Election Infrastructure Cyber Risk Assessment

In the Election Infrastructure Cyber Risk Assessment, CISA’s National Risk Management Center (NRMC) assessed the scale of election infrastructure cyber risk through the use of multiple criteria such as machine preparation, device networking, and the centralization of infrastructure components. Over all they found that compromises to the integrity of state-level voter registration systems, the preparation of election data, vote aggregation systems, and election websites would present significant risk and disruption to the ability of jurisdictions to hold elections.

In addition to laying out the framework of how to assess the shortcomings of our election systems security, they also provide many concrete examples of vectors of attack such as states that hold all their voter registration data in one top level databases and the potential for online voter registrations to be compromised and leak sensitive data to malicious actors. This leads to a general recommendation against keeping all voting related processes centralized and the importance of utilizing voting systems with a voter verified auditable paper record.

Finally, they wrap up the article with an extensive table expressing the level of risk of attack and the possible fallout of such an attack along with many other metrics in order to give the reader a sense of which systems are the most vulnerable so that we can plan ahead.