Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireIdentity ManagementCybersecurity NewsGovernment: Federal, State and Local

Majority of Election Websites in Battleground States Failing in Cybersecurity

election
February 4, 2020

A large majority of election-related websites operated by local governments in battleground states lack a key feature that would help them be more cybersecure -- a site that ends in .gov as opposed to .com or other extensions.

Research by McAfee found that as many as 83.3 percent of county websites lacked .GOV validation across these states, and 88.9 percent and 90 percent of websites lacked such certification in Iowa and New Hampshire respectively. Such shortcomings could make it possible for malicious actors to establish false government websites and use them to spread false election information that could influence voter behavior and even impact final election results.

“Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” said Steve Grobman, McAfee Senior Vice President and Chief Technology Officer. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times. In this way, this malicious actor could impact election results without ever physically or digitally interacting with voting machines or systems.”

Government entities purchasing .GOV web domains have submitted evidence to the U.S. government that they truly are the legitimate local, county, or state governments they claimed to be, McAfee says. Websites using .COM, .NET, .ORG, and .US domain names can be purchased without such validation, meaning that there is no governing authority preventing malicious parties from using these names to set up and promote any number of fraudulent web domains mimicking legitimate county government domains.

The HTTPS encryption measure assures citizens that any voter registration information shared with the site is encrypted, and that they can give greater confidence in the entity with which they are sharing that information. Websites lacking .GOV and encryption cannot assure voters seeking election information that they are visiting legitimate county and county election websites, leaving malicious actors an opening to set up disinformation schemes.

January 2020 Survey Findings

McAfee’s January 2020 survey researched states projected by U.S. election prognosticators to be pivotal in determining the victor in the 2020 Presidential Elections. States surveyed include Arizona, Florida, Georgia, Iowa, Michigan, Minnesota, Nevada, New Hampshire, North Carolina, Ohio, Pennsylvania, Texas, and Wisconsin. Together, these states account for 201 of the 270 electoral votes required to win the U.S. presidential election.

State counties lacking .GOV validation. Of the 1,117 counties in the survey group, 83.3 percent of their websites lack .GOV validation. Minnesota ranked the lowest among the surveyed states in terms of .GOV website validation with 95.4 percent of counties lacking U.S. government certification. Other states severely lacking in .GOV coverage included Texas (94.9 percent), New Hampshire (90 percent), Michigan (89.2 percent), Iowa (88.9 percent), Nevada (87.5 percent), and Pennsylvania (83.6 percent).

Arizona had the highest percentage of main county websites validated by .GOV with 66.7 percent coverage, but even this percentage suggests that a third of the Grand Canyon State’s county websites are unvalidated and that hundreds of thousands of voters could still be subjected to disinformation schemes.

State counties lacking HTTPS protection. McAfee’s survey found that 46.6 percent of county websites lack HTTPS encryption. Texas ranked the lowest in terms of encryption, with 77.2 percent of its county websites failing to protect citizens visiting these web properties. Other states with counties lacking in encryption included Pennsylvania (46.3 percent), Minnesota (42.5 percent), and Georgia (38.4 percent).

Assessment of Iowa and New Hampshire. In Iowa, 88.9 percent of county websites lack .GOV validation, and as many as 29.3 percent lack HTTPS encryption. Ninety percent of New Hampshire’s county websites lack .GOV validation, and as many as 30 percent of the state’s counties lack encryption.

Inconsistent naming standards. McAfee’s research found that some states attempted to establish standard naming standards, such as www.co.[county name].[two-letter state abbreviation].us. Unfortunately, McAfee says, these formats were followed so inconsistently that a voter seeking election information from her county website cannot be confident that a web domain following such a standard is indeed a legitimate site.

Easy-to-remember naming formats. McAfee found 103 cases in which counties set up easy-to-remember, user-friendly domain names to make their election information easier to remember and access for the broadest possible audience of citizens. Examples include www.votedenton.com, www.votestanlycounty.com, www.carrollcountyohioelections.gov, www.voteseminole.org, and www.worthelections.com. According to McAfee, while 93 of these counties (90.2 percent) protected voters visiting these sites with encryption, only two validated these special domains and websites with .GOV. This suggests that malicious parties could easily set up numerous websites with similarly named domains to spoof these legitimate sites.

Strategies for transitioning to .GOV. While only 19.3 percent of Ohio’s 88 county main websites have .GOV validation, the state leads McAfee’s survey with 75 percent of county election websites and webpages validated by .GOV certification. This leadership position appears to be the result of a state-led initiative to transition county election-related content to .GOV validated web properties. A majority of counties have subsequently transitioned their main county websites to .GOV domains, their election-specific websites to .GOV domains, or their election-specific webpages to Ohio’s own .GOV-validated https://ohio.gov/ domain (i.e. https://www.boe.ohio.gov/vanwert/).

Such a .GOV transition strategy constitutes an interim solution until more comprehensive efforts are made at the state and federal government level through initiatives such as The DOTGOV Act of 2020, McAfee says. This legislation would require the Department of Homeland Security (DHS) to support .GOV adoption for local governments with technical guidance and financial support.

“Ohio has made a commendable effort to lead in driving election websites to .GOV, either directly or by using the state run ohio.gov domain,” said Grobman. “While main county websites still largely lack .GOV validation, Ohio does provide a mechanism for voters to quickly assess if the main election website is real or potentially fake. Other states should consider such interim strategies until all county and local websites with election functions can be fully transitioned to .GOV.”

KEYWORDS: cyber security cybersecurity election security website security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • education 3 responsive default

    Study Finds U.S. Universities Failing in Cybersecurity Education

    See More
  • education 2 responsive default

    U.S. Universities Failing in Cybersecurity Education

    See More
  • Voting2

    CISA says there's no evidence of election fraud; 2020 election was the most secure in American history

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • June 20, 2024

    Turning Threats into Solutions in Today's Cyber Landscape

    ON DEMAND: This webinar will also explore lessons learned and the evolving threat landscape of cybersecurity within local governments and how these key challenges and tactics can develop an effective security strategy.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing