For much of the past four years, United States cybersecurity officials responsible for preventing foreign meddling in elections have been preparing for an attack that, at least to the public’s knowledge, has never come.
While U.S. intelligence concluded that Russia, China and Iran “conducted influence activities and messaging campaigns” during the 2018 elections, it said there was nothing like what happened in 2016 when Russia combined an aggressive influence operation with the work of hackers who managed to penetrate election-related systems in all 50 states.
None of the three countries did anything that changed any votes to affect the outcome of the election.
This election, which will reach its crescendo when voters go to the polls November 3, is different.
Unprecedented 2020 election
Due to the coronavirus pandemic, many states this year have expanded absentee and mail-in voting.
Data collected by the U.S. Elections Project finds that by October 29 more than 82 million voters had voted by mail or cast their ballots at early voting centers.
U.S. intelligence officials have already confirmed attacks on the election have been underway for some time, with Russia, China and Iran all waging operations designed to influence the way voters cast their ballots.
And more recently, intelligence officials warned that Russia and Iran managed to acquire voter registration data while hacking into U.S. databases.
In another significant difference from the 2016 and 2018 elections, intelligence and election security officials warn that, this time, the assault on the election will not end when the polls close. Instead, they say the attacks will persist, likely until at least the presidential inauguration on January 20, 2021.
Here are the threats that have U.S. officials most worried as Election Day approaches:
Foreign Influence Operations
U.S. counterintelligence officials began warning in August about influence campaigns by the big three – Russia, China and Iran.
In a rare public statement, National Counterintelligence and Security Center (NCSC) Director William Evanina warned that each of the three countries had a preference between President Donald Trump and former Vice President Joe Biden and had ongoing influence operations to help their favorite.
“We assess that Russia is using a range of measures to primarily denigrate former Vice President Biden,” Evanina said in the statement, adding, “Some Kremlin-linked actors are also seeking to boost President Trump’s candidacy on social media and Russian television.”
“We assess that China prefers that President Trump – whom Beijing sees as unpredictable – does not win reelection,” Evanina said.
Iran, Evanina said, is “driven by a perception that President Trump’s reelection would result in a continuation of U.S. pressure on Iran in an effort to foment regime change.”
A month later, FBI Director Christopher Wray warned lawmakers that Russian efforts were “very, very active” on social media, on its own state-run media and through various proxies.
The nation’s top intelligence official, though, has focused more on the threat from China.
“I don't mean to minimize Russia,” Director of National Intelligence John Ratcliffe told Fox Business News on August 30. "But the threats that we face from China are significantly greater...anyone who sees intelligence knows that."
Other top intelligence officials agree China is a greater threat to the U.S. over the long-term, though they maintain Russia presents the biggest threat to the election itself.
Officials also caution that Russia, China and Iran are not alone.
Evanina told Hearst Television October 8, “We probably have 30 countries out there wanting to play in the influence game,” a list that includes U.S. allies like Saudi Arabia, and Turkey, and adversaries like Cuba and Venezuela.
Despite the ongoing threat, U.S. election officials have been expressing confidence about the status of the country’s election-related networks and systems.
"This will be the most secure election in modern history," Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency (CISA), proclaimed in September, and not for the first time.
Krebs made similar comments as far back as at least July, noting the U.S. has sensors in place to detect possible intrusions into critical computer systems and networks. And 92% of states have systems in place to ensure there is a paper record of every vote cast.
But because election-related systems and networks are more secure than they have ever been, officials expect Russia, China, Iran and other U.S. adversaries to try an indirect attack.
“Ransomware remains a threat," Krebs told a cybersecurity summit in September.
Officials expect the ransomware – malicious software that denies users access to computers or networks unless they pay up – is likely to target systems which are related but not central to the election.
"We see cascading impacts where internet is lost, connectivity to websites is lost," said Matt Masterson, the Department of Homeland Security’s senior adviser for election security.
In an updated threat assessment, the New Jersey Office of Homeland Security and Preparedness further warned, “Though it might not affect getting accurate votes, it [ransomware] could still impact vote-tallying systems.”
U.S. officials also worry about potential attacks on the country’s electricity grid or communications networks and have been working with those sectors to increase security.
Recent ransomware attacks by Russian-speaking cyber actors against U.S. health care providers has only heightened this concern.
Even though officials express confidence in U.S. efforts over the past four years to better secure election-related computer networks and infrastructure, foreign countries are still trying to find a weakness.
U.S. intelligence and security officials warn that Russia and Iran, in particular, have amplified their efforts to penetrate critical systems.
On October 21, Director of National Intelligence John Ratcliffe announced both countries had managed to access U.S. voter registration data and were using it in what he described as “desperate attempts” to sow confusion and chaos.
“Both nations took voter data registration information from places that were election-related infrastructure,” the NCSC’s William Evanina told PBS this on October 29.
“Some of that might have been by accident,” he said, adding, “As of right now, where we sit today, we're very confident that our adversaries will not be able to manipulate any votes or change any votes at scale.”
Still, according to the FBI and CISA, both Russia and Iran have been searching for ways into state and local systems since at least September.
Giving U.S. officials more cause for concern is that the hacks by countries like Russia and Iran do not themselves need to be successful for them to have an impact – something officials describe as a “perception hack.”
“What concerns me the most is the steady drumbeat of misinformation and amplification of smaller cyber intrusions,” FBI Director Christopher Wray told lawmakers during a September hearing. “I worry they will contribute over time to a lack of confidence of (among) American voters."
“That would be a perception, not reality. I think Americans can and should have confidence in our election system and certainly in our democracy,” he added.
Social media companies, like Facebook, have also expressed concern, even as they claim to be stopping influence operations earlier than ever before.
“As it gets harder to go undetected for long periods of time, we see malicious actors attempt to play on our collective expectation of widespread interference to create the perception that they’re more impactful than they in fact are,” Facebook Head of Security Policy Nathaniel Gleicher wrote in a recent blog.
“We’re closely monitoring for potential scenarios where malicious actors around the world may use fictitious claims, including about compromised election infrastructure or inaccurate election outcomes, to suppress voter turnout or erode trust in the poll results, particularly in battleground states,” he added.
All these threats – influence operations, ransomware attacks, hacks and perception hacks – feed into one more threat that has U.S. intelligence and law enforcement officials worried: the threat of actual violence.
"Given what we've experienced over the course of the spring and the summer, we can't presume that what happens the night of [the election] or even days before and certainly not days after, is going to be peaceful,” Chicago Mayor Lori Lightfoot said during an October 27 online forum.
“We hope for that,” she said. “But we are preparing for the worst.”
FBI Director Christopher Wray has also expressed concern about what U.S. adversaries may be able to do to see that political divisions play out violently.
“Certainly, there is an effort to sow upheaval and discord, and as we've seen around the country, discord and upheaval can lead to dangerous, violent criminal activity," he told lawmakers in September. “Our preparations for 2020 take into account the current climate of the country.”
More recently, the NCSC and CISA have been urging U.S. voters to be smart, and to recognize foreign efforts to manipulate and provoke them, whether in the run-up to the election, on Election Day or in the days to come.
“Remember, our job's not done on Nov 3 - in the days & weeks that follow we will see efforts to delegitimize the process” CISA’s director wrote on Twitter. "Don't fall for it."