Less than a month before the midterm elections, the U.S. government wants everyone to chill about election hacking.
In a public service announcement on Tuesday, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said that, as far as they know, there’s never been a successful hack against an election in the U.S., and that it’s very unlikely there will be one anytime soon.
“The FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the announcement read (emphasis theirs). “Given the extensive safeguards in place and distributed nature of election infrastructure, the FBI and CISA continue to assess that attempts to manipulate votes at scale would be difficult to conduct undetected.”
The announcement comes after two years in which some pro-Trumpers and GOP operatives and sympathizers, such as MyPillow CEO Mike Lindell, have relentlessly spread unfounded conspiracy theories and sometimes flat-out made-up claims of vote manipulation and hacks against voting systems in several states.
The FBI and CISA’s announcement appears to try to pre-empt these types of claims, according to election security experts.
“This does feel like pre-bunking,” Matt Bernhard, a research engineer at the nonprofit Voting Works, which focuses on election cybersecurity, told Motherboard in an online chat.
Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.
Dan Wallach, a professor in Rice University's Department of Computer Science who has studied electronic voting systems, agreed.
“If we take it for what it says, it both focuses our attention on misinformation and ‘pre-bunks’ more sophisticated hacking operations. And, just to be clear, that doesn't mean we can relax about these sorts of sophisticated attacks. Election officials are, to some degree, working on improving their cyber defenses,” he told Motherboard in an email. “Unfortunately, it's much easier to convince people of a tampered election than to actually do the tampering.”
The fact that election hacks have been rare and ineffective, and that they are unlikely, doesn’t mean that federal and state government agencies aren’t ready for any eventuality.
“We are very, very intensely focused on election security,” Alejandro Mayorkas, the secretary of the Department of Homeland Security, said earlier this week. Motherboard has previously reported on potential critical vulnerabilities in voting machines, but there’s no evidence that voting machines have been breached during an actual election.
In the announcement, CISA and the FBI explained how election officials mitigate the risk of hackers meddling with elections with attacks like phishing, ransomware, or denial of service.
“These include failsafe measures, such as provisional ballots and backup pollbooks, and safeguards that protect against voting malfunctions (e.g., logic and accuracy testing, chain of custody procedures, paper ballots, and post-election audits),” the announcement read.
Election security expert Maggie MacAlpine emphasized that election security has been improving steadily in the last few years.
“CISA has done fantastic work in recent years to mitigate cyber threats to election infrastructure and worked tirelessly to help states shore up their defenses. There's always more that can be done, of course, but the challenge there lies in the fact that each state administers its own elections and jealously guards the right to do so, so the progress will not be uniform,” MacAlpine, who is a former organizer of the Voting Village at the cybersecurity conference DEF CON, told Motherboard in an online chat. “This also creates an environment for confusion and those who would exploit it, as many do not realize that each state administers elections differently and may use confusion around this to cast doubt on certain processes.”