How the US Defended Elections Against Hacking

Couldn’t save the truth, though

Key Takeaways

  • Despite allegations by President Trump, there’s no evidence that the presidential election was hacked, experts say.
  • Foreign adversaries may have been successful in sewing misinformation about the election process.
  • The success of cyber defenses was due to increased vigilance on the part of government agencies and private industry.
Binary code, ones and zeros in a 1970 dot matrix font on a computer screen. An infinity and lens bokeh effect applied.
Matt Anderson Photography / Getty Images

The U.S. government was successful in defending the presidential election against cyberattacks, but misinformation campaigns have undermined confidence in the electoral process, experts say.

Officials warned before the election that foreign states and criminal organizations could attempt to hack voting systems. Since Joe Biden’s victory, President Trump has been spreading accusations about faulty election security, but experts say the concerns about hacking are unfounded. 

"We saw no evidence of successful hacks by foreign actors to change votes, alter results, or other fraudulent behavior," Marcus Fowler, a former CIA executive, and currently the director of strategic threat at Darktrace, said in an email interview. "Local districts in the U.S. did an excellent job in communicating with each other as well as with state and federal agencies while staying vigilant for potential threats."

Trust No One?

Experts, however, say that one of the goals of foreign groups was to plant misinformation rather than directly change votes. 

"These campaigns work best by undermining trust in the institutions Americans rely on," Drew Jaehnig, a former Department of Defense IT executive and current industry practice leader of the public sector at software company Bizagi, said in an email interview. "The disinformation that was sown before the election and the resulting exploitation of discord after the election has been pretty effective. So effective, in fact, that we see elected officials picking up on false narratives and further spreading them."

"There are still several states that need to do more to ensure the use of paper ballots and risk-limiting audits going forward."

Ultimately, it will be difficult to determine how effective disinformation campaigns actually were, added Jaehnig.

"The evidence on the influence campaigns has been rolling in as the weeks pass, although the full extent won't be known for months," he said. "It will continue to be a problem. Trust in our institutions has been undermined and the road back to a commonly understood truth will be a hard one."

Pushing Back on Allegations

President Trump recently tweeted a video from last year’s Defcon hacker convention showing attendees participating in an event called the Voting Machine Hacking Village. The event was held to raise awareness about the importance of security in electronic voting. 

During the DefCon event, "cybersecurity professionals used lock pick kits, ethernet cables, and other tools," Karen Walsh, the founder and CEO of cybersecurity firm Allegro Solutions, said in an email interview. "Frankly, no voting site could have been compromised because the physical security would have precluded it."

On Tuesday, Trump fired Christopher Krebs, who headed the Cybersecurity and Infrastructure Security Agency at DHS. Krebs had pushed back against claims of ballot fraud and said the election had been secure against hacking, though Trump said Krebs’ statement was "highly inaccurate, in that there were massive improprieties and fraud." He then claimed there were dead people voting, as well as "'glitches' in the voting machines which changed votes from Trump to Biden, late voting, and many more."

"We saw no evidence of successful hacks by foreign actors to change votes, alter results, or other fraudulent behavior."

But Walsh called the firing of Krebs another attempt at pushing a disinformation campaign to undermine democracy, adding that "Americans who fail to do their research and intellectual due diligence are a far greater risk to U.S. democracy than any nation-state or cybercriminal."

Furthermore, election hacks would have been discovered during the election audit process, says Paul Bischoff, privacy advocate at privacy site Comparitech

"Some states only audit if the vote is close or there's reason to believe it was interfered with, while others also audit at random," he said in an email interview. "Random audits are recommended by most election security experts."

The Russians Aren’t Coming

The election may not have been hacked, but that doesn’t mean there was any shortage of foreign states who tried to sew chaos. The Russian government was a major source of disruption, experts say.

"Russia's Internet Research Agency was active in the post-2016 election to sow doubt in the results and stoke flames, going so far as to organize actual rallies in opposition to President Trump's election," Jaehnig said. "Similarly, in 2020, Russia and other adversaries have been very active."

N. Korean hacker silhouette with North Korean Flag
Bill Hinton / Getty Images

The U.S. Department of Justice has alleged that Iran was also planning more widespread attacks on U.S. election systems, said Scott Shackelford, the chair of Indiana University’s Cybersecurity Program, in an email interview, adding that it "was one reason why indictments were levied quickly following Iran’s attempts to target voters in Florida and Alaska."

Forewarned is Forearmed

The preemptive defense of networks by government agencies and the private sector is likely the reason hacking was not successful, experts say. 

"Though we will likely never know the true and full extent of it, this strategy included infiltrating and crippling certain Russian and Iranian networks months before the election," digital privacy expert Attila Tomaschek at privacy website ProPrivacy, said in an email interview. "These efforts also involved taking down ransomware tools, encouraging states and social media platforms to strengthen their cyber security, and conducting pre-emptive strikes to disrupt foreign criminal networks that posed a potential threat."

Fictitious malicious coding in a 1970 dot matrix font on a computer screen
Matt Anderson Photography / Getty Images

Another reason that efforts to influence the election were blunted was due to vigilance on the part of social media companies.

"In particular, Facebook and Twitter are seen as the largest platform for disinformation, and both have gone to great lengths to counter this issue," Victoria Mosby, federal mobile security expert at mobile security company Lookout, said in an email interview. Facebook said it would use emergency measures to slow the spread of viral content and suppress potentially inflammatory posts, while Twitter announced it would remove false and inflammatory comments among other measures.

But just because the 2020 election was not hacked is no reason to let down our guard, explains Jaehnig. "There are still several states that need to do more to ensure the use of paper ballots and risk-limiting audits going forward, which will help ensure that future elections remain as secure as 2020, if not more so." 

The results of the presidential election may still be disputed by Trump and some members of the Republican party, but most cybersecurity experts are unanimous in concluding that hacking played no part in the president’s loss.