Election Day is over, but threats to voting systems remain

scanning a ballot (Lisa F. Young/ 

Votes are still being counted in the 2020 presidential election, and the Department of Homeland Security expects cybersecurity threats, such as ransomware attacks and disinformation campaigns targeting the election process, to continue through December.

"We're not out of this yet," a senior official from the Cybersecurity and Infrastructure Security Agency at DHS told reporters Nov. 3. "There's a counting process, a canvassing process, an auditing process, a certification process, seating in the electoral college -- is going to take us well into December."

"The attack surface is shifting from the actual voting process itself into the counting, the canvassing, the auditing and through the certification over the next several days and weeks," the official said.

The CISA official cited potential activity around disinformation campaigns targeting the voting tallies and an increased demand on election systems to continue as absentee and mail-in ballots are counted. Website defacement, manipulating vote counts, including media sites, are also possible, along with denial of service attacks. Election-related system performance failures are also possible.

That additional stress creates room for other cybersecurity attacks, such as ransomware, particularly on the state and local level.

"There is an opportunity to target state networks with ransomware," the official said. "The highest likelihood is just continued efforts to undermine confidence in the process through sensational claims that systems are hacked when they haven't been."

CISA has been the command center for election security coordination and information sharing across government on the federal, state, and local levels. On Election Day, DHS officials maintained that while they were seeing more adversarial and disinformation activity compared to prior years, that was due to increased communication and information sharing between federal, state and local agencies.

Election Day was filled with reports of robocalls urging people to stay home and incidents of election-related systems, such as issues with electronic poll books.

But CISA's concern has been with keeping the public well-informed and to quell alarm.

"You could see disinformation campaigns out there, amplifying or pushing false results or outcomes trying to spin up concern or anxiety," the senior official said. "We're asking for patience and not let little things spin out of control and drive narratives that are much bigger than their actual impact."

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected