Secretaries of state and state election directors must be ready for potential cyber attacks, both familiar and uncomfortably new, according to the feds. And they must remain vigilant about possible threats to their personal safety.
Voter databases could be targeted this year through phishing or ransomware attacks, election officials were told. Bad actors — both foreign and domestic — are trying to erode confidence in the integrity of elections through dis- and misinformation, and advancements in artificial intelligence present unprecedented challenges to democracy.
“The threat environment, unfortunately, is very high,” said Tim Langan, executive assistant director for the Criminal, Cyber, Response, and Services Branch of the FBI, speaking recently at the winter conference of the National Association of Secretaries of State in Washington. “It is extremely alarming.”
Kentucky Republican Secretary of State Michael Adams knows this all too well.
Hours after he was sworn in for his second term early last month, there was a bomb threat at the state capitol in Frankfort. An email sent to several state government offices, including Adams’, said that the bombs placed at the capitol would “make sure you all end up dead.” Eight other state capitols received similar threats, but no bombs were found.
“Hopefully, it’s not a sign of what’s to come this year,” Adams told Stateline. “The benefit of all that we have gone through the last several years is that everybody in this room is psychologically prepared in 2024.”
He pointed out that since 2016 — when Russia and China tried to influence the outcome of the presidential election — state election officials have bolstered their relationships with federal cybersecurity and law enforcement agencies, election security experts and with fellow top state officials across the country through information-sharing partnerships.
The COVID-19 pandemic forced election officials to elevate those partnerships in an increasingly stressful and dangerous environment.
While the warnings that Adams and his peers received were stark, state election officials left the conference with a new understanding of the threats, along with new tools to combat them and new allies to help prepare in the months until the 2024 general election.
“We think a lot more creatively today about what could possibly go wrong and what are the challenges than we ever could have thought just four years ago,” Adams added.
THREATS OF VIOLENCE AND CYBERSECURITY CONCERNS
International criminal groups and foreign adversaries such as China, Iran, North Korea and Russia have made “extraordinary” advances in finding ways to break into systems, steal data and disrupt elections, said Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency.
“We are in a really difficult cybersecurity environment right now,” he said.
Commonly called CISA, the federal agency recently unveiled a new website, #Protect2024, to provide resources for state and local election officials during the primary season and the general election in November.
Regionally based federal cybersecurity officials help train local election officials in Internet
safety, offer security assessments for voting locations and county courthouses, and encourage county clerk offices to adopt .gov websites.
The same day that CISA unveiled its new website to protect elections, it issued a warning that China is actively targeting America’s critical infrastructure, particularly in the communications, energy, transportation and water systems sectors.
During Goldstein’s presentation, Maine Secretary of State Shenna Bellows and Minnesota Secretary of State Steve Simon, both Democrats, said they worry that county and municipal election officials in rural areas may not take these threats seriously, thinking they are too small to be a target.
“Every single location is at risk regardless of size, regardless of sector,” Goldstein said in response.
In early January, a cyber attack disabled court, tax and phone systems in Fulton County, Georgia, which includes Atlanta. Late in the month, local governments in Colorado, Missouri and Pennsylvania were hit with ransomware attacks.
“We’re under attack, and we need to be protecting everything,” said Rich Schliep, chief information officer at the Colorado Department of State, at an adjoining conference in Washington for the National Association of State Election Directors.
State and local election officials also continue to face personal threats at their offices, at ballot tabulation centers and at polling places, while also receiving emailed death threats and hazardous physical mail.
State election officials should invest in gloves, masks and the opioid-reversal drug Narcan, and should know how to safely open mail and what to do with a threatening letter, said Brendan Donahue, assistant inspector in charge at the U.S. Postal Inspection Service, who spoke to both conferences.
Malicious mail isn’t new in the United States, he pointed out, and the law enforcement agency is still investigating a string of fentanyl-laced letters sent to election offices across the country during last November’s elections.
Kansas Secretary of State Scott Schwab, a Republican, encouraged his counterparts to get in contact now with their local FBI field office and its elections crime coordinator.
“You don’t want to do this in the third week of November this year,” Schwab said. “I really encourage you to go and start developing those relationships.”
ARTIFICIAL INTELLIGENCE AND THE DISINFORMATION CHALLENGE
Last month, voters in New Hampshire received a robocall seemingly from President Joe Biden telling them not to vote in the state’s primary. But when state election officials took a closer look at the call, they found it wasn’t Biden’s voice but one generated from artificial intelligence.
In response, the Federal Communications Commission banned the use of AI-generated voices in robocalls, saying they can be used to suppress the vote. New Hampshire Republican Attorney General John Formella started an investigation and sent a cease-and-desist letter to two Texas-based companies involved in creating the message.
But artificial intelligence can do so much more. AI-generated content can be used to create hyperlocal messages to voters to spread false information about polling place locations or voting times. It can create messages in other languages discouraging foreign-born citizens from voting. Or it can be used to create a flurry of content, even from fake local news outlets, to inflame existing challenges at the polls.
And there’s an internal risk for election offices. Staff could receive a call that sounds like the election administrator asking them to change a voting process. Sophisticated phishing emails could dupe staffers into allowing access to social media accounts or sensitive voter information.
“It’s misinformation on steroids,” said former Kentucky Republican Secretary of State Trey Grayson, who is a member of the National Task Force on Election Crises. “We’ve been dealing with misinformation, disinformation threats for the last few years. But this is just another level.”
State and local election officials are already spending a good deal of time fighting disinformation. Secretaries of state are using #TrustedInfo2024 on social media in promoting the importance of going to trusted sources for election information. AI platform ChatGPT has started directing users with election-related questions to CanIVote.org, a website run by the National Association of Secretaries of State.
It’s a “constant challenge,” said Riley Vetterkind, public information officer for the Wisconsin Elections Commission. The state agency gives municipal election clerks templates for news releases, a calendar of suggested social media posts, webinars for communications strategies and email bulletins on existing disinformation.
In Colorado, election officials have aggressively targeted lies that the 2020 presidential election was stolen and that election systems are vulnerable to substantial levels of fraud.
“We have decided that we’re not going to be a backstop for BS anymore,” said Matt Crane, executive director of the Colorado County Clerks Association. “We’re going to be very aggressive in the public square.”
The challenges build off one another, said Mark Lindeman, policy and strategy director for Verified Voting, a nonprofit that advocates for paper voting records, post-election audits and election security.
But there is hope, he added. It’s easy for things to go wrong in elections, but it’s hard to bring down entire voting systems.
“One of my concerns is that we’re psyching ourselves out, scaring ourselves about all the things that could possibly go wrong,” Lindeman said. “We lose sight sometimes of how we can prepare to meet those challenges and to explain to people that we have met those challenges.”
Statelineis part of States Newsroom, a national nonprofit news organization focused on state policy.
©2024 States Newsroom, Distributed by Tribune Content Agency, LLC.