Our Mission: Help election officials and election infrastructure stakeholders protect against the cyber, physical, and operational security risks to election infrastructure during the 2024 election cycle.
For years, America’s adversaries have targeted U.S. elections as part of their efforts to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decision making. We expect 2024 to be no different. U.S. elections remain an attractive target for both nation-states and cyber criminals. As we move into the 2024 election cycle, CISA and our partners in the federal government are positioned to support election officials and private sector election infrastructure partners in addressing the physical, cyber, and operational security risks they face. Election officials are the frontline defenders in securing the electoral process—we are proud to stand shoulder-to-shoulder with them in this critical mission.
First Things First
Here are some simple steps that election officials can still take in 2024, that will enhance their organization’s security baseline for the 2024 election cycle.
Requiring MFA is a simple way to protect your organization and can prevent a significant number of account compromise attacks. Passwords alone are not always effective at protecting your organization’s data.
Know and manage what vulnerabilities bad actors can see about your organization’s internet-facing systems. Sign-up for CISA’s free cyber hygiene vulnerability scanning.
Learn about your physical security posture by contacting your CISA regional team members or your state emergency management partners to discuss receiving a no-cost physical security assessment.
Transition your website and email to a top level .gov domain to make it easy for the public to identify you and your office as official government sites.
Incident response is a team effort. Work with your team and partners - like local law enforcement, critical service providers, and other government offices - to rehearse your incident response plan so your first time using it is not during a crisis.
Membership in the EI-ISAC is open to all U.S. state, local, tribal, and territorial organizations that support election officials. Membership is voluntary, no-cost for participants, and provides access to a range of free security services.
Email, Website, Network, Election Systems, Office & Self
We rely on email for daily operations and communications. Email is also one of the most common targets for malicious actors as it can provide access to sensitive information and deliver malware that can be a foothold to gain broader network access.
Election office websites perform a variety of key functions. Malicious actors may seek to deface, prevent access to, or create spoofed election websites in an effort to interrupt election administration and undermine election security.
Election networks underpin a variety of election administration functions and can house sensitive information. A malicious actor gaining network access could undermine the security of the elections process and the conduct of elections.
Election systems consist of the technology needed to conduct elections. Malicious actors may try to gain physical or digital access to these systems to undermine their confidentiality, availability, or integrity.
Administering elections is year-round work, with much of it happening at election offices or locations. Election locations must be secured against both natural hazards and manmade threats while balancing the requirements for public access.
The elections' workforce has seen a sharp increase in threats and intimidation in recent years, resulting in attrition and vacancies during elections. Protecting the elections' workforce enhances the overall safety and security of elections.
In Case You Missed It
Stay up to date on the latest election security news and info from CISA and our partners.
Rumor vs. Reality is designed to address common foreign influence operation and disinformation narratives by providing accurate information related to elections.
#TrustedInfo2024 is NASS's public education effort to promote election officials as the trusted sources of election information during the 2024 election cycle and beyond.
The most reliable information about elections comes from your election officials. NASED compiled Frequently Asked Questions to provide high-level information about election administration.
Once an incident is detected, the response should be swift and comprehensive. CISA offers the resources and information needed to effectively respond to a broad range of incidents.
Election Security Training
Voluntary, no-cost training guides, videos, and self-service tabletop exercise packages from CISA are available on demand, or you can request direct support from us for training and exercises.
Election Security Services
CISA offers range of voluntary assessments and no-cost services to help election officials identify vulnerabilities and mitigate them.
Election Security Resource Library
CISA’s election security resource library provides voluntary, no-cost informational resources designed to enhance the security and resilience of election infrastructure by helping stakeholders understand and mitigate risks to elections.