In 2018, the United States—for the first time in its history—held elections amidst wide-ranging efforts to protect this vital democratic process from foreign cyber threats. The Russian hacking and disinformation operations during the 2016 elections caught government officials, political campaigns, and voters unprepared and caused unprecedented controversies. For the 2018 mid-term elections, actions by local, state, and federal governments, the private sector, and civil society attempted to prevent the U.S. body politic from again being damaged by foreign cyber intrusions and information warfare. The 2018 elections ended without the cyber crises that marked the 2016 elections, but this outcome should not obscure the difficulties encountered this year in protecting U.S. elections from cyber threats. Despite progress, 2018 ended with the United States facing a daunting, unfinished policy agenda on strengthening election cybersecurity and responding to cyber-enabled disinformation campaigns aimed at dividing citizens and discrediting democracy.
Never before has a U.S. election cycle witnessed governmental, commercial, and non-governmental activities on election cybersecurity and cyber-enabled influence operations on the scale seen in 2018. This level of effort was achieved despite President Donald J. Trump’s continued reluctance to show leadership in responding to Russian behavior. During a July summit, President Trump appeared to accept Vladimir Putin’s denial of Russian election meddling, a contentious statement so at odds with the facts that Trump had walk back what he said. Indeed, more evidence appeared in 2018, including from Facebook and reports prepared for the Senate, of the scale and intensity of Russian cyber interference during the 2016 election season.
Failure of presidential leadership did not prevent the federal government, private sector, and civil society from acting against the threats of cyberattacks on election systems and disinformation campaigns. The U.S. government indicted and sanctioned Russian officials for their roles in the cyber operations against the U.S. elections in 2016. Congress appropriated $380 million to help states improve election cybersecurity. The Department of Homeland Security (DHS) led initiatives, including improved information sharing, that deepened federal-state cooperation and strengthened state and local election cybersecurity. Legislators proposed laws, such as the Secure Elections Act, that would improve election cybersecurity. U.S. Cyber Command began offensive cyber operations to warn Russian operatives not to interfere with U.S. elections. The Department of Justice and social media companies, including Twitter, took action to address the spread of foreign-source disinformation. Google, academic institutions, and think tankscontinued or developed ideas, strategies, and tools to help political campaigns, political officials, and voters cope with foreign cyber threats.