In a public service announcement (PSA) issued Oct. 4., the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said they believe that “any attempts by cyber actors to compromise election infrastructure are unlikely to result in largescale disruptions or prevent voting.”
The PSA says that as of the date of the report, the FBI and CISA “have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information.”
Rather, any attempts tracked by the FBI and CISA “have remained localized and were blocked or successfully mitigated with minimal or no disruption to election processes,” the agencies said.
In a bid to reassure the voting public, the FBI and CISA said the public should be aware that election officials use a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity affecting the confidentiality, integrity, or availability of election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting.
“Given the extensive safeguards in place and distributed nature of election infrastructure, the FBI and CISA continue to assess that attempts to manipulate votes at scale would be difficult to conduct undetected,” the PSA says.
The PSA also explains that in addition to attempting to attack election infrastructure, nefarious cyber actors may also seek to spread or amplify false or exaggerated claims of cybersecurity compromises to election infrastructure.
The FBI and CISA added that they will “continue to quickly respond” to any potential threats, provide recommendations to harden election infrastructure, notify stakeholders of threats and intrusion activity, and impose risks and consequences on cyber actors seeking to threaten U.S. elections.
The FBI and CISA also provided recommendations ahead of the midterms, including:
- “Be wary of emails or phone calls from unfamiliar email addresses or phone numbers that make suspicious claims about the elections process or of social media posts that appear to spread inconsistent information about election-related incidents or results.
- Do not communicate with unsolicited email senders, open attachments from unknown individuals, or provide personal information via email without confirming the requester’s identity. Be aware that many emails requesting your personal information often appear to be legitimate.
- Verify through multiple, reliable sources any reports about compromises of voter information or voting systems, and consider searching for other reliable sources before sharing such information via social media or other avenues.
- Be cautious with websites not affiliated with local or state government that solicit voting information, like voter registration information. Websites that end in “.gov” or websites you know are affiliated with your state or local election office are usually trustworthy. Be sure to know what your state and local elections office websites are in advance to avoid inadvertently providing your information to nefarious websites or actors.
- Report potential crimes – such as cyber targeting of voting systems – to your local FBI Field Office.
- Report cyber-related incidents on election infrastructure to your local election officials and CISA.”