County election systems just got a (simulated) stress test

Election systems in the fictitious Pictoria County were subjected to ransomware, power outages and acts of God during a tabletop exercise.
NACo conference
The National Association of Counties holds its annual legislative meeting in Washington. (Benjamin Freed / Scoop News Group)

Officials from county governments across the U.S. on Friday theorized what they’d do if an election in their jurisdiction was upended by a blizzard, power outage, phishing attack, ransomware or disinformation campaign — or some combination of those events.

On the first day of the National Association of Counties‘ annual legislative conference in Washington, the county officials, including some elected leaders and chief information officers, played out a tabletop scenario that asked them to describe how they’d respond to an election-night disaster.

Tabletop exercises have become increasingly common in the election-administration community, with federal agencies like the Cybersecurity and Infrastructure Security Agency holding nationwide, often closed-door events every year. The NACo event featured officials who, while maybe not directly involved in election work, could potentially have to help respond in case of an emergency.

Snowy, with a chance of ransomware


The NACo tabletop focused on a fictional community in Tennessee — Pictoria County, population 220,000 — with an election staff of 10 and IT workforce of 20, who assist with testing voting equipment before and on Election Day.

In the first scenario, Pictoria County was hit with a freak, early-November snowstorm strong enough to knock down power lines, prompting the election director to ask the IT director how voting equipment will be delivered to all 150 precincts.

One group in the room, made up primarily of tech-company vendors, said it was a “mostly logistical question” that could be answered with an “integration of county services, plows, fire and emergency” to get voting devices to the precincts.

Sean Higginbotham, the IT director of Cascade County, Montana, told the room that counties need to be more prepared than that. “With 150 polling locations, equipment should already be in place before Election Day,” he said.

But the scenario only got nastier: Participants were asked how they’d react if in the aftermath of the snowstorm, an election worker clicked on a malicious link that asked them to change their password, only to wind up with a computer locked up with a ransom message.


Several county CIOs in the room stood up and talked about working with their emergency management agencies, air-gapping election systems from other networks and using technologies like endpoint detection and response software.

Kathy Boockvar, a former Pennsylvania Secretary of the Commonwealth who now leads the Center for Internet Security’s election efforts and oversaw Friday’s tabletop exercise, also recommended that counties develop continuity-of-operations plans when planning for elections. Drawing on her experience as a statewide election official, Boockvar said that when she encouraged Pennsylvania county officials to develop plans, she found that many did not know who’d they call in a disaster.

“Sometimes the election director didn’t know the emergency management person,” she said.

Scrambling against misinformation

A second scenario posited rumors circulating on Facebook that some of Pictoria County’s precincts did not receive their voting equipment on time because of the snowstorm, as well as more reports of employees falling to phishing links and being locked out of their computers.


While associations of statewide officials — like secretaries of state and governors — have promoted public-awareness campaigns urging voters to only get their election information from “trusted voices,” localized misinformation and disinformation can be harder to deal with.

Amelia Powers Gardner, a commissioner in Utah County, Utah, told StateScoop that during the 2020 election — while Powers Gardner was serving as the county clerk — a caller to a nationally syndicated radio show hosted by right-wing commentator Glenn Beck claimed that a drop box for absentee ballots was “fake.” Powers Gardner said she called Beck’s switchboard, while simultaneously reaching out to U.S. Sen. Mike Lee, R-Utah, asking him to put her in touch with the host.

“Senator Lee texted Beck every 30 seconds until he put me on the show,” she said.

Nearly a year-and-a-half after the election, officials like Powers Gardner continue to deal with disinformation and conspiracy theories. She said that even now as a member of her county’s three-person commission, many public meetings are interrupted by demands for Arizona-style “full forensic audits” of the 2020 vote — in a county where former President Donald Trump carried 68% of the vote.

She also said those outbursts have become so common, they’ve led to video streams of commission meetings being flagged by YouTube as disinformation themselves, as happened with a Feb. 2 meeting, which received a strike from YouTube, threatening deletion of the county’s channel. Powers Gardners said she was able to reverse the strike after reaching out to a local Google lobbyist, showing StateScoop text messages pleading to restore video streams that count as public records required under the law. Still, she said she expects the conspiracy-inspired demands to relitigate the 2020 election to continue to pester the county board.


Boockvar, the CIS vice president, said after the tabletop exercise that the scenarios showed the range of capabilities in counties of widely varying sizes. But she also said it appeared most officials in the room were aware of the importance of collaborating across sectors and familiar with the resources offered by groups like the Election Infrastructure Information Sharing and Analysis Center, which the Center for Internet Security runs.

“Cross-sector collaboration is best,” she said. “The most important thing we can do is enabling collaboration to strengthen all of our systems and provide the most accurate information.”

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts