Why Hacking the United States Presidential Election is Nearly Impossible

In partnership with

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

Tackle your credit card debt by paying 0% interest until 2026

If you have outstanding credit card debt, getting a new 0% intro APR credit card could help ease the pressure while you pay down your balances. Our credit card experts identified top credit cards that are perfect for anyone looking to pay down debt and not add to it! Click through to see what all the hype is about.

Learn How To Apply Now

Hacking may be too difficult, so disinformation is the weapon of choice

In the digital information age, the specter of election hacking looms large in the public consciousness. However, the reality is far more complex. Despite sensationalized news reports and conspiracy theories, successfully hacking the US presidential election is an incredibly difficult, if not impossible, task. Multi-layered technical and procedural safeguards are in place to protect the integrity of US elections, as I’ll outline below, drawing on expert opinions from the White House, NIST, CISA, and the FBI.

For clarity, the term “hack” in this writing is defined as using a computer or internet-connected device to gain unauthorized access to a system.

Last week, I covered how CISA, the FBI, and the ODNI released a joint statement on election security to assure American voters. The statement included debunking viral videos of Haitians voting illegally in Georgia, with a faux FBI terrorism warning of ongoing ballot fraud.

Misusing U.S. agency logos, names, and terminology can be highly effective when weaponized. When malicious actors take the logo of an entity or agency that we trust to communicate false narratives that seem plausible (given recent media sensationalism and voter anxiety), it attempts to appeal to our emotions and ideology in the hope that we act upon it.

The malicious actor bets that a portion will succumb to the disinformation campaign, stir confusion and distrust in the election process, or impact your vote.

The disinformation campaign fails if the videos are unconvincing or quickly debunked (as is the case with the faux ballot voting).

FBI: Financial and data fraud more likely ahead of elections

The 2024 U.S. Presidential Election has passed, and CISA reports no proof of election fraud or cheating.

Sadly, you have a higher likelihood of becoming a victim of financial fraud and scams by your fellow American citizens than the Presidential Election being hacked.

In the months ahead of the election, the FBI warned Americans of scams and fraudulent activities that would try to extort money, data, or other personally identifiable information (PII).

The FBI stated that malicious actors purporting to be part of a political campaign or political action committee (PAC) or offering to sell merchandise of a candidate (but never shipping the item) are targeting voters.

Palo Alto Networks’ Unit 42, which offers expert cybersecurity threat intelligence, research analysis, and guidance, corroborated the report:

Five reasons hacking the United States Presidential Election is unlikely

Now, let’s explore why, despite the sensationalism that (inevitably) occurs each election cycle, hacking the United States Presidential Election is highly unlikely, if not impossible.

The security of US elections is a multi-layered defense system involving a combination of technical, procedural, and human safeguards. Here are five key factors that make large-scale election hacking nearly impossible:

1. Decentralized Voting Infrastructure

   • Diverse Systems: The US election infrastructure is decentralized, with each state and county using a variety of voting machines and systems. This diversity makes it significantly harder for a single attack to compromise the entire system.

   • Paper Trails: Most jurisdictions use paper ballots, which serve as a verifiable record of votes. These paper trails can be used to audit election results and detect any discrepancies.

2. Robust Cybersecurity Measures

   • CISA Guidance: As I covered extensively above, the Cybersecurity and Infrastructure Security Agency (CISA) provides guidance and support to state and local election officials to enhance their cybersecurity practices.

   • NIST Standards: The National Institute of Standards and Technology (NIST) develops standards and guidelines for secure information systems, including those used in elections.

   • Continuous Monitoring: Election officials and cybersecurity experts continuously monitor the election infrastructure for signs of malicious activity.

3. Rigorous Post-Election Audits

   • Risk-Limiting Audits: Many states conduct risk-limiting audits to verify the accuracy of election results. These audits involve randomly selecting a sample of ballots and comparing them to the machine-counted results.

   • Manual Recounts: In some cases, manual recounts are conducted to further verify election results, especially in close races.

4. Intelligence Community Oversight

   • FBI and CISA Collaboration: The Federal Bureau of Investigation (FBI) and CISA work closely to identify and mitigate threats to election security.

   • Foreign Interference Monitoring: Intelligence agencies monitor for foreign interference in elections and take steps to counter such threats.

5. Public Awareness and Transparency

   • Transparent Processes: Election officials strive to be transparent about their processes and procedures, building public trust.

   • Public Education: CISA and other organizations conduct public education campaigns such as #Protect2024 to raise awareness about election security and encourage citizens to report suspicious activity.

So this Thanksgiving, when your crazy Uncle believes the election was “rigged,” “hacked,” or “compromised” by Iran, Russia, or some other foreign nation–you have the facts.

You’re welcome. 🇺🇸 

Today’s Cyber Wall of Shame

Nothing to see here. Nothing at all.

Until next time…

Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog

P.S. - Do you want to start a newsletter yourself?
You can with beehiiv. Create one today with a free trial.
Disclaimer: The Breach Report may contain affiliate links. Read our Advertising policy page.