The 2020 presidential election may be the first in which a candidate has campaigned to delegitimize the results before the first ballot was cast. But for the U.S. Cybersecurity and Infrastructure Security Agency and other federal agencies, it’s the culmination of four years of preparation to keep the election safe.
“We've got a lot of confidence that the ballot's as secure as it's ever been,” said CISA’s director, Chris Krebs. “We've been working on this for three-and-a-half years.”
CISA and its partner agencies on election security, like the FBI and National Security Agency, are keen to avoid a repeat of 2016, when Russian military intelligence hacked the Illinois voter registration database and those of two Florida counties in the months leading up to that election.
With few procedures or lines of communication among federal, state and local governments, Illinois and the Florida counties were caught unaware. Federal agencies did not have a way to clearly communicate the threats they were seeing, and the public did not learn the extent of what had happened until years later.
President Donald Trump has repeatedly said in public and on social media that the 2020 election would somehow be “rigged.” In his televised debate with former Vice President Joe Biden on Sept. 29, Trump insisted without evidence that the election was a “fraud and a sham.”
Some of those sentiments are reflected in public opinion. According to an NBC/SurveyMonkey poll in August, a majority of Americans, 55 percent, said they were not confident in the fairness of the election. Since then, Trump, who is trailing Biden in most national polls, has repeated his unsubstantiated claims.
But officials at multiple levels of government have contradicted him. On Thursday, the FBI tweeted a nine-minute video, in which Director Christopher Wray, Krebs and two other agency heads talk about their commitment to safeguarding the election. Unlike most of the FBI’s informational materials about election safety, which struggle to gain much attention with the public, the video racked up more than 1.4 million views.
And in a livestreamed CISA event Wednesday, Homeland Security Director Chad Wolf, who has been accused of catering to Trump, described a very different scenario than that posed by the president.
“We believe preserving the integrity of this indispensable American tradition is pivotal in the administration's commitment to putting America First,” Wolf said in his prepared remarks. “With this administration's full support and backing, the men and women of CISA have traveled across the country, building relationships with state and local officials who manage these critical systems.”
Between 2017 and the beginning of 2020, CISA and other election officials were concerned about the possibility of hackers attacking the election’s integrity. CISA dispatched its senior cybersecurity advisor, Matt Masterson, around the country to meet with state and local election officials who may have been previously reluctant to embrace its offer of free cybersecurity services.
Mac Warner, secretary of state in West Virginia, said Masterson’s hiring signaled to states that federal officials were willing to be election partners rather than simply recipients of election intelligence.
“Really, the change came when Matt Masterson came on board,” Warner said. “Having been an election official himself, he wasn’t so tight-fisted with the information. He understood the necessity of having that.”
But as the coronavirus hit in the spring, CISA pivoted to partnering with the Election Assistance Commission to prepare states for a massive, rapid shift to voting by mail and in-person under guidelines set by the Centers for Disease Control and Prevention.
Karen Brinson Bell, the top election official in North Carolina, said the assistance has been instrumental in helping her team get trained and ready.
“They have provided us not only with responses to situations, but proactively help us to prepare for the election,” she said. “We actually just had CISA conduct a series of trainings with our county board of election directors and staff to help them be more knowledgeable about ransomware, about misinformation and disinformation.”
Krebs cannot promise that nothing will be hacked between now and the time the 2020 election results are certified. On Friday evening, his agency put out an alert that potential nation-state hackers were exploiting a vulnerability in state and local government networks across the country, which could potentially be used to gain control over county websites that display voter information.
Instead, he says, the U.S. has resilience measures in place to keep a potential hack from spiraling out of control.
“We've got a number of concerns about potential disruptive activities that could happen in the next several weeks and even beyond Nov. 3,” Kreb said “And some sort of ransomware or other attack that brings down a system is something that we've been thinking about.
“We have incident response plans in place,” he added. “We're ready for just about anything.”
The biggest threat is the misconception that the election is invalid, he said.
“My top concern right now is the American people lose confidence in the vote,” Krebs said. “And that's why we have been messaging. The American people need to have confidence that it's not a single point of failure in the election process.”