On cyber, local elections officials are ‘natural risk managers,’ says former CISA official
Geoff Hale got his start in defending the nation’s elections infrastructure from cyberattacks in 2016. “I guess I can thank Russia for that,” he said, pointing to his work at the National Protection and Programs Directorate, which was two years later to be transformed into the Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security division granted an expansive remit on coordinating and rallying technical and intelligence resources in response to cybersecurity threats, foreign and domestic.
He recalled Russia’s successful cyberattacks in 2016 against the Democratic National Committee, but also lesser known cyber activity aimed at state governments. Much has changed over the past decade, including the level of support offered by the federal cyber agency created during Donald Trump’s first presidency. Federal support for state and local governments has been slashed broadly, including for programs that would aid local election officials as they prepare for the midterm elections and the 2028 presidential race.
Aiming to provide local governments additional cyber support, the nonprofit advocacy group Center for Democracy and Technology last month announced a new initiative, led by Hale. In a recent interview, he described the nation’s altered political backdrop and how his organization hopes to play a helpful role.
This interview, which can be found in full on StateScoop’s Priorities Podcast, has been edited for brevity and clarity.
Colin Wood: How will you lead this new initiative to aid local election officials with their cybersecurity?
Hale: It’s really a focus on election infrastructure, the progress that has been made over the last decade in securing election infrastructure. By that you mean the office systems, the government networks, the voting systems, your voter registration databases, your e-pollbooks and everything that is IT related that an election official may rely on to administer the election. How do we ensure that those are well-protected from sophisticated cyber actors and those advanced threats?
How has cybersecurity changed since you got your start in 2016?
It has been tremendous. I can’t speak to before 2016 because I got my start, I guess I can thank Russia for that, because in 2016 I was working for the Department of Homeland Security, at the predecessor to CISA. In the spring and summer of 2016, Russia had hacked the DNC, which everybody is pretty aware of, but also did some reconnaissance and some cyber activity on a voter registration database at a state level. We recognized that this was an advanced cyber actor and wanted to engage state and locals in helping to ensure that they’re prepared and not alone facing cybersecurity threats like that.
It was a huge undertaking, and DHS made a lot of mistakes in who we contacted, what our understanding was, but we were always there to lend support. And over time, we built trust in the election community. Over the course of that 10 years, you saw the maturation of cybersecurity programs for election officials really advance. Many states developed vulnerability disclosure programs, vulnerability management programs, they were improving their visibility on their own exposures and how they were closing those in a timely manner. The success was tremendous. It’s always iterative progress and there’s always more to do in cybersecurity, but it really shifted from a community that may have been hesitant to consider themselves cyber professionals to really embracing that aspect of the role.
What are the resource gaps you hope to fill?
Anyone who’s spoken to an election official knows that their most important resource is time and every day brings us closer to another election. It takes time for election officials to navigate going to this location to receive that type of support, identifying where they’ll learn about new vulnerabilities, or how things are changing because of Iran. In previous years, it was very clear that you could go to CISA, you could go to the Elections-Infrastructure Information Sharing and Analysis Center, and now I hear there’s a contraction of that support. We are looking to ensure at CDT that we’re partnering with the right people to translate and fill some of those coordination gaps and get the information down to election officials where necessary. It doesn’t always have to be at CDT or a CDT-branded product, but connecting that dot so that election officials aren’t spending their time trying to fill those gaps themselves.
Despite the federal government pulling back support, many have pointed out it’s better positioned than any other organization to coordinate intelligence sharing.
It is yet to be seen if there will be publications for election officials on relevant election security threats and whether the ability to get that information to officials will be maintained. That’s an area that’s really been weakened, that trust in that existing relationship of who knows how to contact whom under what circumstances. I still love the CISA mission and the holdings that exist there and the work that’s being done by plenty of good people, but that relationship with the election community seems to have been frayed.
Smarter people than I always describe it as: cyber is a team sport, and you don’t want it to be a pick-up game. You want to know who you’re passing to, you want to know who you’re engaging with, and who your defense is. Nobody’s going to be an expert across the board on everything. If you have to do incident response, if you have to do cyber intelligence sharing, if you have to do communications of a cyber incident, all of those things are really different capabilities, and pushing to understand who has what information under those circumstances is a really key area that you want to have that preparatory environment.
How is the war in Iran affecting preparations for the 2026 midterms?
I’m not sitting on any particular intelligence, but it’s really interesting to think back on Iranian activity. They were very active in 2020, they were very active in 2022, and while many of their activities were kind of ham-handed and easily detected by the intelligence community, the reality is under these tensions, they’ve already demonstrated that they are one of the most aggressive actors for election-related activity. What is it going to look like when the safeguards are off, when they have fewer guardrails in place? If I was a state-level CISO, I would be pressing to receive as many classified or unclassified briefings, from whomever.
For those at state or local government elections agencies looking for assistance on cybersecurity, what resources are available through CDT?
We’ve got two layers of work taking place. At the national policy level, we’re certainly talking about how to establish information-sharing organizations, not in competition with the ISAC. For the kind of cyber guidance that touches election officials directly, we’re working with other organizations to provide the clearinghouse of data to train, to push particular cyber programs on chains of custody, on incident response, on incident preparedness, in order to advance the community going forward, through ‘26 and beyond.
With Trump repeatedly suggesting that we don’t need elections anymore and tweeting images of himself wearing a crown, is there any preparation being done at the local level to protect elections from threats inside the White House?
I would say election officials are natural risk managers. Their whole business is to operate with integrity and administer the process as best possible under the circumstances. They’re very aware of physical threat environments, they’re very aware of cyber environments and they’re tracking the news. So do I know for a fact that there are plans or inside threats or other elements or engagement from the administration? Not exactly. But I do know election officials to be excellent planners and that they test and prepare for many types of scenarios.
