Election security study: More than half of tech pros are less confident now than before the pandemic

September 15, 2020

In the lead-up to the 2020 US elections, the nonpartisan global technology association ISACA surveyed more than 3,000 IT governance, risk, security and audit professionals in the US in January and again in July. Results show that confidence levels in securing the election are low—and declining. While federal, state and local governments continue to harden election infrastructure technical controls and security procedures, 56 percent of respondents are less confident in election security since the pandemic started—signaling the need for greater education of the electorate and training of election personnel to drive awareness and trust.

Respondents to ISACA’s 2020 Election Security Survey say they believe that funding, legislation, technical controls and election infrastructure are all inadequate, including 63 percent who are not confident in the resilience of election infrastructure, and 57 percent who believe that funding is not sufficient to prevent hacking of elections.

Respondents identified the following as the top threats to election security:

Misinformation/disinformation campaigns (73%)
Tampering with tabulation of voter results (64%)
Hacking or tampering with voter registration rolls

Hacking or tampering with voting machines (both 62%)

The combination of low confidence and high perception of threats requires a call to action, according to retired Brigadier General Greg Touhill, CISM, CISSP, ISACA board director and president of the AppGate Federal Group, who also previously served as the first federal CISO.

“The overwhelming majority of localities have sound election security procedures in place, but the public’s perception does not match the reality,” says Touhill. “This means that governments, from the county level on up, need to clearly and robustly communicate about what they are doing to secure their election infrastructure. As the study indicates, the most real threat to the election—impacting all candidates from all parties—is misinformation and disinformation campaigns.”

The survey found that respondents believed the following actions could help ensure voter confidence and accountability:

Educating the electorate about misinformation (65%)
Using electronic voting machines with paper audit trails (64%)
Increased training for election and election security personnel (62%)

“As a learning organization, ISACA has long recognized the power of education. In the case of election security, education has the power to instill confidence, ensure the election professionals and volunteers are well trained, and help the electorate identify and share information that is accurate instead of information that is intended to manipulate voters’ perceptions,” said Nader Qaimari, ISACA chief learning officer.

For full survey results and perspectives from information security experts, visit www.isaca.org/election-security. An upcoming free webinar on election security taking place on 1 October will feature speakers including Touhill; Ginny Badanes, Director of Strategic Projects at Microsoft’s Defending Democracy Program; Kevin McDermott, Chief Technology Officer of Cook County Clerk’s Office; and Chris Wlaschin, Vice President of Systems Security and CISO of Election Systems & Software. To register, visit www.isaca.org/education/online-events/lms_w100120.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Election security study: More than half of tech pros are less confident now than before the pandemic

Related Articles

Related Events

Report Abusive Comment