Our Mission: Help election officials and election infrastructure stakeholders protect against the cyber, physical, and operational security risks to election infrastructure during the 2024 election cycle.
For years, America’s adversaries have targeted U.S. elections as part of their efforts to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decision making. We expect 2024 to be no different. U.S. elections remain an attractive target for both nation-states and cyber criminals. As we move into the 2024 election cycle, CISA and our partners in the federal government are positioned to support election officials and private sector election infrastructure partners in addressing the physical, cyber, and operational security risks they face. Election officials are the frontline defenders in securing the electoral process—we are proud to stand shoulder-to-shoulder with them in this critical mission.
Here are some simple steps that election officials can still take in 2024, that will enhance their organization’s security baseline for the 2024 election cycle.
Requiring MFA is a simple way to protect your organization and can prevent a significant number of account compromise attacks. Passwords alone are not always effective at protecting your organization’s data.
Know and manage what vulnerabilities bad actors can see about your organization’s internet-facing systems. Sign-up for CISA’s free cyber hygiene vulnerability scanning.
Learn about your physical security posture by contacting your CISA regional team members or your state emergency management partners to discuss receiving a no-cost physical security assessment.
Transition your website and email to a top level .gov domain to make it easy for the public to identify you and your office as official government sites.
Incident response is a team effort. Work with your team and partners - like local law enforcement, critical service providers, and other government offices - to rehearse your incident response plan so your first time using it is not during a crisis.
Membership in the EI-ISAC is open to all U.S. state, local, tribal, and territorial organizations that support election officials. Membership is voluntary, no-cost for participants, and provides access to a range of free security services.
We rely on email for daily operations and communications. Email is also one of the most common targets for malicious actors as it can provide access to sensitive information and deliver malware that can be a foothold to gain broader network access.
Election office websites perform a variety of key functions. Malicious actors may seek to deface, prevent access to, or create spoofed election websites in an effort to interrupt election administration and undermine election security.
Election networks underpin a variety of election administration functions and can house sensitive information. A malicious actor gaining network access could undermine the security of the elections process and the conduct of elections.
Election systems consist of the technology needed to conduct elections. Malicious actors may try to gain physical or digital access to these systems to undermine their confidentiality, availability, or integrity.
Administering elections is year-round work, with much of it happening at election offices or locations. Election locations must be secured against both natural hazards and manmade threats while balancing the requirements for public access.
The elections' workforce has seen a sharp increase in threats and intimidation in recent years, resulting in attrition and vacancies during elections. Protecting the elections' workforce enhances the overall safety and security of elections.
Rumor vs. Reality is designed to address common foreign influence operation and disinformation narratives by providing accurate information related to elections.
#TrustedInfo2024 is NASS's public education effort to promote election officials as the trusted sources of election information during the 2024 election cycle and beyond.
The most reliable information about elections comes from your election officials. NASED compiled Frequently Asked Questions to provide high-level information about election administration.
of locks across mobile phone" width="1280" height="720" />
Once an incident is detected, the response should be swift and comprehensive. CISA offers the resources and information needed to effectively respond to a broad range of incidents. Review the Guidance
Voluntary, no-cost training guides, videos, and self-service tabletop exercise packages from CISA are available on demand, or you can request direct support from us for training and exercises.
Empowers poll workers and election officials to safely navigate potentially escalating situations at election facilities and polling locations.
Tabletop the Vote is CISA’s yearly national election security exercise. Federal partners, state and local election officials, and vendors come together to identify and share best practices and areas for improvement related to election security.
Election Security CTEPs are customizable training packages that include template exercise objectives, scenarios, and discussion questions, as well as a collection of references and resources.
CISA offers range of voluntary assessments and no-cost services to help election officials identify vulnerabilities and mitigate them.
CISA’s election security resource library provides voluntary, no-cost informational resources designed to enhance the security and resilience of election infrastructure by helping stakeholders understand and mitigate risks to elections.
PSA: FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections This PSA raises awareness of attempts to undermine public confidence in the security of U.S. election infrastructure through the spread of disinformation falsely claiming that cyberattacks compromised U.S. voter registration databases. Read the PSA Physical and Cybersecurity Checklists for Election Offices These checklists are tools for election officials to quickly review existing practices and take steps to enhance physical security, operational resilience, and cybersecurity in preparation for election day. Read the Checklists PSA: Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting This PSA informs the public that while ransomware attacks against state or local government networks or election infrastructure could cause localized delays, they will not compromise the security or accuracy of vote casting or counting processes. Read the PSA Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting Presidential campaigns. Read the Statement
Please use the lookup tool below to find information on being a poll worker in your community, including requirements, hours, pay, training, and more. Links are provided so you can sign up directly with your state or local election office. Lookup Tool
Once an incident is detected, the response should be swift and comprehensive. CISA offers the resources and information needed to effectively respond to a broad range of incidents.
Election infrastructure stakeholders are encouraged to share information related to cyber and physical security incidents with each other, with state fusion centers and local law enforcement, and with federal partners.
