Election Cybersecurity 101 Field Guide – Physical Security

CDT’s Election Cybersecurity 101 Field Guides are a series of short, simple, usable guides intended to help election administrators and staff better understand key concepts in cybersecurity.

Physical safeguards are an essential part of securing elections infrastructure. If left unsecured, elections infrastructure components (e.g., machines, memory cards, and ballot drop boxes) can be stolen, damaged, tampered with, or corrupted.

Although most cyber attacks are conducted remotely, cyber attacks may be initiated by someone gaining physical access to a voting machine. An attacker with physical access to a machine could insert a memory card or plug in a USB drive, installing malware and potentially altering vote counts on the machine. That malware could even infect other voting machines, including the final vote tabulator. Unique security challenges are posed by the public nature of polling places and the requirement that voters be able to use machines to cast a secret ballot.

The coronavirus pandemic may have introduced additional concerns about the functionality and availability of physical facilities. Some polling places may be locations that have been largely unused or uninhabited since the start of the pandemic, such as school buildings. Accordingly, systemic problems (like animals chewing through electrical systems) may have gone undetected, only to present themselves as the polling place is set up. These physical concerns may be just as disruptive to elections as remote attacks, so it is important that election officials have plans in place to mitigate them.

For additional takeaways and resources on this topic, check out the full field guide here.

For other field guides, more resources, and info on what CDT is doing to help election officials, check out our Election Security campaign.