2020 Elections Oral History Project | How Did We Get Here
If you had asked an election official on January 1, 2020, what they expected from the year’s upcoming presidential election, they would have acknowledged the potential for new, and potentially unprecedented, challenges. But they were preparing for the wrong battle. Those in the election community had spent the previous four years consolidating resources, tightening their security, and building new partnerships across all levels of government. Their concern was not a pandemic, or even domestic interference. Instead, they were focused on defending against foreign actors.
Chris Krebs, former Cybersecurity and Infrastructure Agency (CISA) Director
On the 2016 general election: "It was the first time cyber dis-info, hacking, and leaks intersected domestically with democracy."
Chris Krebs, former Cybersecurity and Infrastructure Agency (CISA) Director
As former Cybersecurity and Infrastructure Agency (CISA) Director Chris Krebs described, the 2016 general election served as a wake-up call for both the national security and elections community. A nation-state adversary, the Russian government, had launched an unprecedented attack on American democracy. They targeted election security infrastructure, stealing and leaking data from states and the Democratic National Committee. Their efforts were complemented by a broad and coordinated mis- and disinformation campaign against American voters which attempted to undermine confidence in the election and its results. Nothing was off-limits. The United States needed to rethink its approach to protecting elections.
For election officials, this meant massive changes nearly overnight. The United States is a federal system, and elections are administered at the state and local level. Prior to 2016, the most significant federal effort to work with the election community was the Election Assistance Commission (EAC). Unfortunately, the EAC has been plagued by a lack of funding support as well as the constant threat of political battles. This unfriendly environment has left the EAC in the difficult position of having to pick and choose its battles on behalf of the election community.
“There were times during 2020 when people asked me…why aren’t you doing more to combat what the President is saying about vote by mail? I have 800 Twitter followers, and he has 80 Million. So there’s that.”
Benjamin Hovland, U.S. Election Assistance Commission
Election officials were used to doing things by themselves. But they were now under threat from advanced, sophisticated actors who were taking direct aim at them and their systems. They needed to do something. The national security community, in turn, realized that it was their responsibility to step up and fill the void in federal partnership. The problem was, however, that they did not understand elections. Misconceptions about voting machines, centralization, funding, and more abound. Early in their efforts, the Department of Homeland Security (DHS) even called the Federal Election Commission, an entity responsible for only campaign finance regulation, because they did not know who supported election officials or that the EAC even existed. The pathway forward was a fraught learning curve for both parties.
At first, the relationship was tense. The DHS took the lead on offering support services to state and local officials. They faced open rejection and hostility.
“I show up and there’s a stack of letters from governors, secretaries of state, state legislators, US congress people…”
Chris Krebs, former Cybersecurity and Infrastructure Agency (CISA) Director
Chris Krebs, former Cybersecurity and Infrastructure Agency (CISA) Director
But, over time, officials at all levels, from every state and territory, and multiple agencies learned how to work together and build an election security community. A new agency, the Cybersecurity and Infrastructure Security Agency (CISA), formed in 2018, was crucial to coordinating these efforts.
“My job was to build trust…then engage with state and local election officials on what they needed to do to improve the security and resilience of the election.”
Matthew Masterson, former Senior Cybersecurity Advisor at the Department of Homeland Security
Matthew Masterson, former Senior Cybersecurity Advisor at the Department of Homeland Security
Working with the EAC as well as an alphabet soup of other agencies and organizations — the FBI, the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), the Election Center, the International Association of Government Officials (iGo), private sector entities like voting system and voter registration providers — CISA began to build trust with the election community. They even added to the alphabet soup themselves, founding coordinating councils with both the government (GCC) and private sector entities (SCC), as well as establishing an information sharing and analysis center called the EI-ISAC. Taken together, these organizations provided channels of feedback, information sharing, support, and community, in every sense of the word.
“We had to have the ability no matter how big or small the county, the township the city or state to reach out …they knew they could call if they needed us.”
Matthew Masterson, former Senior Cybersecurity Advisor at the Department of Homeland Security
Matthew Masterson, former Senior Cybersecurity Advisor at the Department of Homeland Security
This new election security community’s goals were twofold: shore up election cybersecurity infrastructure and learn how to combat mis- and disinformation. Voting machine and database technical support was buoyed by educational programs like the War on Pineapple, which were designed to teach both election officials and the general public how to identify and handle mis- and disinformation efforts.
Image
Image
Like the War on Pineapple infographic suggests, the focus of the election security community’s efforts was on combating foreign interference. The community had coalesced against Russian aggression, and officials were primarily concerned about future attacks from nation-state adversaries. While domestic actors were considered, and while foreign actors never stopped being a concern, what would happen in 2020 — that the biggest threat would be mis- and disinformation from the mouths of Americans — was not something the community was fully prepared for.
On January 1st, 2020, the initial animosity between the election and national security communities had been largely conquered, the 2018 midterm elections had gone smoothly, and officials were preparing in earnest for the 2020 general election. They could feel confident that they had done everything within their power to anticipate the year’s challenges — but nothing could have truly prepared them for what 2020 would bring.