Just weeks ago, a hacker group believed to be linked to pro-Iranian groups infiltrated Arizona’s online portal for political candidates, replacing some official candidate photos with images of Ayatollah Khomeini. State officials scrambled to secure the portal by troubleshooting and shutting down the site, but ultimately did not notify the Cybersecurity and Infrastructure Security Agency (CISA), stating that they believed the agency had become too “politicized and weakened” to respond effectively. With CISA’s leadership nomination currently pending and its future uncertain, this incident signals a deeper national concern: the growing vulnerability of election security in the absence of coordinated federal oversight.

That vulnerability was intensified by the federal agency’s own diminished capacity. The Trump administration froze CISA’s election infrastructure programs in February with no indication of reinstatement. Since then, the agency has lost nearly all of its top officials, including key advisors who specialize in election security, and the Department of Homeland Security (DHS) cut $135 million from CISA’s budget. Additionally, its contract with Lawrence Livermore National Laboratory to analyze national cyberthreat sensor data expired in July without renewal, leaving systems blind to incoming threats.

With the emergence of AI and its advancing capabilities, foreign actors are ramping up their cyber intrusions against U.S. infrastructure and federal systems. In 2016, Russian operatives accessed election systems and leaked stolen data. In 2020, Iranian actors used voter intimidation campaigns and targeted election-related websites. By 2024, Russian disinformation efforts evolved to include deepfake videos impersonating high-profile candidates, while Chinese influence operations targeted congressional campaigns that opposed Beijing’s interests. Meanwhile, the agency created to defend the United States from such threats is being dismantled from within. As CISA approaches its deadline to meet statutory requirements or face the expiration of its congressional mandate, the stability of national election infrastructure remains dangerously uncertain.

CISA’s Role

CISA was established in 2018 to centralize infrastructure protection, replacing a fragmented system where agencies like the FBI and DHS responded to threats without a unified strategy.  Today, this agency works with federal, state, and private partners to protect voter registration databases, systems that verify and display results, voting machines, storage facilities, and polling sites. Its work has helped transform cyber data into actionable intelligence.

The Cybersecurity and Infrastructure Security Agency’s booth is seen at the RSA Conference in San Francisco, Calif., in May 2024. CISA. (2024). Retrieved from Flickr.

Implications of a Future Without CISA

The erosion of centralized election security leaves the United States exposed to increasingly sophisticated cyber threats. Without a national entity coordinating responses and resources, election protection becomes fragmented. States are left to defend themselves with varying levels of technical capacity and funding, which are insufficient for many. One study found that only 22 out of the 48 states that it investigated have implemented cybersecurity measures that meet national standards. The lack of uniformity would make it easier for actors to exploit weaker systems, potentially compromising public confidence in the system or manipulating election outcomes.

Effective election defense should not rely on the individual strength of 50 separate systems; it depends on the seamless exchange of intelligence, rapid threat detection, and consistent communication between sectors. A downsized CISA weakens both national-level monitoring and collective preparedness. For instance, the termination of funding for the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) eliminated a vital tool for real-time information exchange. Without shared risk assessments and mitigation strategies, local election officials are left to navigate an increasingly complex threat environment without uniform support.

While state and local officials lose vital federal protection, foreign adversaries continue to innovate and adapt. Deepfake videos, AI-powered disinformation bots, and social media influence operations have become the standard tools in interference campaigns. Unlike traditional hacks, these techniques blur the line between digital manipulation and public opinion, which has become harder to detect and recover from. The current environment demands vigilance, yet the tools and systems that once bolstered national readiness are being steadily dismantled.

What’s Next?

To secure future elections, the U.S. government will need to do more than simply restore the functions of a single agency. Whether through CISA or a similar agency, future initiatives must focus on building a system that is insulated from political interference, equipped with the technical capacity to adapt to evolving threats, and trusted by state officials across the political spectrum.

DHS’s designation of election infrastructure as critical infrastructure affirmed that secure, fair elections are central to democratic governance. Federal efforts to dismantle the defense of these systems have left this foundation vulnerable. Recent breaches, such as the candidate portal hack in Arizona, demonstrate the risks of fragmented oversight and distrust in democratic institutions. Preserving electoral integrity demands renewed national investment in institutional coordination and technical capacity.

Share on Facebook

Tweet