Russian cyberattack could capitalize on election doubts

As the war in Ukraine continues, the United States is warning that Russia and aligned criminal groups may launch cyberattacks against critical American infrastructure, potentially including election systems ahead of November’s midterms.

Election officials and cybersecurity experts worry that a disruption from Russia or other foreign actors may capitalize on plummeting confidence in election integrity among American voters, fueled by myths and disinformation that have saturated the country.

Even with new protections, heightened awareness and information-sharing across all levels of government, widespread skepticism about election integrity makes a potential Russian cyberattack more concerning, said Noah Praetz, cofounder of the Elections Group, which consults with state and local election officials.

An attack on a key jurisdiction, such as a county in a swing state, could put enough doubt in voters’ minds that the results can’t be trusted, even if votes weren’t changed in the attack, he said.

“The consequences of a cyber event, even if backup plans work, are probably worse than they were four years ago because confidence in elections is down,” said Praetz, who previously ran elections in Cook County, Illinois. “It’s a pretty precarious situation for our country right now.”

Michigan Secretary of State Jocelyn Benson, a Democrat, told Stateline she has confidence in the security of her state’s election system, which she said is more strongly defended than ever before. But threats continue to metastasize, she said, because of the lies of former President Donald Trump and his allies, who claim the 2020 presidential election was stolen.

“Because of a multiyear, multifaceted, nationally coordinated effort to delegitimize democracy, to spread misinformation, in many ways our system has a vulnerability now that it’s never had before,” she said in an interview.

Last month, Benson announced $8 million in federal grant funding for jurisdictions to boost their election security efforts ahead of the midterms. In his annual budget plan, President Joe Biden proposed $10 billion over the next decade to bolster the country’s elections infrastructure.

Mike Hamilton, chief information security officer for the cybersecurity firm Critical Insight, does not expect there to be a widespread cyberattack against election infrastructure in November. Election systems are decentralized in the U.S., run by 10,000 separate jurisdictions around the country, making a large-scale attack unlikely.

However, disinformation campaigns will continue, he said, as will focused attacks against counties, where officials may be vulnerable to phishing attacks, which happen when a person clicks on a malicious link in an email.

“We have to remember the people on the frontlines are not real cyber savvy,” said Hamilton, who previously served as Seattle’s chief information security officer and vice chair for the U.S. Department of Homeland Security’s State, Local, Tribal and Territorial Government Coordinating Council. “[Foreign actors] are going to go after people and hang bait in front of them.”

These attacks might not come just from the Russian government. The U.S. Cybersecurity and Infrastructure Security Agency warned this week that Russian-aligned cybercrime groups have threatened Western nations, putting their critical infrastructure at risk.

Probing and phishing schemes by foreign actors such as Iran, North Korea and Russia are now a constant, background nuisance for American companies and government officials, said Matthew Schmidt, an associate professor and international affairs program coordinator at the University of New Haven.

Schmidt suggested that an escalation of the conflict between Russia and the West could inspire broader Russian cyberattacks on U.S. infrastructure, including elections.

However, he said the U.S. has better defenses than it did during the 2016 presidential election, when Russia targeted election officials in every state, finding success in Florida and Illinois. Russia also has been behind large-scale disinformation efforts during U.S. election seasons.

“We are more prepared for the threat than six years ago,” Schmidt said. “These things are much better protected than people think they are and have been hardened more and more.”

Bill Ekblad, Minnesota’s election security cyber navigator, echoed those comments. For the past three years, Ekblad has traveled the state advising local election offices about better cybersecurity practices, such as requiring multifactor authentication to gain access to email and election systems.

He also has connected Minnesota election officials, federal partners and election equipment vendors so they can share information and test election systems.

The war in Ukraine has not changed Ekblad’s approach to election security, he said.

“We need to be ready for anything at any time, as best we can,” said Ekblad, as he headed to a conference with the state’s election leadership in central Minnesota to discuss cybersecurity. “Headlines don’t change that.”

This month, the office began distributing $3 million in election cybersecurity federal grant money. But there was a catch to receiving the funds: County election offices first had to demonstrate safe cybersecurity practices and investments.

These grants are especially helpful for counties with election equipment more than 15 years old, said Tyler Webster, the elections technology coordinator for Wright County, just northwest of Minneapolis.

“We’re just doubling down on our cybersecurity hygiene right now,” he said. “We’re doing what we can on our side to make sure our protections are robust. Often, this comes down to human error.”

This article was first posted on Stateline, an initiative of The Pew Charitable Trusts.