Election Security and Integrity
Election security encompasses the technical, administrative, legal, and procedural safeguards that protect the integrity of electoral processes from interference, manipulation, error, and fraud. This page covers the federal and state frameworks governing election security, the specific threat categories election officials address, the structural tensions between access and security, and the documented mechanics of how security standards are set and enforced. The topic spans election administration and oversight, federal statute, and the operational practices of more than 8,000 election jurisdictions across the United States (EAC, 2022 Election Administration and Voting Survey).
- Definition and scope
- Core mechanics or structure
- Causal relationships or drivers
- Classification boundaries
- Tradeoffs and tensions
- Common misconceptions
- Checklist or steps (non-advisory)
- Reference table or matrix
Definition and scope
Election security refers to the set of measures that ensure votes are cast by eligible voters, recorded accurately, counted correctly, and that the results are certified through a tamper-evident process. The U.S. Election Assistance Commission (EAC) defines election security as encompassing physical security, cybersecurity, procedural integrity, and personnel security as overlapping domains rather than separate concerns (EAC, HAVA Security Guidelines).
The scope of election security in the United States is shaped by its decentralized structure. Under Article I, Section 4 of the U.S. Constitution, states retain primary authority over the time, place, and manner of federal elections, subject to congressional override. This means that security standards, equipment certification requirements, and audit mandates differ across all 50 states, plus the District of Columbia and U.S. territories. The Help America Vote Act of 2002 (52 U.S.C. § 20901) established minimum federal floors — including provisional balloting requirements and the creation of the EAC — but left implementation largely to state discretion.
Federal involvement in election security has grown substantially since the Department of Homeland Security designated election infrastructure as critical infrastructure in January 2017, placing it in the same protective category as power grids and financial systems (DHS, Critical Infrastructure Sectors). The Cybersecurity and Infrastructure Security Agency (CISA) now serves as the primary federal partner for state and local election officials on cyber and physical threats.
Core mechanics or structure
Election security operates across four interdependent layers:
1. Voter registration system security. Statewide voter registration databases, mandated by HAVA at 52 U.S.C. § 21083, are networked systems that must be protected against unauthorized access, deletion, or manipulation. CISA's #Protect2020 Strategic Plan identified voter registration infrastructure as a primary target of foreign adversary reconnaissance operations.
2. Voting system security. Voting systems — including ballot-marking devices, optical scanners, and direct-recording electronic (DRE) machines — are tested against Voluntary Voting System Guidelines (VVSG) issued by the EAC. The VVSG 2.0, adopted by the EAC in February 2021, introduced software independence requirements mandating that any error or manipulation in software be detectable without reliance on the software itself (EAC, VVSG 2.0).
3. Physical security. This layer covers chain-of-custody procedures for ballots and voting equipment, access controls at polling places and tabulation centers, and the secure storage of election materials before and after elections. The electronic voting machines and paper ballots framework explains how paper audit trails serve as a physical security backstop against electronic manipulation.
4. Post-election auditing. Risk-limiting audits (RLAs) are a statistically grounded method for confirming that reported outcomes match the paper record. As of 2023, at least 18 states had statutes authorizing or requiring RLAs (Verified Voting Foundation, RLA tracker). The election audits explained page covers RLA mechanics in detail.
Causal relationships or drivers
The primary drivers of election security policy fall into three categories: documented threat activity, legislative responses to perceived failures, and litigation-driven standards.
Foreign interference operations. The bipartisan Senate Intelligence Committee report on the 2016 election cycle found that Russian government actors targeted election infrastructure in all 50 states, with active scanning of voter registration systems and successful intrusions into systems in at least 2 states (Senate Intelligence Committee, Vol. 1, 2019). This finding directly drove expanded CISA engagement and federal funding through the Help America Vote Act grants administered by the EAC.
Equipment age and underfunding. The EAC's 2020 Election Administration and Voting Survey documented that jurisdictions in 31 states were still using voting equipment purchased before 2010, equipment that predates modern cybersecurity standards. Federal Election Security grants — $380 million appropriated in fiscal year 2018 under the Consolidated Appropriations Act and an additional $425 million in fiscal year 2020 — were directed partly at equipment replacement (EAC, HAVA Election Security Funds).
Post-2020 litigation and audit activity. Legal challenges to the 2020 presidential election results in Arizona, Georgia, Michigan, Nevada, Pennsylvania, and Wisconsin — nearly all of which were dismissed by courts — produced secondary pressure for more transparent audit procedures. The election recounts how they work and contested elections and legal challenges pages address the procedural landscape those challenges exposed.
Classification boundaries
Election security overlaps with but is distinct from adjacent concepts:
Election security vs. election fraud. Election security is a systemic and infrastructural concept — it describes protections built into processes and systems. Election fraud is a legal concept describing individual or organized criminal acts. Conflating the two leads to category errors: a jurisdiction can have strong security infrastructure while still prosecuting isolated fraud cases, and vice versa.
Election security vs. voter suppression. Security measures such as voter ID laws by state, signature matching, and voter roll maintenance can reduce unauthorized participation. Voter suppression refers to measures that disproportionately restrict the participation of eligible voters, often along racial or demographic lines — a separate legal and constitutional analysis governed in part by the Voting Rights Act (52 U.S.C. § 10301).
Federal vs. state jurisdiction. CISA provides voluntary services — threat intelligence, vulnerability scanning, incident response — but cannot compel state adoption of any security standard. Mandatory federal standards apply only where statute explicitly requires them, primarily through HAVA's voting system and voter registration database provisions.
Tradeoffs and tensions
Election security generates four documented structural tensions that appear in policy debates, legislation, and litigation across the United States.
Security vs. accessibility. Stronger authentication requirements at the point of voter registration or voting can reduce the risk of unauthorized participation but may simultaneously reduce participation rates among eligible voters who lack required documentation. The 15th, 19th, 24th, and 26th Amendments, as well as the Voting Rights Act, establish constitutional and statutory floors below which access restrictions cannot go. The voting rights act overview addresses this tension in legal terms.
Transparency vs. tamper-evidence. Open-source voting software allows independent security researchers to identify vulnerabilities but also provides adversaries with the same visibility. Proprietary systems limit external scrutiny while potentially obscuring undiscovered flaws.
Speed vs. accuracy. Election night reporting creates public pressure for rapid results, but thorough post-election auditing and the processing of absentee voting and mail-in ballots require time. Jurisdictions that began counting mail ballots only after Election Day polls closed — a practice prohibited before 2020 in states like Pennsylvania — produced multi-day result delays that fed disinformation narratives.
Decentralization vs. standardization. The 8,000-plus jurisdictions model distributes attack risk — compromising one county does not compromise the national result — but makes uniform security standard adoption structurally difficult and resource-intensive for smaller jurisdictions.
Common misconceptions
Misconception: Voting machines are connected to the internet during elections.
Certified voting systems in the United States are not designed for internet connectivity during voting. VVSG 2.0 requires that certified systems meet software independence and auditability standards that presuppose an air-gapped operational environment. CISA's election security advisories explicitly address internet-connected equipment as a configuration error rather than a design feature (CISA, Election Infrastructure Security Resource Guide).
Misconception: Paper ballots are more secure than electronic systems by default.
Paper ballots are a necessary audit backstop but are not inherently more secure without proper chain-of-custody procedures, secure storage, and reconciliation processes. Ballots that are improperly sealed, transferred without witness logs, or stored in accessible locations can be tampered with as readily as electronic systems that lack access controls.
Misconception: Election audits are triggered only when results are close.
Risk-limiting audits are designed to be conducted regardless of margin. The statistical methodology scales sample size based on the margin of victory — wider margins require fewer ballots sampled — but the audit obligation is not contingent on closeness. Margin-triggered audits are recounts, a distinct procedure addressed on the election recounts how they work page.
Misconception: The federal government certifies election results.
No federal agency certifies the outcome of presidential or congressional elections. Certification is a state function performed by state canvassing boards or equivalent bodies, followed by gubernatorial or secretary of state sign-off. The election results and certification process page maps this process in full. The federal role is limited to counting electoral votes under the Electoral Count Reform Act of 2022 (Pub. L. 117-328, Division P).
Checklist or steps (non-advisory)
Components of an election security review cycle as documented by CISA's Election Infrastructure Information Sharing and Analysis Center (EI-ISAC):
- Pre-election infrastructure assessment — Inventory of all networked systems connected to voter registration databases, election management systems, and public-facing election websites; identification of open ports and unpatched software.
- Voting system logic and accuracy testing — Pre-election testing of voting equipment against known ballot configurations, required in all 50 states under varying statutory timelines.
- Physical security protocols established — Tamper-evident seals applied to voting equipment, access logs initiated, chain-of-custody documentation for ballot materials.
- Poll worker and administrator training completion — Training records documenting that staff have reviewed procedures for handling provisional ballots, equipment failures, and security incidents.
- Election day incident reporting procedures active — Communication channels between jurisdiction, state, and CISA operational center confirmed; known chain of contact for cybersecurity incidents documented.
- Post-election ballot reconciliation — Comparison of ballots cast (poll books) against ballots counted; identification and resolution of any discrepancies before certification.
- Audit execution — Statistical or full-hand count audit conducted according to state statute; results documented and made publicly available.
- After-action documentation — Incident reports filed, equipment returned to secure storage, lessons-learned documentation prepared for the next election cycle.
For a broader orientation to election administration structure, the home page of this resource provides navigation to the full scope of election topics covered.
Reference table or matrix
Federal and State Election Security Framework — Key Components
| Layer | Federal Standard / Authority | State Implementation Variance | Primary Reference |
|---|---|---|---|
| Voter registration databases | HAVA § 303 (52 U.S.C. § 21083): statewide, computerized, interconnected | Data retention, access control policies vary by state | EAC HAVA Requirements |
| Voting system certification | VVSG 2.0 (EAC, adopted Feb. 2021): software independence, auditability | 47 states use EAC-certified systems; 3 states maintain independent certification programs | EAC VVSG 2.0 |
| Post-election auditing | No federal audit mandate; CISA recommends RLAs | 18+ states authorize or require RLAs; others use fixed-percentage or full recounts | Verified Voting RLA Tracker |
| Cybersecurity assistance | CISA EI-ISAC: voluntary threat intelligence, vulnerability scanning | Participation voluntary; as of 2023, 3,400+ election offices enrolled in EI-ISAC | CISA EI-ISAC |
| Federal funding | HAVA Election Security Grants: $380M (FY2018), $425M (FY2020) | Distributed to states by EAC; states determine sub-granting to local jurisdictions | EAC HAVA Security Funds |
| Physical chain of custody | No federal standard; HAVA provisional ballot rules create minimum handling requirements | State and county-level chain-of-custody statutes vary significantly | EAC Election Management Guidelines |
| Foreign interference response | Executive Order 13848 (2018): sanctions framework for election interference | State roles limited to hardening infrastructure; federal law enforcement handles attribution | ODNI, Foreign Threats to Elections |