In the end, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly expressed confidence in how election processes ran, saying there was “no evidence of any malicious activity that had a material impact on the security or integrity of our election infrastructure.”
Indeed, there was a wide range of threats this year, everything from threats of physical violence against poll workers, to cyber attacks targeting election infrastructure, to foreign government-linked deepfakes, said John Cohen, executive director of the Center for Internet Security (CIS)’s Program for Countering Hybrid Threats.
But while election officials started this year most worried about deepfakes and other threats powered by generative AI, a different kind of attack became prominent: bomb threats.
“Every year there's a theme that kind of materializes for each general election,” said Marci Andino, vice president of the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC).
In 2016, the theme was Russian hackers targeting state voter registration databases. In 2020, it was online misinformation and disinformation campaigns. In 2024, it appears to be bomb threats.
This year many phone calls and emails reported bomb threats at polling sites or facilities used for counting votes. Some calls related to suspicious devices spotted in the area, while others appeared part of a coordinated disruption. Ultimately, there were “no viable explosive devices” found at any of the locations related to the bomb threats, Cohen said. Numbers are still being tallied, but the current count suggests somewhere from 80 to more than 100 bomb threats targeting election-related locations.
“In almost every single one of those cases, voting was either not interrupted, or if there was an interruption, it was a minimal period of time,” Cohen said. “That is a huge, huge accomplishment.”
Perpetrators behind the fake bomb threats weren’t trying to cause an explosion, but rather to seriously disrupt voting or counting, Cohen said. The idea is to make election workers and would-be voters evacuate the site and wait for hours while police arrive and clear the location.
People who couldn’t wait that long might leave before casting ballots, or the delays might last so long that people would be unable to vote unless polling hours were extended. Plus, the disruptions would lay groundwork for later information operations aimed at undermining confidence in the election results, Cohen said.
The FBI has said that “many” of the bomb threats targeting polling locations appeared to originate from Russian email domains, and that none of the threats had so far been found to be credible. The threats were handled with minimal disruptions, because both election officials and law enforcement knew what to expect.
Law enforcements’ role in elections varies across states, with some states prohibiting police presence at polling sites (unless specifically called or voting personally), while others require it. But as the EI-ISAC helped election officials prepare for the 2024 election, it encouraged them to bring law enforcement into the conversation, Andino said.
Groups like the EI-ISAC and CIS also delivered threat briefings and real-time threat alerts to law enforcement, and these briefings included law enforcement alongside election officials in roundtable discussions and tabletop exercises
Forging a relationship between the election and law enforcement meant that when the latter received a message about a bomb threat, they could tell if the specified location was a polling site and recognize if they were seeing a pattern of calls. As such, law enforcement officers approached the scene with different expectations, knowing the potential motivations behind the call. These relationships also meant the two groups had established lines of communication in advance — including backup communication methods in case a cyber incident took down the phone systems at emergency call centers.
These efforts also meant law enforcement kept an election perspective in mind when responding.
“One of the things that was stressed continuously through these conversations and these briefings is that, when the site targeted for the disruptive event is a polling site, you can't simply say, ‘We're going to evacuate it until we clear it,’” Cohen said. “The plan has to include, ‘How are you going to maintain the ability of that site to allow people to vote while law enforcement is making sure there's no viable explosive device, or that the threat that's been reported is a hoax threat or is inaccurate?’”
Election threats continue evolving, and the prospect of swatting or bomb threats targeting polling places wasn’t part of the conversation back in 2022, Andino said. While the EI-ISAC is already preparing to defend the 2026 and 2028 elections, it’s too early to say exactly what those threats will be. But given that these kinds of disruption tactics are inexpensive, adversaries are likely to try them again.
