The Evolving Landscape of Election Security

The integrity of elections forms the bedrock of democratic governance. As threats to electoral systems grow more sophisticated—spanning cyberattacks, disinformation campaigns, and physical tampering—states across the United States have taken increasingly layered approaches to safeguard every stage of the voting process. Election security is not a single technology or policy; it is a comprehensive ecosystem involving voting machines, voter registration databases, post-election audits, cybersecurity protocols, and the human element of trained election officials. While no system is perfectly impervious, the combination of proven practices and emerging innovations offers a robust defense. This detailed examination explores how different states are implementing security measures, what challenges remain, and which strategies are proving most effective in protecting the democratic process.

Core Components of Modern Election Security

Understanding election security requires a look at the fundamental elements that, together, create a resilient electoral framework. These components are interdependent and reinforce one another.

1. Voter-Verified Paper Records

Paper ballots remain the gold standard for election security. They provide a physical, auditable record that can be checked against electronic tallies. Nearly every state now requires a paper trail, either through hand-marked paper ballots or ballot-marking devices that produce a voter-verified paper audit trail (VVPAT). This ensures that even if software is compromised, a tangible record exists for recounting and auditing.

2. Pre-Election Logic and Accuracy Testing

Before any election, voting systems undergo thorough testing to confirm they are functioning correctly. Officials run test ballots through machines, check tabulation against known results, and verify that all components are secure. This process helps detect any malfunction or tampering before real votes are cast.

3. Post-Election Audits

Audits are the critical check on election outcomes. The most effective are risk-limiting audits (RLAs), which use statistical methods to examine a random sample of paper ballots. If the audit confirms the reported outcome, the results stand; if not, the audit expands until officials are confident in the result. Several states now mandate RLAs for at least some contests, while others conduct traditional audits that compare machine counts to hand counts of a fixed percentage of precincts.

4. Cybersecurity for Voter Registration Databases

Voter registration systems are a prime target for attackers seeking to disenfranchise voters or sow chaos. States employ multi-factor authentication, network monitoring, regular vulnerability scanning, and encryption to protect these databases. Many also conduct penetration testing and participate in information-sharing programs through the Cybersecurity and Infrastructure Security Agency (CISA).

5. Physical Security and Chain of Custody

From ballot storage to transportation to tabulation, strict chain-of-custody procedures are essential. Tamper-evident seals, surveillance cameras, and two-person rules are common. Poll workers are trained to secure equipment and report any anomalies.

State-by-State Examination of Security Measures

The patchwork of state election laws means that security implementations vary widely. Below is a detailed look at how several states have tailored their approaches, building on the original examples and adding additional perspectives.

California: A Leader in Risk-Limiting Audits and Accessibility

California has set a high bar for election security with a combination of legislative mandates and innovative practices. The state requires all voting systems to produce a paper record, and since 2019, it has conducted risk-limiting audits for all statewide elections. Counties are also encouraged to use ballot tracking to give voters real-time updates on their mail ballots. In 2021, the state launched the Voter’s Choice Act, which modernized voting by establishing vote centers and expanded mail voting while maintaining rigorous security checks, including signature verification and barcode scanning.

Key Security Features in California

  • Paper ballots are mandatory for all voting methods.
  • Risk-limiting audits are conducted for every statewide contest, with results published online.
  • Voter registration database is continuously monitored and subject to annual security assessments.
  • All voting systems must be certified by the Secretary of State after passing federal and state testing.
  • Mail ballot envelopes include unique barcodes for tracking and verification.

Texas: Emphasizing Paper Trails and Cybersecurity Training

Texas has focused on strengthening its voting infrastructure through legislative action and training. Following the 2020 election, the state passed Senate Bill 1, which introduced new security mandates. All voting machines must now produce a paper audit trail, and the state has invested heavily in training election officials on cybersecurity best practices. Additionally, Texas conducts periodic security assessments of its voting systems and has established an Election Security Task Force that includes state and local law enforcement, intelligence agencies, and the National Guard.

Key Security Features in Texas

  • Voting machines must provide a voter-verified paper audit trail (VVPAT).
  • Election officials must complete annual cybersecurity training certified by the Secretary of State.
  • Post-election audits compare a random sample of paper ballots to electronic results.
  • Voter registration database is connected to the Texas Department of Public Safety for real-time updates and fraud checks.
  • Poll watchers are permitted with clear rules to maintain order and prevent intimidation.

Florida: Investing in Infrastructure and Certification

After the controversies of the 2000 election, Florida has become a leader in election administration and security. The state requires all voting systems to be certified by the Florida Division of Elections, and it uses a statewide voter registration system that is regularly audited for accuracy. Florida also conducts post-election audits that include both a manual count of paper ballots and a comparison to machine totals. In recent years, the state has allocated significant funds to upgrade voting equipment and improve cybersecurity, including the adoption of end-to-end encryption for certain transmissions. Florida’s approach is notable for its transparency; audit results are publicly reported.

Key Security Features in Florida

  • All voting systems must be certified for security and accuracy before use.
  • Post-election audits include manual counts of paper ballots in randomly selected precincts.
  • Cybersecurity measures include network segmentation, intrusion detection, and regular penetration testing.
  • Voter registration data is cross-checked with motor vehicle and Social Security databases.
  • Early voting sites are required to have backup power and secured ballot storage.

Michigan: Paper Ballots and Robust Auditing

Michigan has emerged as a model for election security with a focus on transparency and verification. Following a successful pilot program in 2020, the state now requires all voting machines to generate a paper ballot that can be hand-counted. Risk-limiting audits were mandated for all statewide elections starting in 2022, and the state has invested in a statewide voter registration system with built-in security checks. Michigan also conducts pre-election logic and accuracy tests and publishes audit results online. The state’s Bureau of Elections works closely with the Department of Homeland Security and the Michigan State Police to monitor threats.

Key Security Features in Michigan

  • 100% paper ballot system with no direct-recording electronic (DRE) machines without a paper trail.
  • Risk-limiting audits are conducted for all statewide contests.
  • Voter registration database is tested regularly via vulnerability scanning and external audits.
  • Election officials receive mandatory cybersecurity training before each election.
  • Mail ballot tracking system provides real-time status to voters.

Pennsylvania: Modernization with a Focus on Audits and Training

Pennsylvania has taken significant steps to modernize its voting infrastructure. Under a 2019 directive, all counties were required to purchase voting systems that produce a paper record. The state also mandated post-election audits for every election, though these are traditional fixed-percentage audits rather than risk-limiting. In 2022, Pennsylvania launched a Voting System Security Certification Program that includes rigorous testing. Additionally, the state provides extensive training for county election directors and IT staff, covering topics such as phishing awareness, network security, and incident response. The U.S. Election Assistance Commission (EAC) has recognized Pennsylvania’s efforts as exemplary in several areas.

Key Security Features in Pennsylvania

  • All voting systems must include a voter-verified paper record.
  • Post-election audits are conducted in every county, with results published.
  • Election officials complete cybersecurity training developed by CISA and the state.
  • Voter registration database is connected to the Pennsylvania Department of Transportation for verification.
  • Polling places are required to have secure internet connections and physical security measures.

Georgia: Lessons from Recent High-Profile Elections

Georgia’s election security journey has been heavily scrutinized, leading to significant changes. The state now uses a statewide system of ballot-marking devices (BMDs) that produce a paper ballot. While this has sparked debate over the security of BMDs versus hand-marked paper ballots, Georgia has complemented its technology with robust auditing and voter ID requirements. Georgia also requires a risk-limiting audit for at least one contest each election cycle, and state law mandates that all voting machines undergo certification testing. The Georgia Secretary of State’s office has implemented continuous network monitoring and conducts regular tabletop exercises with county officials to simulate cyberattacks.

Key Security Features in Georgia

  • Ballot-marking devices generate a paper ballot that voters can review before casting.
  • Risk-limiting audits are conducted for selected races.
  • Voter registration database is audited regularly for duplicate or inaccurate records.
  • All election workers receive training on security protocols and chain of custody.
  • Absentee ballots require signature verification and can be tracked online.

Ohio: A Decentralized Model with Strong Local Control

Ohio’s election security relies on a decentralized approach with strong county-level administration. The state requires all voting machines to produce a paper record and conducts post-election audits in every county. Ohio also uses a statewide voter registration database with automated checks. A unique feature is the Ohio Election Security Board, which oversees security standards and responds to incidents. The state has invested in cybersecurity grants for counties to upgrade their systems, and it participates in the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) for threat intelligence.

Key Security Features in Ohio

  • Paper ballot requirement for all voting systems.
  • Post-election audits reviewed by the Secretary of State’s office.
  • County election boards must conduct security assessments annually.
  • Voter registration database cross-referenced with BMV and other state agencies.
  • Poll worker training includes security awareness and backup procedures.

Best Practices and Federal Frameworks

While states have flexibility, several best practices have emerged that are widely endorsed by cybersecurity experts and election officials. The CISA Election Security initiative provides guidelines that many states follow, including the implementation of the CIS Controls for election infrastructure. Key recommended practices include:

  • Paper-based, verifiable voting systems to provide an auditable record.
  • Regular risk-limiting audits as the most effective check on electronic results.
  • Cybersecurity hygiene such as multi-factor authentication, patching, and network monitoring.
  • Pre-election testing and post-election audits to ensure accuracy and security.
  • Robust voter registration database security with frequent audits and anomaly detection.
  • Information sharing through EI-ISAC and state fusion centers.
  • Public education and transparency to build voter confidence.

The EAC provides a voting system testing and certification program that sets national standards. States that adopt EAC-certified systems benefit from rigorous testing for security and usability. Additionally, the Help America Vote Act (HAVA) of 2002 provided federal funding for states to improve voting systems, and subsequent appropriations have continued to support security upgrades.

Ongoing Challenges in Election Security

Despite progress, significant challenges remain. Many states still operate with aging equipment that may be difficult to secure or lacks a paper trail. Funding for upgrades is often inconsistent and subject to political cycles. The 2020 election saw an unprecedented wave of disinformation that targeted election officials and eroded trust. In response, states have had to invest in communication strategies alongside technical defenses.

Another challenge is the human factor. While training has improved, the sheer volume of poll workers—many of whom are volunteers—means that security protocols are only as strong as the weakest link. Insider threats, both malicious and accidental, remain a concern. Finally, rapidly evolving threats such as quantum computing and AI-generated disinformation require constant adaptation. For example, sophisticated phishing campaigns could target election staff with highly realistic emails that bypass training.

Looking Ahead: The Future of Election Security

The future of election security lies in continued collaboration among states, federal agencies, and technology providers. CISA’s Election Security Initiative already offers free risk assessments, penetration testing, and incident response services to state and local election offices. Expanding these programs could help smaller jurisdictions with limited IT resources. Additionally, new technologies such as blockchain-based verification are being explored, though they remain controversial and untested for large-scale elections.

States are also moving toward universal availability of risk-limiting audits, with legislation pending in several to mandate RLAs for all contests. The Brennan Center for Justice and other nonpartisan organizations continue to advocate for stronger federal standards and funding. As threats evolve, so too must the strategies—voter confidence depends on a secure, transparent, and auditable process. The examples set by states like California, Michigan, and Florida demonstrate that with investment, training, and political will, election security can be significantly strengthened without compromising accessibility.

Ultimately, election security is not a destination but an ongoing process of vigilance. By sharing best practices, investing in infrastructure, and staying ahead of emerging threats, states can continue to protect the integrity of every vote cast.