After years of planning and worry, polls closed on Election Day 2020 without any evidence of cyber manipulation by foreign governments or criminals.
The big question was why. Did Russia, Iran and other adversaries decide such attacks didn't serve their purposes, given that they have appeared to focus on spreading disinformation? Did U.S. government efforts deter or thwart election hacking?
Trump administration officials were quick to claim credit.
"I think what you're seeing more than anything is 3½ years of collaboration," said Chris Krebs, the director of the Cybersecurity and Infrastructure Security Agency, or CISA, which is responsible for securing the country's infrastructure cybersecurity. He touted the joint effort with the U.S. intelligence community and the Election Assistance Commission.
"The 50 states are working together, sharing information," Krebs said. "From where we came in 2016 to where we are, we have a much better game plan."
Gen. Paul Nakasone, who leads both the National Security Agency and the military's U.S. Cyber Command, went further, suggesting in a statement Tuesday night that secret operations stopped foreign interference.
"I'm confident the actions we've taken against adversaries over the past several weeks and months have ensured they're not going to interfere in our elections," Nakasone said, referring to cyber strikes carried out under his command against the computer infrastructure associated with Russian and Iranian government hackers.
This much is clear: The lack of cyber mischief directed at election systems in 2020 stood in contrast to what happened in 2016, when Russian military hackers sought to breach election systems in all 50 states, and got into a number of them. That was before CISA existed in its current form or elections had been designated as critical infrastructure by the Department of Homeland Security.
CISA spent years working with the states and hardening networks against attacks, while Cyber Command sent operatives abroad to gather intelligence and facilitate offensive action.
That said, U.S. intelligence officials and private cybersecurity experts said they saw no evidence this year that foreign governments were laying the groundwork to hack into election systems.
Matthew Prince, the CEO of the cybersecurity company Cloudflare, told NBC News he saw little serious effort.
"Generally: quiet on the cybersecurity front nationwide," Prince said in a text message.
But while there remain big fears about foreign disinformation as America sorts out who won the election, Election Day itself was fairly smooth sailing. CISA had long warned that state or county websites that report election results, which aren't tied to the official numbers, could make ripe targets for hackers, as Russia has done in Ukraine.
For around an hour Tuesday evening, Texas' results reporting site went down without explanation. But the issue was merely a problem with Civix, the vendor that hosts the site, Stephen Chang, a spokesperson for Texas Secretary of State Ruth Hughs's office, said in an email. It was restored a little after 9 p.m. ET.
Krebs's agency had long warned that the scourge of ransomware gangs that have targeted county and local governments in recent years could infect counties at a crucial moment, hampering their ability to quickly and easily conduct elections. Although election systems in two counties were tangentially affected in recent weeks — Hall County, Georgia, where an infection temporarily slowed absentee ballot counting, and Chenango County, New York, where an email outage meant some absentee ballot requests could not be processed — a senior CISA official said on a news call that there were no known new ransomware cases that touched on elections.
In the early morning, Ohio seemed to have the biggest problem, when the electronic poll books crashed in Franklin County, one of the state's biggest counties. But by state mandate, Ohio counties carry paper backups of their poll books, and Franklin was able to check people in manually with little delay, said Frank LaRose, Ohio's secretary of state. There was no indication that the issue was caused by a cyberattack.
"We issued a very aggressive checklist of items every county board had to do," LaRose said in a phone interview.
"The old saying I had in the military is you sweat in peacetime so you don't bleed in battle," he said. "It's kind of a dramatic way of saying it, but the point is you work hard in preparation so you don't have problems when it's time for actually executing on the job."
While Krebs was using military metaphors, the actual military was acknowledging to reporters Tuesday night that it took offensive action against Russia and Iran in the months before the election. But two sources familiar with the matter described the cyber actions not as crushing blows to foreign adversaries, but as something of an annoyance to them.
The sources said the operations were similar to what Cyber Command did in 2018, when it took down computers associated with the Internet Research Agency, a Russian troll farm. The impact lasted only a day or two, the sources said, before the disinformation factory was up and running again.
The sources questioned whether the cyber offensive had anything to do with why there were no successful hacks against voting infrastructure.
“It makes us feel good,” one source said, and sometimes makes the job of Russian and Iranian hackers harder. However, another source added, “It doesn’t fundamentally change their behavior.”
While polls appeared to have closed without a major hitch, Krebs cautioned that the window for hackers to affect the perception of the election's integrity could be open for weeks.
"We are by no means through this," Krebs said. "There's still a lot of time left on the clock. There are a number of things that could happen tonight, tomorrow, the ensuing weeks."