
3. Robust incident response planning. Murphy’s Law applies to elections. Something will go wrong. The importance of having strong incident response and crisis communications plans in place – and continuously testing and refining them – cannot be overstated. Communicating with citizens prior to and during the election process is essential to build trust and buy you the time you will need to sort through the facts of an incident and then start reporting on your response plan and status. CISA offers resources like in-person and virtual tabletop exercises to help election officials facilitate incident response training exercises.
4. Enhanced collaboration. Government agencies, law enforcement, cybersecurity professionals and the public must collaborate to bolster cyber resilience and strengthen the electoral process. Defense-in-depth isn’t just about technology – it’s about everyone working together to share information, expertise and resources to defend democracy.
5. Increased public awareness and education. As AI-based attacks surge, voter education initiatives that emphasize personal data protection, social media literacy, and popular cyberattack trends are crucial. Informed citizens can – and must – play a significant part in building resilience against election-related influence operations and disinformation narratives. Former CISA head Chris Krebs perhaps said it best in a recent X post directed at fellow Americans: “[Election meddlers] have their own objectives and guess what, you’re the target. Take this seriously. You’re part of the playbook, they want you to either amplify it or doubt it. Take a beat, touch grass as the kids say, & just vote. American voters decide American elections. Let’s keep it that way.”
6. Continued technology innovation. Technology will continue to play an increasingly critical role in fighting AI-based information warfare and securing future elections. To that end, cybersecurity technologists are joining forces through initiatives like the Information Technology-Information Sharing and Analysis Center’s (IT-ISAC) Election Security Research Forum (ESRF) and the National Cybersecurity Center of Excellence to enhance election security technology and help renew public faith in political processes.
Identity threat detection and response is a relatively new but potentially powerful election security innovation that’s gaining traction. ITDR supports Zero Trust and employs detection mechanisms to identify potential threats, examine suspicious activity during and after the authentication and authorization process and take the appropriate countermeasures to safeguard the trustworthiness of the identity infrastructure through security orchestration and response.
Understanding who is using what type of identity to perform a specific action can surface valuable insights and illuminate attacker behavior. For instance, a local poll worker trying to change the tabulations at the regional level or a regional worker changing many local tabulations may indicate abuse or attack. Mapping and enforcing accepted workflows allows IT systems to enforce those policies and enables security systems to more easily identify irregular behavior.
Defending Democracy Is Everyone’s Job
Cybersecurity and democracy are now inextricably linked. AI has lowered the bar for malicious actors and election meddlers, driving renewed urgency for governments to boost proactive security measures, increase vigilance and engage stakeholders, technologists and citizens alike in safeguarding election security to protect individual political rights for all. The time to act is now, as a team, to defend our democracies.
James Imanian is senior director of the U.S. Federal Technology Office at CyberArk.