As voting culminated Tuesday and vote-counting continued into Wednesday, Department of Homeland Security officials said that a virtual “situational awareness room” where federal, state and local officials shared intelligence about cyber activity and other potential disruptions with each other was largely successful as an information-sharing space on Election Day.
Over the course of Tuesday, the room — operated by the federally funded Election Infrastructure Information Sharing and Analysis Center — saw participation from about 500 election and voter-protection officials, IT staff, vendors and representatives from social media companies and political parties. And while DHS officials repeatedly described the cyber activity observed on Election Day as “another Tuesday on the internet,” there was a flutter of activity inside the virtual war room.
“The engagement was great,” a senior official with the Cybersecurity and Infrastructure Security Agency said about 11:30 p.m. Tuesday night. “A lot of sharing around scanning, sharing of IPs, sharing of emails. That’s what we wanted. There’s no bar to what we share.”
The official’s assessment aligns with a preview of the operation offered Monday by Ben Spear of the nonprofit Center for Internet Security, which operates the EI-ISAC. In addition to CIS’s incident-response and engineering teams, EI-ISAC members — which include state and local election officials — made use of the organization’s endpoint detection and malicious domain blocking services.
Still, Tuesday was not without some flareups around the country. A robocall that encouraged millions of voters to “stay safe and stay home” has prompted an FBI investigation.
And multiple counties in Georgia and Ohio encountered glitches with electronic poll books, though officials there said those issues were able to be resolved. Though on Wednesday morning, two counties around Atlanta reported problems with ballot readers scanning a large number of uncounted absentee ballots, according to the Atlanta Journal-Constitution. Several thousand ballots will have to be rescanned and manually reviewed.
Throughout the day Tuesday — and continuing into Wednesday — federal and state officials stressed on conference calls with reporters, social media and in public appearances that the tallying of votes remains incomplete and unofficial. One senior CISA official warned that the websites where counties and states report their unofficial results are susceptible to crashing under legitimate user demand, defacement attacks, denial-of-service attacks and disinformation from a range of actors, including candidates and political parties.
But, the official said, a slow vote-tallying process should not cause for alarm.
“Officials are working to get an accurate count. Gotta preach patience,” the official said.
Later Wednesday, CISA Director Chris Krebs released a statement praising the work of state and local election officials following the first presidential election since voting systems were designated as federally protected critical infrastructure in 2017.
“Importantly, after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies,” Krebs said. “We are only here because of the hard work of state and local election officials and private sector partners who have focused efforts on enhancing the security and resilience of elections.”