When Election Day bomb threats were received in key swing states last November, Pennsylvania’s top elections officials were ready, thanks to warnings from an arm of the Department of Homeland Security.
Late in the day, similar threats started pouring in, ultimately hitting at least 32 counties. But local officials knew the threats were likely not credible, thanks to information shared by the Cybersecurity and Infrastructure Security Agency that the threats had originated in Russia.
York County election officials, armed with CISA’s assessment, kept their offices open while law enforcement agents used bomb-sniffing dogs to sweep for threats. The county finished its vote counting that night.
“ CISA were very valuable to our state and to other states,” Secretary of State Al Schmidt told Pennsylvania senators during an appropriations hearing Thursday. “They have a national and global perspective when it comes to cyber security risks and all the rest that each individual state can’t do on its own.”
Now, Schmidt is waiting to learn whether the federal agency will be shuttered. The work of CISA’s Elections Security and Resilience Division has been paused by the Trump administration at least until early March pending a review of the agency’s work.
“The agency is undertaking an evaluation of how it has executed its election security mission with a particular focus on any work related to mis-, dis-, and malinformation,” according to a statement by Department of Homeland Security Assistant Secretary Tricia McLaughlin. “While the agency conducts the assessment, personnel who worked on mis-, dis-, and malinformation, as well as foreign influence operations and disinformation, have been placed on administrative leave.”
That includes 10 regional election security advisers who worked for the field operations division, not disinformation or foreign influence, according to the AP.
Driving the Trump administration’s actions are lingering resentment over the agency’s role in defending the integrity of the 2020 election. In her confirmation hearings last month, Homeland Security Secretary Kristi Noem echoed Project 2025 critiques of CISA’s fact checking operations four years ago that contradicted several of Trump’s false statements about election fraud. Under Noem, the DHS has removed the agency’s “rumor control” page where the fact checks were posted.
Concerns widespread
Pennsylvania’s top elections agency hopes the Trump administration will see how valuable CISA’s elections work is to local jurisdictions and will continue to fund it, Jonathan Marks, deputy secretary for elections and commissions under Schmidt, told the senators on Thursday.
The National Association of Secretaries of State wrote a letter to new Noem on Friday, supporting the role of CISA and asking for its work to continue.
“Information technology systems related to election administration have long been targeted by sophisticated cyber threat actors including nation-state and cybercriminal groups,” the letter states. “CISA’s prioritized services help election entities defend against these national security threats.”
Local elections officials around the country are very concerned about the cuts to CISA and other federal agencies, said Tammy Patrick, CEO of the National Association of Election Officials.
“Our elections were already under-resourced prior to the removal of this critical support, and this will simply exacerbate the problem,” Patrick said.
An information sharing network
Weeks before Trump took office in January 2017, the outgoing administration of Barack Obama designated election infrastructure as critical infrastructure, opening up a line of federal support for local agencies, especially around security assistance and information sharing.
Since running elections is the responsibility of states, all local or state coordination with CISA or use of their services is voluntary. Going into the 2024 elections, CISA and its Election Infrastructure Information Sharing and Analysis Center, or EI-ISAC, was working with over 3,500 partners, the vast majority being local governments.
In announcing the review of CISA’s work, the Trump administration is also reviewing EI-ISAC, with a decision about continued federal funding also slated for early March.
“ If they turn that system off, that would be a huge loss of information for threat assessments that election officials could use for their own systems,” said Kim Wyman, a former Republican Secretary of State in Washington who served as a senior election security advisor for CISA under President Biden.
When a county in one state notices a possible security threat, such as web traffic originating from Iran, they report that up through EI-ISAC. CISA then coordinates the federal investigation into that behavior and flags it for all other members so they can watch for similar security concerns.
That’s exactly what happened with the bomb threats last November. Officials in Georgia and other swing states notified their federal law enforcement partners, who then researched in real time and made the findings public within hours.
Conversely, when federal security agencies detect cyber security threats, EI-ISAC is used to communicate warnings to jurisdictions around the country. Sometimes, the information is shared directly with the public.
In October, a video went viral of a man supposedly destroying ballots meant for Trump in Bucks County. It was a fake, made in Russia and meant to undermine trust in the democratic process, according to a joint statement from the Office of the Director of National Intelligence, the FBI and CISA.
“They have a national and global perspective when it comes to cyber security risks and all the rest that each individual state can’t do on its own,” Schmidt said. “There has to be a federal partner with that perspective with those resources to make states and counties aware of efforts to compromise the integrity of their voting system, whether it’s cybersecurity or physical security in nature.”
The Trump administration is also shuttering other federal efforts to counter foreign influence in U.S. elections. It fired members of the FBI’s Foreign Influence Task Force, which a Government Accountability Office report from 2020, under Trump’s first term, said had a key role in election infrastructure.
When that team identified foreign influence operation to sow division through disinformation, it worked with CISA to respond. The agency also worked with media companies to remove posts generated by foreign operations as violations of sites’ service terms, though disinformation from domestic actors were protected by constitutional guarantees of free speech.
During Thursday’s appropriations hearing, state Sen. Vincent Hughes, D-Philadelphia, said he worried that the Trump administration’s actions were putting the state’s election systems in immediate harm’s way.
Schmidt reassured Hughes at the hearing. Later, he told WITF, “ Our election security infrastructure is as strong as it’s ever been.”
He noted that CISA’s importance is in its threat response and coordination role.
Hit counties in their pocketbooks
Federal cuts to the agencies will also hit counties in their pocketbooks, or require them to give up digital security tools, Wyman said.
EI-ISAC helps smaller jurisdictions acquire security technology that would otherwise require dedicated IT staff. These services are provided to counties for free or at greatly reduced costs to EI-ISAC.
For now, those services remain ongoing, Patrick said. State and local governments do not have the resources and defenses necessary to protect elections from foreign governments without federal involvement, Patrick said.
“Our foreign adversaries, those who seek to destroy democracy and free and fair elections, have not gone away,” Patrick said. “Their attacks will only increase in number and sophistication.”
Read more from our partners, WITF.
