In the lead-up to the 2020 US elections, the nonpartisan global technology association ISACA surveyed more than 3,000 IT governance, risk, security and audit professionals in the US in January and again in July. Results show that confidence levels in securing the election are low—and declining. While federal, state and local governments continue to harden election infrastructure technical controls and security procedures, 56 percent of respondents are less confident in election security since the pandemic started—signaling the need for greater education of the electorate and training of election personnel to drive awareness and trust.

Respondents to ISACA’s 2020 Election Security Survey say they believe that funding, legislation, technical controls and election infrastructure are all inadequate, including 63 percent who are not confident in the resilience of election infrastructure, and 57 percent who believe that funding is not sufficient to prevent hacking of elections.

Respondents identified the following as the top threats to election security:

1. Misinformation/disinformation campaigns (73%)
2. Tampering with tabulation of voter results (64%)
3. Hacking or tampering with voter registration rolls

Hacking or tampering with voting machines (both 62%)

The combination of low confidence and high perception of threats requires a call to action, according to retired Brigadier General Greg Touhill, CISM, CISSP, ISACA board director and president of the AppGate Federal Group, who also previously served as the first federal CISO.

“The overwhelming majority of localities have sound election security procedures in place, but the public’s perception does not match the reality,” says Touhill. “This means that governments, from the county level on up, need to clearly and robustly communicate about what they are doing to secure their election infrastructure. As the study indicates, the most real threat to the election—impacting all candidates from all parties—is misinformation and disinformation campaigns.”

The survey found that respondents believed the following actions could help ensure voter confidence and accountability:

1. Educating the electorate about misinformation (65%)
2. Using electronic voting machines with paper audit trails (64%)
3. Increased training for election and election security personnel (62%)

“As a learning organization, ISACA has long recognized the power of education. In the case of election security, education has the power to instill confidence, ensure the election professionals and volunteers are well trained, and help the electorate identify and share information that is accurate instead of information that is intended to manipulate voters’ perceptions,” said Nader Qaimari, ISACA chief learning officer.

For full survey results and perspectives from information security experts, visit www.isaca.org/election-security. An upcoming free webinar on election security taking place on 1 October will feature speakers including Touhill; Ginny Badanes, Director of Strategic Projects at Microsoft’s Defending Democracy Program; Kevin McDermott, Chief Technology Officer of Cook County Clerk’s Office; and Chris Wlaschin, Vice President of Systems Security and CISO of Election Systems & Software. To register, visit www.isaca.org/education/online-events/lms_w100120.