The U.S. Federal Bureau of Investigation today announced a new policy in which they will now notify state and local officials of cyber intrusions that affect election infrastructure.

By infrastructure, the FBI means electronic voting machines, various electronic devices used in various states to allow people to vote electronically instead of filling in a paper ballot.

The FBI noted that the use of electronic voting machines has “the potential to cause significant negative impacts on the integrity of elections.” The bureau also said mitigation of such incidents often hinges on timely notification.

“The FBI’s new policy recognizes the necessity of notifying responsible state and local officials of credible cyber threats to election infrastructure,” the bureau said in a statement today. “Each state has a designated person to serve as its chief state election official with ultimate authority over elections held in the state, which often includes certifying election results.”

The new policy comes after ongoing concerns in relation to “hacking” of U.S. presidential elections, be it that much of the alleged “hacking” doesn’t actually constitute actual digital hacking.

In July, the U.S. Department of Homeland Security warned state officials to be cautious of phishing attempts that target local and state election officials. The U.S. federal election voting system, nearly uniquely in the western world, is run at a local and state level with no federal oversight.

The DHS warning noted that the U.S. decentralized voting system is especially vulnerable to emails that can trick unsuspecting workers into providing access to elections databases. “We know that phishing is how a significant number of state and local government networks become exploited,” Geoff Hale, director of the DHS Election Security Initiative, said at the time. “Understanding your organization’s susceptibility to phishing is one of the biggest things you can do.”

The warning was not without precedent. Various reports have outlined attempted and successful attempts to hack and steal data during the 2016 election and 2018 midterms, which saw both sides of the political spectrum targeted. A report in 2017 found that 39 states had been targeted by Russian hackers with incursions into voter databases and software systems used by election officials.

“The new policy is informed by existing FBI policies surrounding cyber incident notification thresholds and cyber victim notification in general,” the bureau added. “The new policy, however, provides updated and additional guidance on the timely dissemination of notifications and/or threat reporting; the protection of victim information and disclosures; and coordination between FBI and other agencies in regard to election security for maximum impact.”

Photo: Santeri Viinamäki/Wikimedia Commons