A SECURE ELECTION
On Nov. 17, I was dismissed as director of the Cybersecurity and Infrastructure Security Agency, a Senate-confirmed post, in a tweet from President Donald Trump after my team and other election security experts rebutted claims of hacking in the 2020 election. On Monday, a lawyer for the president’s campaign stated that I should be executed. I will not be intimidated by these threats from telling the truth to the American people.
Three years ago, I left a comfortable private-sector job to join, in the spirit of public service, the Department of Homeland Security. At the time, the national security community was reeling from the fallout of the brazen Russian interference in the 2016 presidential election. I wanted to help.
Across the nation’s security agencies, there was universal acknowledgment that such foreign election interference could not be allowed to happen again. Our mission : Protect U.S. elections from threats foreign and domestic.
With the advantage of time to prepare for the 2020 election, we got to work. My team at the Cybersecurity and Infrastructure Security Agency, or CISA, had primary responsibility for working with state and local election officials and the private sector to secure their election infrastructure — including the machines, equipment and systems supporting elections — from hacking. (Other agencies handle fraud or other criminal election-related activity.) The Russian assault in 2016 had not included hacking voting machines, but we couldn’t be sure that Moscow or some other bad actor wouldn’t try it in 2020.
States are constitutionally responsible for conducting the nation’s elections. At CISA, we were there to help them do it securely. Our first job was to improve CISA’s relationships with state and local officials, building trust where there was none. We also worked closely with representatives from across the election-security community, public and private, in groups called coordinating councils. A key development was the establishment of the Elections Infrastructure Information Sharing and Analysis Center to share security-related information with people who can act on it for defensive purposes. By the 2018 midterm elections, all 50 states had joined the center.
We offered a range of cybersecurity services, such as scanning systems for vulnerable software or equipment, and conducting penetration tests on networks. Election officials across the country responded by markedly improving cybersecurity.
But there was a critical weak spot. Voting machines known as Direct Recording Electronic machines, or DREs, do not generate paper records for individual votes. And paper ballots are essential pieces of evidence for checking a count’s accuracy. With DREs, the vote is recorded on the machine and combined with voting data from other machines during the tabulation process. If those machines were compromised, state officials would not have the benefit of back-up paper ballots to conduct an audit.
In 2016, five states used DREs statewide, including Georgia and Pennsylvania, with a handful of others using DREs in multiple jurisdictions. Fortunately, by 2020, Louisiana was the last one with statewide DRE usage. Congress provided grant funding in 2018, 2019 and 2020 to states to help them retire the paperless machines and roll out auditable systems. As the 2020 election season began, Delaware, Georgia, Pennsylvania and South Carolina all swapped over to paperbased systems. Then the
Battleground states ensured there was a voting paper trail that could be audited.
emergence of the pandemic prompted a nationwide surge toward the use of voting by mail.
The combined efforts over the past three years moved the total number of expected votes cast with a paper ballot above 90%, including the traditional battleground states. No significant discrepancies attributed to manipulation have been found in postelection canvassing, audit and recount processes.
This cannot be emphasized enough: Officials in Georgia, Michigan, Arizona, Nevada, Pennsylvania and Wisconsin worked overtime to ensure there was a paper trail that could be audited or recounted by hand.
That’s why Americans’ confidence in the security of the 2020 election is entirely justified. Paper ballots and post-election checks ensured the accuracy of the count. Consider Georgia: The state conducted a full hand recount of the presidential election, a first of its kind, and the outcome of the manual count was consistent with the computerbased count. Clearly, the Georgia count was not manipulated, debunking claims by the president and his allies about the involvement of CIA supercomputers, malicious software programs or corporate rigging aided by long-gone foreign dictators.
The 2020 election was the most secure in U.S. history. This success should be celebrated by all Americans, not undermined in the service of a profoundly un-American goal.
Krebs