After Russia's misinformation campaign rattled the 2016 United States election season, scrutiny over this year's midterms has been intense. And while foreign cybersecurity threats have so far been relatively muted, an unclassified government report obtained by The Boston Globe this week indicates more than 160 suspected election-related incidents since the beginning of August, ranging from suspicious login attempts to compromised municipal networks. Officials haven't attributed most of it to an actor yet, but the situations include suspicious attempted logins on election systems like voter databases and municipal network compromises. Even in July, Microsoft said it had spotted four incidents of attempted campaign phishing.

Since the wakeup call of the 2016 election, local, state, federal officials, and privacy organizations have worked together to improve system defenses around the country in ways they never have before. The process has been both controversial and, in some cases, too late to help the 2018 midterm election season. But plenty of municipalities have already updated and reinforced their digital networks, replaced insecure voting machines, increased their hiring of specialized security personnel security hiring, and implemented post-election audits. The Department of Homeland Security has aided localities by actively probing election systems for vulnerabilities—and helping fix them—and expanding their ability to monitor their voting infrastructure. The foundation of a secure election was laid well before Tuesday.

But on the day itself, election officials and third parties say the biggest cybersecurity improvements have to do with communication between the many organizations that participate. Elections are run, after all, not by the federal government, but by state and local officials spread across more than 1,300 local election jurisdictions. For the first time in 2018, that fractured landscape will be tied together by a hubs like the Elections Infrastructure Information Sharing and Analysis Center, which the Department of Homeland Security will use to coordinate information from all 50 states.

"What we lacked in 2016 and before was an organized way to identify patterns and spot trends from above," says David Becker, executive director of the nonpartisan Center for Election Innovation and Research, who formerly worked as a Department of Justice voting rights attorney. "Now we'll be able to connect the dots about the origin and nature of the activity thanks to coordination through DHS."

The irregularities those officials will watch for include things like mass voting machine failures, unexpected voter registration issues, and suspicious network activity on election infrastructure systems. Unlike 2016, they'll now have clear channels for reporting those anomalies, hearing what other local officials are doing to combat similar issues, and even calling in specialized assistance.

Massive Coordination

In August, DHS conducted a tabletop exercise—essentially an election day dry run—with representatives from 44 states to review and practice using the expanded resources that will be available. "The progress we’ve made since 2016 is immense," the DHS official said. "We’re not just able to push information down, but we're receiving a great amount of information back that allows us to understand the threats targeting information systems."

Unlike 2016, many secretaries of state and other top election officials have gotten security clearances that allow them to be briefed on classified threat intelligence, and understand the context of what they may see on election day.

"This could be everything from general threat information around things like phishing or SQL injections to specific threat indicators that the IT components across the states and municipalities can use to manage risk and identify if they’re being targeted and mitigate those threats," a DHS senior administration official told reporters on Wednesday.

"We’re going to have to resist the urge to think that everything that happens is a cyber event." David Becker, Center for Election Innovation and Research

A successful phishing attack could give hackers the keys to an official email account or voter registration system. The technique known as an SQL injection could grant them unauthorized access to the information in a voter registration database. And sharing threat indicators though a coordinating body like DHS could allow analysts notice that, say, multiple precincts have strange issues with software from the same vendor. The decentralization of elections in the US is a security strength, because it makes the system difficult to attack as a whole, but can also be a weakness if multiple regions experience the same problem and no one realizes the commonality.