Vulnerabilities in U.S. election infrastructure not only expose the nation’s elections to hybrid physical and network attacks, but its voters to influence campaigns designed to cast doubt in the process itself. Authoritarian regimes such as Russia, Iran, and China are capable of conducting both sophisticated disinformation operations and cyber campaigns, and using both methods can be a particularly effective strategy for disrupting an election. Despite significant attention and more (but insufficient) funding in recent years, the overall defensive posture of election infrastructure operators lags behind the offensive cyber capabilities of sophisticated adversaries and criminals.

Elections are not alone. Other critical infrastructure sectors have sustained major disruptions because of cyber attacks like ransomware. However, elections are unique in that a sizable segment of the American public views the electoral process suspiciously and is primed to believe any errors or inconsistencies presented that supports that belief. As a result, adversaries now have at least three distinct attack strategies at their disposal: quietly change enough actual ballots to alter the outcome of a contest, loudly manipulate a small number of ballots to provide “evidence” of a systemic failure to suspicious voters, or launch a pure perception hack through the dissemination of false information to convince voters of widespread fraud absent any evidence.

By analyzing state-backed government messaging across various information mediums using a tool called Hamilton, researchers can track narratives and topics promoted by Russian, Chinese, and Iranian government officials and state-funded media. These trends can help provide context and insights into publicly-available information of breaches, ransomware, or other related attacks against election infrastructure. Election officials and network defenders can work together to improve the resilience of the most important component of the electoral system: voters.