SAN FRANCISCO — 2024 could turn out to be the year in which artificial intelligence upends the U.S. election, but at America’s largest cybersecurity conference, federal officials charged with protecting the vote said they are most concerned with a far more analog threat: physical violence directed at election administrators.

While many election officials are concerned about issues of disinformation — both AI-generated and not — physical security threats on or around Election Day to polling places, ballot counting centers and locations where equipment is stored are top of mind.

“That’s where we’ve concentrated a lot of our efforts this year,” Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, told reporters at the RSA Conference.

U.S. election officials are already facing a tsunami of physical threats, harassment, doxing and swatting attacks — in which police are called to a person’s residence on phony pretenses — and the risk of violence is only exacerbated by persistent and false online narratives that American elections are in one way or another rigged, experts caution.

“We’re already hearing from election officials and rank-and-file bureaucrats who have been executing elections for decades that they’re getting bricks thrown through their windows,” said Lisa Kaplan, founder of the Alethea Group, a firm that studies disinformation. “There is real-world harm to these types of narratives.

Against this backdrop, CISA officials say they are stepping up their assistance to state and local election administrators. Since the beginning of last year, the agency has conducted 300 cybersecurity assessments, 470 physical security assessments, held dozens of tabletop exercises, trained at least 9,000 election stakeholders, given out 230 security clearances and held a number of classified briefings, CISA Director Jen Easterly told reporters on the sidelines of RSA.

“We’re actually providing more services to more jurisdictions than ever before,” Easterly said, adding that her agency has hired veteran election administrators to advise local election workers.

Some of these trainings and exercises, as CyberScoop reported in March, center around emerging threats like AI and deepfakes, which have genuinely alarmed many election officials. That threat is real, with instances of deepfake audio and video deployed in the United States, Taiwan and Slovakia, but so far AI does not appear to have had a major impact on the running of elections.

As AI-related election threats remain mostly in the realm of theory, election officials are moving to address the more immediate concern of physical violence.

Wales said CISA’s work with election officials on physical safety has been adapted from earlier trainings and guidance the agency developed for its anti-terrorism mission. They include on-site assessments of polling places, election offices and buildings where voter equipment is stored.

Protecting the chain of custody for voting machines is essential to ensuring they haven’t been tampered with or hacked — an issue that gained urgency after numerous successful and attempted breaches of voting equipment by allies of former President Donald Trump searching for evidence of voter fraud in the 2020 election.

CISA’s trainings for election workers also include instruction on de-escalation and evacuations, which are modeled after a program the agency initially developed to help places of worship deal with active shooters and hostile visitors.

“We run exercises to help them think through what their incident response plans should be,” Wales said. 

According to a survey of election workers released May 1 by the Brennan Center for Justice, more than half reported feeling concerned about the safety of colleagues and staff, both this year and in 2022. In March, the Department of Justice said it had brought charges against 20 individuals for making threats to election workers over the past year, with dozens of additional investigations underway.

That same month, an Ohio resident was sentenced to two and a half years in prison for leaving threatening voicemails for election officials in Arizona during the 2022 primaries. One official was told, “You’re the enemy of the United States, you’re a traitor to this country, and you better put your … [expletive] affairs in order, ’cause your days [inaudible] are extremely numbered” and “America’s coming for you, and you will pay with your life, you communist [expletive] traitor [expletive].”

In testimony before the Senate Rules Committee in March, Isaac Cramer, the executive director of the Charleston County Board of Voter Registration and Elections in South Carolina, recalled how a group of locals traveled to polling places during the June 2022 primaries searching for evidence of fraud, spreading messages online beforehand and wishing each other “Good Hunting” while describing election officials as “the enemy.”

“They harassed our lead poll managers, claimed we were breaking the law, and at several locations called law enforcement to come to polling places and demanded they arrest our poll managers,” Cramer said.

Election officials describe a perpetual state of unease about their own personal safety and the prospect that these threats will boil over into actual acts of violence.

In January, weeks after she was sent an emailed bomb threat that temporarily shut down the Kentucky state capitol in Frankfurt, Assistant Secretary of State Jennifer Scutchfield told CyberScoop, “I worry about myself. I worry about other election workers.”

That atmosphere is altering the composition of the nation’s election workforce, as a wave of administrators, poll workers and elected officials have opted to retire or move to other fields of work, often citing harassment and threats from voters as the primary reason.

A report last year from Issue One, a nonprofit focused on campaign finance reform, found that in the western United States, half of the 76 million residents there will have a different local election chief this cycle than they did in 2020, representing 40% of the region’s election leaders and a combined 1,800 years of experience. The Brennan Center estimates that 1 out of every 4 local election officials nationwide will be administering their first election this year.

That loss of experience may be especially impactful to modern elections. Officials today not only must understand the nuts and bolts of administering and overseeing the registration and voting process, but they need to be more familiar with technology, cybersecurity, disinformation and physical security for election infrastructure than at any time over the past decade.

Tammy Patrick, CEO for programs at the nonprofit Election Center, told CyberScoop that while emergent issues like AI seem to be “dominating a lot of the conversation,” it’s still just a component of a much larger portfolio that election workers have had to take on in recent years.

“For your basic election official that is on the ground conducting the election, registering voters, hiring and training poll workers, their job keeps evolving and changing,” Patrick said, “and the level of expertise they’re expected to bring to their job continues to become more and more complicated.”

The post Forget AI: Physical threats are biggest risk facing the 2024 election appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Ransomware Rising Despite Takedowns, Says Corvus Report

April 30, 2024 0 Comments 0 tags

The first quarter of 2024 saw the most ransomware activity ever recorded, Corvus Insurance found in a new analysis

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

April 30, 2024 0 Comments 0 tags

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient

Rhadamanthys Malware Deployed By TA547 Against German Targets

April 10, 2024 0 Comments 0 tags

Proofpoint said this is the first time the threat actor has been seen using LLM-generated PowerShell scripts