Cybersecurity Measures Behind the 2024 U.S. Elections

Cybersecurity Trends


This year, public and private sector efforts to protect the election have grown more sophisticated.

Together, they aim to meet the complex and persistent threats posed by ransomware groups, foreign intelligence agencies, and other malicious actors. In this article, we dive into some of the technical measures being implemented to secure the election as well as the specific threats law enforcement agencies are currently battling.

Technical Safeguards to Secure the Vote

1. Blockchain Verification
End-to-end encryption has long been a baseline for sensitive data, and this year, it’s been joined by blockchain verification for certain audit trails. In select pilot programs, officials are using blockchain as an additional layer of assurance. Blockchain enables a decentralized, immutable ledger of votes, ensuring that every ballot cast is verifiable and tamper-resistant. At the moment, this is not a broad solution—it’s implemented at targeted points where election data integrity is most vulnerable.

For example, Georgia’s 2024 pilot program, "United Space," utilizes blockchain to verify voting results in a select number of counties. By using blockchain, election officials gain a powerful tool for post-election audits, minimizing the risk of vote tampering without compromising voter privacy.

2. Network and Infrastructure Security
Election security doesn’t stop at the ballot; the infrastructure supporting the process is equally critical. In key swing states like Arizona, election officials have adopted a zero-trust security model for their infrastructure, meaning that even internal devices and users must be verified before accessing sensitive systems. As a result, election staff in Arizona now work within a secure VPN with multi-factor authentication, ensuring that only vetted personnel have access. In addition, CISA has deployed sophisticated DDoS protection tools in collaboration with Cloudflare to prevent DDoS attacks that could disrupt online voting systems or other election-related web resources.

3. Cyber Hygiene and Training for Election Officials
Law enforcement and federal agencies have recognized the importance of basic cyber hygiene among election officials. In a recent briefing, CISA’s director Jen Easterly emphasized that there is a limit to what can be achieved through purely technical measures as election security depends heavily on the cybersecurity literacy of everyone involved.

In Pennsylvania, a cybersecurity training initiative specifically for election staff emphasized phishing resistance and MFA adoption. In previous elections, weak passwords and a lack of basic cyber hygiene exposed vulnerabilities. By mandating MFA and offering phishing simulations, Pennsylvania aims to reduce insider risks and strengthen defenses against common attack vectors. In a recent survey, over 90% of the participating officials confirmed they had completed at least one phishing simulation, signaling progress in this area.

4. Continuous Monitoring and Threat Detection
The use of AI and machine learning has expanded significantly, with tools designed to detect anomalies across networks and applications. CISA and other agencies now deploy advanced threat monitoring that leverages real-time data analysis to identify unusual behaviors, potential malware, or unauthorized access attempts. These systems scan for anything out of the ordinary, triggering alerts and automated responses. The speed and precision of these tools allow election officials to respond to potential threats before they can escalate.

CISA’s “Albert Sensors” system, for example, developed as part of the Multi-State Information Sharing and Analysis Center (MS-ISAC), monitors traffic across election-related systems in real-time. Deployed in dozens of states, these sensors detect unusual activity, from unexpected file downloads to suspicious IP addresses attempting access. In Wisconsin, for instance, Albert Sensors detected and flagged an influx of traffic from suspicious foreign IPs just weeks before the 2022 midterm elections, leading to rapid defensive measures and heightened monitoring for potential election-day interference.

Threats on the Radar for 2024

1. Ransomware and Data Tampering Threats
A significant threat this year is the potential for ransomware attacks on voter databases and communication channels. In one case, LockBit, notorious for attacks on government infrastructure, has reportedly shifted focus to critical election-related systems. LockBit’s ransomware has been identified in probes against voter registration databases in multiple states, according to the FBI. By encrypting key files, ransomware like LockBit could disrupt voter verification. In response, many states are taking preemptive measures, such as maintaining offline backups of voter databases and coordinating rapid-response protocols to restore data access in case of an attack.

2. Misinformation and Deepfake Content
The rise of AI-generated content has made it easier than ever to create and spread misinformation. Social media platforms and cybersecurity firms are collaborating to monitor and flag deepfake content, especially during the critical election period. Using AI models trained to recognize manipulated content, Meta’s systems have detected and removed thousands of fake accounts posting AI-generated misinformation during the primaries. For instance, a recent deepfake video purporting to show a prominent candidate making false claims about election procedures was quickly flagged and removed.

3. Foreign Interference and Cyber Espionage
Foreign interference remains a constant threat, with state-sponsored groups known for election meddling maintaining active cyber operations. Intelligence agencies have flagged activity from advanced persistent threats (APTs) associated with countries like Russia, China, and Iran, known to use cyber espionage to influence or disrupt elections. This interference typically targets email servers, internal communications, and other sensitive election systems. Recent intelligence from the DHS and NSA indicates an uptick in activity from Russia’s Fancy Bear (APT28) and China’s APT41—groups notorious for election meddling. These actors have been observed targeting email systems and communication channels within local election offices, attempting to intercept information on election day procedures.

4. Insider Threats and Advanced Persistent Threats
Although external threats tend to capture the headlines, insider threats also pose risks. This year, agencies have strengthened insider monitoring tools and protocols. Advanced persistent threats which are designed for stealthy, long-term infiltration, are also on watchlists. These threats can remain dormant until close to election time, making them particularly dangerous. In a recent incident, a contract employee working for a state election office in Florida attempted unauthorized access to voter data. In response, Florida has implemented behavior-based anomaly detection systems to flag suspicious access patterns or unusual data queries.

The Bottom Line: Vigilance and Coordination

The security of the 2024 U.S. elections relies on layered defenses that address threats from multiple angles. From blockchain audits to continuous network monitoring, each technical measure is tailored to specific vulnerabilities in the voting ecosystem. However, the ongoing and collaborative nature of these defenses is perhaps their most critical strength. With constant coordination between government agencies, law enforcement, and private cybersecurity firms, the United States is better prepared than ever to face cyber threats to the democratic process.



About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.