This report provides analysis, findings, and recommendations derived from non-attributable cybersecurity trends observed between November 3, 2019, and November 3, 2020—Election Year 2020 (EY20)—among Election Infrastructure (EI) Subsector1 entities subscribed to services provided by the Cybersecurity and Infrastructure Security Agency (CISA), specifically Cyber Hygiene (CyHy) Vulnerability Scanning and Cybersecurity Assessments services.​

Main Findings

• 76% of assessed organizations had spearphishing weaknesses, exposing them to targeted email attacks.

• 48% had at least one internet-accessible host with a critical or high severity vulnerability, providing paths for adversaries to exploit.

• 34% operated unsupported operating systems, increasing the risk of compromise due to absent security patches.

• 39% ran risky network services, like FTP and RDP, which are commonly targeted in remote attacks.

Threats and Trends

The report highlights growing threats from foreign-backed advanced persistent threat (APT) groups and cybercriminals, with incidents of voter database breaches and election-related disinformation. Although no compromise of election data integrity was confirmed, vulnerabilities left open for months could allow attackers to launch sophisticated campaigns.​

Recommendations

CISA urges election operators to:

• Intensify phishing defenses with user training, filters, and regular security assessments.

• Patch known vulnerabilities rapidly (within 15–30 days for critical and high risks).

• Upgrade outdated systems and limit use of high-risk network services.

• Implement network segmentation and multifactor authentication.

This analysis underscores the need for ongoing cyber hygiene practices and rapid remediation to safeguard the nation’s voting process against evolving digital threats.