Recent reports regarding the ability of foreign hackers to change the outcome of the U.S. presidential election are overstated. Foreign hackers will not pick our next president — Americans will. To be sure, malicious actors may be looking at the U.S. election system as a possible target. While headlines on this conversation may be new, election officials have been working to secure our voting systems for years. As threats emerge and evolve, those of us who work in elections are responding, adapting and constantly improving. Recently, Homeland Security Secretary Jeh Johnson commended this work and expressed confidence in the election process, saying: “It is diverse, subject to local control, and has many checks and balances built in.” At the U.S. Election Assistance Commission (EAC), we use research, voting system testing information, and reports from state and local officials about the performance of their systems to improve our certification of voting systems. We work with state and local officials across the country to identify and share best practices regarding cybersecurity, including information on testing systems, auditing the results and creating contingency plans. Election officials use this information to better prepare and secure their systems.
Since the widespread purchase of electronic voting systems following the 2000 election, officials have worked to adapt their laws, policies and procedures to mitigate threats as they arise. State and local election officials surround their systems with layers of security.
The first security layer is the decentralized nature of our elections. Remember, states and localities run elections. Across the nation, more than 9,000 election jurisdictions have been diligently preparing for presidential voting. There is not one unified system — or even 50 systems — for a malicious actor to attack; rather, thousands of distinct systems would have to be targeted. FBI Director James B. Comey recently cited the “clunky” decentralized nature of elections as a positive for securing the process.
The next security layer is that the voting systems used across the country are tested at the federal level by the EAC. No EAC-certified voting system is connected to the Internet. State and local officials then test the systems against additional requirements. Local officials publicly test each voting machine before each election to ensure the system is ready. After those local tests are completed, election officials physically secure, seal and lock systems for use in the election.