voting machines (Iconic Bestiary/

What you need to know about election security

Security threats facing the U.S. elections systems fall into three broad categories, according to the Department of Homeland Security:


FCW's Election Security FAQ

This article is drawn from a larger look at election-security concerns. Read more.

  1. The hacking of election infrastructure (voting machines, voter registration systems, election management systems, electronic pollbooks).
  2. Strategic hacking and leaking efforts targeting political campaign teams.
  3. Large-scale disinformation and misinformation campaigns aimed at influencing voter behavior before they head to the polls.

While much of the focus in election security has focused on the IT infrastructure used to run elections, federal officials are at least as worried about the impact of coordinated online influence campaigns. Such efforts are generally cheaper, provide nation states with plausible deniability and can be effective at amplifying existing political tensions in ways that can boost or suppress voter turnout for targeted groups.

Although most allegations of election tampering have pointed to  Russia, President Donald Trump and members of his administration recently said China is attempting to interfere in the upcoming mid-term elections.

The veracity of that statement depends on how one defines “election interference.”

Intelligence agencies and DHS continue to say that they have no evidence indicating China is actively targeting election infrastructure the way the Russians are thought to have done in 2016. Those officials have said that China, like other countries, conducts influence campaigns and those campaigns could theoretically influence voter behavior, but they are often described more as attempts to influence American public opinion in ways favorable to Chinese policies, through advertisements and media buys, not online disinformation campaigns targeting specific election outcomes.

FireEye, a well-respected cybersecurity threat intelligence firm with a long history of attributing cyber attacks back to nation states, said in October that it has yet to see examples of online activity linked to Chinese hackers that attempts to manipulate specific issues or shape electoral outcomes. Other cybersecurity firms such as Crowdstrike and Symantec have reinforced that view.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.