Defending Elections from Cyberattacks: A New US Information Security Strategy

15 May, 2021    ·   5768

Pieter-jan Dockx details Washington’s four-pronged approach to protect the digital integrity of the 2020 presidential election

Pieter-jan Dockx
Pieter-jan Dockx
Researcher, Centre for Internal and Regional Security (IReS)

In 2016, the US presidential election fell victim to Russian information warfare. In an effort to influence the outcome, Kremlin-backed hackers stole and leaked compromising documents from the Clinton campaign. This material was then spread on social media by Russian bots as part of a broader campaign to delegitimise the presidential candidate. Russian intelligence also breached digital election infrastructure to cast doubt on the integrity of the election process. More recently, during the 2020 presidential election, foreign adversaries again attempted disruption. However, as a result of a new election security strategy, these attacks only resulted in minor incidents.

Cyber Defences

The first aspect of Washington’s four-pronged strategy focused on bolstering the election’s cyber defences. In 2016, state and local election authorities were faced with insufficient resources, leaving them with legacy voting equipment and outdated software vulnerable to attacks. Arguably, an even bigger issue was the lack of coordination between the various actors responsible for securing election infrastructure. With the responsibility scattered across the local, state, and federal levels, election officials were often ill-informed about the correct reporting authority.

To address these concerns, the US Congress approved funding for election jurisdictions to upgrade their defences. The Department of Homeland Security also designated election infrastructure as critical infrastructure, unlocking additional funds and giving it the authority to enhance communication mechanisms. It further set up a centralised hub to gather and disseminate intelligence on cyber threats to the elections.

Public Attribution

The US also increasingly started attributing cyberattacks and sanctioning its perpetrators, seeking to deter future election interference. The difficulty of pinning down the source of an intrusion is inherent to the cyber realm. Attackers use various obfuscation techniques to hide their locations and identities, or even outsource their operations entirely. As a result, governments have generally been reluctant to publicly call out and act against cyber actors.

Yet, 2016 was a turning point. In the run-up to the 2020 election, Washington turned to ‘naming and shaming’ and sanctions. One month before the election, the US sanctioned six Russian state-backed hackers accused of interfering in the 2016 US election, causing blackouts in Ukraine, and attacking the Georgian Parliament. Sanctions were also imposed on another Russian hacking group responsible for targeting a Saudi oil refinery in 2017. In 2018, the Mueller investigations had already led to the indictment of 12 Russian intelligence officers responsible for hacking the Clinton campaign.

Defend Forward

Third, Washington used its ‘defend forward’ cyber strategy to protect the elections. This strategy allows the US to carry out pre-emptive cyber operations to secure its digital infrastructure. These offensive actions could be used to gather intelligence, send a message, or impose costs on foreign adversaries looking to attack American infrastructure.

The US Cyber Command, responsible for offensive cyber actions, conducted various forward operations in defence of the 2020 election. It deployed teams to places like Ukraine to gather intelligence on the latest hacking tools and adversary techniques of adversaries, which in this case was Russia. This information was not only used within government but at times also disclosed publicly to further undermine foreign actors’ capabilities.

Arguably, the most eye-catching campaign was the pre-emptive strike against TrickBot—a for-hire network of over a million computers used to carry out cyberattacks. Washington suspected that the network, allegedly controlled by Russian cybercriminals, could be used by the Kremlin to target the elections. Hence, one month before the elections, Cyber Command hacked it to disrupt operations.


Finally, under pressure from Washington, social media platforms also took measures to limit the spread of misinformation and disinformation. In 2016, platforms such as Facebook and Twitter were key to Russia’s influence operations; they used the websites to amplify their anti-Clinton messages. Nonetheless, social media companies remained reluctant to address the issue.

To force the platforms into action, legislators especially took aim at section 230 of the Communications Decency Act. The statute is crucial to company operations as it provides them legal immunity for the content posted on their websites. In the run-up to the 2020 election, a growing number of lawmakers from both parties called for the legal shield’s repeal.

As a result, these companies increasingly implemented policies to limit the spread of disputable election information. They de-amplified questionable content through their algorithms, reduced user ability to share these posts, and banned political ads. Twitter even blocked a New York Post article discrediting Joe Biden’s son from being shared on the platform altogether—an effective but widely criticised measure for which the company later apologised.


Russia’s meddling in the 2016 presidential election was a wake-up call for the US. By strengthening its digital defences, calling out hackers, conducting offensive operations, and tackling disinformation, they successfully protected the 2020 election’s information space. Yet, as adversary operations continue to grow in complexity, Washington’s policies will have to adapt. The four-pronged approach it took in the run-up to 2020 will form a blueprint for this evolving strategy.