WASHINGTON — Federal law enforcement and cybersecurity officials are warning state election administrators that they face stern threats ahead of the November presidential election.
Secretaries of state and state election directors must be prepared for potential cyberattacks, both familiar and unpleasantly novel, according to federal officials. And they must remain vigilant about possible threats to their personal security.
Voter databases could be targeted by phishing or ransomware attacks this year, election officials said. Bad actors — both foreign and domestic — are trying to undermine trust in the integrity of elections through disinformation, and advances in artificial intelligence are posing unprecedented challenges to democracy.
“Unfortunately, the threat environment is very high,” said Tim Langan, executive assistant director of the FBI’s Criminal, Cyber, Response, and Services Branch, speaking last week at the National Association of Secretaries of State’s winter conference in Washington. “It’s extremely alarming.”
Kentucky Secretary of State Michael Adams, a Republican, knows this all too well.
Hours after he was sworn in for a second term early last month, a bomb threat was made at the state capitol in Frankfort. An email sent to several government offices, including Adams’, said that bombs placed at the capitol “will get you all killed.” Eight other state capitols received similar threats, but no bombs found.
“I hope this isn’t a sign of things to come this year,” Adams told Stateline. “The benefit of everything we’ve been through over the last few years is that everyone in this room is psychologically prepared for 2024.”
He stressed that since 2016 — when Russia and China tried to influence the presidential election — election officials have increased their cooperation with federal cybersecurity and law enforcement agencies, election security experts and other senior state officials across the country through information-sharing partnerships.
The COVID-19 pandemic has forced election officials to work more closely together in an increasingly stressful and hazardous environment.
While the warnings Adams and his colleagues received were dire, election officials left the conference with novel knowledge about the threats, as well as novel tools to combat them and novel allies to support them prepare in the months leading up to the 2024 general election.
“Today we think much more creatively about what could go wrong and what the challenges are than we could have thought just four years ago,” Adams added.
Threats of violence and cybersecurity concerns
International criminal groups and foreign adversaries such as China, Iran, North Korea and Russia have made “extraordinary” progress in finding ways to hack into systems, steal data and disrupt elections, said Eric Goldstein, executive deputy director for cybersecurity at the Cybersecurity and Infrastructure Security Agency.
“We are in a really difficult situation right now in terms of cybersecurity,” he said.
The federal agency, commonly referred to as CISA, unveiled a novel website last week, #Protect2024to provide resources to election officials at the state and local level during the primary and general elections in November.
Regional federal cybersecurity officials support train local election officials to employ the internet
security, offering security assessments at polling places and county courthouses, and encouraging county clerk’s offices to adopt the .gov domain.
On the same day that CISA unveiled a novel website to protect elections, issued a warning that China is actively attacking American critical infrastructure, particularly in the communications, energy, transportation, and water systems sectors.
During Goldstein’s presentation, Maine Secretary of State Shenna Bellows and Minnesota Secretary of State Steve Simon, both Democrats, said they were concerned that rural election officials might not take the threats seriously, believing they were too petite to be targeted.
“Every location is at risk, regardless of size or sector,” Goldstein said in response.
In early January, a cyberattack took down court, tax, and phone systems in Fulton County, Georgia, including Atlanta. By the end of the month, local governments in Colorado, Missouri, and Pennsylvania were hit by ransomware attacks.
“We are under attack and we need to protect everything,” Rich Schliep, Colorado Department of State CIO, said at a side conference in Washington organized by the National Association of State Election Directors.
Election officials at the state and local levels also still face personal threats made to their offices, at polling stations and polling places, as well as receiving death threats via email and threatening correspondence.
Brendan Donahue, a deputy inspector for the U.S. Postal Inspection Service who spoke at both conferences, said election officials should invest in gloves, masks and the opioid reversal drug Narcan, as well as know how to safely open mail and what to do with a threatening letter.
He stressed that malicious emails are nothing novel in the United States, and law enforcement is still investigating a series of fentanyl-laced letters sent to election offices across the country during last November’s election.
Kansas Secretary of State Scott Schwab, a Republican, encouraged his counterparts to immediately contact their local FBI field office and election crime coordinator.
“You don’t want to do this the third week of November this year,” Schwab said. “I really encourage you to go out and start developing those relationships.”
Artificial Intelligence and the Challenge of Disinformation
Last month, voters in New Hampshire received a robocall that purported to be from President Joe Biden telling them not to vote in the state’s primary election. But when state election officials looked into the call, they discovered it was not Biden’s voice but a voice generated by artificial intelligence.
In response, the Federal Communications Commission Prohibited employ of AI-generated votes in robocalls, saying they could be used to suppress voting. New Hampshire Republican Attorney General John Formella started an investigation and sent a cease and desist letter to the two Texas companies involved in creating the message.
But AI can do much more. AI-generated content could be used to create hyperlocal messages to voters to spread false information about polling location or voting times. It could create messages in other languages to discourage foreign-born citizens from voting. It could also be used to create a flood of content, even from fraudulent local news outlets, to inflame existing challenges at polling stations.
GET MORNING HEADLINES DELIVERED TO YOUR INBOX
There is an internal risk to election offices. Employees could receive a call that sounds like an election administrator asking to change the voting process. Sophisticated phishing emails could trick employees into allowing access to social media accounts or sensitive voter information.
“This is disinformation on steroids,” said former Kentucky Republican Secretary of State Trey Grayson, a member of the National Task Force on Election Crises. “We’ve had disinformation, disinformation threats, for a couple of years now. But this is just the next level.”
State and local election officials are already spending a lot of time fighting disinformation. Secretaries of state are using #TrustedInfo2024 on social media to promote the importance of using trusted sources for election information. AI platform ChatGPT has begun directing users with election-related questions to Sharewebsite maintained by the National Association of Secretaries of State.
It’s an “ongoing challenge,” said Riley Vetterkind, public information officer for the Wisconsin Elections Commission. The state agency provides election officials with press release templates, a calendar of suggested social media posts, webinars on messaging strategies and email newsletters on existing misinformation.
Pennsylvania election officials launch voter education drive ahead of April 23 presidential primary
In Colorado, election officials have aggressively cracked down on falsehoods, saying the 2020 presidential election was rigged and that voting systems are vulnerable to significant fraud.
“We decided we were no longer going to be a safeguard for BS,” said Matt Crane, executive director of the Colorado County Clerks Association. “We’re going to be very aggressive in the public arena.”
The challenges are piling up, said Mark Lindeman, director of policy and strategy at Verified Voting, a nonprofit that advocates for paper ballot records, post-election audits and election security.
But there is hope, he added. It is basic to mess up an election, but it is difficult to destroy entire voting systems.
“One of my concerns is that we wear ourselves down, scare ourselves with all the things that could go wrong,” Lindeman said. “Sometimes we lose sight of how we can prepare ourselves to meet those challenges and how we can explain to people that we’ve met those challenges.”
state line is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) charitable organization. Stateline maintains editorial independence. For questions, contact Editor Scott S. Greenberger: [email protected]. Follow Stateline on Facebook AND Twitter.
