- Years of preparation seemingly paid off yesterday as U.S. Election Day went on without any major cyber intrusions reported, senior Cybersecurity and Infrastructure Security Agency (CISA) officials said throughout the day.
- Technological voting glitches occurred, but resilience reigned as state and local election officials pivoted to analog methods to keep citizens voting. No tech errors have been attributed to cyberattacks or malicious actors, according to CISA officials.
- While it's tough to predict how the next several weeks of vote counting will go, CISA officials assured the public that yesterday was a bit "boring" on the cyber front citing no major intrusions.
Working with partners across the federal government, CISA said it aimed to make 2020 the most secure election year yet but faced several roadblocks as foreign actors attempted to intervene and preparation fell behind.
The surprisingly calm day comes after weeks of uncertainty and mitigation.
"We have seen some attempts by foreign actors, Iran and Russia, to attempt to interfere in the 2020 election," CISA Director Christopher Krebs said early on Election Day. "We have addressed those threats quickly, comprehensively and publicly."
CISA and the FBI alerted the public to an Iranian advanced persistent threat actor targeting U.S. state websites and sending voter intimidation emails last week. Over the last two weeks, U.S. Cyber Command and the National Security Agency underwent an operation targeting Iranian hackers working for the Islamic Revolutionary Guard Corps to undermine the election, anonymous officials told the Washington Post.
In what Krebs predicted to be the "most secure election in modern history," more than three years of election security planning came to a head Tuesday. Threat actors seemingly stayed quiet — or deterred by cyber officials — as no major cyber malfunctions have been confirmed or attributed to a malicious source.
The quiet day comes after the Government Accountability Office warned CISA to shape up in February. At the time, CISA failed to release its complete strategic election security plans before the primary elections began, leaving some state and local officials without the crucial resource.
"CISA's unfinished planning means the agency may be limited in its ability to execute a nationwide strategy for securing election infrastructure," the Government Accountability Office (GAO) said in the report. CISA quickly course-corrected, releasing the final parts of its strategic plan just one day after the GAO report went public.
CISA is now looking ahead to post-Election Day threats as there are "plenty of windows of potential opportunity" for cyber intrusions to still occur. Disruptions due to demand on election tech, defacement of election reporting sites, denial of service attacks and disinformation are expected in the coming weeks, senior CISA officials said.