The Election Will Still Go on, Even if Hackers Attack

5 minute read

With cybersecurity researchers raising the specter of a cyber attack on Election Day, state and local officials are doubling down on a different message: no matter what, the final vote will be legitimate.

“If there’s one message we want be heard loud and clear, it’s that these elections will be fair,” Denise Merrill, the president of the National Association of Secretaries of State and the Secretary of State of Connecticut, told TIME. “It might take longer to count every vote, there might be more hurdles, but it’ll be fair.”

In the event that hackers attack voting systems, state and local officials have paper-based back-up plans in place, she said.

In the event that hackers shut down larger targets, like parts of the power grid, government buildings, electrical facilities, water systems, street lights, dams or bridges, all of which are now connected to the internet, state and local election officials can implement other contingency plans, election officials told TIME.

While each state’s laws are a little different, all have legislation that allows an official—a governor, state Secretary of State, or local election clerk—to move, extend, or postpone voting in case of emergency.

In Ohio, for example, there is no statewide emergency plan, but all 88 county boards of elections have the power to switch to paper ballots or relocate polling places. In Pennsylvania, county boards can also move polling places and common pleas judges can suspend and delay voting in cases of “natural disaster or emergency.”

In New York, if less than 25% of registered voters in a given town or region are able to vote due to any kind of emergency, a county board of elections or the Secretary of State can postpone the election for another date within 20 days. The state used that option in New York City after the terrorist attacks on September 11 disrupted a primary election.

Terrorist groups like al-Qaeda and the Islamic State have also threatened violence on Election Day, causing three states to take extra security precautions. New York City, which will host election night events by both Hillary Clinton and Donald Trump at venues just a couple miles apart, will have a heightened police and security presence.

Idan Udi Edry, the CEO at Nation-E, which works on securing large and small scale infrastructure projects, told TIME there’s “reason to believe” hackers are eyeing “a bigger attack on U.S. critical infrastructure, including the U.S. power grid.” Such an attack, he added, would be “unbelievably destructive,” take weeks to fix, and cause a great deal of chaos on and after Election Day.

Jonathan Butts, a retired Air Force officer and founder of the cybersecurity firm QED Secure Solutions, confirmed that the possibility of such an attack is real, in part because large infrastructure projects are not well secured. “It’s definitely true that someone could create a lot of harm, financial harm and harm to national security, with relatively little technical ability,” he told TIME. “You could shut down a building, open a draw bridge for train, shut a draw bridge for boats, things of that nature.”

For now, several cybersecurity researchers said the most likely type of attack on Election Day this year is relatively superficial: an effort designed to peddle misinformation or undermine the legitimacy of the election results in the public eye.

For example, hackers could fairly easily undermine a Secretary of State’s website, where a state’s voter tallies are reported, a media outlet’s website or a reporter’s Twitter feed, in order to push false information about a candidate or early election results. Hackers could also plant misleading information about a candidate on Election Day morning, allowing rumors to spread before media outlets and officials could fact-check and dismiss false claims.

Such an attack wouldn’t necessary “rig” the election in the traditional sense, but it would sow the seeds of uncertainty. The same is true of attacks on voter-registration data bases or other government websites. Earlier this year, hackers breached databases in Arizona and Illinois.

Neither voter databases nor state websites play any role in tabulating or transmitting ballot information on Election Day, and all 50 states, in addition to Washington, D.C., Puerto Rico and Guam, keep back-up paper print outs of voter rolls. No state uses voting machines that are connected to the internet, and nearly every county tabulates and transmits voter tallies by hand, using thumb drives or paper print-outs. As a result, even if hackers succeeded in compromising a single precinct or county, it would be very difficult to tamper with the final results of an election, said Merle King, the executive director for the Center for Election Systems at Kennesaw State University.

The federal Department of Homeland Security has already run “cyber hygiene” scans and vulnerability assessments on the elections systems in 46 states, according to the National Association of Secretaries of State. DHS is also encouraging state and local election officials to report incidents of suspected hacking, so they can share suspicious IP addresses or tactics in the days before Election Day.

Merrill, the president of NASS, said state and local election officials were “taking every threat very seriously,” and asked that Americans do their civic duty as well and come out to vote on Nov. 8. “If people lose confidence in our voting system for any reason,” she said, “that is the most dangerous thing.”

More Must-Reads from TIME

Write to Haley Sweetland Edwards at haley.edwards@time.com