Cyber threats to election systems remain a concern for the Department of Homeland Security well into December throughout the vote counting process.
Votes are still being counted in the 2020 presidential election, and the Department of Homeland Security expects cybersecurity threats, such as ransomware attacks and disinformation campaigns targeting the election process, to continue through December.
"We're not out of this yet," a senior official from the Cybersecurity and Infrastructure Security Agency at DHS told reporters Nov. 3. "There's a counting process, a canvassing process, an auditing process, a certification process, seating in the electoral college -- is going to take us well into December."
"The attack surface is shifting from the actual voting process itself into the counting, the canvassing, the auditing and through the certification over the next several days and weeks," the official said.
The CISA official cited potential activity around disinformation campaigns targeting the voting tallies and an increased demand on election systems to continue as absentee and mail-in ballots are counted. Website defacement, manipulating vote counts, including media sites, are also possible, along with denial of service attacks. Election-related system performance failures are also possible.
That additional stress creates room for other cybersecurity attacks, such as ransomware, particularly on the state and local level.
"There is an opportunity to target state networks with ransomware," the official said. "The highest likelihood is just continued efforts to undermine confidence in the process through sensational claims that systems are hacked when they haven't been."
CISA has been the command center for election security coordination and information sharing across government on the federal, state, and local levels. On Election Day, DHS officials maintained that while they were seeing more adversarial and disinformation activity compared to prior years, that was due to increased communication and information sharing between federal, state and local agencies.
But CISA's concern has been with keeping the public well-informed and to quell alarm.
"You could see disinformation campaigns out there, amplifying or pushing false results or outcomes trying to spin up concern or anxiety," the senior official said. "We're asking for patience and not let little things spin out of control and drive narratives that are much bigger than their actual impact."