Protect Your Election Systems

An insider threat is the threat that an insider will (knowingly or unknowingly) use their authorized access to election infrastructure, intentionally or unintentionally, to do harm to an organization’s mission, resources, personnel, facilities, information, equipment, networks, or systems. Insider threats can manifest in various ways: violence, espionage, sabotage, theft, and cyber acts.  All these means could lead to a potential compromise of the confidentiality, integrity or availability of elections systems and information. This can take the form of collusion, where an insider collaborates with an external threat actor to compromise an organization. It can also involve third parties like contractors or vendors who are granted access to facilities, systems, networks, or people to complete their work.

Use these resources to mitigate against insider threats:

• 2024 U.S. Federal Elections: The Insider Threat - CISA, FBI, DHS, and EAC jointly prepared this overview to help election infrastructure stakeholders defend against insider threats to elections.
• Election Infrastructure Insider Threat Mitigation Guide - This guide offers election stakeholders guidance on understanding and mitigating the risk of insider threats to elections.
• Training Video: Understanding the Insider Threat - The Insider Threat video uses security and behavior experts to discuss how insider threats manifest in a variety of ways including terrorism, workplace violence, and breaches of cybersecurity.

Physical compromise could include tampering, theft, or destruction of physical components of election systems. Unauthorized access to equipment like voting systems and tabulators may render them unusable due to loss of chain of custody. Illicit physical access to election systems by malicious actors could also be a vector for additional cybersecurity risks.

Use this resource to mitigate against physical compromise:

• CISA Insights: Chain of Custody and Critical Infrastructure Systems - This fact sheet provides an overview of what chain of custody means, highlights the potential impacts and risks resulting from a broken chain of custody, and offers critical infrastructure owners and operators an initial framework with five actionable steps for securing chain of custody for their physical and digital assets.

Although most voting systems are typically not connected to the internet, some systems and other components of election infrastructure may need to be, potentially exposing them to a range of cyber threats including data exfiltration, ransomware, and others. Ineffective cyber hygiene practices can exacerbate the risk of exploitation of vulnerabilities by malicious cyber actors.

Use these resources to mitigate against cyber threats:

• Best Practices for Securing Election Systems - Best practices, election organizations—including state, local, tribal, and territorial (SLTT) governments—can use to improve the security of their election systems.

• Endpoint Security Services (ESS) - A free service to EI-ISAC members, ESS is a solution deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts.