A survey of 136 state and local government leaders in the U.S. published today finds nearly half (47%) expect to see an increase in the number of cybersecurity incidents involving elections in 2024.

Conducted by the Center for Digital Government on behalf of Arctic Wolf, a provider of managed cybersecurity services, the survey also found more than half of respondents are either somewhat or unprepared to respond to these threats.

In fact, more than a third (36%) reported their current cybersecurity budget is inadequate to address their concerns.

Overall, the top threats identified are misinformation campaigns (51%), phishing attacks aimed at election officials (47%) and hacking of election infrastructure (46%), the survey found.

Arctic Wolf CISO Adam Marrè said cybersecurity issues in a presidential election cycle are going to undoubtedly be more challenging than they were four years ago. Thanks to advances in generative artificial intelligence (AI), it will be more difficult than ever to identify misinformation that might, for example, include a video showing that a specific polling place is shut down, he noted.

Election officials need to make sure they are proactively communicating with voters via approved communication channels that are well known, added Marrè. Otherwise, too many voters will fall victim to social engineering campaigns that are specifically designed to mislead the electorate, he noted.

In addition, local election officials would be well advised to work with Cybersecurity and Infrastructure Security Agency (CISA) or their local National Guard to review their cybersecurity best practices, said Marrè. At the same time, election officials can enlist the aid of cybersecurity service providers as well as cybersecurity professionals willing to volunteer their time and expertise, he added.

Fundamentally, election officials need to put backup plans in place to ensure the integrity of the election process by, for example, conducting tabletop exercises that serve to educate everyone involved about the potential risks they face, said Marrè.

The tactics and techniques being employed by cybercriminals continually evolve, so even the most seasoned election official is likely to be surprised by how much havoc might be wrought. The most important thing is to have a set of well-defined strategies in place that enable election officials to respond adroitly despite the nature of the threat, regardless of whether it emanates from China, Russia or from within the U.S., noted Marrè.

Arguably, the most critical issue, given recent political history, is to ensure that nothing interferes with legitimate efforts to cast votes. A small percentage of votes can tip elections in swing states. A cybersecurity incident is not limited to attempts to change votes made using an electronic voting machine. Malicious actors are more adept than ever at combining cyberattacks with dirty tricks they have employed for decades to discourage voter turnout.

As in previous years, there’s little doubt that election integrity will be a subject of discussion long after the election is concluded. Regardless of the debate, every time a cybersecurity professional lends their expertise to securing election processes, they are, in no small measure, working to preserve nothing less than the democratic institutions upon which the U.S. was founded.