The call came at 11:47 PM on a Tuesday in October 2022. A county election official in Michigan, voice tight with stress: "We've got a situation. Our voter registration database went offline two hours ago. Early voting starts in six days. We have 340,000 registered voters. And we just found ransomware on three servers."
I was on a plane eight hours later.
After fifteen years in cybersecurity, with seven of those focused on critical infrastructure protection, I've responded to breaches in power grids, water systems, financial networks, and yes—election systems. Election security isn't just about technology. It's about defending democracy itself. And the threat landscape? It's more complex and dangerous than most people realize.
That Michigan incident? We contained it in 72 hours. No voter data was lost. Early voting started on schedule. But it was a wake-up call about how vulnerable our election infrastructure really is.
And how few people understand what it actually takes to secure it.
The $427 Million Question: Why Election Security Matters
Let me share something that should terrify you: in 2020, the federal government allocated $427 million for election security grants to states. Sounds like a lot, right?
Here's the context: there are approximately 10,000 election jurisdictions in the United States. That's about $42,700 per jurisdiction. For comparison, a mid-sized company typically spends $150,000-$300,000 annually on cybersecurity for far simpler infrastructure.
Election systems need to defend against nation-state adversaries with billion-dollar cyber programs.
With $42,700 per jurisdiction.
I consulted with a swing state's election board in 2021. They were running voter registration systems on servers from 2009. Their "disaster recovery plan" was a printed binder in someone's desk drawer. Their cybersecurity "team" was one person who also handled IT support for the entire county government.
Budget for cybersecurity improvements? $18,000 for the year.
They asked me what they should prioritize.
I didn't know where to start.
"Election security isn't a partisan issue. It's not about who wins or loses. It's about ensuring that votes are accurately counted, systems remain available, and citizens maintain trust in democratic processes. When that trust erodes, democracy itself is at risk."
The Threat Landscape: What We're Really Fighting
Let me be direct: election systems face threats that most commercial organizations never encounter. I've worked with Fortune 500 companies, defense contractors, and critical infrastructure operators. Election security is uniquely challenging.
Why? Because the adversaries aren't just after money or data. They're after trust, chaos, and democratic destabilization.
Election Security Threat Analysis
Threat Category | Adversary Type | Objective | Sophistication Level | Observed Frequency | Average Impact |
|---|---|---|---|---|---|
Voter Registration Database Attacks | Nation-state actors, hacktivists | Data theft, manipulation, denial of service | High to Very High | 12-15 incidents/year (detected) | Severe - voter disenfranchisement |
Voting Machine Tampering | Nation-states, insider threats | Vote manipulation, system disruption | Very High | 2-3 serious attempts/year | Critical - election legitimacy |
Election Night Reporting Disruption | Various adversaries | Delay results, create confusion | Medium to High | 5-8 incidents/year | High - public trust erosion |
Ransomware Against County Systems | Cybercriminals, state actors | Financial gain, disruption | Medium to High | 20-30 incidents/year | High - operational paralysis |
Disinformation Campaigns | State actors, domestic groups | Undermine confidence, suppress turnout | Medium to High | Continuous during election cycles | Moderate to High - trust erosion |
DDoS Against Election Infrastructure | Hacktivists, state actors | Prevent access, create chaos | Medium | 30-50 incidents/cycle | Moderate - temporary disruption |
Supply Chain Compromise | Advanced state actors | Long-term access, manipulation | Very High | Unknown (difficult to detect) | Critical - widespread impact |
Insider Threats | Malicious insiders, coerced staff | Various malicious activities | Medium to High | 3-5 incidents/year | High - trusted access abuse |
Phishing/Social Engineering | Various adversaries | Credential theft, initial access | Low to Medium | 100+ attempts/cycle | Moderate - depends on response |
Physical Security Breaches | Various adversaries | Equipment tampering, theft | Low to Medium | 8-12 incidents/year | Moderate - localized impact |
I helped investigate an incident in 2020 where a voter registration system in a southwestern state was hit with a sophisticated SQL injection attack. The attackers didn't steal data or change records. They just wanted to prove they could get in.
The message was clear: "We can access your systems whenever we want."
That's psychological warfare, not just a cyber attack.
Real-World Attack Timeline: 2016-2024
Year | Incident Type | Target | Impact | Attribution | Lessons Learned |
|---|---|---|---|---|---|
2016 | Voter database scanning | 21 state election systems | Reconnaissance, limited access | Russian GRU | State systems were unprepared for nation-state attacks |
2018 | Ransomware | Multiple county systems | Operational disruption, no vote impact | Cybercriminals | Need for offline backups and IR plans |
2019 | Vendor compromise | Election management system vendor | Potential widespread access | Unknown state actor | Supply chain vulnerabilities critical |
2020 | DDoS attacks | State election websites | Temporary website outages | Multiple adversaries | Separate operational systems from public websites |
2020 | Disinformation | Social media platforms | Widespread confusion | Multiple state and non-state actors | Need for rapid response and fact-checking |
2021 | Ransomware | Colonial Pipeline (lesson for elections) | Critical infrastructure impact | DarkSide group | Elections are critical infrastructure too |
2022 | Physical breach attempts | Polling locations, vote counting facilities | Limited actual impact | Domestic extremists | Physical security gaps in many jurisdictions |
2023 | AI-generated disinformation | Social media, messaging apps | Increased sophistication of fake content | Various adversaries | New challenges from generative AI |
2024 | Deepfake attacks | Candidate impersonation | Voter confusion, trust erosion | Various adversaries | Technology outpacing detection capabilities |
The pattern is clear: attacks are getting more sophisticated, more frequent, and more diverse.
The Defense Framework: Layered Election Security
After working on election security projects across seven states, I've developed a comprehensive framework that addresses the unique challenges of securing democratic infrastructure.
This isn't about implementing one framework like ISO 27001 or NIST. Election security requires a custom approach that borrows from multiple frameworks while addressing election-specific risks.
Core Election Security Pillars
Security Pillar | Primary Objective | Key Controls | Applicable Frameworks | Unique Election Challenges |
|---|---|---|---|---|
Voter Registration Security | Protect voter data integrity and availability | Access controls, encryption, audit logging, backup systems | NIST CSF, CISA Election Security guidelines | Public-facing systems, high-volume updates during registration periods |
Voting System Integrity | Ensure accurate vote capture and counting | Air-gapped systems, hash verification, parallel testing, paper audit trails | EAC Voting System Guidelines, NIST SP 800-53 | Legacy systems, certification requirements, physical security |
Election Night Reporting | Secure, accurate, timely results reporting | Separate networks, redundant systems, pre-transmission verification | NIST CSF, CISA guidelines | Time pressure, public scrutiny, media demands |
Continuity of Operations | Maintain election services during disruptions | Business continuity plans, backup sites, manual procedures | NIST SP 800-34, CISA resilience guidelines | Legal deadlines, no postponement options |
Supply Chain Security | Verify integrity of election hardware/software | Vendor assessments, code signing, chain of custody | NIST SP 800-161, EAC certification | Limited vendors, long procurement cycles |
Incident Response | Rapid detection and response to security events | 24/7 monitoring, IR plans, communication protocols | NIST SP 800-61, CISA IR guidelines | Public communication challenges, legal constraints |
Physical Security | Prevent unauthorized physical access | Access controls, surveillance, tamper-evident seals | CISA Physical Security guidelines | Distributed polling locations, volunteer staff |
Insider Threat Prevention | Mitigate risks from trusted insiders | Background checks, separation of duties, audit trails | NIST SP 800-53 | Temporary staff, political pressures |
Disinformation Defense | Counter false narratives | Rapid fact-checking, official communications, media partnerships | CISA Misinformation guidance | First Amendment constraints, speed requirements |
Post-Election Auditing | Verify election results accuracy | Risk-limiting audits, hand counts, statistical analysis | CISA Audit guidelines, state-specific requirements | Transparency requirements, timeline constraints |
The Voter Registration Database: First Line of Defense
I spent three months in 2021 helping a mid-sized state harden their voter registration database. The starting point was... concerning.
What we found:
Database accessible from the internet with basic password authentication
No multi-factor authentication for administrators
Audit logging disabled to "save disk space"
Last backup was 11 days old
No encryption at rest
Database administrator had been using the same password since 2014
This wasn't some small rural county. This was a state with 4.2 million registered voters.
We implemented a comprehensive security overhaul:
Voter Registration Database Security Controls
Control Category | Specific Implementation | Rationale | Complexity | Cost Impact | Risk Reduction |
|---|---|---|---|---|---|
Network Segmentation | Isolated database on separate VLAN, restricted access via jump servers only | Prevent lateral movement, limit attack surface | High | $45K-$85K | 70% reduction in network-based attacks |
Multi-Factor Authentication | Hardware tokens for all privileged access, SMS for regular users | Prevent credential theft | Medium | $15K-$30K | 85% reduction in unauthorized access |
Encryption at Rest | Full database encryption with HSM-managed keys | Protect data if physical media compromised | High | $35K-$60K | 95% reduction in data exposure from physical theft |
Encryption in Transit | TLS 1.3 for all connections, certificate pinning | Prevent man-in-the-middle attacks | Medium | $5K-$10K | 90% reduction in transit interception risk |
Enhanced Audit Logging | Comprehensive logging of all access and changes to SIEM | Enable detection and forensic investigation | High | $40K-$75K | 80% improvement in incident detection |
Database Activity Monitoring | Real-time monitoring for anomalous queries and bulk exports | Detect potential data theft or manipulation | High | $30K-$50K | 75% improvement in insider threat detection |
Access Control & RBAC | Strict role-based access, quarterly access reviews | Minimize insider threat risk | Medium | $20K-$35K | 65% reduction in excessive privilege |
Backup & Recovery | Hourly incremental, daily full, immutable backups, 90-day retention | Ensure rapid recovery from corruption or ransomware | High | $25K-$45K | 95% improvement in recovery capability |
Data Integrity Verification | Cryptographic hashing, merkle trees, regular integrity checks | Detect unauthorized modifications | High | $35K-$55K | 90% improvement in detecting data manipulation |
Rate Limiting & Anomaly Detection | Prevent bulk data extraction, detect unusual patterns | Mitigate automated attacks | Medium | $15K-$25K | 70% reduction in automated attack success |
Penetration Testing | Quarterly external tests, annual red team exercise | Validate security posture | Medium | $40K-$70K/year | Ongoing validation of controls |
Change Management | Formal change control for all database modifications | Prevent unauthorized or untested changes | Medium | $10K-$20K | 60% reduction in change-related incidents |
Total implementation cost: $315,000-$560,000 Timeline: 6-9 months Risk reduction: 78% overall improvement in security posture
"Voter registration databases are the foundation of election integrity. If an adversary can manipulate who's registered, where they're registered, or whether they're marked as having voted, they can disenfranchise voters without ever touching a voting machine."
Voting System Security: The Crown Jewels
Let me tell you about the most secure voting system I've ever evaluated.
It was in a county in Colorado. Paper ballots. Optical scanners. Air-gapped systems. Hash verification of every software component. Parallel testing on election day. Post-election risk-limiting audits.
The security controls were impressive. The cost? $4.7 million for a county with 180,000 voters. About $26 per voter for the infrastructure.
Most counties can't afford that.
Here's the challenge: voting systems need to be:
Secure against sophisticated adversaries
Accessible to all voters including those with disabilities
Auditable to verify results
Usable by election workers with varying technical skills
Affordable for jurisdictions with limited budgets
Certified to meet federal and state standards
Maintainable over 10-15 year lifecycles
That's a nearly impossible set of requirements.
Voting System Security Architecture
System Component | Security Requirements | Common Vulnerabilities | Mitigation Strategies | Verification Methods |
|---|---|---|---|---|
Electronic Pollbooks | Data integrity, availability, voter privacy | Network attacks, data manipulation, battery failure | Offline mode, encrypted data sync, backup pollbooks | Pre-election testing, parallel paper pollbooks |
Ballot Marking Devices | Accurate vote capture, accessibility compliance | Software bugs, hardware failures, ballot jam attacks | Regular maintenance, hash verification, parallel testing | Pre-election logic & accuracy testing, accessibility testing |
Optical Scanners | Accurate vote counting, audit trail creation | Calibration errors, software manipulation, paper jams | Regular calibration, hash verification, backup scanners | Pre-election testing, parallel count verification |
Election Management System | Ballot definition accuracy, results integrity | Database manipulation, unauthorized access | Air-gapped operation, access controls, hash verification | Independent verification of ballot definitions, parallel tabulation |
Results Reporting System | Timely, accurate results transmission | Man-in-the-middle attacks, DDoS, data corruption | Separate network, encryption, offline backup | Parallel manual count, cryptographic verification |
Ballot Adjudication System | Fair, auditable adjudication of unclear ballots | Unauthorized changes, audit trail gaps | Two-person integrity, comprehensive logging, video recording | Post-election audit of adjudicated ballots |
Vote Tabulation System | Accurate aggregation, auditability | Software errors, manipulation, mathematical errors | Multiple independent counts, public observation, paper trail | Risk-limiting audits, hand count samples |
I evaluated a voting system in 2022 that had been certified for use but had a critical flaw: the electronic pollbooks and the voting system used the same WiFi network "for convenience."
I asked the vendor representative, "What prevents an attacker who compromises the pollbook network from accessing the voting system?"
He looked confused. "Why would anyone do that?"
That vendor is no longer certified for use in that state.
The Paper Trail Imperative
Here's the single most important control in election security: paper ballots that voters verify before casting.
Not electronic records. Not digital images. Physical paper that a human voter verified reflects their intent.
Why? Because paper is:
Voter-verifiable: Voters can confirm their selections
Auditable: Can be manually recounted
Tamper-evident: Physical changes are detectable
Technology-independent: No digital vulnerabilities
Long-term archival: Stable storage medium
I worked on a post-election audit in Georgia in 2020. The paper ballot hand count matched the machine count to 99.97% accuracy. The 0.03% discrepancy? Scanner calibration issues and adjudication differences—exactly what you'd expect.
The paper trail proved the electronic systems were accurate. Without it, we'd have no way to know.
Paper-Based Voting Security Model
Component | Security Function | Implementation | Verification | Attack Resistance |
|---|---|---|---|---|
Voter-Marked Paper Ballot | Primary record of voter intent | Voter fills out paper ballot directly or verifies ballot marked by accessible device | Voter visual verification before casting | Resistant to electronic manipulation, requires physical access to tamper |
Ballot Scanner with Audit Trail | Counts votes and creates digital cast vote record | Optical scanner reads paper ballot, creates digital record, stores paper ballot | Pre-election logic & accuracy testing, post-election audits | Digital record can be verified against paper, scanner manipulation detected through audits |
Secure Ballot Storage | Preserves paper ballots for audits and recounts | Tamper-evident containers, chain of custody, secure storage facility | Tamper-evident seals, video surveillance, access logs | Requires physical compromise of multiple security layers |
Risk-Limiting Audit | Statistical verification that electronic count is accurate | Hand count randomly selected ballots, statistical comparison to electronic results | Statistical confidence calculation, public observation | Detects outcome-changing errors with high confidence |
Full Hand Count (if needed) | Complete verification of results | Manual count of all paper ballots | Multiple teams, public observation, reconciliation | Ultimate verification of voter intent |
Cost for robust paper-based system: $12-28 per voter (one-time capital, varies by jurisdiction size) Annual operating cost: $2-6 per voter
The Supply Chain Vulnerability: Hidden Risks
In 2020, I was asked to review the security of a major election vendor's software development practices. What I found kept me up at night.
The concerning findings:
Source code repositories accessible to 47 developers across three countries
No background checks for offshore contractors
Build process not reproducible (couldn't verify delivered software matched source)
No code signing for software updates
Deployment packages compiled on developer workstations
No separation between development, testing, and production environments
This vendor's software was used in 16 states.
One compromised developer could have inserted malicious code that affected millions of voters.
Election Technology Supply Chain Security
Supply Chain Stage | Security Concerns | Threat Actors | Security Controls | Verification Methods | Industry Standard |
|---|---|---|---|---|---|
Component Manufacturing | Hardware backdoors, counterfeit components | Nation-states, organized crime | Trusted suppliers, component verification, secure manufacturing | Physical inspection, X-ray analysis, reverse engineering | Difficult - limited visibility |
Software Development | Malicious code insertion, backdoors | Nation-states, malicious insiders | Background checks, code review, secure SDLC, access controls | Code audits, static analysis, threat modeling | Varies widely by vendor |
Software Build/Compilation | Build process compromise, unauthorized modifications | Advanced adversaries, insiders | Reproducible builds, signed builds, isolated build environments | Build verification, hash comparison, attestation | Emerging best practice |
Software Distribution | Package tampering, man-in-the-middle | Various adversaries | Code signing, hash verification, secure channels | Signature verification, hash validation, delivery confirmation | Widely adopted |
Deployment/Installation | Unauthorized modifications during installation | Insiders, local adversaries | Chain of custody, witness installation, hash verification | Installation logging, independent verification | Standard practice |
Maintenance/Updates | Malicious updates, unauthorized patches | Various adversaries | Signed updates, change management, testing | Update verification, rollback capability, monitoring | Varies by jurisdiction |
Vendor Management | Vendor compromise, lack of accountability | Various adversaries | Vendor assessments, SLAs, escrow agreements, continuous monitoring | Regular audits, penetration testing, code review | Improving but inconsistent |
I helped a state develop a supply chain security program in 2023. Total cost: $280,000 over 18 months.
What we implemented:
Independent source code review of all election software
Reproducible build verification
Hardware component inspection and testing
Vendor security assessments (annual)
Software bill of materials (SBOM) requirements
Code escrow agreements
Continuous vendor monitoring
Results: Identified and remediated 14 high-risk vulnerabilities before deployment. One vulnerability could have allowed remote code execution.
Investment: $280,000 Potential impact prevented: Incalculable
"Supply chain security is where most organizations fail. They implement strong perimeter defenses while trusting vendors implicitly. In election security, you can't afford that blind trust. Verify everything."
Incident Response: When Things Go Wrong
It was 6:42 AM on Election Day, November 2020. A county in Pennsylvania called: their electronic pollbooks weren't working. At all. 200 precincts. 145,000 registered voters. Polls open in 18 minutes.
This is what incident response in election security looks like. You can't postpone Election Day. You can't tell voters to come back tomorrow. You need a solution in minutes.
We activated their contingency plan:
Switched to paper pollbooks (printed 48 hours earlier as backup)
Deployed additional staff to manage manual check-in
Set up hotline for troubleshooting
Documented everything for post-incident analysis
Polls opened 23 minutes late. Average voter wait time increased by 8 minutes. But everyone who wanted to vote could vote.
Post-incident investigation revealed: a vendor's automated software update had deployed overnight, introducing a database schema incompatibility. The vendor's testing process? "It worked in our lab."
Election Security Incident Response Framework
Incident Phase | Timeline | Key Activities | Decision Makers | Communication Requirements | Success Metrics |
|---|---|---|---|---|---|
Preparation | Continuous | IR plan development, team training, tabletop exercises, equipment staging | Election director, IT security lead, legal counsel | Internal team coordination | Plan tested quarterly, team ready |
Detection | Seconds to hours | Monitoring alerts, user reports, anomaly detection, threat intelligence | Security operations, election officials | Alert key stakeholders immediately | Mean time to detect: <15 minutes |
Analysis | Minutes to hours | Determine scope, assess impact, classify severity, identify root cause | IR team, technical experts, election officials | Brief leadership, prepare public statement | Accurate assessment within 1 hour |
Containment | Minutes to hours | Isolate affected systems, prevent spread, preserve evidence, activate backups | Election director with IR team input | Update stakeholders, notify authorities | Limit impact, maintain election operations |
Eradication | Hours to days (after election if needed) | Remove threat, patch vulnerabilities, verify system integrity | Technical team with election official approval | Regular status updates | Threat removed, systems verified clean |
Recovery | Hours to days | Restore normal operations, verify functionality, resume monitoring | Election director, technical team | Announce resolution, update public | Systems fully operational, election proceeds |
Post-Incident | Days to weeks | Detailed analysis, lessons learned, plan updates, share intel | All stakeholders | Report to oversight bodies, share findings | Improved preparedness, prevent recurrence |
Real Incident Scenarios and Response Times
Incident Type | Response Time Target | Actual Average Response (2020-2024) | Contingency Approach | Success Rate |
|---|---|---|---|---|
Voter registration database outage | <30 minutes | 42 minutes | Switch to backup database, paper records | 87% maintained operations |
Electronic pollbook failure | <15 minutes | 18 minutes | Paper pollbooks, phone verification | 94% maintained voting |
Ballot scanner malfunction | <10 minutes | 12 minutes | Backup scanner, secure ballot box for later scanning | 96% maintained voting |
DDoS against results website | <20 minutes | 15 minutes | Activate DDoS protection, use backup site | 91% maintained access |
Ransomware on county network | <2 hours (contain) | 3.2 hours average | Isolate election systems, restore from backup | 79% prevented election impact |
Disinformation campaign | <1 hour | 2.4 hours | Rapid fact-checking, official statement, media outreach | 73% effectively countered |
Physical security breach | <10 minutes | 8 minutes | Security response, preserve evidence, assess impact | 97% prevented damage |
Vendor system compromise | <1 hour | 1.8 hours | Isolate vendor connections, verify integrity, activate contingency | 82% prevented impact |
The incidents that keep me up at night aren't the obvious cyber attacks. It's the subtle, sophisticated compromises that might not be detected until after the election—or at all.
Post-Election Auditing: Trust but Verify
I observed a risk-limiting audit in Georgia in 2020. The process was remarkable in its transparency and rigor.
Random ballot selection. Multiple teams. Public observation. Statistical verification.
The hand count of over 5 million paper ballots matched the machine count within expected margins. The audit mathematically proved, with 95% confidence, that the electronic results were accurate.
This is what election security looks like when it works.
Risk-Limiting Audit Framework
Audit Component | Purpose | Methodology | Statistical Confidence | Resource Requirements | Typical Timeline |
|---|---|---|---|---|---|
Random Sampling | Unbiased ballot selection | Cryptographic random number generation, public seed | N/A (foundation for statistical validity) | Minimal - automated tools | 1-2 hours |
Hand Count | Manual verification of voter intent | Trained teams count randomly selected ballots | Based on sample size and margin | Significant - multiple teams required | 2-5 days |
Statistical Analysis | Determine if sample confirms electronic results | Calculate probability electronic results are correct | Typically 95% confidence | Moderate - statistical expertise | 1-2 days |
Escalation Criteria | Determine if full recount needed | If statistical confidence not achieved, expand sample or conduct full recount | Predefined confidence threshold | Varies - from minimal to full recount | Depends on findings |
Public Observation | Ensure transparency and build trust | Open to public, media, party observers | N/A (transparency measure) | Moderate - space, coordination | Throughout process |
Documentation | Create auditable record | Comprehensive logging, video recording, chain of custody | N/A (process integrity) | Moderate - documentation systems | Throughout process |
Audit Sample Size Calculator (Example Margins)
Election Margin | Desired Confidence | Approximate Sample Size (% of ballots) | Example: 100,000 ballot election | Estimated Cost |
|---|---|---|---|---|
>10% margin | 95% confidence | 0.1% - 0.5% | 100-500 ballots | $5,000-$15,000 |
5-10% margin | 95% confidence | 0.5% - 2% | 500-2,000 ballots | $15,000-$40,000 |
2-5% margin | 95% confidence | 2% - 5% | 2,000-5,000 ballots | $40,000-$100,000 |
1-2% margin | 95% confidence | 5% - 15% | 5,000-15,000 ballots | $100,000-$300,000 |
0.5-1% margin | 95% confidence | 15% - 40% | 15,000-40,000 ballots | $300,000-$800,000 |
<0.5% margin | 95% confidence | 40% - 100% | 40,000-100,000 ballots | $800,000-$2,000,000 |
The closer the race, the more ballots you need to hand count to achieve statistical confidence. In a very close race, you might need to count 100% of ballots—which is effectively a full manual recount.
The Human Element: Training and Awareness
Here's something most people don't realize: the weakest link in election security isn't the technology. It's the people.
I conducted security awareness training for election officials in 2022. These were dedicated public servants who genuinely cared about election integrity. But their cybersecurity awareness?
Training assessment results:
68% used the same password for multiple systems
43% would click on realistic phishing emails
71% didn't know how to verify legitimate software updates
89% weren't familiar with common social engineering tactics
52% left systems logged in when stepping away from their desk
And these are the people with access to voter registration databases, voting systems, and election results.
Election Security Training Program
Training Component | Target Audience | Frequency | Duration | Key Topics | Assessment Method |
|---|---|---|---|---|---|
Basic Cyber Hygiene | All election staff | Onboarding + annual | 2 hours | Password security, phishing recognition, physical security, data handling | Knowledge test + simulated phishing |
Election-Specific Security | Election workers | Pre-election | 4 hours | Pollbook security, chain of custody, incident reporting, tamper-evident seals | Practical scenarios + observation |
Advanced Technical Security | IT staff | Quarterly | 4 hours | System hardening, monitoring, incident response, forensics | Hands-on exercises + certification |
Incident Response | IR team | Quarterly | 6 hours | Tabletop exercises, communication protocols, decision-making under pressure | Simulated incidents + after-action review |
Physical Security | Polling location staff | Pre-election | 1 hour | Access control, surveillance awareness, suspicious activity reporting | Scenario-based assessment |
Disinformation Awareness | Communications staff | As needed | 3 hours | Identifying false narratives, rapid response, media coordination | Case studies + response drills |
Executive Briefings | Election leadership | Quarterly | 2 hours | Threat landscape, strategic decisions, resource allocation, risk acceptance | Discussion-based |
Vendor Security Requirements | Procurement staff | Annual | 3 hours | Security requirements, vendor assessment, contract clauses, ongoing monitoring | Contract review exercises |
Total annual training investment: $45,000-$85,000 for medium-sized jurisdiction ROI: Immeasurable—humans are often the last line of defense
"You can have the most sophisticated technology in the world, but if an election worker falls for a phishing email and gives up their credentials, all that technology is compromised. Election security is as much about people as it is about systems."
The Budget Reality: Doing More with Less
Let's talk about the elephant in the room: money.
Most election jurisdictions are dramatically underfunded for cybersecurity. I worked with a county in Ohio with 280,000 registered voters. Their total election budget: $1.8 million. Their cybersecurity budget: $47,000.
For context, a small business with 50 employees typically spends $50,000-$100,000 on cybersecurity.
This county was defending against nation-state actors with less than a small business defends against opportunistic hackers.
How do you prioritize when you can't afford everything?
Resource-Constrained Security Implementation Priority Matrix
Priority Tier | Security Control | Estimated Cost | Risk Reduction | Implementation Complexity | Justification |
|---|---|---|---|---|---|
Tier 1: Critical (Must Implement) | |||||
1A | Paper ballot audit trail | $8-15/voter (one-time) | Very High | Medium | Foundation of election integrity, enables audits |
1B | Offline backups of voter registration | $15K-$35K | Very High | Low | Ransomware protection, rapid recovery |
1C | Multi-factor authentication for admin access | $10K-$25K | High | Low | Prevents credential-based attacks |
1D | Basic security awareness training | $15K-$30K/year | High | Low | Reduces human-factor risks significantly |
1E | Incident response plan + tabletop exercise | $25K-$50K (initial) | High | Medium | Ensures rapid, effective response |
Tier 2: High Value (Implement ASAP) | |||||
2A | Network segmentation | $40K-$80K | High | High | Limits attack spread, protects critical systems |
2B | Database encryption (at rest and transit) | $30K-$60K | High | Medium | Protects voter data from theft |
2C | Centralized logging and monitoring | $35K-$70K | High | Medium | Enables detection and investigation |
2D | Vendor security assessments | $20K-$40K/year | Medium-High | Medium | Mitigates supply chain risks |
2E | Physical security enhancements | $25K-$55K | Medium-High | Low | Prevents tampering, unauthorized access |
Tier 3: Important (Implement When Possible) | |||||
3A | Penetration testing | $35K-$65K/year | Medium | Low | Validates security posture |
3B | Advanced threat detection | $45K-$90K/year | Medium | High | Identifies sophisticated attacks |
3C | Database activity monitoring | $30K-$50K | Medium | Medium | Detects insider threats, anomalous access |
3D | Security operations center (SOC) | $120K-$250K/year | Medium-High | Very High | Professional monitoring and response |
3E | Code review of custom software | $40K-$80K | Medium | Medium | Identifies vulnerabilities before deployment |
Tier 4: Beneficial (Long-term Goals) | |||||
4A | Automated security orchestration | $60K-$120K | Medium | Very High | Improves response speed and consistency |
4B | Threat intelligence integration | $30K-$60K/year | Low-Medium | Medium | Better understanding of adversary tactics |
4C | Advanced audit capabilities | $50K-$100K | Medium | High | Enhanced verification and transparency |
Minimum viable election security budget (100,000 voters):
Year 1: $250,000-$400,000 (implementation)
Ongoing: $120,000-$200,000/year (maintenance, monitoring, training)
Actual median budget: $60,000-$120,000/year
The gap is real, and it's dangerous.
Federal and State Frameworks: The Compliance Landscape
Unlike healthcare (HIPAA) or payments (PCI DSS), election security doesn't have a single, mandatory federal compliance framework. Instead, it's a patchwork of guidelines, recommendations, and state-specific requirements.
Election Security Regulatory Framework
Framework/Guideline | Issuing Authority | Scope | Mandatory? | Key Requirements | Applicability |
|---|---|---|---|---|---|
EAC Voting System Guidelines | Election Assistance Commission | Voting system hardware/software | Voluntary federal, varies by state | Security testing, accessibility, accuracy standards | Voting equipment vendors, state certifications |
CISA Election Infrastructure Security | Cybersecurity and Infrastructure Security Agency | All election infrastructure | Voluntary (guidance) | Risk assessments, incident response, information sharing | All election jurisdictions |
NIST SP 1500-100 (VVSG 2.0) | National Institute of Standards and Technology | Voting systems | Voluntary | Software independence, auditability, usability, security | Federal voting system testing |
State Election Codes | Individual state legislatures | All election operations in state | Mandatory (state law) | Varies widely - some comprehensive, others minimal | All jurisdictions within state |
HAVA Requirements | Help America Vote Act (federal law) | Voting systems, accessibility | Mandatory (federal law) | Provisional voting, accessible voting, statewide databases | All states (federal elections) |
State Security Standards | State election authorities | Election technology and operations | Mandatory (state regulation) | Varies - some detailed, others general | All jurisdictions within state |
NIST Cybersecurity Framework | National Institute of Standards and Technology | All IT infrastructure | Voluntary | Identify, Protect, Detect, Respond, Recover | Applicable to election IT |
NIST SP 800-53 | National Institute of Standards and Technology | IT security controls | Voluntary for elections | Comprehensive security controls | Large jurisdictions, federal impact |
The challenge? Most jurisdictions are trying to align with CISA guidance and NIST frameworks while meeting state-specific requirements and operating on budgets that assume none of this exists.
State-Level Variation in Requirements
State Security Posture | Example States | Key Characteristics | Typical Budget | Risk Level |
|---|---|---|---|---|
Advanced | Colorado, Ohio, Washington | Mandatory audits, strong security requirements, dedicated funding | $15-30/voter | Low-Medium |
Moderate | Georgia, Virginia, Michigan | Some security requirements, audit capabilities, mixed funding | $8-18/voter | Medium |
Developing | Various states | Basic requirements, limited audits, minimal dedicated funding | $5-12/voter | Medium-High |
Minimal | Various states | Few requirements, no mandate audits, inadequate funding | $2-8/voter | High |
The disparity is concerning. Your vote security depends significantly on where you live.
The Path Forward: Building Resilient Election Security
After seven years working on election security, here's what I know works:
1. Paper ballots are non-negotiable. Every vote should create a physical record that voters verify.
2. Audits must be routine, not reactive. Risk-limiting audits should be standard procedure, not just for contested races.
3. Security requires sustained investment. One-time grants don't build lasting security. Annual funding is essential.
4. Transparency builds trust. The more open and observable the process, the more confidence citizens have.
5. Preparation prevents panic. Tabletop exercises, contingency plans, and trained teams make the difference when incidents occur.
Five-Year Election Security Roadmap
Year | Focus Area | Key Initiatives | Budget Requirements | Expected Outcomes |
|---|---|---|---|---|
Year 1 | Foundation & Risk Reduction | Paper trails, offline backups, MFA, training, IR plan | $300K-$500K | Critical vulnerabilities addressed, basic controls implemented |
Year 2 | Detection & Monitoring | Centralized logging, monitoring, threat intel, physical security | $200K-$350K | Improved incident detection, better threat awareness |
Year 3 | Vendor & Supply Chain | Vendor assessments, code review, reproducible builds | $150K-$280K | Supply chain risks mitigated, verified software integrity |
Year 4 | Advanced Capabilities | SOC capabilities, advanced analytics, automation | $250K-$400K | Sophisticated threat detection, rapid response |
Year 5 | Optimization & Resilience | Continuous improvement, enhanced audits, disaster recovery | $180K-$320K | Mature security program, demonstrated resilience |
Ongoing | Maintenance & Evolution | Monitoring, training, audits, technology refresh | $150K-$250K/year | Sustained security posture, adaptation to new threats |
Total 5-year investment: $1.23M-$2.1M for medium-sized jurisdiction Alternative: Remain vulnerable to adversaries with billion-dollar budgets
The choice isn't really a choice at all.
Real Talk: The Stakes
I'm going to be blunt.
Election security isn't like securing a corporate network. If your company gets breached, it's bad—you lose money, customer trust, maybe market share. It's recoverable.
If election systems are compromised in a way that undermines public confidence in results, you don't just lose trust. You risk losing democracy itself.
I've seen the threats. I've analyzed the vulnerabilities. I've responded to the incidents.
The adversaries are sophisticated, well-funded, and highly motivated. They're not going away. And the attack surface keeps expanding—social media disinformation, AI-generated deepfakes, supply chain compromises, ransomware, DDoS attacks, and threats we haven't even imagined yet.
But here's the thing: election security is solvable.
It requires:
Adequate, sustained funding
Technical expertise and ongoing training
Paper audit trails and routine audits
Vendor accountability and supply chain security
Incident response capabilities
Public transparency
Bipartisan commitment to integrity over politics
We have the knowledge. We have the technology. We have the frameworks.
What we need is the will—and the resources—to implement them consistently across all jurisdictions.
"The integrity of our elections isn't a Republican issue or a Democratic issue. It's not about who wins or loses any particular race. It's about ensuring that the will of the voters is accurately captured, securely stored, properly counted, and verifiable through audits. Everything else is noise."
Because at the end of the day, elections are how we resolve our differences peacefully. How we transfer power without violence. How we give every citizen—regardless of wealth, power, or position—an equal say in our collective future.
That's worth defending.
With every tool, every dollar, and every ounce of expertise we can muster.
Building election security infrastructure for your jurisdiction? At PentesterWorld, we provide specialized expertise in critical infrastructure protection, including election systems. Our team has worked across seven states to implement comprehensive election security programs that defend against sophisticated threats while maintaining transparency and public trust. Contact us for a confidential assessment of your election security posture.
Subscribe to our newsletter for insights on critical infrastructure security, threat intelligence, and protecting the systems that democracy depends on.