Election Infrastructure Remains Vulnerable Despite Billions in Spending
defense+2defenseinfrastructuresafety0 views
Since the Russian interference campaigns of 2016, the United States has spent over $1 billion on election security upgrades, yet fundamental vulnerabilities persist. Voting machines in many jurisdictions still run on end-of-life operating systems. Voter registration databases remain attractive targets for manipulation. County election offices, which actually administer elections, often have IT budgets smaller than a single mid-size company's security team. The decentralized nature of U.S. elections (administered by over 8,000 jurisdictions) makes it impossible to enforce uniform security standards.
The stakes could not be higher. If an adversary can manipulate voter rolls to prevent legitimate voters from casting ballots, alter vote tallies in even a few key precincts, or simply create enough doubt about election integrity to undermine public confidence, they achieve a strategic objective without firing a shot. The 2020 election saw no evidence of successful vote manipulation, but the information operations surrounding it demonstrated how effective sowing doubt can be. Russia, China, and Iran all conducted influence operations targeting the 2024 election according to U.S. intelligence assessments. The mere perception that elections could be hacked is itself a weapon.
This vulnerability persists because of the structural fragmentation of U.S. election administration. There is no single entity responsible for securing all elections. CISA provides guidance and voluntary services, but cannot compel adoption. State and county officials often resist federal involvement as an encroachment on state sovereignty. Voting machine vendors are a concentrated market (three companies control over 90% of U.S. voting equipment) but face limited security certification requirements compared to, say, financial systems. The Help America Vote Act funding was a one-time infusion, not sustained investment, and many jurisdictions spent it on equipment that is now aging. Meanwhile, the threat evolves faster than procurement cycles, creating a permanent gap between current defenses and current threats.
Evidence
The Senate Intelligence Committee's five-volume report on Russian interference (2020) documented systematic targeting of all 50 states' election infrastructure (https://www.intelligence.senate.gov/publications/report-select-committee-intelligence-united-states-senate-russian-active-measures). CISA's 2024 election security briefings confirmed ongoing threats from Russia, China, and Iran. The Brennan Center for Justice found that in 2024, one in three voters still used voting machines that were at least a decade old (https://www.brennancenter.org/our-work/research-reports/voting-machines-risk-2024). EAC reported that $425 million in HAVA funds had been distributed but many jurisdictions exhausted their allocations by 2022. AP investigation (2024) found that over 40% of county election offices had no dedicated IT staff.