Security awareness

7 myths about election security — debunked

September 18, 2019 by Tyler Schultz

Just a few years ago, the idea of a hacked election brought Hollywood-style visuals of foreign cybercriminals in a dark room flipping the outcome of an election with a single command. Sure, it’s a familiar visual, but if we’ve learned anything from recent elections it’s that the threat of election interference is much broader and oftentimes indirect.

Election security certainly involves securing voting machines and systems associated with the voting and registration processes, but it also requires physical security, voter data protection, social media intelligence and more. For this reason, keeping our 2020 elections secure requires more than IT and security professionals. It takes everyone involved in the voting process to watch for suspicious activity and adhere to cybersecurity best practices to prevent interference in the upcoming elections.

In this post, we debunk seven common myths about election security and provide actionable tips to pass along to poll workers and volunteers. Together, let’s keep our 2020 elections secure.

Myth 1: election security is driven by technical personnel

Everyone involved in the voting process should see themselves as a security official. As much as election workers need technical staff to keep voting machines, databases and digital records secure, the technical team needs poll workers and volunteers to ensure the voting process adheres to standard protocols and avoids interferences on election day.

What you can do
Make security an open topic of discussion amongst election staff from the first moment of orientation through the end of the election. It’s important for poll workers and volunteers to not only feel like security is part of their responsibility, but also empower them to speak up if they see something suspicious.

Myth 2: the greatest threat to voting machines is a foreign hack

Although foreign, state-sponsored interference remains a legitimate threat to our elections, domestic, in-person interference is an equally dangerous threat. Most voting machines are not connected to the internet and would require physical contact to hack. Furthermore, the wide variety of voting machines and protocols used throughout the U.S. drastically reduces the threat of a centralized, nation-wide hack.

What you can do
Train election staff to watch for voters bringing devices or even small items such as screwdrivers or USB drives into the voting booth. You can also encourage poll workers to monitor voting times and check with voters taking excessive time in the booth.

Myth 3: cybercriminals’ primary motivation is altering votes

Although some cybercriminals may be motivated to directly alter votes to influence the outcome of an election, an attacker is more likely to attempt to suppress voter turnout, disrupt the voting process or access voter data.

What you can do
Help election workers understand the breadth of election threats, the types of attacks that could target them personally and the techniques they can use to recognize an attack.

Myth 4: election security requires highly specialized training

While there are several cybersecurity considerations unique to the election process, the majority of election security skills such as data security, phishing defense and recognizing social engineering attacks stem from basic cybersecurity knowledge.

What you can do
Layer your election security training with education on cybersecurity best practices to encourage election staff and volunteers to use strong passwords, two-factor authentication and to recognize common attacks that could disrupt the election process.

Myth 5: election day presents the greatest vulnerability

As we’ve learned from recent elections, one of the greatest threats to our elections comes well before any votes are cast. Disingenuous social media campaigns, phishing attacks, social engineering and more can play a role in influencing voters and undermining the integrity of an election.

What you can do
Start election security training well before election day and help poll workers and volunteers understand the common election attacks voters are exposed to. This allows election staff to help dispel rumors and false information and keep the process running smoothly on election day.

Myth 6: polling place security should be handled by security staff

Although security staff should remain responsible for the physical security of the polling place, suspicious behavior should be monitored by poll workers and volunteers. This includes examining tamper seals, watching for suspicious devices and understanding social engineering tactics such as a person claiming to inspect or repair a voting machine.

What you can do
Encourage election staff to report any suspicious behavior. Poll workers and volunteers aren’t security guards, but their observations can play a major role in keeping our elections secure.

Myth 7: There is a one-size-fits-all solution to election security

With massive diversity of voting machines, registration processes and requirements across the United States, there is no standard playbook on election security. Although this diversity makes a nationwide election hack unlikely, it puts pressure on local officials to seek out the appropriate training required to keep their elections secure.

What you can do
Focus election security training on processes unique to your local elections, but don’t forget general cybersecurity training. It’s impossible to predict every threat poll workers and volunteers face during the election process. However, with basic cybersecurity training, election staff will be prepared to recognize and report attacks and suspicious behavior.

Get your free election security training resources

As cybersecurity educators, we believe securing our elections is a shared responsibility. That’s why we developed a free election security training kit designed for poll workers in your state and throughout the U.S. The kit includes an election security training module, posters, email templates and instructions to help you deliver the training and protect your local elections from attack.

Together, we’ll keep our 2020 elections secure.

election security training resources

Get The Kit

Posted: September 18, 2019
Tyler Schultz
View Profile

Tyler Schultz is a marketing professional with over seven years of experience delivering SaaS solutions to organizations of all sizes. As a product marketing manager at Infosec, he is dedicated to helping organizations build strong cybersecurity cultures and meet their security awareness goals. He helps the Infosec team push the boundaries of effective and engaging security awareness training with a focus on experiential learning, gamification, microlearning and in-the-moment training. Tyler is a UW-Madison and UW-Whitewater graduate and Certified Security Awareness Practitioner (CSAP).